📌 **Sign & Notarize macOS Build in GitHub Actions** (#164) [ci]

-  Implemented Code Signing using `Developer ID Application: Dimitris Kalamaras (K89VSL4N97)`.
- Added Notarization using `notarytool` with Apple ID credentials (since API-based notarization is not available for Individual accounts).
- Fixed build process order
  - Notarization happens before renaming the `.dmg`
  - Stapling happens after renaming, ensuring notarization remains valid.
- Improved logging & verification steps (`lipo`, `otool -L`, `PkgInfo`).
- Stored credentials in GitHub Secrets

🎉 **Now, SocNetV macOS CI/CD builds are fully signed & notarized!** No more "damaged app" errors from Gatekeeper. 🚀

Closes #164.

Author: oxy86

.github/workflows/build-ci.yml

@@ -527,6 +527,29 @@ jobs:
               echo "✅ PkgInfo has been successfully created."
           fi
 
+
+          echo "${{ secrets.MACOS_CERTIFICATE }}" | base64 --decode > certificate.p12
+          security create-keychain -p "" build.keychain
+          security default-keychain -s build.keychain
+          security unlock-keychain -p "" build.keychain
+          security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PASSWORD }}" -T /usr/bin/codesign
+          security set-key-partition-list -S apple-tool:,apple: -k "" build.keychain
+          rm -f certificate.p12
+
+          echo "🔏 Sign SocNetV.app"
+          codesign --deep --force --verbose \
+          --options runtime \
+          --entitlements scripts/entitlements.plist \
+          --sign "Developer ID Application: Dimitris Kalamaras (K89VSL4N97)" \
+          "${{env.APP_NAME}}.app"
+
+          echo "🛠️ Store Apple ID Credentials for Notarization"
+          xcrun notarytool store-credentials "AC_PASSWORD" \
+          --apple-id "${{ secrets.AC_APPLE_ID }}" \
+          --team-id "${{ secrets.AC_TEAM_ID }}" \
+          --password "${{ secrets.AC_PASSWORD }}"
+
+
           # Run macdeployqt to bundle the app
           echo "🚀 Running macdeployqt to create macOS bundle..."
           macdeployqt "${{env.APP_NAME}}.app" -dmg -verbose=3 || {
@@ -543,8 +566,11 @@ jobs:
               exit 1
           fi
 
+          echo "📜 Notarize the DMG"
+          xcrun notarytool submit ${{env.APP_NAME}}.dmg \
+          --keychain-profile "AC_PASSWORD" --wait
 
-          # Rename DMG file
+          # Rename DMG file **AFTER** notarization
           if [[ -f ${{env.APP_NAME}}.dmg ]]; then
             DMG_NAME="${{env.APP_NAME}}-${{env.VERSION}}.dmg"
             mv "${{env.APP_NAME}}.dmg" "${DMG_NAME}"
@@ -557,6 +583,10 @@ jobs:
              exit 1
           fi
 
+          # Staple notarization **AFTER RENAMING** ✅
+          echo "📌 Staple Notarization"
+          xcrun stapler staple "${DMG_NAME}"
+
       - if: contains( matrix.os, 'macos') && matrix.qt-version == '6.8.0' && env.MAC_ARTIFACT != ''
         name: 📤 Upload ${{matrix.os}} build artifacts of ${{env.APP_NAME}} ${{ env.VERSION }} to GitHub ${{ env.UPLOAD_URL }}
         run: |