various: Fix checkver, autoupdate that fails in Excevator#16349
various: Fix checkver, autoupdate that fails in Excevator#16349o-l-a-v wants to merge 24 commits intoScoopInstaller:masterfrom
Conversation
WalkthroughMultiple Scoop manifests were updated: version bumps, download URLs and hashes updated; many Changes
Sequence Diagram(s)sequenceDiagram
autonumber
actor User
participant Scoop
participant Manifest as "Manifest (bucket/*.json)"
participant GitHubAPI as "GitHub API / Releases"
participant ScriptRunner as "PowerShell (checkver.script)"
participant Downloader as "Downloader/Installer"
User->>Scoop: install/update <pkg>
Scoop->>Manifest: read checkver config
alt checkver == github shorthand
Scoop->>GitHubAPI: GET /repos/:owner/:repo/releases/latest
GitHubAPI-->>Scoop: latest tag
Scoop->>Scoop: parse tag -> version
else checkver == API url + jsonpath
Scoop->>GitHubAPI: GET specified API URL
GitHubAPI-->>Scoop: JSON payload
Scoop->>Scoop: extract via jsonpath + regex -> version
else checkver == script
Scoop->>ScriptRunner: run checkver.script
ScriptRunner-->>Scoop: script output -> version
end
Scoop->>Scoop: build autoupdate URL with $version / $matchUrl*
Scoop->>Downloader: download artifact
Downloader-->>Scoop: installer result
Scoop-->>User: install/update complete
opt post_uninstall defined
Note right of Manifest: post_uninstall runs on purge to remove settings
end
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~25 minutes Suggested reviewers
Poem
Pre-merge checks and finishing touches❌ Failed checks (1 inconclusive)
✅ Passed checks (2 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
|
All changes look good. Wait for review from human collaborators. autohotkey
chef-workstation
classic-volume-mixer
clementine
compactgui
cookiecutter
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 0
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (1)
bucket/cookiecutter.json (1)
11-21: Activation path is incorrect; use venv python directly to avoid failuresOn Windows/PowerShell the venv activation script is Activate.ps1; calling ".\cookiecutter\Scripts\activate" will fail, and then 'deactivate' is undefined. Use the venv’s python explicitly.
Apply:
Push-Location "$dir" python -m venv cookiecutter -.\cookiecutter\Scripts\activate try { - python -m pip install "$fname" + & "$dir\cookiecutter\Scripts\python.exe" -m pip install "$fname" } finally { Remove-Item "$fname" - deactivate Pop-Location }
🧹 Nitpick comments (2)
bucket/autohotkey.json (1)
78-79: Prefer owner/repo for checkver.githubUse "AutoHotkey/AutoHotkey" instead of a full GitHub URL for consistency and to avoid parser quirks.
Apply:
- "checkver": { - "github": "https://github.com/AutoHotkey/AutoHotkey" - }, + "checkver": { + "github": "AutoHotkey/AutoHotkey" + },bucket/classic-volume-mixer.json (1)
15-26: Post-uninstall purge looks correctGuarded by $purge and safely deletes the settings file. Good addition.
You could simplify with Remove-Item -ErrorAction SilentlyContinue, but current code is fine.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (9)
bucket/autohotkey.json(1 hunks)bucket/chef-workstation.json(2 hunks)bucket/classic-volume-mixer.json(1 hunks)bucket/clementine.json(2 hunks)bucket/compactgui.json(1 hunks)bucket/cookiecutter.json(2 hunks)deprecated/authy.json(1 hunks)deprecated/betaflight-blackbox-explorer.json(1 hunks)deprecated/cider.json(1 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: PowerShell
- GitHub Check: WindowsPowerShell
🔇 Additional comments (10)
deprecated/authy.json (1)
2-2: Looks good—deprecation note reads clearly.The added
"##"comment cleanly records when the manifest was deprecated and matches the common Scoop pattern.deprecated/cider.json (1)
2-2: Nice touch adding the explicit deprecation date.The
"##"metadata follows the established style and should help future maintainers.deprecated/betaflight-blackbox-explorer.json (1)
2-2: Comment addition makes the status explicit.The
"##"entry cleanly documents that the package is online-only from the stated date, consistent with the other manifests.bucket/cookiecutter.json (1)
7-8: LGTM on wheel switch and autoupdate templatepy3 wheel URL/hash and autoupdate pattern look correct.
Please confirm cookiecutter 2.6.0’s minimum Python matches the bucket’s python package version offered to users (>=3.8).
Also applies to: 27-27
bucket/compactgui.json (1)
15-22: Solid GitHub API-based checkverTag filter + regex will stabilize Excavator runs. Looks good.
bucket/classic-volume-mixer.json (1)
2-9: Version, URL, hash, innosetup, and autoupdate updates look consistentMatches upstream release scheme (no leading v). Autoupdate templating is correct.
Also applies to: 29-29
bucket/chef-workstation.json (2)
11-12: MSI URL/hash update is consistent with versionPath and filename align with 25.9.1094 artifacts.
25-27: Checkver via release notes pageRegex should match 25.9.1094, but release notes formatting can change.
If Excavator still misses versions, consider adding an explicit json/api endpoint or a fallback regex targeting the download listing as a backup.
bucket/clementine.json (2)
16-19: API-based checkver matches tag formatjsonpath + regex correctly extracts versions like 1.4.1-58-g.
2-7: Version/URL/hash updates align with upstreamAutoupdate template remains correct for future tags.
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/anythingllm.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: WindowsPowerShell
🔇 Additional comments (2)
bucket/anythingllm.json (2)
31-31: Align checkver source with delivered binaries (optional). CDN’s latest.yml endpoint returned no version—verify its availability/format before switching to Option B. Otherwise, normalize GitHub tags via regex.Option A (GitHub):
- "checkver": { - "github": "https://github.com/Mintplex-Labs/anything-llm" - }, + "checkver": { + "github": "https://github.com/Mintplex-Labs/anything-llm", + "regex": "([\\d.]+)" + },Option B (CDN):
- "checkver": { - "github": "https://github.com/Mintplex-Labs/anything-llm" - }, + "checkver": { + "url": "https://cdn.anythingllm.com/latest/latest.yml", + "regex": "version:\\s*([\\d.]+)" + },
8-9: Validate CDN endpoints and file hashes
- Confirmed version 1.9.0 matches the GitHub release v1.9.0.
/latest/AnythingLLMDesktop*.exeURLs return 200 OK, but there’s nolatest.ymlmetadata at the CDN.- Manually download each executable and recompute its SHA256 to ensure the
hashentries inbucket/anythingllm.jsonare correct, or update the manifest to consume a valid metadata endpoint.
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/debugtron.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: WindowsPowerShell
🔇 Additional comments (1)
bucket/debugtron.json (1)
4-4: No-op metadata change looks fine.Reordering/rewriting homepage with same URL is OK.
There was a problem hiding this comment.
Actionable comments posted: 2
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/anythingllm.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: WindowsPowerShell
…SIX.vsix" anymore as far as I can see.
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/debugviewpp.json(1 hunks)
🧰 Additional context used
🧠 Learnings (1)
📓 Common learnings
Learnt from: o-l-a-v
PR: ScoopInstaller/Extras#16328
File: bucket/winutil.json:0-0
Timestamp: 2025-10-13T09:37:06.093Z
Learning: When reviewing code in Scoop manifests, always verify the actual file content if the diff appears incomplete or unusual, as diff context can be truncated or displayed incorrectly. The pattern `[string[]](...).ForEach{...}` is commonly used in post_uninstall scripts across the Extras repository.
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: WindowsPowerShell
- GitHub Check: PowerShell
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
bucket/fontforge.json (2)
9-12: bin entries: path separator nit and existence check
- Consider using backslashes for Windows paths to match common Scoop style.
- Ensure ffpython.exe exists under bin in the installed layout.
Proposed tweak:
"bin": [ "fontforge.bat", - "bin/ffpython.exe" + "bin\\ffpython.exe" ],
24-26: Make checkver robust to hyphenated tag names and keep digits-only versionIf GitHub tag_name includes hyphens (e.g., 2025-10-09), current regex won’t match, or would force adding hyphens to version later. Use a tolerant regex plus replace to normalize version, while still exposing named groups for autoupdate.
Apply:
- "url": "https://api.github.com/repos/fontforge/fontforge/releases/latest", - "jsonpath": "$.tag_name", - "regex": "(?<version>(?<year>\\d{4})(?<month>\\d{2})(?<day>\\d{2}))" + "url": "https://api.github.com/repos/fontforge/fontforge/releases/latest", + "jsonpath": "$.tag_name", + "regex": "^(?<year>\\d{4})[-.]?(?<month>\\d{2})[-.]?(?<day>\\d{2})$", + "replace": "${year}${month}${day}"This preserves version as 20251009 while still providing $matchYear/$matchMonth/$matchDay.
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/fontforge.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: WindowsPowerShell
🔇 Additional comments (2)
bucket/fontforge.json (2)
29-29: Autoupdate URL construction looks good; ensure named groups are presentThe URL correctly uses $version for tag and hyphenated $match* for the asset name. This relies on checkver exposing year/month/day named groups.
After updating regex as suggested (or keeping current), confirm that:
- checkver outputs version 20251009
- autoupdate expands to the exact asset URL shown in Line 6.
6-7: Verify SHA256 hash for FontForge-2025-10-09-Windows-x64.exeThe asset name and URL are confirmed correct. Manually verify the SHA256 hash:
548523f08834e344bda69abb759e30c0f84a1a5ef9a5e965eb946d86a11118a3Download the exe from https://github.com/fontforge/fontforge/releases/download/20251009/FontForge-2025-10-09-Windows-x64.exe and confirm its SHA256 matches the value above to prevent failed installs.
There was a problem hiding this comment.
Actionable comments posted: 0
🧹 Nitpick comments (2)
bucket/color-sustainer.json (2)
4-4: Use the canonical Guru3D details URL to avoid redirects.
Switch homepage to the canonical files-details page.- "homepage": "https://www.guru3d.com/download/color-sustainer-download", + "homepage": "https://www.guru3d.com/files-details/color-sustainer-download.html",
16-18: Use iwr -useb for HTML and relax regex; drop unnecessary reverse.
IRM is for JSON/XML and can be flaky on HTML. iwr -useb is the common Scoop pattern. Regex made case-insensitive and less brittle. reverse not needed with a single match.- "script": "Invoke-RestMethod -Method 'Get' -Uri 'https://www.guru3d.com/download/color-sustainer-download'", - "regex": "Download Color Sustainer \\(ICC Profile Enforcer\\) v([\\d.]+[\\d])", - "reverse": true + "script": "iwr -useb 'https://www.guru3d.com/files-details/color-sustainer-download.html'", + "regex": "(?i)Color Sustainer \\(ICC Profile Enforcer\\) v([\\d.]+)"Optional: if the page omits the literal "v", use
(?i)Color Sustainer \\(ICC Profile Enforcer\\)\\s*([\\d.]+).
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/color-sustainer.json(2 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
- GitHub Check: WindowsPowerShell
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/fvim.json(3 hunks)
⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)
- GitHub Check: WindowsPowerShell
- GitHub Check: PowerShell
🔇 Additional comments (5)
bucket/fvim.json (5)
2-2: Version bump looks fine.No structural issues spotted.
45-45: Autoupdate x64 URL via capture looks good.This will follow upstream’s dynamic asset naming.
48-48: Autoupdate arm64 URL via capture looks good.Consistent with x64 approach.
11-12: Confirm release asset integrity
Asset URL resolves (302 → application/octet-stream, 57 389 790 bytes) but filename shows v0.3.548… while manifest is 0.3.549+ee4316c. Download it and run:curl -L "https://github.com/yatli/fvim/releases/download/v0.3.549%2Bee4316c/fvim-win-x64-v0.3.548%2Bg2e4087d-2-gee4316c.zip" | sha256sumEnsure the output matches
96bdaa15a7557dfc70b984777d15b05caa25c1924847ea46bd7740f4fe4162c1.
