ci: update CodeQL workflow actions and add Dependabot monitoring

.github/dependabot.yml

@@ -15,3 +15,7 @@ updates:
             update-types: ['version-update:semver-major']
           - dependency-name: 'eslint-plugin-react-refresh' # eslint-plugin-react-refresh@>=0.5.x requires eslint@>=9.x.x, blocked by https://github.com/WordPress/gutenberg/issues/64782
             update-types: ['version-update:semver-minor']
+    - package-ecosystem: 'github-actions'
+      directory: '/'
+      schedule:
+          interval: 'weekly'

.github/workflows/codeql.yml

@@ -22,46 +22,78 @@ jobs:
         strategy:
             fail-fast: false
             matrix:
-                language: [actions, java-kotlin, javascript-typescript]
+                language: [actions, javascript-typescript]
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v3
+              uses: github/codeql-action/init@v4
               with:
                   languages: ${{ matrix.language }}
-
-            - name: Autobuild
-              uses: github/codeql-action/autobuild@v3
+                  build-mode: none
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v3
+              uses: github/codeql-action/analyze@v4
               with:
                   category: '/language:${{ matrix.language }}'
 
+    analyze-kotlin:
+        name: Analyze (java-kotlin)
+        runs-on: ubuntu-latest
+        timeout-minutes: 30
+
+        steps:
+            - name: Checkout repository
+              uses: actions/checkout@v5
+
+            - name: Initialize CodeQL
+              uses: github/codeql-action/init@v4
+              with:
+                  languages: java-kotlin
+
+            - name: Build Android project
+              run: cd android && ./gradlew compileDebugSources compileDebugUnitTestSources
+
+            - name: Perform CodeQL Analysis
+              uses: github/codeql-action/analyze@v4
+              with:
+                  category: '/language:java-kotlin'
+
     analyze-swift:
         name: Analyze (swift)
         runs-on: macos-15
-        timeout-minutes: 30
+        timeout-minutes: 45
 
         steps:
             - name: Checkout repository
-              uses: actions/checkout@v4
+              uses: actions/checkout@v5
 
             - name: Select Xcode
               run: sudo xcode-select -s /Applications/Xcode_26.0.1.app/Contents/Developer
 
+            - name: Cache SPM dependencies
+              uses: actions/cache@v4
+              with:
+                  path: |
+                      ~/Library/Caches/org.swift.swiftpm/repositories
+                  key: spm-${{ runner.os }}-${{ hashFiles('Package.resolved') }}
+                  restore-keys: |
+                      spm-${{ runner.os }}-
+
             - name: Initialize CodeQL
-              uses: github/codeql-action/init@v3
+              uses: github/codeql-action/init@v4
               with:
                   languages: swift
 
             - name: Build Swift package
-              run: swift build --target GutenbergKit --target GutenbergKitHTTP
+              run: swift build
+
+            - name: Build Demo app
+              run: xcodebuild build -project ios/Demo-iOS/Gutenberg.xcodeproj -scheme Gutenberg -destination 'generic/platform=iOS' CODE_SIGNING_ALLOWED=NO
 
             - name: Perform CodeQL Analysis
-              uses: github/codeql-action/analyze@v3
+              uses: github/codeql-action/analyze@v4
               with:
                   category: '/language:swift'