bump marketing version to 0.1.4

[mlsmaycon]

Summary by CodeRabbit

• Chores
  • Updated app marketing version to 0.1.4 across the main app and TV target build configurations.
• Chores (CI)
  • Enhanced CI workflows: added an optional netbird-ref input to the reusable build workflow, added concurrency control for TestFlight runs, enabled passing of optional netbird-ref and version parameters (including parsing from trigger comments) through the gate to the build workflow.

[coderabbitai]

Warning

Rate limit exceeded

@mlsmaycon has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 10 minutes and 15 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 10 minutes and 15 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f952382f-f703-4263-ad4e-fe339e8c8fc6

📥 Commits

Reviewing files that changed from the base of the PR and between d36021e and f72fa3b.

📒 Files selected for processing (1)

• .github/workflows/testflight.yml

📝 Walkthrough

Walkthrough

Bumped Xcode marketing version 0.1.3 → 0.1.4 in NetBird app and TV Debug/Release configurations; added an optional netbird-ref input to .github/workflows/build-upload.yml; extended .github/workflows/testflight.yml to parse and forward netbird-ref and version, and added workflow concurrency.

Changes

Cohort / File(s)	Summary
Xcode project version bump NetBird.xcodeproj/project.pbxproj	Updated MARKETING_VERSION from 0.1.3 → 0.1.4 in four XCBuildConfiguration entries (NetBird TV Debug/Release and NetBird app Debug/Release).
Reusable workflow input .github/workflows/build-upload.yml	Added optional netbird-ref input to workflow_call; checkout step now uses inputs.netbird-ref (falls back to empty string) when checking out netbirdio/netbird.
TestFlight workflow changes .github/workflows/testflight.yml	Added concurrency; gate job now outputs netbird-ref and version; resolve script parses comment for netbird-ref=(\S+) and version=(\S+); new outputs are passed into the reusable build-upload.yml workflow.

Sequence Diagram(s)

(Skipped — changes are small control-flow additions within CI workflows and a project file bump, not requiring multi-component sequential visualization.)

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Ci/cd scripts #69: Edits build-upload.yml and testflight.yml to add/propagate netbird-ref and version, touching the same workflow inputs/outputs as this PR.
• bump tvOS target version to 0.1.2 and restore missing source file ref… #66: Also updates MARKETING_VERSION entries in NetBird.xcodeproj/project.pbxproj for NetBird TV and app targets.
• Add netbird version logging and pass version to Go build #73: Adds netbird-ref workflow input and wires it through checkout/build steps similarly to this change.

Suggested reviewers

• pappz

Poem

🐰 A tiny hop, a tidy chore,
Version bumped and workflows more,
A netbird-ref tucked in the call,
Builds aligned and outputs fall,
I nibble carrots, then I soar! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'bump marketing version to 0.1.4' accurately describes the main change in the changeset (updating MARKETING_VERSION), but the pull request also includes significant workflow modifications that are not reflected in the title.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch update-version

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

TestFlight build uploaded for 681718f

The build has been submitted to App Store Connect and will be available in TestFlight shortly.

View workflow run

[github-actions]

TestFlight build failed for 29f94c6

View workflow run

[coderabbitai]

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

.github/workflows/build-upload.yml (1)

50-50: ⚠️ Potential issue | 🟠 Major

Avoid floating default-branch checkout for netbird.

At Line 50, the empty fallback ${{ inputs.netbird-ref || '' }} causes actions/checkout@v4 to pull netbirdio/netbird's default branch when the input is not provided. This creates non-reproducible builds and divergent behavior across callers: .github/workflows/release.yml passes a pinned version tag while .github/workflows/testflight.yml omits it entirely, resulting in floating targets for TestFlight builds.

Make netbird-ref required and remove the fallback:

Proposed fix

       netbird-ref:
-        required: false
+        required: true
         type: string
         description: 'NetBird ref to checkout and build'

       - name: Checkout netbird
         uses: actions/checkout@v4
         with:
           repository: netbirdio/netbird
-          ref: ${{ inputs.netbird-ref || '' }}
+          ref: ${{ inputs.netbird-ref }}
           fetch-depth: 0
           fetch-tags: true
           path: netbird

Then ensure all callers explicitly provide netbird-ref.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/build-upload.yml at line 50, The checkout step uses a
fallback `${{ inputs.netbird-ref || '' }}` which causes actions/checkout@v4 to
default to netbird's default branch; remove the empty-string fallback and make
the workflow input `netbird-ref` required (update the `inputs.netbird-ref`
declaration to required and delete the `|| ''` fallback where `ref: ${{
inputs.netbird-ref }}` is used) and then update all callers (e.g., release.yml,
testflight.yml) to pass an explicit `netbird-ref` value so builds remain pinned
and reproducible.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Outside diff comments:
In @.github/workflows/build-upload.yml:
- Line 50: The checkout step uses a fallback `${{ inputs.netbird-ref || '' }}`
which causes actions/checkout@v4 to default to netbird's default branch; remove
the empty-string fallback and make the workflow input `netbird-ref` required
(update the `inputs.netbird-ref` declaration to required and delete the `|| ''`
fallback where `ref: ${{ inputs.netbird-ref }}` is used) and then update all
callers (e.g., release.yml, testflight.yml) to pass an explicit `netbird-ref`
value so builds remain pinned and reproducible.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 156baa69-d539-44d7-a490-dc0b5e92c64a

📥 Commits

Reviewing files that changed from the base of the PR and between 681718f and 29f94c6.

📒 Files selected for processing (1)

• .github/workflows/build-upload.yml

[mlsmaycon]

/testflight netbird-ref=add-default-resolver version=0.67.5

[github-actions]

TestFlight build failed for d36021e

View workflow run

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/testflight.yml:
- Around line 15-17: The concurrency group expression is actor-scoped for
issue_comment events because github.ref/head_ref are empty; change the
concurrency group used in the concurrency block to derive a PR-specific
identifier (e.g. prefer github.event.issue.number or
github.event.pull_request.number when present, then fall back to github.head_ref
or github.sha) instead of using github.ref or github.actor_id so that
`/testflight` runs are scoped to the PR (use the updated expression in the
concurrency.group value).
- Around line 94-105: The comment parsing currently accepts any non-whitespace
tokens for netbird-ref and version; validate these before calling core.setOutput
by checking the extracted strings (from context.payload.comment.body →
netbirdRefMatch[1] and versionMatch[1]) against safe regexes: enforce a
git-ref-safe pattern for netbird-ref (e.g., allow alphanumerics, -, /, ., @) and
a strict semver pattern for version (e.g., major.minor.patch with optional
prerelease/build), and if a value fails validation do not call core.setOutput
and instead call core.setFailed or core.info with a clear validation error
message so downstream build steps won’t receive malformed inputs.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 5a445f48-8969-4b40-907a-5c3daa41f554

📥 Commits

Reviewing files that changed from the base of the PR and between 29f94c6 and d36021e.

📒 Files selected for processing (1)

• .github/workflows/testflight.yml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Concurrency key can cancel unrelated PR comment builds.

On Line 16, for issue_comment events, github.ref is the default branch and github.head_ref is empty, so the group becomes actor-scoped (not PR-scoped). A /testflight on one PR can cancel another PR run by the same actor.

💡 Suggested fix

 concurrency:
-  group: testflight-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
+  group: testflight-${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.ref }}
   cancel-in-progress: true

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	concurrency:
	group: testflight-${{ github.ref }}-${{ github.head_ref || github.actor_id }}
	cancel-in-progress: true
	concurrency:
	group: testflight-${{ github.workflow }}-${{ github.event.pull_request.number || github.event.issue.number || github.ref }}
	cancel-in-progress: true

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/testflight.yml around lines 15 - 17, The concurrency group
expression is actor-scoped for issue_comment events because github.ref/head_ref
are empty; change the concurrency group used in the concurrency block to derive
a PR-specific identifier (e.g. prefer github.event.issue.number or
github.event.pull_request.number when present, then fall back to github.head_ref
or github.sha) instead of using github.ref or github.actor_id so that
`/testflight` runs are scoped to the PR (use the updated expression in the
concurrency.group value).

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Validate comment parameters before forwarding to downstream build.

Line 96 and Line 101 accept any non-whitespace token. Malformed values (especially version) will pass gate checks and fail later in build/upload steps. Add format validation here for faster, clearer feedback.

💡 Suggested hardening

-            const comment = context.payload.comment.body;
-            const netbirdRefMatch = comment.match(/netbird-ref=(\S+)/);
+            const comment = context.payload.comment.body ?? '';
+            const netbirdRefMatch = comment.match(/\bnetbird-ref=([A-Za-z0-9._/-]+)\b/);
             if (netbirdRefMatch) {
               core.setOutput('netbird-ref', netbirdRefMatch[1]);
               core.info(`Using netbird-ref: ${netbirdRefMatch[1]}`);
             }
-            const versionMatch = comment.match(/version=(\S+)/);
+            const versionMatch = comment.match(/\bversion=(\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?)\b/);
             if (versionMatch) {
               core.setOutput('version', versionMatch[1]);
               core.info(`Using version: ${versionMatch[1]}`);
             }

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/testflight.yml around lines 94 - 105, The comment parsing
currently accepts any non-whitespace tokens for netbird-ref and version;
validate these before calling core.setOutput by checking the extracted strings
(from context.payload.comment.body → netbirdRefMatch[1] and versionMatch[1])
against safe regexes: enforce a git-ref-safe pattern for netbird-ref (e.g.,
allow alphanumerics, -, /, ., @) and a strict semver pattern for version (e.g.,
major.minor.patch with optional prerelease/build), and if a value fails
validation do not call core.setOutput and instead call core.setFailed or
core.info with a clear validation error message so downstream build steps won’t
receive malformed inputs.

[github-actions]

TestFlight build failed for d36021e

View workflow run

[mlsmaycon]

/testflight netbird-ref=add-default-resolver version=0.67.5

[github-actions]

TestFlight build failed for f72fa3b

View workflow run

[github-actions]

TestFlight build failed for f72fa3b

View workflow run