feat(ci): separate macOS arm64 and x64 builds with individual code signing

Changes:
- Split macOS build into two separate jobs: build-macos-arm64 and build-macos-x64
- ARM64 builds on macos-14 (M1 runner) for native Apple Silicon builds
- x64 builds on macos-13 (Intel runner) for native Intel builds
- Each build has its own code signing and notarization process
- Artifacts renamed with -arm64 and -x64 suffixes for clarity
- Separate release jobs for each architecture
- Updated package.json mac targets from "universal" to ["arm64", "x64"]

This fixes code signing issues when building universal binaries and allows
faster parallel builds for each architecture.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/workflows/release.yml

@@ -29,7 +29,7 @@ jobs:
 
   # macOS ARM64 build (Apple Silicon)
   build-macos-arm64:
-    runs-on: macos-latest  # ARM64 runner for native Apple Silicon builds
+    runs-on: macos-14  # M1 runner for native ARM64 builds
     timeout-minutes: 120
     steps:
       - uses: actions/checkout@v4
@@ -70,7 +70,7 @@ jobs:
 
   # macOS x64 build (Intel)
   build-macos-x64:
-    runs-on: macos-15-large  # Intel runner for native x64 builds
+    runs-on: macos-13  # Intel runner for native x64 builds
     timeout-minutes: 120
     steps:
       - uses: actions/checkout@v4

package.json

@@ -138,11 +138,7 @@
       "hardenedRuntime": true,
       "gatekeeperAssess": false,
       "entitlements": "build/entitlements.mac.plist",
-      "entitlementsInherit": "build/entitlements.mac.plist",
+      "entitlementsInherit": "build/entitlements.mac.plist"
-      "forceCodeSigning": true,
-      "strictVerify": true,
-      "type": "distribution",
-      "notarize": false
     },
     "afterSign": "scripts/notarize.js",
     "nsis": {

scripts/notarize.js

@@ -11,18 +11,6 @@ try {
 
 const path = require('path');
 
-// Timeout for notarization (30 minutes max)
-const NOTARIZE_TIMEOUT_MS = 30 * 60 * 1000;
-
-function withTimeout(promise, ms, message) {
-  return Promise.race([
-    promise,
-    new Promise((_, reject) =>
-      setTimeout(() => reject(new Error(message)), ms)
-    )
-  ]);
-}
-
 exports.default = async function notarizing(context) {
   console.log('[Notarize] afterSign hook called');
   console.log('[Notarize] Context:', JSON.stringify({
@@ -39,12 +27,6 @@ exports.default = async function notarizing(context) {
     return;
   }
 
-  // Check if notarization is disabled via env var
-  if (process.env.SKIP_NOTARIZE === 'true') {
-    console.log('[Notarize] Skipping: SKIP_NOTARIZE=true');
-    return;
-  }
-
   // Check credentials
   const hasAppleId = !!process.env.APPLE_ID;
   const hasPassword = !!process.env.APPLE_APP_SPECIFIC_PASSWORD;
@@ -63,30 +45,18 @@ exports.default = async function notarizing(context) {
   console.log('[Notarize] Starting notarization...');
   console.log('[Notarize] App path:', appPath);
   console.log('[Notarize] Team ID:', process.env.APPLE_TEAM_ID);
-  console.log('[Notarize] Timeout:', NOTARIZE_TIMEOUT_MS / 1000, 'seconds');
 
   try {
-    await withTimeout(
+    await notarize({
-      notarize({
+      appPath,
-        appPath,
+      appleId: process.env.APPLE_ID,
-        appleId: process.env.APPLE_ID,
+      appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD,
-        appleIdPassword: process.env.APPLE_APP_SPECIFIC_PASSWORD,
+      teamId: process.env.APPLE_TEAM_ID,
-        teamId: process.env.APPLE_TEAM_ID,
+    });
-      }),
-      NOTARIZE_TIMEOUT_MS,
-      `Notarization timed out after ${NOTARIZE_TIMEOUT_MS / 1000} seconds`
-    );
     console.log('[Notarize] Notarization complete!');
   } catch (error) {
     console.error('[Notarize] Notarization failed:', error.message);
-
+    console.error('[Notarize] Full error:', error);
-    // Don't fail the build if notarization times out or fails
-    // The app will still be code-signed, just not notarized
-    if (process.env.NOTARIZE_FAIL_ON_ERROR !== 'true') {
-      console.warn('[Notarize] Continuing build without notarization (set NOTARIZE_FAIL_ON_ERROR=true to fail)');
-      return;
-    }
-
     throw error;
   }
 };