macos-dmg-builder
macOS DMG Builder
Overview
Use this skill to create a repeatable macOS release pipeline with signed and notarized .app and .dmg artifacts.
Prefer existing project scripts first. If the project does not already have release automation, scaffold it from assets/templates/ using the bundled script.
Onboarding Walkthrough (Mandatory)
Before running release commands, collect or confirm these values. Do not skip this step.
repo_root(absolute path to target repo)app_name(display name of the app in Finder/DMG)xcode_scheme(build/archive scheme)bundle_id(for entitlement/signing sanity checks)artifact_dir(where.appand.dmgshould be written)team_id(Apple Developer Team ID)apple_id(Apple ID used for notarization)notary_profile(Keychain profile name fornotarytool)signing_identitypreference (display name or SHA-1 hash)
If any required value is missing, ask focused questions before proceeding. Use defaults only when they are verifiably correct for the repo.
Onboarding defaults for LemonNotes:
repo_root:/Users/jakerains/Projects/LemonNotesapp_name:LemonNotesxcode_scheme:LemonNotesMacartifact_dir:macos/.release/outputteam_id:47347VQHQVnotary_profile:LemonNotesApp-Notarize
Run preflight checks immediately after onboarding:
scripts/preflight_release_env.sh --profile <notary-profile>
Workflow
1) Detect existing release automation
- Check for
scripts/macos-release.sh. - Check for
scripts/macos-notary-setup.sh. - Check
Makefileformacos-releaseandmacos-notary-setuptargets.
2) If missing, scaffold release automation
- Run
scripts/scaffold_release_pipeline.sh --repo <repo-root>. - Add
--apply-makefileto append targets automatically. - Add
--forceonly when replacing existing scripts intentionally.
3) Configure notary profile (one-time per machine/profile)
- Run
scripts/setup_notary_profile.sh. - Default profile for LemonNotes is
LemonNotesApp-Notarize. - Use app-specific password input securely (prompt or env var) and never print it in output.
4) Run release
- Run
make macos-releasefrom repo root. - Confirm phases:
- archive
- app notarization/stapling
- DMG creation/signing
- DMG notarization/stapling
5) Verify and report
- Run
scripts/verify_release_artifacts.sh. - Report:
- output paths
- notarization/staple validation status
- SHA256 of DMG
Credential and Security Rules
- Never echo app-specific passwords to terminal output.
- Prefer prompting interactively for secrets.
- If a user shares a password in chat, use it only for immediate setup and avoid repeating it.
- Prefer app-specific notary profiles (e.g.,
LemonNotesApp-Notarize) over reusing unrelated profile names.
Troubleshooting Quick Fixes
- Duplicate Developer ID name ambiguity:
- Resolve to SHA-1 with
security find-identity -v -p codesigning. - Sign with hash identity, not display name.
- Resolve to SHA-1 with
- Profile not found:
- Run
scripts/check_notary_profile.sh <profile>. - Run
scripts/setup_notary_profile.shif missing.
- Run
- Release script exits unexpectedly:
- Re-run with tracing:
bash -x scripts/macos-release.sh. - Continue from first failing phase.
- Re-run with tracing:
LemonNotes Quick Path
- Run onboarding checklist from
references/onboarding-playbook.md. - Run
make macos-notary-setup. - Run
make macos-release. - Expect artifacts in
macos/.release/output.
Read references/lemonnotes-integration.md for exact LemonNotes defaults and conventions.
Resources
scripts/inspect_signing_identities.sh: list usable Developer ID identities and suggested exports.scripts/preflight_release_env.sh: preflight check for tools, certs, and optional notary profile.scripts/check_notary_profile.sh: validate a notary profile from Keychain.scripts/setup_notary_profile.sh: create/update notary profile credentials.scripts/scaffold_release_pipeline.sh: install release/notary scripts into a repo.scripts/verify_release_artifacts.sh: validate signatures/staples and print DMG hash.references/onboarding-playbook.md: onboarding interview + zero-to-release checklist.references/workflow.md: generic release flow and checks.references/lemonnotes-integration.md: LemonNotes-specific defaults.assets/templates/: template scripts and Makefile snippet.
More from jakerains/agentskills
shot-list
Generate professional shot lists from screenplays and scripts. Use when user uploads a screenplay (.fountain, .fdx, .txt, .pdf, .docx) or describes scenes for production planning. Parses scripts to extract scenes, helps determine camera setups, shot types, framing, and movement through collaborative discussion, then generates beautifully formatted PDF shot lists for production. Triggers include requests to create shot lists, plan shots, break down scripts for filming, or organize camera coverage.
27nextjs-pwa
Build Progressive Web Apps with Next.js: service workers, offline support, caching strategies, push notifications, install prompts, and web app manifest. Use when creating PWAs, adding offline capability, configuring service workers, implementing push notifications, handling install prompts, or optimizing PWA performance. Triggers: PWA, progressive web app, service worker, offline, cache strategy, web manifest, push notification, installable app, Serwist, next-pwa, workbox, background sync.
9elevenlabs
Complete ElevenLabs AI audio platform: text-to-speech (TTS), speech-to-text (STT/Scribe), voice cloning, voice design, sound effects, music generation, dubbing, voice changer, voice isolator, and conversational voice agents. Use when working with audio generation, voice synthesis, transcription, audio processing, or building voice-enabled applications. Triggers: generate speech, clone voice, transcribe audio, create sound effects, compose music, dub video, change voice, isolate vocals, build voice agent, ElevenLabs API/SDK/CLI/MCP.
9onnx-webgpu-converter
Convert HuggingFace transformer models to ONNX format for browser inference with Transformers.js and WebGPU. Use when given a HuggingFace model link to convert to ONNX, when setting up optimum-cli for ONNX export, when quantizing models (fp16, q8, q4) for web deployment, when configuring Transformers.js with WebGPU acceleration, or when troubleshooting ONNX conversion errors. Triggers on mentions of ONNX conversion, Transformers.js, WebGPU inference, optimum export, model quantization for browser, or running ML models in the browser.
8skill-seekers
Convert documentation websites, GitHub repositories, and PDFs into Claude AI skills. Use when creating Claude skills from docs, scraping documentation, packaging websites into skills, or converting repos/PDFs to Claude knowledge.
7vercel-workflow
Build durable workflows with Vercel Workflow DevKit using "use workflow" and "use step" directives. Use for long-running tasks, background jobs, AI agents, webhooks, scheduled tasks, retries, and workflow orchestration. Supports Next.js, Vite, Astro, Express, Fastify, Hono, Nitro, Nuxt, SvelteKit.
7