Im using a git actions CI/CD pipeline for my automated deployment and I'd like to include notarisation in this process. Right now when I'm submitting for notarisation manually/locally it's taking around 24 hours and then is eventually successfully accepted. \
Using a git actions server to do this has a cost per minute (and an even higher cost at 10x per minute for a Mac-OS machine), so notarising with a 24hr turn around time is not feasible.
Ive submitted my application many times and it's been the same experience each time taking around 24 hours and then being accepted. How can I shorten the time frame on this or even find out what I might be doing wrong to cause such a long time for a response?
here my log: { "logFormatVersion": 1, "jobId": "3ccf4652-60dc-4fd1-b281-23d49b2b7bb1", "status": "Accepted", "statusSummary": "Ready for distribution", "statusCode": 0, "archiveFilename": "AudioMap.dmg", "uploadDate": "2024-07-14T16:51:02.848Z", "sha256": "614c5992133d61094b39b6a5d00a225d2fc7efe78ab0e59cd47c78275602cb59", "ticketContents": [ { "path": "AudioMap.dmg", "digestAlgorithm": "SHA-256", "cdhash": "9d4f500a2fd49769b99f921d3fbe8ef753604abe" }, { "path": "AudioMap.dmg/AudioMap.app", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/MacOS/AudioMap", "digestAlgorithm": "SHA-256", "cdhash": "b1fa9c86be805ef28c645f3b03631e2e5873ce77", "arch": "arm64" }, { "path": "AudioMap.dmg/AudioMap.app/Contents/Frameworks/libsodium.26.dylib", "digestAlgorithm": "SHA-256", "cdhash": "6228e3fdcd29c080ae45d1bc5a6af10960db8938", "arch": "arm64" } ], "issues": null }
We looked into your uploads, and everything is working fine.
The first time a developer uploads a new app to the macOS notary service, our systems take a while to analyze it in-depth and generate a "fingerprint" to distinguish it from all the other apps developers upload, including malware.
If your app is minimal (e.g. "hello world" or mostly consists of a common library), you may need to implement more of your functionality and then notarize it. Once this step is complete, future versions of the same codebase should be processed more quickly.