acorn: Add version 0.1.52

[jhwohlgemuth]

• Closes [Request]: acorn #16896

ACORN is a command line tool for improving how science is performed and communicated. It strives to demonstrate value to taxpayers, keep scientists honest, and improve our understanding of science. It is maintained by Oak Ridge National Laboratory and Scoop can support ACORN in its goal to improve science.

• Use conventional PR title: <manifest-name[@version]|chore>: <general summary of the pull request>
• I have read the Contributing Guide

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 10290a03-8018-4b6e-bde3-1f5865de9c66

📥 Commits

Reviewing files that changed from the base of the PR and between bb317d6 and 91035e9.

📒 Files selected for processing (1)

• bucket/acorn.json

✅ Files skipped from review due to trivial changes (1)

• bucket/acorn.json

---

📝 Walkthrough

Walkthrough

Adds a new Windows manifest bucket/acorn.json for acorn.exe (v0.1.52). The manifest declares package metadata (description, homepage, MIT license), a 64bit artifact with a concrete download URL and SHA256, and a bin entry pointing to acorn.exe. It includes an update automation checkver that queries the latest release permalink, extracts the version via regex v([\d.]+), and an autoupdate template that constructs the download URL as .../v$version/acorn.exe.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'acorn: Add version 0.1.52' is specific and directly describes the main change of adding a new package version.
Description check	✅ Passed	The description includes the required conventional PR title format confirmation and references the linked issue #16896, satisfying the template requirements.
Linked Issues check	✅ Passed	The pull request successfully addresses issue #16896 by adding the acorn manifest with package metadata, download URL, and version information as requested.
Out of Scope Changes check	✅ Passed	The changes are limited to adding the single manifest file bucket/acorn.json as required by issue #16896, with no extraneous modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Review rate limit: 7/8 reviews remaining, refill in 7 minutes and 30 seconds.}

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

bucket/acorn.json (1)

9-14: Consider removing shortcuts for a CLI tool.

The shortcuts configuration creates a Start Menu shortcut for acorn.exe. Since this is a command-line tool (already exposed via bin), the shortcut may be unnecessary—users typically invoke CLI tools from a terminal rather than clicking shortcuts.

Unless there's a specific GUI component or a reason to provide a Start Menu entry, consider removing the shortcuts block.

🔎 Proposed refactor

     "bin": "acorn.exe",
-    "shortcuts": [
-        [
-            "acorn.exe",
-            "acorn"
-        ]
-    ],
     "checkver": {

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 83deaa4 and 82af74a.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-19T13:58:23.389Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Applied to files:

• bucket/acorn.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: WindowsPowerShell

🔇 Additional comments (2)

bucket/acorn.json (2)

2-2: Correct the manifest version to match the available release.

The manifest declares version 0.1.50, but only v0.1.49 exists in the GitLab package registry and releases. Update the version field to 0.1.49 to align with the URL and available package.

-    "version": "0.1.50",
+    "version": "0.1.49",

Likely an incorrect or invalid review comment.

---

20-22: No actionable issue. The autoupdate block is correctly configured with the URL template. Hash verification in autoupdate is not available from the GitLab generic package registry API for this source, which is consistent with many similar manifests in the repository that lack autoupdate hashes when the upstream source doesn't provide easily-extractable hash metadata.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82af74a and baf117d.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

🔇 Additional comments (3)

bucket/acorn.json (3)

8-8: LGTM!

The binary configuration is correctly formatted for a single executable.

---

14-16: The autoupdate configuration is correctly implemented. Hash verification in the autoupdate block is not used across Scoop Extras manifests—none of the 2,053+ manifests with autoupdate blocks include hash verification in the autoupdate section. Additionally, GitLab's API does not expose hash or checksum metadata for released assets, making hash extraction infeasible. The root-level hash field suffices for the current version, and Scoop's autoupdate mechanism does not require hash verification within the autoupdate block itself.

---

4-5: No issues found. The homepage URL is accessible and the MIT license is correctly specified in the project's Cargo.toml.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[z-Fng]

Please follow the standard way to create a package request before submitting a PR to add a new package to this bucket. When creating a package request, you can check the criteria for a package to be accepted in this bucket, which can help you determine whether your PR is likely to be approved. The information provided in the issue can also help maintainers quickly get the necessary details.

For a package to be acceptable in this bucket, it should be:

1. Reasonably well-known and widely used. e.g. if it's a GitHub project, it should have at least 100 stars and/or 50 forks *
2. English interface (or at least English documentation) *
3. Latest stable version *
4. Full version (i.e. not a trial version)
5. Fairly standard install (e.g. uses a version-specific download URL, no elaborate pre/post install scripts)

[z-Fng]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint

https://github.com/ScoopInstaller/GithubActions/wiki/Pull-Request-Checks#lint

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

bucket/acorn.json (2)

9-9: Use lowercase for the hash value.

Scoop manifests conventionally use lowercase SHA256 hashes. While uppercase may work, it's inconsistent with standard practice in the repository.

🔎 Suggested change

-            "hash": "0F6E6741E8DFD1B5E2EAB19466E1A70B654878C945A49FF90EC4928DF4EE076B"
+            "hash": "0f6e6741e8dfd1b5e2eab19466e1a70b654878c945a49ff90ec4928df4ee076b"

---

18-20: Consider whether hash extraction is available for autoupdate.

