Assuming ownership of manifest update

[hculea]

Hello there! 👋

I am a developer with the CLI team at 1Password. My team and I are looking into helping keep 1Password CLI up to date on Scoop. We'd like to build an automation updating the 1Password CLI Scoop manifest with every CLI release.

In this way, we want to ensure that the CLI version that Scoop points to is always the latest one, so we'd be able to reliably recommend Scoop as an installation method in our Developer Documentation.

To my question:

This guide was very helpful to get the latest version of the manifest locally. However, I am not clear about how would this change be reflected in the Main bucket.

The wiki suggests a flow like:

.\bin\checkver -App ./path/to/local/cli/manifest -u
git commit -m "Updated apps"
git push

but I am left wondering if these are indeed all the steps, and whether these can be performed by a party without write permissions to the repository.

The CONTRIBUTING.md guide suggests that contributions to the buckets should be made through a PR from a fork, would this be the process to follow for updating a manifest too?

Am I missing anything?

Would love to find the best way to proceed here! Thank you!

Horia

[chawyehsu]

Glad to see you and your team decide to leverage Scoop to distribute software.

Since 1password-cli has already been added to the repository, technically you don't need to do anything to make it always be the latest one because we have a workflow that runs every 4 hours to check package updates, and it will update the manifest automatically when the upstream delivers new version of the software. But this relies on a stable distribution scheme - means the upstream should provide a consistent/regular download url for the software and a reliable url for checking the releases history, since the bot relies on the checking strategy defined in the manifest to work will only replace the version number and checksum of the package, and if the upsteram decides to update the distribution scheme, for instance, changing the download endpoint or package file name/structure, then they have to modify the manifest, submit a PR to reflect the changes.

There is one suggestion I would make is if the upstream could provide checksums of the packages, so the bot doesn't need to calculate them on the fly and can grab them from the upstream directly.

[hculea]

Oh that's absolutely awesome!

I'll raise up the checksum issue with my team as a possible future improvement 😄

Even before then, Scoop is now mentioned as an installation method for the 1Password CLI on Windows. 🎉

Thank you for your detailed answer!

Horia