/AzurePipelines run

@microsoft-github-policy-service agree

not sure why this is failing, it works locally:

winget install --manifest .\manifests\m\mise\jdx\2024.12.4 --ignore-local-archive-malware-scan

it seems to be failing in "installer validation" but I ran winget validate and it passed locally. Unless I'm blind I don't see any actual error coming from CI:

12/10/2024 5:32:18 AM

****************************************************************************************
Installation Verification
****************************************************************************************
Status: Started
============================================================================== 
Task         : Installation Validation
Description  : Invoke an Azure Function
Version      : 1.220.0
Author       : Microsoft Corporation
Help URL     : https://docs.microsoft.com/azure/devops/pipelines/tasks/utility/azure-function
============================================================================== 
POST ***?code=***&
Request body: {
  "operationId": "WinGetSvc-Validation-29-197444-20241210-1",
  "buildId": "34420",
  "planUrl": "[https://dev.azure.com/shine-oss/",](https://dev.azure.com/shine-oss/%22,)
  "hubName": "build",
  "projectId": "8b78618a-7973-49d8-9174-4360829d979b",
  "planId": "61c74b16-4f95-450b-a3b6-7233e899dbda",
  "jobId": "68997d86-8ece-5ae8-3ac5-ccdbfa458731",
  "timelineId": "61c74b16-4f95-450b-a3b6-7233e899dbda",
  "taskInstanceId": "b79910ce-dca5-5e27-ad7f-bd285eecb5a2",
  "authToken": ***
  "repository": "microsoft/winget-pkgs",
  "pipelineType": "ValidationPipeline",
  "pullRequestNumber": "197444"
}
				Response Code: OK
				Response: 

12/10/2024 5:36:16 AM

****************************************************************************************
Installation Verification
****************************************************************************************
Status: Completed
Result: Result: Failed

When testing the manifest locally like so:

# Path
$ManifestDirPath = [System.IO.Path]::Combine(
    ([System.IO.Directory]::GetParent($psEditor.GetEditorContext().CurrentFile.Path).'FullName'),
    'Mise v2024.12.4'
)

# Try validating
winget validate --manifest $ManifestDirPath

# [admin] Enable required settings
gsudo {
    winget settings --enable LocalArchiveMalwareScanOverride
    winget settings --enable LocalManifestFiles
}

# Try installing
winget install --manifest $ManifestDirPath --installer-type portable --verbose

# Uninstall
winget uninstall --manifest $ManifestDirPath --purge

# [admin] Disable settings that was enabled
gsudo {
    winget settings --disable LocalArchiveMalwareScanOverride
    winget settings --disable LocalManifestFiles
}

On following command I get an error saying malware was detected:

PS > winget install --manifest $ManifestDirPath --installer-type portable --verbose

Found mise [mise.jdx] Version 2024.12.4
This application is licensed to you by its owner.
Microsoft is not responsible for, nor does it grant any licenses to, third-party packages.
Downloading https://github.com/jdx/mise/releases/download/v2024.12.4/mise-v2024.12.4-windows-x64.zip
  ██████████████████████████████  9.60 MB / 9.60 MB
Successfully verified installer hash
Archive scan detected malware. To override this check use --ignore-local-archive-malware-scan

PS >

False positive surely. But might be why the CI/CD tests fail? 🤔

Edit: No positives in VirusTotal: https://www.virustotal.com/gui/url/fc63f35c23e203091fc28824259f930e27880e645d161b7c1fc471e788553956.

Edit 2: WinGet about Zip threat detection: https://github.com/microsoft/winget-cli/blob/master/doc/specs/%23140%20-%20ZIP%20Support.md#zip-threat-detection

Edit 3: 7-Zip complains about this ZIP too:

Edit 4: GitHub runner image for Widows includes 7-Zip, maybe it'd be better to use that for creating the ZIP?

• https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md
• https://github.com/jdx/mise/blob/main/scripts/build-tarball.ps1
• The module which has the cmdlet Compress-Archive is archived on GitHub = will likely not get fixes any time soon: https://github.com/PowerShell/Microsoft.PowerShell.Archive

that's very helpful! I'll give that a go

I'm fairly certain that this is failing because winget does not support zip unpacking portable applications. It wants one of installer types (exe, msi, msix, inno, wix, nullsoft, appx)

I am aware that there is a reference to "zip" installer type, but I believe it is intended for installers inside zip files.

Here's an example with Azure CLI which also had a portable option with a ZIP:

• https://github.com/microsoft/winget-pkgs/blob/master/manifests/m/Microsoft/AzureCLI/2.65.0/Microsoft.AzureCLI.installer.yaml

Both this PR for Mise and the example above uses:

InstallerType: zip
NestedInstallerType: portable

Download the log from this url: https://dev.azure.com/shine-oss/8b78618a-7973-49d8-9174-4360829d979b/_apis/build/builds/34420/artifacts?artifactName=InstallationVerificationLogs&api-version=7.1&%24format=zip

It is failing due to MS Defender Antivirus finding threats.

You can submit the file for analysis to https://www.microsoft.com/en-us/wdsi/filesubmission

submitted for analysis, no idea how long that'll take

/AzurePipelines run

/AzurePipelines run

looks good now!

/AzurePipelines run

jdx,

The check-in policies require a moderator to approve PRs from the community.

Our moderators are community volunteers, please be patient and allow them sufficient time to review your submission.

Template: msftbot/requiresApproval/moderator