The Apple Signing step grabs an existing artifact, signs the binaries,
and then re-uploads the artifact, replacing the original one. The
upgrade to v4 of the `actions/upload-artifact` action broke this
behavior due to a breaking change documented in [the release notes][1]:
> Due to how Artifacts are created in this new version, it is no longer
> possible to upload to the same named Artifact multiple times. You must
> either split the uploads into multiple Artifacts with different names,
> or only upload once. Otherwise you will encounter an error.
The fix is to use the `overwrite: true` setting to force the old
behavior of replacing the previous (unsigned) artifact.
[1]: https://github.com/actions/upload-artifact/blob/main/README.md#breaking-changes
Due to [an issue][1] with the `actions/upload-artifact` action, when
binaries are uploaded they lose permission bits and `xattr` properties.
Composite actions `upload-tar` and `download-tar` have been added that
tarball the artifacts before uploading them to retain those properties.
[1]: https://github.com/actions/upload-artifact/issues/38
Robert Dailey
Robert Dailey