acorn: Add version 0.1.50

[jhwohlgemuth]

• Closes [Request]: acorn #16896

ACORN is a command line tool for improving how science is performed and communicated. It strives to demonstrate value to taxpayers, keep scientists honest, and improve our understanding of science. It is maintained by Oak Ridge National Laboratory and Scoop can support ACORN in its goal to improve science.

• Use conventional PR title: <manifest-name[@version]|chore>: <general summary of the pull request>
• I have read the Contributing Guide

Summary by CodeRabbit

• Chores
  • Added a new package manifest for Acorn v0.1.50 (Windows executable). Includes package metadata (version, description, homepage, license) and configures automatic release/version checking plus autoupdate download URL generation to enable streamlined installation and updates. No public APIs or exported declarations were changed.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a new Windows manifest bucket/acorn.json for acorn.exe (v0.1.50) containing metadata, download URL and SHA256, a bin entry, GitHub releases checkver (JSON path $.tag_name, regex v([\d.]+)), and an autoupdate URL template using the resolved version.

Changes

Cohort / File(s)	Summary
New Manifest Configuration bucket/acorn.json	New manifest for acorn.exe (v0.1.50): metadata (description, homepage, license), source download URL with SHA256, bin entry, checkver pointing to GitHub releases permalink with JSON path $.tag_name and regex v([\d.]+), and autoupdate URL template using v$version.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested labels

review-needed

Suggested reviewers

• z-Fng

Poem

🐰🌰 I hopped a patch and found a file so neat,
A shiny acorn manifest tucked in its seat.
Version tags and checksums all in a row,
I twitched my nose — now updates can go!

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely describes the main change: adding acorn package version 0.1.50.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	The PR description includes required elements: references closing issue (#16896), explains the project, and confirms both checklist items (conventional title and contributing guide read).

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

bucket/acorn.json (1)

9-14: Consider removing shortcuts for a CLI tool.

The shortcuts configuration creates a Start Menu shortcut for acorn.exe. Since this is a command-line tool (already exposed via bin), the shortcut may be unnecessary—users typically invoke CLI tools from a terminal rather than clicking shortcuts.

Unless there's a specific GUI component or a reason to provide a Start Menu entry, consider removing the shortcuts block.

🔎 Proposed refactor

     "bin": "acorn.exe",
-    "shortcuts": [
-        [
-            "acorn.exe",
-            "acorn"
-        ]
-    ],
     "checkver": {

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 83deaa4 and 82af74a.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-19T13:58:23.389Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Applied to files:

• bucket/acorn.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: WindowsPowerShell

🔇 Additional comments (2)

bucket/acorn.json (2)

2-2: Correct the manifest version to match the available release.

The manifest declares version 0.1.50, but only v0.1.49 exists in the GitLab package registry and releases. Update the version field to 0.1.49 to align with the URL and available package.

-    "version": "0.1.50",
+    "version": "0.1.49",

Likely an incorrect or invalid review comment.

---

20-22: No actionable issue. The autoupdate block is correctly configured with the URL template. Hash verification in autoupdate is not available from the GitLab generic package registry API for this source, which is consistent with many similar manifests in the repository that lack autoupdate hashes when the upstream source doesn't provide easily-extractable hash metadata.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 82af74a and baf117d.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

🔇 Additional comments (3)

bucket/acorn.json (3)

8-8: LGTM!

The binary configuration is correctly formatted for a single executable.

---

14-16: The autoupdate configuration is correctly implemented. Hash verification in the autoupdate block is not used across Scoop Extras manifests—none of the 2,053+ manifests with autoupdate blocks include hash verification in the autoupdate section. Additionally, GitLab's API does not expose hash or checksum metadata for released assets, making hash extraction infeasible. The root-level hash field suffices for the current version, and Scoop's autoupdate mechanism does not require hash verification within the autoupdate block itself.

