diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4f79a5e..7a1f373 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -2,13 +2,16 @@
 name: release-artifacts
 
 on:
+  push:
+    branches: [feat/ci-sign]
   release:
     types: [created]
 
 jobs:
   release:
     name: release ${{ matrix.target }}
-    runs-on: ubuntu-latest
+    # runs-on: ubuntu-latest
+    runs-on: macos-11.0
     strategy:
       fail-fast: false
       matrix:
@@ -25,7 +28,12 @@ jobs:
       - uses: actions/checkout@master
       - name: Compile and release
         uses: rust-build/rust-build.action@latest
+        with:
+          UPLOAD_MODE: none
         env:
+          APPLE_DEVELOPER_CERT: ${{ secrets.APPLE_DEVELOPER_CERT }}
+          APPLE_DEVELOPER_CERT_PWD: ${{ secrets.APPLE_DEVELOPER_CERT_PWD }}
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           RUSTTARGET: ${{ matrix.target }}
           ARCHIVE_TYPES: ${{ matrix.archive }}
+          POST_BUILD: ./codesign.apple.bash
diff --git a/codesign.apple.bash b/codesign.apple.bash
new file mode 100644
index 0000000..eb5c9a2
--- /dev/null
+++ b/codesign.apple.bash
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+echo "code sign started"
+
+echo $MACOS_CERTIFICATE | base64 —decode > certificate.p12
+security create-keychain -p $APPLE_DEVELOPER_CERT_PWD build.keychain
+security default-keychain -s build.keychain
+security unlock-keychain -p $APPLE_DEVELOPER_CERT_PWD build.keychain
+security import certificate.p12 -k build.keychain -P $$APPLE_DEVELOPER_CERT_PWD -T /usr/bin/codesign
+security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $APPLE_DEVELOPER_CERT_PWD build.keychain
+/usr/bin/codesign --force -s $APPLE_DEVELOPER_CERT_PWD ./path/to/you/app -v
+
+echo "code sign done..."
\ No newline at end of file