remove gon and use native xcode tools for notarizing

.github/workflows/snapshot-build.yml

@@ -212,42 +212,30 @@ jobs:
           security unlock-keychain -p "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain
           security import certificate.p12 -k build.keychain -P "${{ secrets.MACOS_CERTIFICATE_PW }}" -T /usr/bin/codesign
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "${{ secrets.MACOS_CERTIFICATE_PW }}" build.keychain
+
           echo "Signing farmer"
           codesign --force --options=runtime --entitlements .github/workflows/Entitlements.plist -s "${{ secrets.MACOS_IDENTITY }}" --timestamp ${{ env.PRODUCTION_TARGET }}/subspace-farmer
+
           echo "Signing node"
           codesign --force --options=runtime --entitlements .github/workflows/Entitlements.plist -s "${{ secrets.MACOS_IDENTITY }}" --timestamp ${{ env.PRODUCTION_TARGET }}/subspace-node
-          echo "Creating an archive"
-          mkdir ${{ env.PRODUCTION_TARGET }}/macos-binaries
+
+          echo "Creating a ZIP archive"
+          mkdir -p ${{ env.PRODUCTION_TARGET }}/macos-binaries
           cp ${{ env.PRODUCTION_TARGET }}/subspace-farmer ${{ env.PRODUCTION_TARGET }}/subspace-node ${{ env.PRODUCTION_TARGET }}/macos-binaries
           ditto -c -k --rsrc ${{ env.PRODUCTION_TARGET }}/macos-binaries subspace-binaries.zip
-          echo "Notarizing"
-          brew update
-          brew install mitchellh/gon/gon
-          cat << EOF > gon.hcl
-          source = ["subspace-binaries.zip"]
-          bundle_id = "${{ secrets.MACOS_BUNDLE_ID }}"
-          sign {
-            application_identity = "${{ secrets.MACOS_IDENTITY }}"
-          }
-          apple_id {
-              username = "${{ secrets.MACOS_APPLE_ID }}"
-              password = "${{ secrets.MACOS_APP_PW }}"
-          }
-          EOF
-          gon -log-level=info -log-json gon.hcl
-
-          # Notarize the ZIP using notarytool
+
+          echo "Notarizing ZIP archive file"
           xcrun notarytool submit subspace-binaries.zip --apple-id "${{ secrets.MACOS_APPLE_ID }}" --password "${{ secrets.MACOS_APP_PW }}" --team-id "${{ secrets.MACOS_TEAM_ID }}" --wait
 
-          # // todo stapling for macOS artifacts
-          # Staple the zip package
-          # xcrun stapler staple subspace-binaries.zip
+          echo "Stapling notarization to ZIP file"
+          xcrun stapler staple subspace-binaries.zip
 
           echo "Done!"
         # Allow code signing to fail on non-release builds and in non-subspace repos (forks)
         continue-on-error: ${{ github.repository_owner != 'autonomys' || github.event_name != 'push' || github.ref_type != 'tag' }}
         if: runner.os == 'macOS'
 
+
       - name: Sign Application (Windows)
         run: |
           AzureSignTool sign --azure-key-vault-url "${{ secrets.AZURE_KEY_VAULT_URI }}" --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" --azure-key-vault-certificate "${{ secrets.AZURE_CERT_NAME }}" --file-digest sha512 --timestamp-rfc3161 http://timestamp.digicert.com -v "${{ env.PRODUCTION_TARGET }}/subspace-farmer.exe"