fix(ci): switch to built-in electron-builder notarization

- Remove custom afterSign hook (scripts/notarize.js)
- Enable built-in notarization with "notarize": true
- Use APPLE_ID_PASSWORD env var for electron-builder
- Restore full build (dmg + zip) to test blockmap

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/workflows/release.yml

@@ -44,11 +44,11 @@ jobs:
           # Code signing
           CSC_LINK: ${{ secrets.CSC_LINK }}
           CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
-          # Notarization
+          # Notarization (built-in electron-builder)
           APPLE_ID: ${{ secrets.APPLE_ID }}
-          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-        run: npx electron-builder --mac --universal --publish never --config.mac.target=dmg
+        run: npx electron-builder --mac --universal --publish never
 
       - name: List built artifacts
         run: ls -la dist/
@@ -58,6 +58,8 @@ jobs:
           name: macos-builds
           path: |
             dist/*.dmg
+            dist/*.zip
+            dist/*.blockmap
             dist/latest-mac.yml
 
   build-linux:

package.json

@@ -140,9 +140,8 @@
       "forceCodeSigning": true,
       "strictVerify": true,
       "type": "distribution",
-      "notarize": false
+      "notarize": true
     },
-    "afterSign": "scripts/notarize.js",
     "nsis": {
       "oneClick": false,
       "allowToChangeInstallationDirectory": true,