The autoupdate block is missing hash extraction. If the GitLab package registry API provides SHA256 hashes for packages, adding hash extraction would improve security by enabling integrity verification during automatic updates.

Based on learnings, missing hash extraction is acceptable when upstream doesn't provide checksums programmatically.

📋 How to add hash extraction (if available)

If the GitLab API provides hashes for package files, you can extract them. For example:

"autoupdate": {
    "url": "https://code.ornl.gov/api/v4/projects/16689/packages/generic/x86_64-pc-windows-gnu/v$version/acorn.exe",
    "hash": {
        "url": "$url",
        "mode": "download"
    }
}

Or if there's a separate API endpoint that provides the hash, use that endpoint with appropriate JSON path.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baf117d and 71cde4f.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Learnt from: Ra2-IFV
Repo: ScoopInstaller/Extras PR: 16672
File: bucket/chromium-clang.json:12-12
Timestamp: 2025-11-29T22:02:34.868Z
Learning: In the chromium-clang.json manifest (bucket/chromium-clang.json), the extract_dir value "chrome-win32" is a fixed name determined by the upstream Chromium_Clang archive structure and should not be changed, even though the manifest targets 64-bit architecture.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-09-05T09:41:52.653Z

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-27T13:19:16.982Z

Learnt from: mokosiy
Repo: ScoopInstaller/Extras PR: 16428
File: bucket/multidrive.json:8-8
Timestamp: 2025-10-27T13:19:16.982Z
Learning: For MultiDrive manifests in the ScoopInstaller/Extras repository: the direct download URL at dl.atola.com causes 403 errors due to Cloudflare Bot Fight Mode blocking the Scoop bot, so GitHub Releases URLs should be used instead (e.g., https://github.com/atola-technology/multidrive/releases/download/...).

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-16T15:59:21.258Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/fvim.json:45-49
Timestamp: 2025-10-16T15:59:21.258Z
Learning: In Scoop manifests, the `autoupdate.url` and `autoupdate.architecture.<arch>.url` fields must be valid URIs according to the JSON schema (defined with `"format": "uri"`). Variables like `$matchUrlx64` that contain only path segments must be combined with a base URL (e.g., `https://github.com/.../releases/download/`) to form a complete valid URI.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-19T13:58:23.389Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-09-05T09:41:52.653Z

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format.

Applied to files:

• bucket/acorn.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: WindowsPowerShell

🔇 Additional comments (3)

bucket/acorn.json (3)

1-5: LGTM! Metadata is complete and appropriate.

All required fields are present with valid values. The description clearly explains the tool's purpose, and the MIT license is standard.

---

12-12: LGTM! Bin entry is correct.

The simple bin entry will properly expose acorn.exe in the user's PATH.

---

13-17: The checkver configuration is correct and functional. The endpoint successfully returns release data with the tag_name field containing "v0.1.50", which matches the regex pattern v([\\d.]+) as expected.

[jhwohlgemuth]

Please follow the standard way to create a package request before submitting a PR to add a new package to this bucket. When creating a package request, you can check the criteria for a package to be accepted in this bucket, which can help you determine whether your PR is likely to be approved. The information provided in the issue can also help maintainers quickly get the necessary details.

For a package to be acceptable in this bucket, it should be:

1. Reasonably well-known and widely used. e.g. if it's a GitHub project, it should have at least 100 stars and/or 50 forks *
2. English interface (or at least English documentation) *
3. Latest stable version *
4. Full version (i.e. not a trial version)
5. Fairly standard install (e.g. uses a version-specific download URL, no elaborate pre/post install scripts)

Sorry about that. I read and complied with the package submission checklist, but was not aware that an issue was the first step these days. I created an issue - #16896

I have run the lint script locally and saw no changes. Even after reading the manifest documentation and CI logs, I am at a loss for why the lint check is still failing...

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

* [ ]  Lint

* [x]  Description

* [x]  License

* [x]  Hashes

* [x]  Checkver

* [x]  Autoupdate

Check the full log for details.

CI output looks something like:

Log of Invalids:



Lint: False

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

I am fairly certain this PR is free from lint issues and ready to merge. I will expeditiously fix any issues if there are any...

Happy to be here. I appreciate your support.

[jhwohlgemuth]

Your changes did not pass all checks.
Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint

Wiki: Pull Request Checks (lint) (ScoopInstaller/GithubActions)

@z-Fng Just wanted to close the loop on this one. I did run the format command and saw no changes or errors. And the error within the CI run is effectively blank and provides no guidance.

I am standing by for any fixes/changes/whatever. Not sure if there is anything else to be done with the associated issue either...

[z-Fng]

Apologize for the delayed response.

The reason this PR has been put on hold is that I cannot easily determine whether this package meets our acceptance criteria. We are currently facing a shortage of active maintainers. Accepting packages that do not meet the acceptance criteria will place a greater burden on us in terms of maintenance.

I did run the format command and saw no changes or errors. And the error within the CI run is effectively blank and provides no guidance.

The formatting issue may be caused by your plugin automatically formatting the code, which conflicts with our expected format.

[z-Fng]

/verify

[github-actions]

All changes look good.

Wait for review from human collaborators.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[z-Fng]

Thanks for your contribution!

[jhwohlgemuth]

Thanks for your contribution!

@z-Fng Thank you for your effort. I'm sorry for failing to fix the lint issues...I am at a loss. Either way, thank you very much.