Add PR validation pipeline: CI, Dependabot auto-merge, Playwright tests

.github/dependabot.yaml

@@ -4,10 +4,32 @@ updates:
     directory: '/'
     schedule:
       interval: 'weekly'
+      day: 'monday'
+    open-pull-requests-limit: 10
+    labels:
+      - 'dependencies'
+      - 'npm'
     groups:
-      all-dependencies:
-        patterns: ["*"]
+      minor-and-patch:
+        update-types:
+          - 'minor'
+          - 'patch'
+        patterns:
+          - '*'
+
   - package-ecosystem: 'github-actions'
     directory: '/'
     schedule:
       interval: 'weekly'
+      day: 'monday'
+    open-pull-requests-limit: 5
+    labels:
+      - 'dependencies'
+      - 'github-actions'
+    groups:
+      actions-minor-and-patch:
+        update-types:
+          - 'minor'
+          - 'patch'
+        patterns:
+          - '*'

.github/workflows/ci.yml

@@ -0,0 +1,44 @@
+name: CI
+
+on:
+  pull_request:
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Typecheck
+        run: npm run check
+
+      - name: Build
+        run: npm run build
+
+      - name: Install Playwright browsers
+        run: npx playwright install --with-deps chromium
+
+      - name: Run tests
+        run: npm run test
+
+      - name: Upload Playwright report
+        if: failure()
+        uses: actions/upload-artifact@v4
+        with:
+          name: playwright-report
+          path: playwright-report/
+          retention-days: 14

.github/workflows/dependabot-automerge.yml

@@ -0,0 +1,33 @@
+name: Dependabot auto-merge
+
+on:
+  pull_request_target:
+    types: [opened, synchronize, reopened]
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  auto-merge:
+    runs-on: ubuntu-latest
+    if: github.actor == 'dependabot[bot]'
+    steps:
+      - name: Fetch Dependabot metadata
+        id: metadata
+        uses: dependabot/fetch-metadata@v2
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-approve patch and minor updates
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr review --approve "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Auto-merge patch and minor updates
+        if: steps.metadata.outputs.update-type != 'version-update:semver-major'
+        run: gh pr merge --auto --squash "$PR_URL"
+        env:
+          PR_URL: ${{ github.event.pull_request.html_url }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}

README.md

@@ -176,6 +176,30 @@ theme: {
 }
 ```
 
+## 🔄 CI / Automation
+
+This repository includes an automated PR validation and dependency management pipeline:
+
+| Layer | How it works |
+|-------|-------------|
+| **Validate & Test** | The `ci.yml` workflow runs on every pull request: typechecks with `astro check`, builds the site, then runs Playwright end-to-end tests against the preview server. The Playwright HTML report is uploaded as an artifact on failure. |
+| **Dependabot + Auto-merge** | Dependabot opens weekly PRs for npm and GitHub Actions dependency updates (minor/patch grouped). The `dependabot-automerge.yml` workflow auto-approves and squash-merges patch and minor updates once CI passes; major version bumps are left for manual review. |
+| **Copilot Code Review** | Enable GitHub Copilot automatic code review on PRs via repo **Settings → Code review → Copilot**. This is a repo setting, not a file — toggle it manually. |
+
+### Recommended manual setup
+
+1. **Branch protection**: require the `ci` status check to pass before merging to `main` (Settings → Rules → Branch protection).
+2. **Copilot auto-review**: enable Copilot code review on PRs (Settings → Code review → Copilot).
+
+### Local testing
+
+```bash
+npm ci
+npm run build
+npm run check        # astro typecheck
+npm run test         # playwright e2e tests (starts preview server automatically)
+```
+
 ## 🤝 Contributing
 
 Contributions are welcome! Here are some ways you can contribute: