Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New package: jdx.mise version 2024.12.6 #197444

Conversation

jdx
Copy link
Contributor

@jdx jdx commented Dec 10, 2024

Pull request has been created with komac v2.8.0 🚀

Microsoft Reviewers: Open in CodeFlow

Fixes jdx/mise#3425

@wingetbot
Copy link
Collaborator

Service Badge  Service Badge  

@wingetbot
Copy link
Collaborator

/AzurePipelines run

@jdx
Copy link
Contributor Author

jdx commented Dec 10, 2024

@microsoft-github-policy-service agree

@wingetbot wingetbot added the Validation-Installation-Error Error installing application label Dec 10, 2024
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs-Author-Feedback This needs a response from the author. label Dec 10, 2024
@jdx jdx marked this pull request as draft December 10, 2024 05:43
@jdx
Copy link
Contributor Author

jdx commented Dec 10, 2024

not sure why this is failing, it works locally:

winget install --manifest .\manifests\m\mise\jdx\2024.12.4 --ignore-local-archive-malware-scan

@jdx jdx marked this pull request as ready for review December 10, 2024 05:53
@microsoft-github-policy-service microsoft-github-policy-service bot added Needs-Attention This work item needs to be reviewed by a member of the core team. and removed Needs-Author-Feedback This needs a response from the author. labels Dec 10, 2024
@jdx
Copy link
Contributor Author

jdx commented Dec 10, 2024

it seems to be failing in "installer validation" but I ran winget validate and it passed locally. Unless I'm blind I don't see any actual error coming from CI:

12/10/2024 5:32:18 AM

****************************************************************************************
Installation Verification
****************************************************************************************
Status: Started
============================================================================== 
Task         : Installation Validation
Description  : Invoke an Azure Function
Version      : 1.220.0
Author       : Microsoft Corporation
Help URL     : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/azure-function
============================================================================== 
POST ***?code=***&
Request body: {
  "operationId": "WinGetSvc-Validation-29-197444-20241210-1",
  "buildId": "34420",
  "planUrl": "[https://dev.azure.com/shine-oss/",](https://dev.azure.com/shine-oss/%22,)
  "hubName": "build",
  "projectId": "8b78618a-7973-49d8-9174-4360829d979b",
  "planId": "61c74b16-4f95-450b-a3b6-7233e899dbda",
  "jobId": "68997d86-8ece-5ae8-3ac5-ccdbfa458731",
  "timelineId": "61c74b16-4f95-450b-a3b6-7233e899dbda",
  "taskInstanceId": "b79910ce-dca5-5e27-ad7f-bd285eecb5a2",
  "authToken": ***
  "repository": "microsoft/winget-pkgs",
  "pipelineType": "ValidationPipeline",
  "pullRequestNumber": "197444"
}
				Response Code: OK
				Response: 

12/10/2024 5:36:16 AM

****************************************************************************************
Installation Verification
****************************************************************************************
Status: Completed
Result: Result: Failed

@o-l-a-v
Copy link
Contributor

o-l-a-v commented Dec 10, 2024

When testing the manifest locally like so:

image
# Path
$ManifestDirPath = [System.IO.Path]::Combine(
    ([System.IO.Directory]::GetParent($psEditor.GetEditorContext().CurrentFile.Path).'FullName'),
    'Mise v2024.12.4'
)

# Try validating
winget validate --manifest $ManifestDirPath

# [admin] Enable required settings
gsudo {
    winget settings --enable LocalArchiveMalwareScanOverride
    winget settings --enable LocalManifestFiles
}

# Try installing
winget install --manifest $ManifestDirPath --installer-type portable --verbose

# Uninstall
winget uninstall --manifest $ManifestDirPath --purge

# [admin] Disable settings that was enabled
gsudo {
    winget settings --disable LocalArchiveMalwareScanOverride
    winget settings --disable LocalManifestFiles
}

On following command I get an error saying malware was detected:

PS > winget install --manifest $ManifestDirPath --installer-type portable --verbose

Found mise [mise.jdx] Version 2024.12.4
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://github.com/jdx/mise/releases/download/v2024.12.4/mise-v2024.12.4-windows-x64.zip
  ██████████████████████████████  9.60 MB / 9.60 MB
Successfully verified installer hash
Archive scan detected malware. To override this check use --ignore-local-archive-malware-scan

PS >

False positive surely. But might be why the CI/CD tests fail? 🤔

Edit: No positives in VirusTotal: https://www.virustotal.com/gui/url/fc63f35c23e203091fc28824259f930e27880e645d161b7c1fc471e788553956.

Edit 2: WinGet about Zip threat detection: https://github.com/microsoft/winget-cli/blob/master/doc/specs/%23140%20-%20ZIP%20Support.md#zip-threat-detection

Edit 3: 7-Zip complains about this ZIP too:

  • image

Edit 4: GitHub runner image for Widows includes 7-Zip, maybe it'd be better to use that for creating the ZIP?

