You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-[ ] Have you signed the [Contributor License Agreement](https://cla.opensource.microsoft.com/microsoft/winget-pkgs)?
3
-
-[ ] Is there a linked Issue? If so, fill in the Issue number below.
4
-
<!-- Example: Resolves #328283 -->
1
+
<!-- PR Title Format: "New package: Publisher.Name version X.Y.Z" or "Update: Publisher.Name to X.Y.Z" -->
2
+
3
+
## 📖 Description
4
+
<!-- Describe what this PR changes. For manifest submissions, include the package name and version. -->
5
+
6
+
## ✅ Checklist
7
+
<!-- Place an "x" between the brackets to check an item. e.g: [x] -->
8
+
9
+
-[ ] Signed the [Contributor License Agreement](https://cla.opensource.microsoft.com)
10
+
-[ ] Linked to an issue (if applicable)
11
+
<!-- Example: Resolves #328283 -->
5
12
- Resolves #[Issue Number]
6
13
7
-
Manifests
8
-
-[ ] Have you checked that there aren't other open [pull requests](https://github.com/microsoft/winget-pkgs/pulls) for the same manifest update/change?
9
-
-[ ] This PR only modifies one (1) manifest
10
-
-[ ] Have you [validated](https://github.com/microsoft/winget-pkgs/blob/master/doc/Authoring.md#validation) your manifest locally with `winget validate --manifest <path>`?
11
-
-[ ] Have you tested your manifest locally with `winget install --manifest <path>`?
12
-
-[ ] Does your manifest conform to the [1.12 schema](https://github.com/microsoft/winget-pkgs/tree/master/doc/manifest/schema/1.12.0)?
14
+
## 📦 Manifest Checklist
13
15
14
-
Note: `<path>` is the directory's name containing the manifest you're submitting.
16
+
-[ ] Checked that there aren't other open [pull requests](https://github.com/microsoft/winget-pkgs/pulls) for the same manifest update/change
This is the **Windows Package Manager (WinGet) community repository** — a manifest-only repo containing ~415,000+ YAML files describing how to install Windows applications via `winget`. There is no application source code here. The tooling is PowerShell scripts in `Tools/`.
6
+
7
+
## ⚠️ Critical Performance Rule
8
+
9
+
**Never recursively scan or search the `manifests/` directory.** It contains hundreds of thousands of files and will cause severe performance issues. Only search within the specific package folder being modified (e.g., `manifests/m/Microsoft/WindowsTerminal/`).
10
+
11
+
## Manifest Structure
12
+
13
+
Each package version lives in `manifests/<first-letter>/<Publisher>/<Package>/<Version>/` and requires three files:
14
+
15
+
| File | ManifestType | Purpose |
16
+
|------|-------------|---------|
17
+
|`<Id>.yaml`|`version`| Version metadata, links other files |
18
+
|`<Id>.installer.yaml`|`installer`| Installer URLs, SHA256 hashes, architecture, installer type |
-**Supported Installers:** MSIX, MSI, APPX, EXE only (scripts are not supported)
16
+
-**Supported Installers:** msix, appx, msi, exe, zip (with nested type), portable, font (font only in `fonts/` root)
17
+
-**Scripts are expressly prohibited** as installers (`.bat`, `.ps1`, etc.)
17
18
18
19
## Critical: How This Repository Works
19
20
@@ -34,14 +35,14 @@ For example: `manifests/m/Microsoft/WindowsTerminal/1.0.1401.0/`
34
35
35
36
## Instruction Priority
36
37
37
-
The instructions in the **Performance Rules**, **Allowed Local Searches**, and **Explicit Required Behavior** sections are **mandatory**.
38
+
The instructions in the **Performance Rules**, **Allowed Local Searches**, and **Explicit Required Behavior** sections are **mandatory**.
38
39
They override all other information in this file.
39
40
40
41
Copilot must always follow these rules when performing PR reviews, even if other documentation in this file describes general repository behavior.
41
42
42
43
## Performance Rules (Very Important)
43
44
44
-
This repository contains a very large directory: `manifests/`.
45
+
This repository contains a very large directory: `manifests/`.
45
46
Copilot must **never recursively scan or search the entire `manifests/` folder** during PR reviews.
46
47
47
48
Large-scale searches cause severe performance issues and timeouts.
@@ -109,6 +110,92 @@ When reviewing a PR:
109
110
110
111
---
111
112
113
+
## Review Guidance: What Constitutes an Actual Problem
114
+
115
+
This section defines what the review agent should and should not flag. The goal is high signal-to-noise — only flag real issues, not style preferences.
- A license name (e.g., `MIT`, `Apache 2.0`) placed in the `Copyright` field
122
+
- License-like text in `Copyright`, or copyright-like text in `License`
123
+
124
+
2.**Mismatched identifiers or versions**
125
+
-`PackageIdentifier` not matching the folder path (case-sensitive)
126
+
-`PackageVersion` not matching the version folder name
127
+
128
+
3.**Missing or incorrect schema header** — Every manifest file must begin with a `# yaml-language-server` comment declaring its schema URL. The URL must match both the `ManifestType` and `ManifestVersion` declared in that same file. There may be other comment lines before the schema declaration. The URL format is:
4.**Singleton manifest type** — Singleton manifests (`ManifestType: singleton`) are prohibited in the community repository. Only multi-file manifests are accepted.
