Add Cocoapods dependency management to Dependabot and enable Dependabot updates for GitHub Actions

.github/dependabot.yml

@@ -100,7 +100,7 @@ updates:
     directory: "/android"
     schedule:
       interval: "weekly"
-      day: "tuesday"
+      day: "monday"
       time: "09:00"
     open-pull-requests-limit: 3
     labels:
@@ -110,3 +110,35 @@ updates:
     commit-message:
       prefix: "chore(deps-android)"
       include: "scope"
+
+  # Enable version updates for iOS Cocoapods dependencies
+  - package-ecosystem: "cocoapods"
+    directory: "/ios"
+    schedule:
+      interval: "weekly"
+      day: "tuesday"
+      time: "09:00"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "ios"
+      - "native"
+    commit-message:
+      prefix: "chore(deps-ios)"
+      include: "scope"
+
+  # Enable version updates for GitHub Actions workflows
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+      day: "monday"
+      time: "09:00"
+      timezone: "Etc/UTC"
+    open-pull-requests-limit: 3
+    labels:
+      - "dependencies"
+      - "github-actions"
+    commit-message:
+      prefix: "ci"
+      include: "scope"

.github/workflows/dependabot-cocoapods.yml

@@ -0,0 +1,78 @@
+# This workflow adds React Native support to Dependabot by automatically running pod install
+# after Dependabot upgrades an npm package.
+# 
+# Background: When npm packages are updated (especially React Native or Expo packages),
+# the iOS Podfile.lock may need to be regenerated to ensure Cocoapods dependencies are in sync.
+# This workflow automates that process.
+#
+# Related Dependabot issue: https://github.com/dependabot/dependabot-core/issues/935
+
+name: Update Cocoapods after Dependabot npm upgrade
+
+on:
+  push:
+    branches:
+      - 'dependabot/npm_and_yarn/**'
+
+jobs:
+  update-pods:
+    name: Run pod install
+    runs-on: macos-latest
+    permissions:
+      contents: write
+    timeout-minutes: 15
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          # Use a token that can trigger workflows
+          token: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install npm packages
+        run: npm ci
+
+      - name: Cache CocoaPods
+        uses: actions/cache@v4
+        with:
+          path: ios/Pods
+          key: ${{ runner.os }}-pods-${{ hashFiles('**/Podfile.lock') }}
+          restore-keys: |
+            ${{ runner.os }}-pods-
+
+      - name: Install CocoaPods dependencies
+        run: |
+          cd ios
+          pod install --verbose
+          cd ..
+
+      - name: Generate commit message
+        id: commit_message
+        run: |
+          # Extract package name from branch (e.g., dependabot/npm_and_yarn/package-name-1.2.3)
+          branch=${GITHUB_REF#refs/heads/}
+          package_info=${branch#dependabot/npm_and_yarn/}
+
+          # Create commit message using heredoc
+          # Add [dependabot skip] prefix so Dependabot doesn't rebase over our changes
+          {
+            echo "message<<EOF"
+            echo "chore(deps-ios): Update Podfile.lock for ${package_info}"
+            echo ""
+            echo "[dependabot skip]"
+            echo "EOF"
+          } >> $GITHUB_OUTPUT
+
+      - name: Commit and push Podfile.lock changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: ${{ steps.commit_message.outputs.message }}
+          file_pattern: 'ios/Podfile.lock'
+          commit_user_name: 'github-actions[bot]'
+          commit_user_email: 'github-actions[bot]@users.noreply.github.com'