-
Notifications
You must be signed in to change notification settings - Fork 4.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New package: jdx.mise version 2024.12.6 #197444
New package: jdx.mise version 2024.12.6 #197444
Conversation
/AzurePipelines run |
@microsoft-github-policy-service agree |
not sure why this is failing, it works locally:
|
it seems to be failing in "installer validation" but I ran
|
When testing the manifest locally like so: # Path
$ManifestDirPath = [System.IO.Path]::Combine(
([System.IO.Directory]::GetParent($psEditor.GetEditorContext().CurrentFile.Path).'FullName'),
'Mise v2024.12.4'
)
# Try validating
winget validate --manifest $ManifestDirPath
# [admin] Enable required settings
gsudo {
winget settings --enable LocalArchiveMalwareScanOverride
winget settings --enable LocalManifestFiles
}
# Try installing
winget install --manifest $ManifestDirPath --installer-type portable --verbose
# Uninstall
winget uninstall --manifest $ManifestDirPath --purge
# [admin] Disable settings that was enabled
gsudo {
winget settings --disable LocalArchiveMalwareScanOverride
winget settings --disable LocalManifestFiles
} On following command I get an error saying malware was detected: PS > winget install --manifest $ManifestDirPath --installer-type portable --verbose
Found mise [mise.jdx] Version 2024.12.4
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://github.com/jdx/mise/releases/download/v2024.12.4/mise-v2024.12.4-windows-x64.zip
██████████████████████████████ 9.60 MB / 9.60 MB
Successfully verified installer hash
Archive scan detected malware. To override this check use --ignore-local-archive-malware-scan
PS > False positive surely. But might be why the CI/CD tests fail? 🤔 Edit: No positives in VirusTotal: https://www.virustotal.com/gui/url/fc63f35c23e203091fc28824259f930e27880e645d161b7c1fc471e788553956. Edit 2: WinGet about Zip threat detection: https://github.com/microsoft/winget-cli/blob/master/doc/specs/%23140%20-%20ZIP%20Support.md#zip-threat-detection Edit 3: 7-Zip complains about this ZIP too: Edit 4: GitHub runner image for Widows includes 7-Zip, maybe it'd be better to use that for creating the ZIP?
|
that's very helpful! I'll give that a go |
I'm fairly certain that this is failing because winget does not support zip unpacking portable applications. It wants one of installer types (exe, msi, msix, inno, wix, nullsoft, appx) I am aware that there is a reference to "zip" installer type, but I believe it is intended for installers inside zip files. |
Here's an example with Azure CLI which also had a portable option with a ZIP: Both this PR for Mise and the example above uses: InstallerType: zip
NestedInstallerType: portable |
Download the log from this url: https://dev.azure.com/shine-oss/8b78618a-7973-49d8-9174-4360829d979b/_apis/build/builds/34420/artifacts?artifactName=InstallationVerificationLogs&api-version=7.1&%24format=zip It is failing due to MS Defender Antivirus finding threats. You can submit the file for analysis to https://www.microsoft.com/en-us/wdsi/filesubmission |
submitted for analysis, no idea how long that'll take |
e3abf10
to
0f60847
Compare
/AzurePipelines run |
About the package identifier:
|
I don't think any package manager uses mise-en-place for the name except scoop |
…BC7516EF27FB418799F82A31D28C23B9
Head branch was pushed to by a user without write access
/AzurePipelines run |
Chocolatey currently does. (I noticed this after I posted my last reply) |
oh it seems these package managers separate the concept of an "id" and a "name"—I'm mostly familiar with homebrew which does not. I suppose we can use mise-en-place—though I consider these names totally interchangeable |
Head branch was pushed to by a user without write access
/AzurePipelines run |
Our packages are sorted by |
428a678
into
microsoft:master
Publish pipeline succeeded for this Pull Request. Once you refresh your index, this change should be present. |
Pull request has been created with komac v2.8.0 🚀
Microsoft Reviewers: Open in CodeFlow
Fixes jdx/mise#3425