Here's a list of settings and features for GitHub projects that I've found recommendable to pretty much every project. Some of them would be nice to be on by default by GitHub so new projects would have them right out of the box, but while they are not (they were not at time of writing), here we go, in no particular order:
Even if the project is not written in a supported language, GitHub Actions workflows are used by most. CodeQL supports checking them, which makes them a nice lowest common denominator.
In my typical workflows, the most important aspect of auto-merges is to be able to enable them while workflows are running, as workflows may take some time to complete and busy-waiting for them or forgetting/delaying checking back is not great. This requires setting up branch protection rules to require some status checks.
This is fine, but it's a chore that one needs to select every single status check (~ workflow job) separately and mark it as required and remember to update the list whenever workflow jobs come and go; there's no option to just "require all things that run for a PR to pass" nor a workflow wide one (as of 2025-07-30).
Also, the branch protection/ruleset configuration has a couple of rough edges.
First, the settings UI where the required jobs are configured only shows the job names, not the parent workflow name. This means one may need to add "redundant" info to job names to be able to easily understand what exact workflow+job each entry refers to. This is in contrast with the PR CI checks list which is better, as it shows both.
This configuration is also sensitive to the job names. If the name of a job changes, the ruleset will continue to "point" to the old name. There are no warnings about this, and the ruleset will no longer pass until fixed up to match in project settings. Same thing if a job is removed from a workflow, its ghost will persist in the ruleset.
PR branches are rarely used for anything after merged.