[$2000] Create automated check to catch uncommitted changes to `Podfile.lock`

If you haven’t already, check out our contributing guidelines for onboarding and email contributors@expensify.com to request to join our Slack channel!

Problem

When a developer adds, removes, or updates a package in a PR, there will always be a diff in package.json and package-lock.json, and the changes in both must be committed. Depending on the package, there may or may not be a diff in ios/Podfile.lock as well. Sometimes developers forget to run pod install when modifying a package, so the potential diff in ios/Podfile.lock is not caught until after the PR is merged and a different developer runs pod install. This can lead to confusion.

We have an existing GitHub Action workflow verifyPodfile.yml that uses the script (verifyPodfile.sh)[https://github.com/Expensify/App/blob/main/.github/scripts/verifyPodfile.sh] to verify that Podfile.lock is in sync with Podfile (by getting the checksum for Podfile and ensuring it matches what is printed in Podfile.lock), but that does nothing to catch the case as outlined above.

Solution

Add some sort of automated check to prevent the merging of a PR that causes Podfile.lock to be modified but does not have the diff committed.

This could be a modification to the verifyPodfile script, an entirely new CI check, or anything else really that accomplishes the goal.

Requirements

• Avoid solutions that would require workflow changes for developers, e.g. forcing everyone onto the same cocoapods version, or having to run bundle exec pod install instead of pod install. We have a large developer community which makes it challenging to communicate and enforce process changes like these.
• It should be automated (e.g. not something vulnerable to human error, like simply adding another checkbox to our PR checklist)