fix: updates version tags

[pandeymangg]

Updates the version tags checks, the new versions will not contain the letter v

[coderabbitai]

Walkthrough

The changes update CI workflows and the podspec: publish-pod.yml now triggers on GitHub release events (type: released), adds repository contents read permission, inserts a runner hardening step before checkout, and updates several action versions while preserving CocoaPods install and trunk publish steps. FormbricksSDK.podspec changes the Git source tag from "v#{s.version}" to s.version (removing the leading "v"). sonarqube.yml likewise adds contents read permission and inserts the harden-runner step before repository checkout. No exported/public API signatures were changed.

Pre-merge checks

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title Check	✅ Passed	The title “fix: updates version tags” succinctly highlights the primary change—modifying how version tags are handled—without extraneous noise or unrelated details, making it clear to reviewers what the pull request addresses.
Description Check	✅ Passed	The description “Updates the version tags checks, the new versions will not contain the letter v” directly relates to the changes in how tags are generated and aligns with the modifications in both the Podspec and workflow configurations.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🧪 Early access (Sonnet 4.5): enabled

We are currently testing the Sonnet 4.5 model, which is expected to improve code review quality. However, this model may lead to increased noise levels in the review comments. Please disable the early access features if the noise level causes any inconvenience.

Note:

• Public repositories are always opted into early access features.
• You can enable or disable early access features from the CodeRabbit UI or by updating the CodeRabbit configuration file.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: ASSERTIVE

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a347e3f and f24c49c.

📒 Files selected for processing (2)

• .github/workflows/publish-pod.yml (1 hunks)
• .github/workflows/sonarqube.yml (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build-and-analyze

🔇 Additional comments (7)

.github/workflows/publish-pod.yml (4)

2-3: LGTM! Minimal permissions follow least-privilege principle.

Adding contents: read permission explicitly follows security best practices by granting only the minimum required access.

---

12-15: LGTM! Security hardening enhances workflow security.

Adding the harden-runner step with egress-policy: audit is a good security practice that monitors all outbound network calls from the workflow. The use of a commit SHA for the action version (instead of a mutable tag) prevents potential supply chain attacks.

---

18-19: LGTM! Updated checkout action with security best practices.

The checkout action has been updated to use a commit SHA reference, which is more secure than using version tags. The step name is also more descriptive.

---

22-22: LGTM! Updated Ruby setup action.

The ruby/setup-ruby action has been updated to use a commit SHA reference for security.

.github/workflows/sonarqube.yml (3)

2-3: LGTM! Consistent security posture across workflows.

Adding explicit contents: read permission maintains least-privilege access, consistent with the changes in publish-pod.yml.

---

18-21: LGTM! Security hardening consistent with publish workflow.

The harden-runner step implementation is identical to publish-pod.yml, providing consistent security monitoring across all workflows. Using the same commit SHA reference ensures both workflows use the same verified version of the security action.

---

23-24: LGTM! Checkout action updated consistently.

The checkout action uses the same commit SHA reference as publish-pod.yml (v4.2.2), ensuring consistency across workflows. The step name change to "Checkout repository" also aligns with the publish workflow.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[mattinannt]

Thank you for the fixes and added hardening to the runners. Looks good :-)