Add a reminder to run update_dependency to PR authors

.github/workflows/update-dependency-reminder.yml

@@ -0,0 +1,48 @@
+name: Request Lockfile Review
+
+on:
+  pull_request_target:
+    branches: ["master"]
+    types: [opened, synchronize, reopened]
+
+jobs:
+  review-lockfiles:
+    runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
+    steps:
+      # We intentionally do NOT use actions/checkout here. 
+      # This keeps the environment completely secure and satisfies CodeQL.
+
+      - name: Check files via GitHub API
+        id: check_files
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const prNumber = context.payload.pull_request.number;
+
+            // Get the list of files in the PR directly from the API
+            const { data: files } = await github.rest.pulls.listFiles({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber,
+              per_page: 100
+            });
+
+            // Look for any file **ending** in gradle.lockfile
+            const hasLockfile = files.some(file => file.filename.endsWith('gradle.lockfile'));
+            core.setOutput('has_lockfile', hasLockfile ? 'true' : 'false');
+
+      - name: Post unresolved review comment
+        if: steps.check_files.outputs.has_lockfile == 'true'
+        uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.pulls.createReview({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: context.payload.pull_request.number,
+              event: 'REQUEST_CHANGES',
+              body: `### ⚠️ Attention Required: Lockfile Detected\nThis pull request contains modifications to one or more \`*.lockfile\` files. Please confirm that you have run update_dependency.sh to push new dependencies to the private repo.\n\n_Someone with Admin role must manually dismiss this review before merging._`
+            });