PckgrBot
diff --git a/‎.configurations/YamlCreate.dsc.yaml‎ ‎.config/YamlCreate.winget‎.configurations/YamlCreate.dsc.yaml renamed to .config/YamlCreate.winget b/‎.configurations/YamlCreate.dsc.yaml‎ ‎.config/YamlCreate.winget‎.configurations/YamlCreate.dsc.yaml renamed to .config/YamlCreate.winget
diff --git a/‎.github/actions/spelling/allow.txt‎
Lines changed: 2 additions & 0 deletions b/‎.github/actions/spelling/allow.txt‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎.github/policies/labelAdded.highestVersionRemoval.yml‎
Lines changed: 3 additions & 0 deletions b/‎.github/policies/labelAdded.highestVersionRemoval.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎.github/policies/labelAdded.lastVersionRemoval.yml‎
Lines changed: 5 additions & 2 deletions b/‎.github/policies/labelAdded.lastVersionRemoval.yml‎
Lines changed: 5 additions & 2 deletions
diff --git a/‎.github/policies/labelAdded.validationDefenderError.yml‎
Lines changed: 52 additions & 0 deletions b/‎.github/policies/labelAdded.validationDefenderError.yml‎
Lines changed: 52 additions & 0 deletions
diff --git a/‎.github/workflows/scriptAnalyzer.yaml‎
Lines changed: 40 additions & 0 deletions b/‎.github/workflows/scriptAnalyzer.yaml‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎.github/workflows/spellCheck.yaml‎
Lines changed: 1 addition & 1 deletion b/‎.github/workflows/spellCheck.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎DevOpsPipelineDefinitions/publish-pipeline.yaml‎
Lines changed: 4 additions & 4 deletions b/‎DevOpsPipelineDefinitions/publish-pipeline.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎DevOpsPipelineDefinitions/rebuild-pipeline.yaml‎
Lines changed: 4 additions & 4 deletions b/‎DevOpsPipelineDefinitions/rebuild-pipeline.yaml‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎DevOpsPipelineDefinitions/validation-pipeline.yaml‎
Lines changed: 4 additions & 34 deletions b/‎DevOpsPipelineDefinitions/validation-pipeline.yaml‎
Lines changed: 4 additions & 34 deletions
@@ -23,6 +23,7 @@ INSTALLPATH
 ISVs
 Komac
 LOGPATH
+Linux
 malware
 Mariocube
 microsoft
@@ -55,6 +56,7 @@ uninstaller
 uninstalls
 upvote
 versioning
+vscode
 website
 winget
 wingetbot
 
@@ -29,6 +29,9 @@ configuration:
                 Please provide the reason for removal to help our moderators understand the context.
 
 
+                (This might be in error if the version is switching from semantic to string, or string to semantic.)
+
+
                 Template: msftbot/highestVersionRemoval
           - assignTo:
               author: True
 
@@ -23,10 +23,13 @@ configuration:
                 Hello @${issueAuthor},
 
 
-                This PR removes the last version of the package from the repository.
+                This PR removes the last version of this package in the repository, meaning it will completely remove this package from WinGet.
 
 
-                Please check if the package requires an update or is available from another source.
+                Please provide the reason for removal to help our moderators understand the context and check if the package requires an update or is available from another source.
+
+
+                Is it available from another location? (This might be in error if the version is switching from semantic to string, or string to semantic.)
 
