Merged
Conversation
Issue: Architect's GitHub release workflow still produced signed macOS artifacts even though the project should stop publishing signed downloads and document an unsigned distribution path. Solution: Removed certificate import and release signing from the GitHub Actions release job, and renamed the published tarballs so the unsigned status is obvious. Added an unsigned bundling mode that strips inherited signatures from the packaged app and bundled dylibs, then updated the installation and release docs to match the new workflow and quarantine requirements.
There was a problem hiding this comment.
Pull request overview
This PR updates the macOS release pipeline to publish explicitly unsigned app bundles, aligning the bundling script, GitHub Actions release workflow, and installation/release documentation around *-unsigned assets.
Changes:
- Add
--unsignedsupport toscripts/bundle-macos.sh, including stripping any embedded signatures from the bundled executable and dylibs. - Remove macOS certificate import + signing logic from the GitHub Actions release workflow and publish
*-unsigned.tar.gzartifacts. - Update README and development release docs to reference
*-unsignedassets and document clearing the quarantine attribute.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| scripts/bundle-macos.sh | Adds flag parsing for --unsigned and signature-stripping logic for macOS bundles. |
| .github/workflows/release.yaml | Removes signing steps and publishes architect-macos-<arch>-unsigned.tar.gz assets. |
| README.md | Updates installation instructions to download *-unsigned artifacts and adds a quarantine-clearing note. |
| docs/development.md | Updates release documentation to reflect unsigned artifacts and manual validation guidance. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Issue: A PR review comment pointed out that bundle-macos.sh could leave stale code-signing metadata or leftover files behind when rebuilding into the same output directory, especially in --unsigned mode. Solution: Recreate the Architect.app bundle from a clean path before copying files into it. That removes leftover _CodeSignature and CodeResources metadata along with any stale dylibs or resources, keeping repeated bundle runs deterministic and aligned with the unsigned release workflow.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Solution
Architect's release job was still wired for certificate-based signing even though we do not want to publish signed macOS downloads from this repo right now. That left the workflow, the asset names, and the installation docs pointing in different directions.
This PR removes signing from the GitHub release path and makes the published tarballs explicitly unsigned. The bundle script now supports
--unsignedand strips any embedded ad-hoc signatures from the copied executable and bundled dylibs, so the release bundle is actually unsigned instead of inheriting whatever the local toolchain produced.The README and release docs now point at the
-unsignedasset names and spell out the quarantine step users need before launching the app.Issue linkage will be added during mandatory cleanup.
Test plan
Releaseworkflow viaworkflow_dispatchand confirm the uploaded artifacts are namedarchitect-macos-arm64-unsigned.tar.gzandarchitect-macos-x86_64-unsigned.tar.gz.codesign -dv Architect.appto confirm it reports the app is not signed, then clear quarantine withxattr -dr com.apple.quarantine Architect.appand confirm the app launches.