macos-codesign-workflow
// Execute macOS code signing with Developer ID and hardened runtime requirements
$ git log --oneline --stat
stars:384
forks:73
updated:March 4, 2026
SKILL.mdreadonly
SKILL.md Frontmatter
namemacos-codesign-workflow
descriptionExecute macOS code signing with Developer ID and hardened runtime requirements
allowed-toolsRead, Write, Edit, Bash, Glob, Grep
tagsmacos,codesigning,developerid,security,apple
macos-codesign-workflow
Execute macOS code signing with Developer ID certificates and hardened runtime. This skill handles the complete code signing process for macOS applications.
Capabilities
- Sign app bundles with Developer ID
- Configure hardened runtime
- Sign nested frameworks and binaries
- Configure entitlements
- Verify signatures
- Set up CI/CD signing
- Handle keychain management
Input Schema
{
"type": "object",
"properties": {
"appPath": { "type": "string" },
"identity": { "type": "string" },
"entitlements": { "type": "string" },
"hardenedRuntime": { "type": "boolean", "default": true }
},
"required": ["appPath", "identity"]
}
Signing Commands
# Sign app bundle with hardened runtime
codesign --force --options runtime --timestamp \
--entitlements MyApp.entitlements \
--sign "Developer ID Application: Company Name (TEAMID)" \
MyApp.app
# Sign nested components first
find MyApp.app -name "*.dylib" -o -name "*.framework" | \
xargs -I {} codesign --force --options runtime --timestamp \
--sign "Developer ID Application: Company Name (TEAMID)" {}
# Verify signature
codesign --verify --deep --strict --verbose=2 MyApp.app
spctl --assess --type execute --verbose MyApp.app
Related Skills
macos-notarization-workflowmacos-entitlements-generator