Code sign a macOS App on Travis

My .travis.yml:

os: osx
language: swift
osx_image: xcode11.3
script: xcodebuild clean build test -project MyApp.xcodeproj -scheme "MyApp" -sdk "macOS 10.15" -destination "platform=macOS" ONLY_ACTIVE_ARCH=NO

However Xcode signs my Code but Travis doesn’t. How can I let sign my MacOS App on Travis CI too ? Btw: I only have a free Apple Developer Account…

Builds signed with free Apple Developer Accounts won’t run on machines that aren’t connected to your developer account. You will need a Paid Developer account to sign software using either Developer ID (outside of the app store) or for the App Store, if the latter were true it’d be a pretty recursive world we live in.

That said, for macOS (but not iOS/tvOS/etc), your binary built with CI, assuming Travis since you’re posting here, can be run by somebody who downloads it to a machine with Gatekeeper disabled (prior to 10.15 only and this is not recommended), or by using the File > Open command or the context menu’s Open command to launch the application (with a warning), and then you’d have to bypass the warning.

It’s fairly common in almost all CI environments that I can currently think of to build without signatures and then add the signature later (this prevents accidental shipment of a binary that hasn’t been through final testing, for example, or allows the company to limit who can build official binaries and under what circumstances).

To be clear, without the signing certificate and key, you cannot sign the Application. This is also true for non Apple Developer Accounts. CLA’s are common for Palantir, Bloomberg, etc.