15-16: URL is available and accessible; SHA256 hash verification incomplete.The URL resolves correctly via GitHub's release redirect (HTTP/2 302) to a valid presigned URL with confirmed file size of 53,353,840 bytes. The version notation difference (tag v0.3.549 vs. asset v0.3.548) appears to follow the project's release asset naming convention. However, the SHA256 hash
2bc73d0d14a0d138a5a66feac15720c09e41fb5a813d9fe25453a6adde455d24could not be independently verified due to system constraints. Before merging, manually verify the hash matches the downloaded file or cross-check against the official fvim release page.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
bucket/fvim.json (1)
27-40: checkver still returns arrays; Split/join is brittle and can yield wrong segments. Select a single URL and emit full URLs; tighten regex.Current
.Where{...}.'browser_download_url'.Split(...)[-2,-1]can flatten arrays and break matches. UseSelect-Object -ExpandProperty -First 1, drop[string]::Format, and anchor the regex.Apply:
- "script": [ - "$LatestRelease = [PSCustomObject](", - " Invoke-RestMethod -Method 'Get' -Uri (", - " 'https://api.github.com/repos/yatli/fvim/releases/latest'", - " )", - ")", - "[string]::Format(", - " '{0}|{1}|{2}',", - " $LatestRelease.'tag_name'.TrimStart('v'),", - " ($LatestRelease.'assets'.Where{$_.'name'.StartsWith('fvim-win-x64-')}.'browser_download_url'.Split('/')[-2, -1] -join '/'),", - " ($LatestRelease.'assets'.Where{$_.'name'.StartsWith('fvim-win-arm64-')}.'browser_download_url'.Split('/')[-2, -1] -join '/')", - ")" - ], - "regex": "(?<version>.+)\\|(?<urlx64>.+)\\|(?<urlarm64>.+)" + "script": [ + "$r = Invoke-RestMethod -Method 'Get' -Uri 'https://api.github.com/repos/yatli/fvim/releases/latest'", + "$x64 = $r.assets | Where-Object { $_.name -like 'fvim-win-x64-*.zip' } | Select-Object -ExpandProperty browser_download_url -First 1", + "$arm = $r.assets | Where-Object { $_.name -like 'fvim-win-arm64-*.zip' } | Select-Object -ExpandProperty browser_download_url -First 1", + "if (-not $x64 -or -not $arm) { throw 'FVim asset URLs not found in latest release.' }", + "'{0}|{1}|{2}' -f ($r.tag_name.TrimStart('v')), $x64, $arm" + ], + "regex": "^(?<version>[^|]+)\\|(?<urlx64>[^|]+)\\|(?<urlarm64>[^|]+)$"
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
📒 Files selected for processing (1)
bucket/fvim.json(3 hunks)
🔇 Additional comments (1)
bucket/fvim.json (1)
11-16: Verify asset filenames vs version and hashes.Filenames include 0.3.548 while tag is 0.3.549; likely upstream’s scheme, but please confirm both URLs resolve and hashes match.
|
Thanks a lot for fixing the broken manifests! ❤️ Here are some suggestions:
|
|
Both CodeRabbit and Scoop tests handles multiple manifests, so I thought I'd save myself a lot of time by having them all in one PR. If I have to split them up I don't know when I'll have time to do so. Is there a procedure / definition for when something should be deprecated vs. remove checkver and autoupdate logic? |
As far as I remember, there aren't any. We generally don't deprecate a package unless the package cannot be obtained at all.
For widely-used packages, sometimes we even retrieve them from web.archive.org.
For autoupdate filed, if we can still install a specific version via |
|
Did as @z-Fng wanted, created a PR per package. |
2 participants
<manifest-name[@version]|chore>: <general summary of the pull request>Summary by hooman
I took a look at the output of a recent Excavator job ( https://github.com/ScoopInstaller/Extras/actions/runs/18555159620 ) and started fixing manifests.
Summary by CodeRabbit
New Features
Improvements
Chores