diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 9e82e77..0351d0a 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -72,22 +72,22 @@ jobs: - name: Bundle libraries and package run: | chmod +x scripts/bundle-macos.sh - ./scripts/bundle-macos.sh zig-out/bin/architect release --unsigned + ./scripts/bundle-macos.sh zig-out/bin/architect release cd release - tar -czf architect-macos-${{ matrix.arch }}-unsigned.tar.gz Architect.app + tar -czf architect-macos-${{ matrix.arch }}.tar.gz Architect.app working-directory: architect - name: Upload artifact uses: actions/upload-artifact@v7 with: - name: architect-macos-${{ matrix.arch }}-unsigned - path: architect/release/architect-macos-${{ matrix.arch }}-unsigned.tar.gz + name: architect-macos-${{ matrix.arch }} + path: architect/release/architect-macos-${{ matrix.arch }}.tar.gz - name: Create Release if: startsWith(github.ref, 'refs/tags/') uses: softprops/action-gh-release@v2 with: - files: architect/release/architect-macos-${{ matrix.arch }}-unsigned.tar.gz + files: architect/release/architect-macos-${{ matrix.arch }}.tar.gz draft: false prerelease: false generate_release_notes: true diff --git a/README.md b/README.md index 2f197ab..8ae5c9f 100644 --- a/README.md +++ b/README.md @@ -50,29 +50,30 @@ Architect solves this with a grid view that keeps all your agents visible, with ## Installation -### Download Pre-built Binary (macOS, unsigned) +### Download Pre-built Binary (macOS) -Download the latest unsigned release from the [releases page](https://github.com/forketyfork/architect/releases). +Download the latest release from the [releases page](https://github.com/forketyfork/architect/releases). **For Apple Silicon (M1/M2/M3/M4):** ```bash -curl -LO https://github.com/forketyfork/architect/releases/latest/download/architect-macos-arm64-unsigned.tar.gz -tar -xzf architect-macos-arm64-unsigned.tar.gz +curl -LO https://github.com/forketyfork/architect/releases/latest/download/architect-macos-arm64.tar.gz +tar -xzf architect-macos-arm64.tar.gz xattr -dr com.apple.quarantine Architect.app open Architect.app ``` **For Intel Macs:** ```bash -curl -LO https://github.com/forketyfork/architect/releases/latest/download/architect-macos-x86_64-unsigned.tar.gz -tar -xzf architect-macos-x86_64-unsigned.tar.gz +curl -LO https://github.com/forketyfork/architect/releases/latest/download/architect-macos-x86_64.tar.gz +tar -xzf architect-macos-x86_64.tar.gz xattr -dr com.apple.quarantine Architect.app open Architect.app ``` **Note**: -* These GitHub release archives are unsigned. Clear the quarantine attribute before first launch, or macOS may block the app. +* These GitHub release archives are ad-hoc signed so macOS can launch them locally, but they are not Developer ID signed or notarized. +* Clear the quarantine attribute before first launch, or macOS may block the app. * The archive contains `Architect.app`. You can launch it with `open Architect.app` or run `./Architect.app/Contents/MacOS/architect` from the terminal. Keep the bundle contents intact. * Not sure which architecture? Run `uname -m` - if it shows `arm64`, use the ARM64 version; if it shows `x86_64`, use the Intel version. diff --git a/docs/development.md b/docs/development.md index 5f8cf20..27d428c 100644 --- a/docs/development.md +++ b/docs/development.md @@ -89,8 +89,8 @@ git tag v0.1.0 git push origin v0.1.0 ``` -The release workflow packages unsigned app bundles. It does not import macOS signing certificates and does not notarize the app. Release downloads therefore require clearing the quarantine attribute after extraction, as described in the README installation instructions. You can also run the Release workflow manually with `workflow_dispatch` to validate the packaging flow before pushing a real release tag. +The release workflow packages ad-hoc-signed app bundles with local `codesign --sign -`. It does not import macOS signing certificates, does not produce Developer ID-signed artifacts, and does not notarize the app. Release downloads therefore still require clearing the quarantine attribute after extraction, as described in the README installation instructions. You can also run the Release workflow manually with `workflow_dispatch` to validate the packaging flow before pushing a real release tag. Each release includes: -- `architect-macos-arm64-unsigned.tar.gz` - Apple Silicon -- `architect-macos-x86_64-unsigned.tar.gz` - Intel +- `architect-macos-arm64.tar.gz` - Apple Silicon +- `architect-macos-x86_64.tar.gz` - Intel