Skip to content

fix(sign-windows): pin SSD 2.9.14, dismiss version-check modal, add CI screenshots#131

Merged
m3nu merged 2 commits intomainfrom
debug/sign-windows-screenshots
May 3, 2026
Merged

fix(sign-windows): pin SSD 2.9.14, dismiss version-check modal, add CI screenshots#131
m3nu merged 2 commits intomainfrom
debug/sign-windows-screenshots

Conversation

@m3nu
Copy link
Copy Markdown
Contributor

@m3nu m3nu commented May 3, 2026

Summary

The sign-windows job in the release workflow has been failing since v0.15.0
on 2026-05-03. Root cause turned out to be a SimplySign Desktop "Newer
application version is available (2.9.14)" modal popping in front of the
login form right when xdotool started typing — it stole focus, swallowed
the credentials and TOTP, and left the WebKit OAuth panel in a state where
the second Get Softcards List call (jsign signing) opened an empty panel
that Certum cancelled after 60s.

Three changes:

  • Pin SimplySign Desktop to 2.9.14-9.4.3.0 so the version-check modal
    doesn't appear in the first place.
  • Defensive Escape on any Application version check window before the
    credential-typing flow, so we don't break again the next time Certum
    advertises a newer release.
  • Screenshot loop + dump_windows X11 enumeration in windows-sign.sh,
    plus an if: failure() artifact upload in the release workflow. Costs
    nothing while green; surfaces the next regression in seconds instead of
    guessing through 7-min CI cycles.

Test plan

  • CI dispatch on the branch fails as expected before the fix
    (run 25290238615) — uploaded screenshots showed the version-check
    modal sitting on top of the login form.
  • CI dispatch on the branch succeeds after the fix
    (run 25290930608) — vykar.exe, vykar-server.exe, vykar-gui.exe
    all signed and verified with RFC3161 timestamps.
  • Re-tag v0.15.0 and confirm the full release workflow succeeds
    end-to-end including publish.

m3nu added 2 commits May 3, 2026 21:40
@m3nu
chore(sign-windows): add screenshot loop + window enumeration for CI …
f4a0249 
…debug

The sign-windows job started failing during v0.15.0 around what looks like
a second OAuth panel opened by SimplySign Desktop, but the failure mode is
invisible in headless Xvfb. Add a scrot loop that captures the display every
2s, a dump_windows helper called at the four key handoff points, and an
if: failure() artifact upload so the screenshots come back from CI.
@m3nu
fix(sign-windows): pin SSD 2.9.14 and dismiss version-check modal
f27e7c7 
Screenshots from the v0.0.0-debug1 run showed a "Newer application version
is available (2.9.14)" modal popping in front of the login form right when
xdotool started typing. The modal stole focus, swallowed the email and
TOTP keystrokes, and the first Return only dismissed the modal; the
WebKit OAuth panel was left without cached credentials, so the second
Get Softcards List call (jsign signing) opened an empty panel that
Certum cancels after 60s.

Pin to 2.9.14-9.4.3.0 so the modal does not appear, and dismiss any
version-check modal defensively in case Certum advertises a newer
release in the future.
@m3nu m3nu merged commit e1d7177 into main May 3, 2026
11 checks passed
@m3nu m3nu deleted the debug/sign-windows-screenshots branch May 3, 2026 21:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@m3nu