diff --git a/.github/actions/renovate-readiness/action.yaml b/.github/actions/renovate-readiness/action.yaml
new file mode 100644
index 0000000..f5b4784
--- /dev/null
+++ b/.github/actions/renovate-readiness/action.yaml
@@ -0,0 +1,17 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+name: renovate-readiness
+description: "Check if Renovate PRs are ready for testing"
+
+runs:
+  using: composite
+  steps:
+    # This is current a stub for future logic that would auto-detect readiness
+    # In lieu of that, we require an engineer to review changes and manually add the `renovate-ready` label
+    - name: Check if PR has the ready label
+      if: ${{ ! contains(github.event.pull_request.labels.*.name, 'renovate-ready') }}
+      run: |
+        echo "This PR is not ready to run CI. Failing job."
+        exit 1
+      shell: bash
\ No newline at end of file
diff --git a/.github/workflows/commitlint.yaml b/.github/workflows/commitlint.yaml
index 28343ee..2110df0 100644
--- a/.github/workflows/commitlint.yaml
+++ b/.github/workflows/commitlint.yaml
@@ -7,7 +7,8 @@ on:
   pull_request:
     branches: [main]
     # milestoned is added here as a workaround for release-please not triggering PR workflows (PRs should be added to a milestone to trigger the workflow).
-    types: [milestoned, opened, edited, synchronize]
+    # labeled is added here to allow for "manual" triggering of CI on renovate PRs
+    types: [milestoned, opened, reopened, synchronize, labeled]
 
 jobs:
   title_check:
@@ -23,6 +24,10 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Check renovate readiness
+        if: startsWith(github.event.pull_request.head.ref, 'renovate/') # Only call for Renovate PRs
+        uses: ./.github/actions/renovate-readiness
+
       - name: Setup Node.js
         uses: actions/setup-node@39370e3970a6d050c480ffad4ff0ed4d3fdee5af # v4.1.0
 
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 94e180e..d6a5b59 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -6,7 +6,8 @@ name: Test
 on:
   pull_request:
     branches: [main]
-    types: [milestoned, opened, reopened, synchronize]
+    # labeled is added here to allow for "manual" triggering of CI on renovate PRs
+    types: [milestoned, opened, reopened, synchronize, labeled]
 
 # Abort prior jobs in the same workflow / PR
 concurrency:
@@ -25,6 +26,10 @@ jobs:
       - name: Github Actions Checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
+      - name: Check renovate readiness
+        if: startsWith(github.event.pull_request.head.ref, 'renovate/') # Only call for Renovate PRs
+        uses: ./.github/actions/renovate-readiness
+
       - name: Environment setup
         uses: ./.github/actions/setup
         with: