Skip to content

Improve Microsoft Store certification flow#53

Merged
fkiller merged 13 commits into
mainfrom
codex/runtime-docker-maintenance-docs
Jul 8, 2026
Merged

Improve Microsoft Store certification flow#53
fkiller merged 13 commits into
mainfrom
codex/runtime-docker-maintenance-docs

Conversation

@fkiller

@fkiller fkiller commented Jul 7, 2026

Copy link
Copy Markdown
Owner

Summary

  • Add Partner Center certification notes automation for Microsoft Store submissions.
  • Change the Windows Store release job to create a no-commit draft, patch certification notes, verify the pending APPX/MSIX version, then publish the draft.
  • Add manual release_mode=msstore-only dispatch so an owner-approved Microsoft Store resubmission can run from main without moving the existing v1.0.60 tag.
  • Make first-run signed-out browser navigation available without OpenAI sign-in and clarify Codex auth requirements.
  • Sync visible website/certification version references to v1.0.60 and package static login/about version display from package.json.

What I inspected

  • Microsoft certification report for 10.1.2.10 Functionality login/sign-up failure.
  • Live Partner Center submission state: CertificationFailed, empty notesForCertification, package 0.8.30.0.
  • Existing v1.0.60 release tag, which points to the older MAS/export-compliance commit before this Store metadata fix.
  • First-run login page, Codex sidebar sign-in failure handling, release Store upload workflow, certification docs, and package version paths.

Files changed

  • .github/workflows/release.yml, .github/workflows/store-status-watch.yml
  • scripts/msstore-certification.js, scripts/build-ui.js
  • src/ui/login.html, src/ui/components/CodexSidebar.tsx, src/ui/components/About.tsx, vite.config.ts
  • Store/release/user docs: README.md, AGENTS.md, docs/*

Verification

  • node --check scripts/msstore-certification.js - passed
  • node --check scripts/store-status-watch.js - passed
  • node --check scripts/build-ui.js - passed
  • node scripts/msstore-certification.js --write-notes $env:TEMP\gnunae-msstore-notes.txt --dry-run - passed
  • node scripts/msstore-certification.js --patch-pending --submission-id 1152921505701360268 --verify-package-version --allow-version-mismatch --dry-run - passed locally after retry; confirmed current failed Store package is 0.8.30.0 while expected is 1.0.60.0
  • npm run build - passed locally after adding manual MS Store dispatch mode
  • Local APPX package manifest inspection - passed; AppxManifest.xml identity version is 1.0.60.0
  • GitHub Actions CI workflow dispatch on branch - passed on Windows, macOS, and Linux: https://github.com/fkiller/GnuNae/actions/runs/28903706424
  • GitHub Actions Store Status Watch workflow dispatch with certification_dry_run=true - passed: https://github.com/fkiller/GnuNae/actions/runs/28903706494
  • PR CI/Docker checks are expected to re-run after the manual dispatch commit before merge.
  • Not run yet: real Microsoft Store resubmission; this PR adds the path, and resubmission should run after merge from main with release_mode=msstore-only.

Release and store impact

  • Release-sensitive: changes Microsoft Store submission flow in release.yml and adds manual dispatch support.
  • The Store path creates a draft with msstore publish --noCommit, applies certification notes through Partner Center API, verifies the pending package version against package.json, then runs msstore submission publish.
  • Manual release_mode=msstore-only runs only build-msstore; it does not rerun MAS, create a GitHub Release, or move an existing tag.
  • Current failed submission remains unchanged; dry runs did not mutate Partner Center.
  • Optional MSSTORE_CERTIFICATION_TEST_ACCOUNT_NOTE can be configured as a GitHub Actions secret for secure reviewer-account details.

Native and Docker impact

  • Native mode: signed-out browser navigation remains available; Codex features still require OpenAI/Codex authentication.
  • Docker/Virtual Mode: no runtime or Docker execution changes.

Stale docs or conflicts found

  • Store submission had empty notesForCertification despite repo certification notes describing ChatGPT Pro/Plus requirements.
  • Live Partner Center package was 0.8.30.0; local packaging now verifies the current branch builds APPX version 1.0.60.0.
  • Website/certification visible version references were stale and are updated to v1.0.60.

Manual confirmation needed

  • Owner review is required before merging release workflow changes.
  • Actual Microsoft Store resubmission requires manual dispatch of release.yml from main with release_mode=msstore-only after merge.
  • If Microsoft requires a reviewer account, configure MSSTORE_CERTIFICATION_TEST_ACCOUNT_NOTE in GitHub Actions secrets before resubmission.

Recommended next Codex tasks

  • After merge, run release.yml with release_mode=msstore-only from main and monitor build-msstore through certification.
  • If certification still fails, use the appeal email workflow only after reviewing the new certification report and confirming Microsoft needs clarification.

@fkiller fkiller marked this pull request as ready for review July 8, 2026 03:14
@fkiller fkiller merged commit 8962eab into main Jul 8, 2026
4 checks passed
@fkiller fkiller deleted the codex/runtime-docker-maintenance-docs branch July 8, 2026 03:15

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 02fbd4d9c0

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread scripts/submit-mas.js
await syncLocalizations(token, targetVersionResource.id, sourceVersion, whatsNew);
await syncReviewDetail(token, targetVersionResource.id, sourceVersion);

const build = await waitForProcessedBuild(token, appId, targetVersion, args.waitMinutes);

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Refresh App Store token during MAS processing wait

When App Store processing takes longer than the 20-minute JWT lifetime created by createToken(), this 90-minute polling path keeps reusing the original token, so a normal slow build processing run starts returning 401s and the new build-mas release job aborts before attaching/submitting the build. The workflow explicitly sets MAS_SUBMIT_WAIT_MINUTES: 90, so the polling code needs to regenerate the App Store Connect token during/after waitForProcessedBuild rather than carrying a single token through the whole submission.

Useful? React with 👍 / 👎.

Comment thread src/electron/main.ts
Comment on lines +3042 to +3047
fallbackProcess.stdout?.on('data', (data: Buffer) => {
const chunk = data.toString('utf8');
output += chunk;
console.log('[Codex default stdout]', chunk);
senderWindow?.webContents.send('codex:output', { type: 'stdout', data: chunk });
});

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Reuse the normal Codex output parser on fallback retries

When the configured model is rejected and this fallback process runs, stdout is only appended and forwarded to the renderer, bypassing the main stdout handler that detects [PDS_REQUEST], [PDS_STORE], [BLOCKER], captcha, 2FA, and login-block patterns. In the exact model-fallback path this adds, any retried Codex task that asks for stored user data or hits a blocker will no longer notify the UI and can hang or silently miss the requested store operation.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant