What platforms does this cover?

macOS notarization via the notarize pattern and Windows signing via the signtool pattern.

Where should I configure credentials?

In CI secrets or environment variables; avoid hard-coding credentials in code or config.

How do I verify successful signing and notarization?

Check CI logs for notarization acceptance and verify the Windows signature; use notarization status checks and signtool verification where available.

code-signing-setup

npx machina-cli add skill a5c-ai/babysitter/code-signing-setup --openclaw

Files (1)

SKILL.md

680 B

Code Signing Setup

Configure code signing for binaries.

Generated Patterns

# macOS notarization with electron-builder/notarize
notarize:
  appBundleId: com.myorg.myapp
  appleId: $APPLE_ID
  appleIdPassword: $APPLE_ID_PASSWORD
  teamId: $APPLE_TEAM_ID

# Windows signing
signtool:
  certificateFile: $CERTIFICATE_FILE
  certificatePassword: $CERTIFICATE_PASSWORD
  timestampServer: http://timestamp.digicert.com

Target Processes

cli-binary-distribution
package-manager-publishing

Source

git clone https://github.com/a5c-ai/babysitter/blob/main/plugins/babysitter/skills/babysit/process/specializations/cli-mcp-development/skills/code-signing-setup/SKILL.md

View on GitHub

Overview

Code Signing Setup configures the necessary steps to sign macOS and Windows binaries. It supports macOS notarization via electron-builder/notarize and Windows signing via signtool, aligning with common software distribution workflows. The config patterns target the cli-binary-distribution and package-manager-publishing processes.

How This Skill Works

Two YAML patterns are generated: notarize for macOS and signtool for Windows. These patterns map build credentials (Apple ID, appBundleId, teamId) and Windows certificate details (certificateFile, certificatePassword, timestampServer) into your CI/CD pipeline.

When to Use It

When building macOS apps with electron-builder and notarization.
When signing Windows binaries before distribution.
When integrating both notarization and signing into a single CI/CD pipeline.
When preparing cross-platform Electron-based releases.
When publishing artifacts via cli-binary-distribution or package-manager-publishing.

Quick Start

Step 1: Gather credentials and certs (Apple ID, appBundleId, Apple ID password, teamId; Windows certificateFile and password; timestampServer).
Step 2: Add the notarize (macOS) and signtool (Windows) patterns to your CI/config.
Step 3: Run your build and verify notarization and signature in CI logs.

Best Practices

Store Apple ID credentials and app-specific passwords in a secure vault; do not commit them.
Keep Windows certificate files and passwords in CI secrets and reference them securely.
Use a timestamp server for Windows signing to preserve signature validity.
Validate notarization and signing results in CI and retry failed steps.
Limit access to signing credentials and rotate them regularly.

Example Use Cases

Notarize a macOS app built with electron-builder/notarize by providing appBundleId, Apple ID, Apple ID password, and teamId.
Sign Windows installers with signtool using a certificateFile, certificatePassword, and a timestampServer.
Automate both notarization and signing in a single release pipeline.
Publish signed artifacts via package-manager-publishing after successful notarization.
Prepare cross-platform binaries for distribution in a multi-OS Electron app.

Frequently Asked Questions

Add this skill to your agents