Add packageRules to renovate.json so Renovate labels patch/minor/pin/digest/lockFileMaintenance PRs with automerge; major-version updates get no such label and remain for manual review.
Add merge-renovate job to .forgejo/workflows/ci.yml that runs after the check job succeeds on any renovate/* branch, fetches the PR's labels, and merges via the Forgejo API only when the automerge label is present.
How it works
Renovate runs daily and creates a PR for a dependency update.
CI's check job runs the full test suite.
If check passes and the PR is on a renovate/* branch, merge-renovate fires.
It calls the Forgejo API to read the PR's labels; if automerge is present (patch/minor/lockfile update), it merges. If not (major update), it skips and leaves the PR for human review.
Test plan
Confirm renovate.json is valid JSON and the schema validates.
Verify a future Renovate patch/minor PR receives both dependencies and automerge labels.
Verify merge-renovate job is skipped on non-Renovate PRs and on push events.
Verify a Renovate PR with automerge label is merged after CI passes.
## Summary
- Add `packageRules` to `renovate.json` so Renovate labels patch/minor/pin/digest/lockFileMaintenance PRs with `automerge`; major-version updates get no such label and remain for manual review.
- Add `merge-renovate` job to `.forgejo/workflows/ci.yml` that runs after the `check` job succeeds on any `renovate/*` branch, fetches the PR's labels, and merges via the Forgejo API only when the `automerge` label is present.
## How it works
1. Renovate runs daily and creates a PR for a dependency update.
2. CI's `check` job runs the full test suite.
3. If `check` passes and the PR is on a `renovate/*` branch, `merge-renovate` fires.
4. It calls the Forgejo API to read the PR's labels; if `automerge` is present (patch/minor/lockfile update), it merges. If not (major update), it skips and leaves the PR for human review.
## Test plan
- [ ] Confirm `renovate.json` is valid JSON and the schema validates.
- [ ] Verify a future Renovate patch/minor PR receives both `dependencies` and `automerge` labels.
- [ ] Verify `merge-renovate` job is skipped on non-Renovate PRs and on `push` events.
- [ ] Verify a Renovate PR with `automerge` label is merged after CI passes.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
Summary
packageRulestorenovate.jsonso Renovate labels patch/minor/pin/digest/lockFileMaintenance PRs withautomerge; major-version updates get no such label and remain for manual review.merge-renovatejob to.forgejo/workflows/ci.ymlthat runs after thecheckjob succeeds on anyrenovate/*branch, fetches the PR's labels, and merges via the Forgejo API only when theautomergelabel is present.How it works
checkjob runs the full test suite.checkpasses and the PR is on arenovate/*branch,merge-renovatefires.automergeis present (patch/minor/lockfile update), it merges. If not (major update), it skips and leaves the PR for human review.Test plan
renovate.jsonis valid JSON and the schema validates.dependenciesandautomergelabels.merge-renovatejob is skipped on non-Renovate PRs and onpushevents.automergelabel is merged after CI passes.🤖 Generated with Claude Code