139
+
140
+
5.**Scripts as installers** — `.bat`, `.cmd`, `.ps1`, `.vbs`, and other script files are expressly disallowed as installer types.
141
+
142
+
6.**Agreements with body text from non-verified developer** — The `Agreement` field (agreement body text) is only allowed for verified developers. Community PRs must not include `Agreement` text; only `AgreementLabel` and `AgreementUrl` are permitted.
143
+
144
+
7.**Installer URLs from unofficial sources** — Installer URLs should be discoverable on the publisher's official website or CDN. URLs pointing to unofficial mirrors or unrelated third-party hosts are a concern.
145
+
146
+
8.**Architecture mismatch** — The `Architecture` field should reflect the installed binaries, not the installer itself. An x86 installer that installs x64 binaries should declare `x64`.
147
+
148
+
### ❌ Do NOT Flag These (Not Actionable Issues)
149
+
150
+
1.**`License` not matching SPDX format** — The `License` field is free-form text. Values like `MIT`, `Apache 2.0`, `GPLv2`, `Freeware`, `Proprietary`, or `Copyright (c) Contoso` are all acceptable. Do not require exact SPDX identifiers.
151
+
152
+
2.**Minor formatting** — Trailing whitespace, missing periods, inconsistent casing, and similar style issues do not impact the functionality and should not be flagged in review.
153
+
154
+
3.**Optional fields being absent** — Many fields are optional: `Author`, `Description`, `Tags`, `ReleaseNotes`, `ReleaseNotesUrl`, `Moniker`, `LicenseUrl`, `CopyrightUrl`, `PublisherUrl`, `PublisherSupportUrl`, `PrivacyUrl`, etc. Their absence is not a problem even if previous versions had them.
155
+
156
+
4.**Version format style** — WinGet supports many version formats (semver, date-based, build numbers, etc.). Do not flag unconventional version strings unless they cause an actual sorting or matching issue.
157
+
158
+
5.**Field order within the YAML** — YAML field order within a manifest file does not need to match a specific sequence.
159
+
160
+
6.**Fields not nested under `Installers`** — Many installer manifest fields (e.g., `InstallerType`, `Scope`, `InstallerSwitches`, `UpgradeBehavior`, `Commands`, `FileExtensions`, `Protocols`, `InstallModes`, `ElevationRequirement`, `PackageFamilyName`, `ProductCode`, `AppsAndFeaturesEntries`, etc.) are valid at **both** the root level of the installer manifest (as defaults that apply to all entries) and within individual installer entries under `Installers`. A field placed at the root is not a mistake — it is a supported and common pattern. Before flagging any field placement as incorrect, consult the schema. If you are less than 90% certain the placement is invalid, **do not flag it** — legitimate schema violations are caught by the automated validation pipeline.
161
+
162
+
---
163
+
164
+
## Field Semantics Reference
165
+
166
+
### `License` vs `Copyright`
167
+
168
+
These are distinct and commonly confused:
169
+
170
+
| Field | Purpose | Examples | Common Mistake |
171
+
|-------|---------|---------|---------------|
172
+
|`License`| The license governing use/distribution of the software. **Free-form text, no SPDX requirement.**|`MIT`, `Apache 2.0`, `GPL-3.0`, `Freeware`, `Proprietary`, `Commercial`| Putting a copyright notice here |
> From the schema docs: *"Please note that a copyright is not considered a license. If there is no available information on a product's license, 'Proprietary' should be the value in this field."*
176
+
177
+
### Installer Types
178
+
179
+
| Type | Notes |
180
+
|------|-------|
181
+
|`msix` / `appx`| MSIX/APPX packages |
182
+
|`msi`| Windows Installer packages |
183
+
|`exe`| EXE-based installers |
184
+
|`zip`| Compressed archives; requires `NestedInstallerType` and `NestedInstallerFiles`|
185
+
|`portable`| Portable executables |
186
+
|`font`| Font files; **only permitted in `fonts/` root, not `manifests/`**|
187
+
188
+
---
189
+
190
+
## Key Policies Summary (from doc/Policies.md and doc/Authoring.md)
191
+
192
+
-**Silent install required**: Installers may display a UI, but users must not need to interact with it for successful installation.
193
+
-**Singleton manifests prohibited**: Multi-file format only.
194
+
-**Agreements**: Manifests containing agreements require a Microsoft review. Only verified developers may include `Agreement` body text.
195
+
-**Font files**: Must be submitted under the `fonts/` root, not `manifests/`.
196
+
197
+
---
198
+
112
199
## Summary
113
200
114
201
- Only analyze **diffs** and **local package manifests**.
0 commit comments