diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index d0bd169e..a0270ccd 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -88,7 +88,7 @@ jobs:
         path: ${{steps.sign_app.outputs.signedReleaseFile}}
 
   build-macOS:
-    runs-on: macos-10.15
+    runs-on: macos-11.5
     steps:
     - uses: actions/checkout@v2
     - name: Pack love
@@ -101,6 +101,23 @@ jobs:
       run: |
         python3 .github/workflows/updateOSXVersion.py
         mv Techmino.love Techmino.app/Contents/Resources
+    - name: Codesign executable
+      # <identity-id> can be found at running `security find-identity -v`
+      # <your-password> is any password you like, it is there just to create the keychain
+      # Add in secrets:
+      #   - MACOS_CERTIFICATE: the *.p12 Developer ID Certificate, encoded in base64
+      #   - MACOS_CERTIFICATE_PWD: The password
+      env: 
+        MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
+        MACOS_CERTIFICATE_PWD: ${{ secrets.MACOS_CERTIFICATE_PWD }}
+      run: |
+        echo $MACOS_CERTIFICATE | base64 —decode > certificate.p12
+        security create-keychain -p Techminohaowan build.keychain
+        security default-keychain -s build.keychain
+        security unlock-keychain -p Techminohaowan build.keychain
+        security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
+        security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k Techminohaowan build.keychain
+        /usr/bin/codesign --force --deep -s 79B81FC5EA155243C973B5417B0996501F00EF55 ./Techmino.app -v
     - name: Pack Techmino
       run: |
         zip -r -y Techmino-Packed.app.zip Techmino.app