Test winget upgrade for the latest nightly builds

[hustcer]

Test winget upgrade for the latest nightly builds

[github-actions]

Script Analysis

• Added new --local flag to control manifest-based vs direct winget installation
• Improved version handling by using get-latest-tag for non-local installations
• Better separation of concerns with prepare-manifest now exported and used explicitly
• Added conditional logic for MSI tests requiring both --msi and --local flags
• Maintained structured data flow with version checks and installation verification

Security Review

• ❗ Potential path injection risk in manifest paths (e.g., manifests\n\Nushell\Nushell\($version)\)
• ⚠️ Direct execution of winget install without input validation for version strings
• ❗ GITHUB_TOKEN exposed in workflow (though necessary for GitHub Actions)

Optimization Suggestions

• Replace string concatenation with path joining for manifest paths
• Consider caching the result of get-latest-tag to avoid repeated calls
• Use structured version comparison instead of string splitting where possible
• Add parallel execution for independent test cases where possible

Overall Quality: 4