@jdx
Copy link
Contributor Author

jdx commented Dec 10, 2024

that's very helpful! I'll give that a go

@jdx jdx marked this pull request as draft December 10, 2024 21:37
jdx added a commit to jdx/mise that referenced this pull request Dec 10, 2024
@FilipDeVos
Copy link

I'm fairly certain that this is failing because winget does not support zip unpacking portable applications. It wants one of installer types (exe, msi, msix, inno, wix, nullsoft, appx)

I am aware that there is a reference to "zip" installer type, but I believe it is intended for installers inside zip files.

@o-l-a-v
Copy link
Contributor

o-l-a-v commented Dec 10, 2024

Here's an example with Azure CLI which also had a portable option with a ZIP:

Both this PR for Mise and the example above uses:

InstallerType: zip
NestedInstallerType: portable

@FilipDeVos
Copy link

@jdx
Copy link
Contributor Author

jdx commented Dec 11, 2024

submitted for analysis, no idea how long that'll take

@jdx jdx force-pushed the mise.jdx-2024.12.4-BC7516EF27FB418799F82A31D28C23B9 branch from e3abf10 to 0f60847 Compare December 11, 2024 17:59
@wingetbot
Copy link
Collaborator

/AzurePipelines run

@microsoft-github-policy-service microsoft-github-policy-service bot removed Needs-Attention This work item needs to be reviewed by a member of the core team. Validation-Installation-Error Error installing application labels Dec 11, 2024
@jdx jdx changed the title New package: mise.jdx version 2024.12.4 New package: mise.jdx version 2024.12.6 Dec 11, 2024
@wingetbot wingetbot added the Validation-Completed Validation passed label Dec 13, 2024
@o-l-a-v
Copy link
Contributor

o-l-a-v commented Dec 16, 2024

About the package identifier:

@jdx
Copy link
Contributor Author

jdx commented Dec 16, 2024

I don't think any package manager uses mise-en-place for the name except scoop

@jdx jdx changed the title New package: mise.jdx version 2024.12.6 New package: jdx.mise version 2024.12.6 Dec 16, 2024
auto-merge was automatically disabled December 16, 2024 13:05

Head branch was pushed to by a user without write access

@wingetbot
Copy link
Collaborator

/AzurePipelines run

@microsoft-github-policy-service microsoft-github-policy-service bot removed Azure-Pipeline-Passed Validation pipeline passed. There may still be manual validation requirements. Validation-Completed Validation passed labels Dec 16, 2024
@o-l-a-v
Copy link
Contributor

o-l-a-v commented Dec 16, 2024

I don't think any package manager uses mise-en-place for the name except scoop

Chocolatey currently does.

(I noticed this after I posted my last reply)

@jdx
Copy link
Contributor Author

jdx commented Dec 16, 2024

oh it seems these package managers separate the concept of an "id" and a "name"—I'm mostly familiar with homebrew which does not. I suppose we can use mise-en-place—though I consider these names totally interchangeable

auto-merge was automatically disabled December 16, 2024 13:25

Head branch was pushed to by a user without write access

@wingetbot
Copy link
Collaborator

/AzurePipelines run

@wingetbot wingetbot added New-Package Azure-Pipeline-Passed Validation pipeline passed. There may still be manual validation requirements. Validation-Completed Validation passed labels Dec 16, 2024
@jdx jdx requested a review from stephengillie December 16, 2024 15:54
@stephengillie
Copy link
Collaborator

Verify:
image

Our packages are sorted by PackageIdentifier - a composite of DeveloperName.PackageName, and generally must follow the developer or publisher's conventions for spelling, punctuation, suffixes, etc. These should match the Developer and PackageName fields in the locale file, but I'm not currently aware of any logic to check for matching between the fields.

@microsoft-github-policy-service microsoft-github-policy-service bot merged commit 428a678 into microsoft:master Dec 16, 2024
2 checks passed
@microsoft-github-policy-service microsoft-github-policy-service bot added the Moderator-Approved One of the Moderators has reviewed and approved this PR label Dec 16, 2024
@jdx jdx deleted the mise.jdx-2024.12.4-BC7516EF27FB418799F82A31D28C23B9 branch December 16, 2024 17:14
@wingetbot
Copy link
Collaborator

Publish pipeline succeeded for this Pull Request. Once you refresh your index, this change should be present.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Azure-Pipeline-Passed Validation pipeline passed. There may still be manual validation requirements. Moderator-Approved One of the Moderators has reviewed and approved this PR New-Package Publish-Pipeline-Succeeded Validation-Completed Validation passed
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Create winget package
5 participants