Split code signing from build

[jamadeo]

Code signing can fail for all sorts of reasons. This lets us retry without rebuilding.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: bf157bb111

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Prevent unsigned arm64 zip from colliding with release artifact

Uploading the entire Goose-darwin-arm64/ directory here also includes the unsigned Goose.zip, but sign-desktop later uploads a signed Goose.zip under a different artifact name. In signing-enabled runs, downstream workflows (for example release.yml with download-artifact + merge-multiple: true) merge artifact contents into one directory, so the duplicate Goose.zip names can overwrite/race and cause the unsigned binary to be released instead of the signed one. Keep the intermediate artifact to Goose.app (or otherwise avoid publishing a same-named zip before signing).

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Prevent unsigned Intel zip from colliding with release artifact

This intermediate upload now includes Goose_intel_mac.zip (unsigned) because it archives the whole output directory, while sign-desktop-intel later uploads a signed Goose_intel_mac.zip. When release jobs merge all artifacts into one directory (download-artifact with merge-multiple: true), those same-named files conflict, so the final published Intel zip can be the unsigned one depending on extraction order. Exclude/rename the unsigned zip in the build artifact so only the signed zip is eligible for publication.

Useful? React with 👍 / 👎.