Notarization in GitHub Actions

[jkachmar]

As of macOS 10.15 (Catalina), Apple has started to strongly encourage Mac application notarization.

I've only done a bit of looking, but it seems like this is something that can be automated and built into the GitHub Actions CI pipeline. All of the technical stuff looks pretty straightforward, but Apple requires a paid developer account for the notarization process.

Can any of the maintainers support this? If not, would it be sufficient to add instructions for getting around the quarantine to this repo's README and/or the ungoogled software downloads page?

ref. ungoogled-software/ungoogled-chromium#859 for a related discussion. AFAICT, that pre-dates this repository having a CI process that generates the binaries, so I figured it might be worth re-opening a conversation on this repo.

[Eloston]

I think it's sufficient to add instructions to getting around the quarantine for now. Having to pay for the notarization process is not ideal for a lot of other FOSS.

[claudiodekker]

For what it's worth, and at the very least for the next while, I'll be doing notarized releases (fully automated) of this repository's release builds over at https://github.com/claudiodekker/ungoogled-chromium-macos

While it's indeed not ideal that notarization is paid, 1Password wouldn't play nice without it, and so it was somewhat of a necessity for me anyway. At least this way the process is transparent, and others can take advantage of the same builds that I'm already signing for myself anyway!

[PF4Public]

I hope your question(-s) has(-ve) been answered, otherwise please let us know.
Closing this issue for now.