---

4-5: No issues found. The homepage URL is accessible and the MIT license is correctly specified in the project's Cargo.toml.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[z-Fng]

Please follow the standard way to create a package request before submitting a PR to add a new package to this bucket. When creating a package request, you can check the criteria for a package to be accepted in this bucket, which can help you determine whether your PR is likely to be approved. The information provided in the issue can also help maintainers quickly get the necessary details.

For a package to be acceptable in this bucket, it should be:

1. Reasonably well-known and widely used. e.g. if it's a GitHub project, it should have at least 100 stars and/or 50 forks *
2. English interface (or at least English documentation) *
3. Latest stable version *
4. Full version (i.e. not a trial version)
5. Fairly standard install (e.g. uses a version-specific download URL, no elaborate pre/post install scripts)

[z-Fng]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint

https://github.com/ScoopInstaller/GithubActions/wiki/Pull-Request-Checks#lint

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

bucket/acorn.json (2)

9-9: Use lowercase for the hash value.

Scoop manifests conventionally use lowercase SHA256 hashes. While uppercase may work, it's inconsistent with standard practice in the repository.

🔎 Suggested change

-            "hash": "0F6E6741E8DFD1B5E2EAB19466E1A70B654878C945A49FF90EC4928DF4EE076B"
+            "hash": "0f6e6741e8dfd1b5e2eab19466e1a70b654878c945a49ff90ec4928df4ee076b"

---

18-20: Consider whether hash extraction is available for autoupdate.

The autoupdate block is missing hash extraction. If the GitLab package registry API provides SHA256 hashes for packages, adding hash extraction would improve security by enabling integrity verification during automatic updates.

Based on learnings, missing hash extraction is acceptable when upstream doesn't provide checksums programmatically.

📋 How to add hash extraction (if available)

If the GitLab API provides hashes for package files, you can extract them. For example:

"autoupdate": {
    "url": "https://code.ornl.gov/api/v4/projects/16689/packages/generic/x86_64-pc-windows-gnu/v$version/acorn.exe",
    "hash": {
        "url": "$url",
        "mode": "download"
    }
}

Or if there's a separate API endpoint that provides the hash, use that endpoint with appropriate JSON path.

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between baf117d and 71cde4f.

📒 Files selected for processing (1)

• bucket/acorn.json

🧰 Additional context used

🧠 Learnings (7)

📓 Common learnings

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Learnt from: Ra2-IFV
Repo: ScoopInstaller/Extras PR: 16672
File: bucket/chromium-clang.json:12-12
Timestamp: 2025-11-29T22:02:34.868Z
Learning: In the chromium-clang.json manifest (bucket/chromium-clang.json), the extract_dir value "chrome-win32" is a fixed name determined by the upstream Chromium_Clang archive structure and should not be changed, even though the manifest targets 64-bit architecture.

📚 Learning: 2025-10-16T13:42:43.224Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/debugviewpp.json:14-21
Timestamp: 2025-10-16T13:42:43.224Z
Learning: In the DebugViewPP project (CobaltFusion/DebugViewPP), the executable name changed from "DebugView++.exe" (in v1.8.0.103 and earlier) to "Debugviewpp.exe" (in v1.9.0.28 and later). The manifest bucket/debugviewpp.json correctly uses "Debugviewpp.exe" for current versions.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-09-05T09:41:52.653Z

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds in recent versions uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format. This was confirmed by a working 10.0.0 update with valid hash.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-27T13:19:16.982Z

Learnt from: mokosiy
Repo: ScoopInstaller/Extras PR: 16428
File: bucket/multidrive.json:8-8
Timestamp: 2025-10-27T13:19:16.982Z
Learning: For MultiDrive manifests in the ScoopInstaller/Extras repository: the direct download URL at dl.atola.com causes 403 errors due to Cloudflare Bot Fight Mode blocking the Scoop bot, so GitHub Releases URLs should be used instead (e.g., https://github.com/atola-technology/multidrive/releases/download/...).

