diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index e35178f..3699f60 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -105,6 +105,10 @@ jobs:
           CERTIFICATE_ID: ${{ secrets.CERTIFICATE_ID }}
       - name: Test Binary is Signed
         run: |
+          cat codesign.log
+          echo ===============================
+          cat notarytool.log
+          echo ===============================
           codesign -dv dist/build_macos_darwin_arm64/komocli
       - uses: actions/upload-artifact@v4
         with:
diff --git a/.goreleaser-mac.yml b/.goreleaser-mac.yml
index 556033d..e123af8 100644
--- a/.goreleaser-mac.yml
+++ b/.goreleaser-mac.yml
@@ -19,7 +19,7 @@ builds:
         # sign
         - codesign --options runtime --keychain build.keychain --sign "{{ .Env.CERTIFICATE_ID }}" "{{ .Path }}"
         # notarize
-        - chmod +x scripts/notarize-macos-app.sh && ./scripts/notarize-macos-app.sh {{ .Path }}.zip
+        - scripts/notarize-macos-app.sh "{{ .Path }}"
 archives:
   - id: komocli
     format: binary
diff --git a/scripts/notarize-macos-app.sh b/scripts/notarize-macos-app.sh
old mode 100644
new mode 100755
index 0fdf060..08a56cd
--- a/scripts/notarize-macos-app.sh
+++ b/scripts/notarize-macos-app.sh
@@ -1,7 +1,8 @@
 #!/usr/bin/env sh
 echo "Notarizing $1"
-xcrun notarytool submit $1 \
+zip $1.zip $1
+xcrun notarytool submit $1.zip \
     --apple-id "$MACOS_NOTARY_APPLE_ID" \
     --team-id "$MACOS_NOTARY_TEAM_ID" \
     --password "$MACOS_NOTARY_PASSWORD" \
-    --wait
+    --wait 2>&1 | tee -a notarytool.log