@@ -105,7 +105,7 @@ jobs:
105105 if : runner.os == 'macOS'
106106 shell : bash
107107 run : |
108- BINARY="target/${{ matrix.target }}/release/rohas"
108+ BINARY="$GITHUB_WORKSPACE/ target/${{ matrix.target }}/release/rohas"
109109 if [ -f "$BINARY" ]; then
110110 APPLE_ID="${{ secrets.APPLE_ID }}"
111111 APPLE_TEAM_ID="${{ secrets.APPLE_TEAM_ID }}"
@@ -115,10 +115,10 @@ jobs:
115115 echo "Warning: Notarization credentials not set, skipping notarization"
116116 else
117117 # Create a zip file for notarization (required format)
118- NOTARIZE_ZIP="target/${{ matrix.target }}/release/rohas-notarize.zip"
119- cd " target/${{ matrix.target }}/release"
120- zip "rohas-notarize.zip" rohas
121- cd - > /dev/null
118+ # Use absolute path to avoid any path resolution issues
119+ NOTARIZE_ZIP="$GITHUB_WORKSPACE/ target/${{ matrix.target }}/release/rohas-notarize.zip "
120+ cd "$GITHUB_WORKSPACE/target/${{ matrix.target }}/release"
121+ zip -j "rohas-notarize.zip" rohas
122122
123123 # Submit for notarization
124124 xcrun notarytool submit "$NOTARIZE_ZIP" \
@@ -127,13 +127,12 @@ jobs:
127127 --password "$APPLE_APP_PASSWORD" \
128128 --wait
129129
130- # Extract the binary from the notarized zip (it will still be signed)
131- cd "target/${{ matrix.target }}/release"
132- unzip -o "rohas-notarize.zip" rohas
133- cd - > /dev/null
130+ # Staple the notarization ticket to the binary
131+ xcrun stapler staple "$BINARY"
134132
135- # Verify the binary is still signed
133+ # Verify the binary is signed and stapled
136134 codesign --verify --verbose "$BINARY"
135+ xcrun stapler validate "$BINARY"
137136
138137 # Clean up the temporary zip file
139138 rm -f "$NOTARIZE_ZIP"
0 commit comments