[#2355] Hardened Renovate config with PR limits, GHA auto-merge and dashboard labels.

[AlexSkrypnyk]

Closes #2355

Summary

Hardens the Renovate configuration based on a targeted gap analysis against the
Akollade renovate-config. The
changes add explicit PR throughput controls, improve PR body presentation, label
the dependency dashboard issue, and enable auto-merge for the GitHub Actions
group. Items that were out of scope or explicitly declined by the maintainer are
noted below; vulnerability-alerts configuration was split to #2466 to keep this
PR focused.

Changes

Renovate configuration (renovate.json)

• Added $schema pointing to the official Renovate JSON schema for IDE
  autocomplete and validation.
• Added dependencyDashboardLabels: ["Dependencies"] so the Renovate
  dependency dashboard issue carries the Dependencies label.
• Added prConcurrentLimit: 10 - caps open Renovate PRs across all groups to
  10 at any time.
• Added prHourlyLimit: 0 - removes the hourly cap; per-group schedules
  provide the throttling instead.
• Added commitBodyTable: true - multi-package group PRs include a
  version-comparison table in the PR body.
• Added automerge: true to the "GitHub Actions - All - Major, minor and
  patch" package rule - GHA update PRs are auto-merged after CI passes.
• Removed ignorePresets: [":prHourlyLimit2"] - now redundant because
  prHourlyLimit: 0 is set explicitly.

Documentation (.vortex/docs/content/tools/renovate.mdx)

• Added a note below the update-rules table explaining that GitHub Actions
  group PRs are auto-merged after CI passes and that "Allow auto-merge" must
  be enabled in repository settings (Settings > General > Pull Requests).
• Added a new "### PR throughput and presentation" subsection documenting
  prConcurrentLimit, prHourlyLimit, commitBodyTable, and
  dependencyDashboardLabels.

Installer fixtures

Mechanical regeneration of .vortex/installer/tests/Fixtures/handler_process/
snapshots (_baseline, timezone_circleci, timezone_gha) via
ahoy update-snapshots to pick up the root renovate.json changes.

Related work

• Add Renovate 'vulnerabilityAlerts' configuration #2466 - vulnerabilityAlerts configuration (split off from this issue).

Items explicitly out of scope

The following items from the gap analysis were reviewed and declined or deferred
by the maintainer:

• Docker digest pinning
• Drupal core patch/minor split
• Unstable version (alpha/beta/rc) approval gate
• Composer require-dev split
• platformAutomerge: true
• Container image auto-merge
• Per-tool grouping (phpstan/twig/drush)

Summary by CodeRabbit

• New Features

  • GitHub Actions dependency updates now auto-merge after CI passes when repository auto-merge and required status checks are enabled.
  • Multi-package PRs now include a version comparison table for easier review.

• Changes

  • Dependency dashboard and PR throughput tuned: higher concurrent PR limit, hourly rate adjusted, and dashboard labeling standardized as "Dependencies".
  • All other dependency groups continue to open PRs for manual review.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 4911d8df-701d-43d1-a5d7-95187d10c3c3

📥 Commits

Reviewing files that changed from the base of the PR and between e02d0b3 and c294b2d.

📒 Files selected for processing (1)

• .vortex/docs/content/tools/renovate.mdx

---

Walkthrough

The PR updates Renovate configuration and documentation: it enables automerge for the GitHub Actions update group (CI must pass and repo must allow auto-merge), replaces a deprecated preset with dependency dashboard labels, and adds global PR throughput and presentation settings (prConcurrentLimit, prHourlyLimit, commitBodyTable, dependencyDashboardLabels).

Changes

Cohort / File(s)	Summary
Documentation .vortex/docs/content/tools/renovate.mdx	Added GitHub Actions–specific automerge behavior and repository prerequisites (Allow auto-merge + required status check). Documented global Renovate presentation and throughput settings.
Configuration renovate.json	Added $schema, replaced deprecated :prHourlyLimit2 usage with dependencyDashboardLabels, set prConcurrentLimit: 10, prHourlyLimit: 0, commitBodyTable: true, and enabled automerge: true for the GitHub Actions package rule (keeps pinDigests: true).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• Updated Renovate configuration to name all groups consistently and exclude language version updates. #2321: Modifies renovate.json and updates the GitHub Actions group configuration (pinDigests/automerge overlap).
• Updated Renovate docs. #2361: Changes the same Renovate documentation file (.vortex/docs/content/tools/renovate.mdx) and overlaps on docs content.

Poem

🐰 I nibble configs, tidy and bright,
Automerge hops in when CI's all right,
Labels in order, dashboards in view,
Ten PRs at once — but calm and true,
A carrot for docs, and a hop for you! 🥕

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely summarizes the main changes: hardening Renovate config with PR limits, GitHub Actions auto-merge, and dashboard labels.
Linked Issues check	✅ Passed	The PR addresses issue #2355 by conducting a gap analysis, prioritizing changes, and implementing configuration hardening items including PR limits, auto-merge, and dashboard labels.
Out of Scope Changes check	✅ Passed	All changes are directly related to hardening the Renovate configuration as scoped in issue #2355; out-of-scope items were explicitly declined and not implemented.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

📋 Issue Planner

Let us write the prompt for your AI agent so you can ship faster (with fewer bugs).

View plan for ticket: #2355

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feature/2355-harden-renovate

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.vortex/docs/content/tools/renovate.mdx:
- Around line 52-53: The doc incorrectly states that commitBodyTable affects the
PR body; update the description of commitBodyTable to say it inserts a
version-comparison table into the commit message body (not the PR body). Locate
the mention of commitBodyTable in the text (the line showing "**PR body table:**
`commitBodyTable: true`") and rephrase it to something like "Commit message body
table: `commitBodyTable: true` - include a version-comparison table in the
commit message body." Ensure the term `commitBodyTable` remains highlighted so
readers can find the config name easily.
- Around line 28-31: Update the paragraph that currently says auto-merge happens
"after CI passes" and only mentions enabling "Allow auto-merge" (the sentence
referencing the "GitHub Actions" group and the phrase "Allow auto-merge") to
also require branch protection: instruct readers to enable "Require status
checks to pass before merging" in branch protection and select at least one
required status check so CI must pass before auto-merge; rephrase the line to
clearly state both prerequisites (Allow auto-merge enabled and branch protection
requiring status checks).

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: aa6a1568-71da-439f-b468-ad75ee664098

📥 Commits

Reviewing files that changed from the base of the PR and between 7a3d7d3 and e02d0b3.

⛔ Files ignored due to path filters (3)

• .vortex/installer/tests/Fixtures/handler_process/_baseline/renovate.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/handler_process/timezone_circleci/renovate.json is excluded by !.vortex/installer/tests/Fixtures/**
• .vortex/installer/tests/Fixtures/handler_process/timezone_gha/renovate.json is excluded by !.vortex/installer/tests/Fixtures/**

📒 Files selected for processing (2)

• .vortex/docs/content/tools/renovate.mdx
• renovate.json

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.42%. Comparing base (7a3d7d3) to head (e02d0b3).

❗ There is a different number of reports uploaded between BASE (7a3d7d3) and HEAD (e02d0b3). Click for more details.

HEAD has 5 uploads less than BASE

Flag	BASE (7a3d7d3)	HEAD (e02d0b3)
	10	5

Additional details and impacted files

@@             Coverage Diff             @@
##             main    #2467       +/-   ##
===========================================
- Coverage   79.93%   69.42%   -10.52%     
===========================================
  Files         129       43       -86     
  Lines        6883     2590     -4293     
  Branches       47        3       -44     
===========================================
- Hits         5502     1798     -3704     
+ Misses       1381      792      -589     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[github-actions]

Code coverage (threshold: 90%)

  Classes: 100.00% (1/1)
  Methods: 100.00% (2/2)
  Lines:   98.53% (201/204)

Per-class coverage

Drupal\ys_demo\Plugin\Block\CounterBlock
  Methods: 100.00% ( 2/ 2)   Lines: 100.00% ( 10/ 10)

[AlexSkrypnyk]

Code coverage (threshold: 90%)

  Classes: 100.00% (1/1)
  Methods: 100.00% (2/2)
  Lines:   98.53% (201/204)

Per-class coverage

Drupal\ys_demo\Plugin\Block\CounterBlock
  Methods: 100.00% ( 2/ 2)   Lines: 100.00% ( 10/ 10)