feat(ci): separate macOS arm64 and x64 builds with individual code signing

Changes:
- Split macOS build into two separate jobs: build-macos-arm64 and build-macos-x64
- ARM64 builds on macos-14 (M1 runner) for native Apple Silicon builds
- x64 builds on macos-13 (Intel runner) for native Intel builds
- Each build has its own code signing and notarization process
- Artifacts renamed with -arm64 and -x64 suffixes for clarity
- Separate release jobs for each architecture
- Updated package.json mac targets from "universal" to ["arm64", "x64"]

This fixes code signing issues when building universal binaries and allows
faster parallel builds for each architecture.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

.github/workflows/release.yml

@@ -27,9 +27,10 @@ jobs:
             dist/*.exe.blockmap
             dist/latest.yml
 
-  build-macos:
+  # macOS ARM64 build (Apple Silicon)
-    runs-on: macos-latest
+  build-macos-arm64:
-    timeout-minutes: 360  # Max allowed (6 hours) for notarization
+    runs-on: macos-14  # M1 runner for native ARM64 builds
+    timeout-minutes: 120
     steps:
       - uses: actions/checkout@v4
       - uses: actions/setup-node@v4
@@ -38,7 +39,7 @@ jobs:
           cache: 'npm'
       - run: npm ci
 
-      - name: Build macOS Packages
+      - name: Build macOS ARM64 Package
         env:
           # Code signing
           CSC_LINK: ${{ secrets.CSC_LINK }}
@@ -47,14 +48,66 @@ jobs:
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-        run: npx electron-builder --mac --publish never
+        run: npx electron-builder --mac --arm64 --publish never
+
+      - name: Rename ARM64 artifacts for clarity
+        run: |
+          cd dist
+          for f in *.dmg; do
+            [ -f "$f" ] && mv "$f" "${f%.dmg}-arm64.dmg" 2>/dev/null || true
+          done
+          for f in *.zip; do
+            [ -f "$f" ] && mv "$f" "${f%.zip}-arm64.zip" 2>/dev/null || true
+          done
+          ls -la
+
       - uses: actions/upload-artifact@v4
         with:
-          name: macos-builds
+          name: macos-arm64-builds
+          path: |
+            dist/*.dmg
+            dist/*.zip
+
+  # macOS x64 build (Intel)
+  build-macos-x64:
+    runs-on: macos-13  # Intel runner for native x64 builds
+    timeout-minutes: 120
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '22'
+          cache: 'npm'
+      - run: npm ci
+
+      - name: Build macOS x64 Package
+        env:
+          # Code signing
+          CSC_LINK: ${{ secrets.CSC_LINK }}
+          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
+          # Notarization
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: npx electron-builder --mac --x64 --publish never
+
+      - name: Rename x64 artifacts for clarity
+        run: |
+          cd dist
+          for f in *.dmg; do
+            [ -f "$f" ] && mv "$f" "${f%.dmg}-x64.dmg" 2>/dev/null || true
+          done
+          for f in *.zip; do
+            [ -f "$f" ] && mv "$f" "${f%.zip}-x64.zip" 2>/dev/null || true
+          done
+          ls -la
+
+      - uses: actions/upload-artifact@v4
+        with:
+          name: macos-x64-builds
           path: |
             dist/*.dmg
             dist/*.zip
-            dist/latest-mac.yml
 
   build-linux:
     runs-on: ubuntu-latest
@@ -190,9 +243,9 @@ jobs:
           draft: true
           prerelease: false
 
-  # Upload macOS builds separately (slow due to notarization)
+  # Upload macOS ARM64 builds separately
-  release-macos:
+  release-macos-arm64:
-    needs: [build-macos, release]
+    needs: [build-macos-arm64, release]
     runs-on: ubuntu-latest
     if: |
       startsWith(github.ref, 'refs/tags/v') ||
@@ -203,20 +256,51 @@ jobs:
       contents: write
 
     steps:
-      - name: Download macOS artifacts
+      - name: Download macOS ARM64 artifacts
         uses: actions/download-artifact@v4
         with:
-          name: macos-builds
+          name: macos-arm64-builds
-          path: artifacts/macos-builds
+          path: artifacts/macos-arm64-builds
 
-      - name: Display macOS files
+      - name: Display macOS ARM64 files
         run: ls -R artifacts
 
-      - name: Upload macOS to Release
+      - name: Upload macOS ARM64 to Release
         uses: softprops/action-gh-release@v2
         with:
           tag_name: ${{ github.ref_name }}
           files: |
-            artifacts/macos-builds/*
+            artifacts/macos-arm64-builds/*
           draft: true
-          prerelease: false
+          prerelease: false
+
+  # Upload macOS x64 builds separately
+  release-macos-x64:
+    needs: [build-macos-x64, release]
+    runs-on: ubuntu-latest
+    if: |
+      startsWith(github.ref, 'refs/tags/v') ||
+      github.ref == 'refs/heads/main' ||
+      github.event_name == 'workflow_dispatch'
+
+    permissions:
+      contents: write
+
+    steps:
+      - name: Download macOS x64 artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: macos-x64-builds
+          path: artifacts/macos-x64-builds
+
+      - name: Display macOS x64 files
+        run: ls -R artifacts
+
+      - name: Upload macOS x64 to Release
+        uses: softprops/action-gh-release@v2
+        with:
+          tag_name: ${{ github.ref_name }}
+          files: |
+            artifacts/macos-x64-builds/*
+          draft: true
+          prerelease: false

package.json

@@ -121,13 +121,15 @@
         {
           "target": "dmg",
           "arch": [
-            "universal"
+            "arm64",
+            "x64"
           ]
         },
         {
           "target": "zip",
           "arch": [
-            "universal"
+            "arm64",
+            "x64"
           ]
         }
       ],