SD Notary “will notarize .app, .dmg, .pkg, .plugin and .fmplugin files”

Automator ‘Quick Action’ .workflow files are bundles with an Info.plist file and Resources folder similar to other .app bundles, but I can’t find any details about notarizing these file types.

Has anyone notarized a .workflow file?

You can’t notarize .workflow files.

Thanks Shane. That explains why I couldn’t find any instructions.

Given that my workflow bundle contains an embedded script file in the resources folder, I was expecting that notarization would be required. Hopefully this means I won’t get any macOS Gatekeeper issues from users.

I assume there’s still value in code signing the workflow bundle?

A script file is not considered code (the host app contains actual code), so no notarization.

Yes.

Joolyan, my applet contains an Automator Service which has an Applescript inside. The applet has been notarised without trouble for a couple of years. So, you should be fine.

Thanks Garry. I’ve also tested a number of .workflow files from around the Internet and Gatekeeper hasn’t raised any alerts.

It just seems odd to me that a script embedded in an .app bundle requires notarizing, but the same script in a .workflow bundle doesn’t. However, I’m happy I don’t have to worry about notarizing.

An app bundle contains actual code that necessitates notarization – it’s not because of the AppleScript in it, which isn’t regarded as code (ie, doesn’t run directly on the CPU).

If I understand correctly, converting a .workflow into an .app (in Automator) creates a bundle with a file named “Automator Application Stub” which is a Unix executable, which I assume is why the .app requires notarization?

The same goes for Script Editor which creates .app bundles with the Unix executable “applet”.