Code signing and notarization for macOS distribution

[dhilgaertner]

Parent Issue

Part of #52 — Open Source Readiness & Launch Strategy

Overview

Sign and notarize the Crow app so users can install it without macOS Gatekeeper warnings. Required for non-developer users who download pre-built binaries.

Scope

• Obtain Apple Developer ID Application certificate
• Create entitlements file if needed (evaluate required capabilities)
• Sign the .app bundle with codesign
• Notarize with xcrun notarytool
• Staple notarization ticket to DMG with xcrun stapler
• Integrate signing into release workflow (GitHub Actions secrets for certificate)
• Document: developers building from source don't need signing
• Test: verify unsigned source builds still work without issues

Technical Notes

• Current bundle.sh has no signing steps — needs to be extended
• GitHub Actions can store signing certificates as encrypted secrets
• Notarization requires Apple ID with app-specific password
• Consider: keychain setup in CI for certificate access

Acceptance Criteria

• Released DMG is signed and notarized
• Users can install without Gatekeeper "unidentified developer" warning
• Signing is automated in the release workflow
• Source builds remain unaffected