I have created a Github action that builds, codesigns, notarizes and staples an Avalonia application app bundle. These steps do seem to work. As a final step, I want to add the app bundle as an artifact to the workflow. To do so, I move the .app bundle to a sub folder, and use upload-artifact to add the contents of the sub folder, i.e., the app bundle, to the artifacts.
To my surprise, after I download the zip file of the artifact, and unzip it, MacOS refuses to open the app. When I validate the code signing of the app bundle I unzipped using codesign -vvv --deep --strict xxx.app, the validation indeed complains that subcomponents are not signed at all. Very strange, given that the notarization etc completed successfully.
I'm reasonably convinced that codesign, notarization and stapling works fine, given that I can execute the steps locally, and de codesign validation succeeds. While building up the workflow, I did do attempts that failed because notarization failed. Locally I can execute the app after the necessary steps, but of course, it was not downloaded as was the case with the unzipped app.
After download, I added execution permissions using chmod +x [bundle name]/Contents/MacOS/[MacOS executable], but this has no effects, which seems logical, given the preceding step with the validation fails.
I feel out of options of things I can try to fix this. I'm pretty sure that it has something to do with the way I add the artifact to the workflow execution. Anyone that can give me some tips on steps I probably need to take?
That's what you get when doing this stuff late at night :-). The solution to this is apparently zipping the app bundle yourself, before uploading this as an artifact.