The .scpt file inside my app's bundle gets modified, breaking Gatekeeper validation

Can someone help me solve this:

My ObjC based app includes a compiled AppleScript that I invoke from the app repeatedly, using NSUserAppleScriptTask.

Even though the script uses no global properties, it apparently gets modified each time it runs, and that then breaks the code signing (checked with spctl --assess).

Does someone have a suggestion how to prevent this from happening? I could remove the “w” permission from the file, but that looks like a cludge to me. Also, I could copy the script to a private directory outside of the app and execute it from there. But I wonder if there are better ways.

You need to remove all changeable top-level variables. The simplest way is to put all your code in a handler:

on run
end run

on doStuff()
-- code goes here
end doStuff