 
                 Template: msftbot/lastVersionRemoval
 
@@ -0,0 +1,52 @@
+id: labelAdded.validationDefenderError
+name: GitOps.PullRequestIssueManagement
+description: Handlers when "Validation-Defender-Error" label is added
+owner:
+resource: repository
+disabled: false
+where:
+configuration:
+  resourceManagementConfiguration:
+    eventResponderTasks:
+      - description: >-
+          When the label "Validation-Defender-Error" is added to a pull request
+          * Add the PR specific reply notifying the issue author
+          * Assign to the Author
+          * Label with Needs-Author-Feedback
+          * Remove the Needs-Attention Label
+        if:
+          - payloadType: Pull_Request
+          - labelAdded:
+              label: Validation-Defender-Error
+        then:
+          - addReply:
+              reply: >-
+                Hello @${issueAuthor},
+
+
+                The package manager bot was blocked from installing one of the installers listed in the url field, and cannot continue.
+
+
+                The application included in this pull request failed to pass the [Installers Scan](https://docs.microsoft.com/en-us/windows/package-manager/package/winget-validation) test. This test is designed to ensure that the application installs on all environments without warnings.
+
+
+                Please check to ensure the installer URL is correct and update the URL and the Hash if a change is made.
+
+
+                If the package is mistakenly flagged as malware, you can [submit the installer(s) to the Microsoft Defender team for analysis](https://www.microsoft.com/en-us/wdsi/filesubmission).
+
+
+                For more details on this error, see [Defender errors](https://learn.microsoft.com/en-us/windows/package-manager/package/repository#error-labels).
+
+
+                Template: msftbot/validationError/installers/validationDefender
+          - assignTo:
+              author: True
+          - addLabel:
+              label: Needs-Author-Feedback
+          - removeLabel:
+              label: Needs-Attention # This will automatically assign the ICM Users
+        # The policy service should trigger even when the label was added by the policy service
+        triggerOnOwnActions: true
+onFailure:
+onSuccess:
@@ -0,0 +1,40 @@
+name: PSScriptAnalyzer
+
+on:
+  pull_request:
+    branches:
+      - master
+    paths:
+      - "**/*.ps1"
+  push:
+    paths:
+      - "**/*.ps1"
+
+permissions:
+  contents: read # Needed to check out the code
+  pull-requests: read # Needed to read pull request details
+
+jobs:
+  analyze:
+    runs-on: windows-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+      - name: Install PSScriptAnalyzer
+        run: |
+          Install-Module -Name PSScriptAnalyzer -Force -SkipPublisherCheck -Scope CurrentUser
+      - name: Run PSScriptAnalyzer
+        run: |
+          # Run PSScriptAnalyzer on all PowerShell scripts
+          $results = Get-ChildItem -Recurse -Filter *.ps1 | Invoke-ScriptAnalyzer
+          if ($results) {
+            Write-Output $results | Format-List -GroupBy ScriptName
+          }
+
+          # If errors are found, exit with a non-zero exit code to fail the job
+          if ($results.where({$_.Severity-eq 'Error'})) {
+            Write-Host "Found script issues (errors)."
+            exit 1  # Exit with a non-zero status to fail the job
+          } else {
+            Write-Host "No blocking detections."
+          }
@@ -67,7 +67,7 @@ jobs:
     steps:
     - name: check-spelling
       id: spelling
-      uses: check-spelling/[email protected].21
+      uses: check-spelling/[email protected].24
       with:
         suppress_push_for_open_pull_request: 1
         checkout: true
 
@@ -86,13 +86,13 @@ extends:
             ValidationStorageAccountName: $(ValidationStorageAccountName)
             CacheStorageAccountName: $(CacheStorageAccountName)
             StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
-            ExecutionEnvironment: $(ExecutionEnvironment)
-            PackagePublisher: $(PackagePublisher)
-            DIApplicationInsightKey: $(DIApplicationInsightKey)
             WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
             WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
-            SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            DIApplicationInsightKey: $(DIApplicationInsightKey)
             GithubServiceAccountToken: $(GithubServiceAccountToken)
+            PackagePublisher: $(PackagePublisher)
+            SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            ExecutionEnvironment: $(WinGetSvc.ExecutionEnvironment)
 
       # Agentless phase. Depends on previous job. 
       - job: 'SignPackage'
 
@@ -85,12 +85,12 @@ extends:
             ValidationStorageAccountName: $(ValidationStorageAccountName)
             CacheStorageAccountName: $(CacheStorageAccountName)
             StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
-            ExecutionEnvironment: $(ExecutionEnvironment)
-            PackagePublisher: $(PackagePublisher)
-            SYSTEM_ACCESSTOKEN: $(System.AccessToken)
-            DIApplicationInsightKey: $(DIApplicationInsightKey)
             WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
             WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
+            DIApplicationInsightKey: $(DIApplicationInsightKey)
+            PackagePublisher: $(PackagePublisher)
+            SYSTEM_ACCESSTOKEN: $(System.AccessToken)
+            ExecutionEnvironment: $(WinGetSvc.ExecutionEnvironment)
             SkipPausePublishPipeline: $(Rebuild.SkipPausePublishPipeline)
 
       # Agentless phase. Depends on previous job. 
 
@@ -65,10 +65,8 @@ extends:
             SCAN_ENDPOINT: $(AzFuncScanEndpoint)
             INSTALLATION_ENDPOINT: $(AzFuncInstallationVerificationEndpoint)
             LABEL_ENDPOINT: $(AzFuncSetLabelOnPullRequestEndpoint)
-            CLEANUP_ENDPOINT: $(AzFuncCleanupEndpoint)
             LABEL_KEY: $(AzureFunctionLabelKey)
             CATALOG_CONTENT_VERIFICATION_ENDPOINT: $(AzFuncCatalogContentVerificationEndpoint)
-            MISSING_MANIFEST_FIELDS_VERIFICATION_ENDPOINT: $(AzFuncMissingManifestFieldsVerificationEndpoint)
           inputs:
             script: 'winget_validation_setup.cmd'
             workingDirectory: scripts
@@ -87,12 +85,10 @@ extends:
           env:
             ValidationStorageAccountName: $(ValidationStorageAccountName)
             StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
-            GithubRepository: $(GithubRepository)
-            GithubServiceAccountToken: $(GithubServiceAccountToken)
-            ExecutionEnvironment: $(ExecutionEnvironment)
-            DIApplicationInsightKey: $(DIApplicationInsightKey)
             WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
             WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
+            DIApplicationInsightKey: $(DIApplicationInsightKey)
+            ExecutionEnvironment: $(WinGetSvc.ExecutionEnvironment)
 
         # Validates manifest integrity.
         - task: AzureCLI@2
@@ -109,10 +105,10 @@ extends:
             ValidationStorageAccountName: $(ValidationStorageAccountName)
             CacheStorageAccountName: $(CacheStorageAccountName)
             StorageManagedIdentityClientId: $(StorageManagedIdentityClientId)
-            DIApplicationInsightKey: $(DIApplicationInsightKey)
-            ExecutionEnvironment: $(ExecutionEnvironment)
             WinGet:AppConfig:PrimaryEndpoint: $(AppConfigPrimaryEndpoint)
             WinGet:AppConfig:SecondaryEndpoint: $(AppConfigSecondaryEndpoint)
+            DIApplicationInsightKey: $(DIApplicationInsightKey)
+            ExecutionEnvironment: $(WinGetSvc.ExecutionEnvironment)
 
       # Agentless phase. Depends on previous job.
       - job: 'ContentValidation'
@@ -314,13 +310,11 @@ extends:
           HostKeySecret: $[ dependencies.FileValidation.outputs['wingetsetup.hostkey']]
           LabelKeySecret : $[ dependencies.FileValidation.outputs['wingetsetup.labelkey']]
           LabelEndpointSecret: $[ dependencies.FileValidation.outputs['wingetsetup.labelEndpoint']]
-          CleanupEndpointSecret: $[ dependencies.filevalidation.outputs['wingetsetup.cleanupEndpoint']]
         steps:
 
         # Set label in GitHub PullRequest.
         - task: AzureFunction@1
           displayName: 'Set Label'
-          condition: eq(variables['WinGet.RepositoryType'], 'GitHub')
           inputs:
             function: '$(LabelEndpointSecret)'
             key: '$(LabelKeySecret)'
@@ -341,27 +335,3 @@ extends:
               "pullRequestNumber": "$(System.PullRequest.PullRequestNumber)"
               }
             waitForCompletion: "true"
-
-        # Cleanup resources.
-        - task: AzureFunction@1
-          displayName: 'Validation cleanup'
-          inputs:
-            function: '$(CleanupEndpointSecret)'
-            key: '$(HostKeySecret)'
-            body: |
-              {
-              "operationId": "$(Build.BuildNumber)",
-              "buildId": "$(Build.BuildId)",
-              "planUrl": "$(system.CollectionUri)",
-              "hubName": "$(system.HostType)",
-              "projectId": "$(system.TeamProjectId)",
-              "planId": "$(system.PlanId)", 
-              "jobId": "$(system.JobId)", 
-              "timelineId": "$(system.TimelineId)", 
-              "taskInstanceId": "$(system.TaskInstanceId)",
-              "authToken": "$(system.AccessToken)",
-              "repository": "$(build.repository.id)",
-              "pipelineType": "ValidationPipeline",
-              "pullRequestNumber": "$(System.PullRequest.PullRequestNumber)",
-              }
-            waitForCompletion: "true"