Public macOS distribution is not production-ready until Developer ID signing and Apple notarization are configured and verified on release artifacts. Local ad-hoc signing is suitable only for private review.
Checklist:
- Configure Apple Developer ID certificate import secrets.
- Configure either Apple ID/app-password notarization secrets or App Store Connect API key notarization secrets.
- Build the macOS DMG through the release workflow.
- Verify
codesign --verify --deep --strict, spctl, xcrun stapler validate, and hdiutil verify on the shipped app/DMG.
- Validate first launch from a clean macOS profile.
- Decide and verify Intel/universal build coverage.
Public macOS distribution is not production-ready until Developer ID signing and Apple notarization are configured and verified on release artifacts. Local ad-hoc signing is suitable only for private review.
Checklist:
codesign --verify --deep --strict,spctl,xcrun stapler validate, andhdiutil verifyon the shipped app/DMG.