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-16T15:59:21.258Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16349
File: bucket/fvim.json:45-49
Timestamp: 2025-10-16T15:59:21.258Z
Learning: In Scoop manifests, the `autoupdate.url` and `autoupdate.architecture.<arch>.url` fields must be valid URIs according to the JSON schema (defined with `"format": "uri"`). Variables like `$matchUrlx64` that contain only path segments must be combined with a base URL (e.g., `https://github.com/.../releases/download/`) to form a complete valid URI.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-10-19T13:58:23.389Z

Learnt from: o-l-a-v
Repo: ScoopInstaller/Extras PR: 16378
File: bucket/compactgui.json:20-22
Timestamp: 2025-10-19T13:58:23.389Z
Learning: In the ScoopInstaller/Extras repository, the CompactGUI manifest removed hash verification from the autoupdate block because the hash verification mechanism (scraping SHA-256 from release page HTML) is no longer available in newer CompactGUI releases. GitHub asset digests exist in beta releases but not in v3.8.0, and Scoop doesn't have built-in support for extracting from GitHub API asset digests.

Applied to files:

• bucket/acorn.json

📚 Learning: 2025-09-05T09:41:52.653Z

Learnt from: Gitoffthelawn
Repo: ScoopInstaller/Extras PR: 16106
File: bucket/czkawka-gui.json:25-25
Timestamp: 2025-09-05T09:41:52.653Z
Learning: For czkawka-gui manifests in Scoop Extras, the correct upstream filename pattern for Windows GUI builds uses "gtk46" (without underscore), not "gtk_46" (with underscore). The autoupdate URL should use "windows_czkawka_gui_gtk46.zip" format.

Applied to files:

• bucket/acorn.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: WindowsPowerShell

🔇 Additional comments (3)

bucket/acorn.json (3)

1-5: LGTM! Metadata is complete and appropriate.

All required fields are present with valid values. The description clearly explains the tool's purpose, and the MIT license is standard.

---

12-12: LGTM! Bin entry is correct.

The simple bin entry will properly expose acorn.exe in the user's PATH.

---

13-17: The checkver configuration is correct and functional. The endpoint successfully returns release data with the tag_name field containing "v0.1.50", which matches the regex pattern v([\\d.]+) as expected.

[jhwohlgemuth]

Please follow the standard way to create a package request before submitting a PR to add a new package to this bucket. When creating a package request, you can check the criteria for a package to be accepted in this bucket, which can help you determine whether your PR is likely to be approved. The information provided in the issue can also help maintainers quickly get the necessary details.

For a package to be acceptable in this bucket, it should be:

1. Reasonably well-known and widely used. e.g. if it's a GitHub project, it should have at least 100 stars and/or 50 forks *
2. English interface (or at least English documentation) *
3. Latest stable version *
4. Full version (i.e. not a trial version)
5. Fairly standard install (e.g. uses a version-specific download URL, no elaborate pre/post install scripts)

Sorry about that. I read and complied with the package submission checklist, but was not aware that an issue was the first step these days. I created an issue - #16896

I have run the lint script locally and saw no changes. Even after reading the manifest documentation and CI logs, I am at a loss for why the lint check is still failing...

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

* [ ]  Lint

* [x]  Description

* [x]  License

* [x]  Hashes

* [x]  Checkver

* [x]  Autoupdate

Check the full log for details.

CI output looks something like:

Log of Invalids:



Lint: False

[jhwohlgemuth]

/verify

[github-actions]

Your changes did not pass all checks.

Please address the issues in the manifest and comment starting with /verify to rerun the checks.

acorn

• Lint
• Description
• License
• Hashes
• Checkver
• Autoupdate

Check the full log for details.

[jhwohlgemuth]

I am fairly certain this PR is free from lint issues and ready to merge. I will expeditiously fix any issues if there are any...

Happy to be here. I appreciate your support.