What does HackerNews think of gon?
Sign, notarize, and package macOS CLI tools and applications written in any language. Available as both a CLI and a Go library.
Might even be able to modify `gon` to use that instead of Apple's `codesign` and then you'll have notarization too: https://github.com/mitchellh/gon
As others pointed out, https://github.com/mitchellh/gon is a great tool for doing this on your local machine (e.g., with a cron job). In addition, if you are building your app using a GitHub action (which I highly recommend if it is open-source), you can use my https://github.com/hubomatic/hubomat action to package, notarize, and staple a release build in one shot. The sample/template app does this automatically on every commit as well as once per day: https://github.com/hubomatic/MicroVector/actions.
So when this fails from a scheduled job, you at least know that something has changed on the Apple side and can investigate that right away. And if it fails as a result of a commit, then at least you can start looking at what changes you may have made to your entitlements or code signing settings or embedded frameworks or any of the other million things that can cause it to fail.
That is the part I find most offensive, if it was just difficult and buggy I would suck it up and work around it. But having to pay for the privilege is too painful, particularly if you're offering free software.
For my case (non GUI app) I can at least distribute via Homebrew and have the user build from source in a more or less automated way.
Another notarization helper tool is here https://github.com/mitchellh/gon