feat: auto merge dev-dependencies

[lumirlumir]

Prerequisites checklist

• I have read the contributing guidelines.

What is the purpose of this pull request?

In this PR, I've enabled auto-merge for dev-dependencies and GitHub Actions, as mentioned in #48.

I could set the automerge option at the global scope and disable it elsewhere (the current setup disables automerge globally and enables it where necessary), but, I intentionally enabled auto-merge in a narrow, separate scope to prevent unwanted side effects, since this is the first introduction of auto-merge and a global setting could cause unwanted side-effects.

I've tested some of the setups in my forked repository by following the guide, and everything works as expected. The detailed test results can be found in the comments below.

What changes did you make? (Give an overview)

In this PR, I've enabled auto-merge for dev-dependencies and GitHub Actions, as mentioned in #48.

Related Issues

Closes: #48

Is there anything you'd like reviewers to focus on?

Unlike other workflow setups, auto-merge requires two setups per repository, as mentioned in the Renovate documentation:

1. Turn on "Allow auto-merge" in GitHub settings:

First, we need to enable "Allow auto-merge" in the GitHub settings to make auto-merge work.

From testing in my forked repository, I found that if this isn't enabled, auto-merge won't run.

Also, the Renovate docs include a description of this:

2. Turn on "Require status checks to pass":

Secondly, we need to mark the CI checks we want as "required" so they must pass. As the Renovate documentation notes, if these aren't set, CI checks that aren't required may be ignored, and PRs could be merged even if those checks fail.

Ref: https://docs.renovatebot.com/configuration-options/#automerge

The branch protection rule below should be enabled and workflows should be marked as "required" in the CI settings.

[lumirlumir]

Tested in my forked repository:

• chore: update peter-evans/create-pull-request digest to c0f553f lumirlumir/fork-css#12

[lumirlumir]

Tested in my forked repository:

• chore: pin dependency prettier to 3.8.1 lumirlumir/fork-css#11

[Copilot]

Pull request overview

Enables Renovate auto-merge for select dependency updates to reduce manual intervention, focusing on dev dependency group updates and GitHub Actions updates.

Changes:

• Turn on automerge: true for grouped non-major devDependencies updates in the ESLint base Renovate preset.
• Enable automerge: true for GitHub Actions Renovate rules (labeling + digest pinning for 3rd-party actions).
• Enable automerge: true for the Prettier pinning rule.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
.github/renovate/eslint-base.json5	Auto-merges grouped minor/patch devDependency updates.
.github/renovate/base.json5	Auto-merges GitHub Actions updates and Prettier pin updates.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[aladdin-add]

For release-please, it might not work - it's a bit special; it requires the tsc's approval to merge. But that seems reasonable to me; it's advisable to be cautious with release-related dependencies.

[aladdin-add]

LGTM. Would like @nzakas to review before merging.

[nzakas]

As noted in https://github.com/eslint/workflows/pull/49/changes#r2747177353, I don't want to automerge actions changes, only devDependencies.

[lumirlumir]

I've updated the suggestion in d289ca8.

I think it's fine to upgrade major devDependencies so long as CI passes.

I'm concerned that automatic major devDependency updates could introduce unexpected behavior the team might not notice. I hope we review how auto-merge works before enabling this. What do you think?