diff --git a/.github/workflows/build-enjoy-app.yml b/.github/workflows/build-enjoy-app.yml
new file mode 100644
index 00000000..f41fa1ad
--- /dev/null
+++ b/.github/workflows/build-enjoy-app.yml
@@ -0,0 +1,43 @@
+name: Build Enjoy App
+on: workflow_dispatch
+
+jobs:
+  publish:
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        os: [macos-latest, windows-latest, ubuntu-latest]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 20
+      - name: Install dependencies
+        run: yarn install
+      - name: Build
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
+          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
+        run: yarn make:enjoy
+      - if: matrix.os == 'macos-latest'
+        name: Build macOS arm64
+        env:
+          GITHUB_TOKEN: ${{ secrets.PUBLISH_TOKEN }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_APP_PASSWORD: ${{ secrets.APPLE_APP_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          CERTIFICATE_OSX_APPLICATION: ${{ secrets.CERTIFICATE_OSX_APPLICATION }}
+          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
+          PACKAGE_OS_ARCH: arm64
+        run: | 
+          ./enjoy/scripts/add-macos-cert.sh
+          yarn run make:enjoy --arch=arm64
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: Enjoy-${{ matrix.os }}
+          path: ./enjoy/output/make/**/*
diff --git a/enjoy/forge.config.js b/enjoy/forge.config.js
index 1b14f762..1b8e77e9 100644
--- a/enjoy/forge.config.js
+++ b/enjoy/forge.config.js
@@ -25,7 +25,7 @@ const config = {
       name: "Enjoy",
       setupIcon: "./assets/icon.ico",
     }),
-    new MakerZIP({}, ["darwin", "win32"]),
+    new MakerZIP(["darwin", "win32"]),
     new MakerDeb({
       options: {
         name: "enjoy",
@@ -51,6 +51,7 @@ const config = {
           owner: "xiaolai",
           name: "everyone-can-use-english",
         },
+        generateReleaseNotes: true,
         draft: true,
       },
     },
@@ -91,4 +92,25 @@ const config = {
   ],
 };
 
+const macOsCodesignConfig = {
+  osxSign: {},
+  osxNotarize: {
+    tool: "notarytool",
+    appleId: process.env.APPLE_ID,
+    appleIdPassword: process.env.APPLE_APP_PASSWORD,
+    teamId: process.env.APPLE_TEAM_ID,
+  },
+};
+
+if (
+  process.env.APPLE_ID &&
+  process.env.APPLE_APP_PASSWORD &&
+  process.env.APPLE_TEAM_ID
+) {
+  config.packagerConfig = {
+    ...config.packagerConfig,
+    ...macOsCodesignConfig,
+  };
+}
+
 export default config;
diff --git a/enjoy/scripts/add-macos-cert.sh b/enjoy/scripts/add-macos-cert.sh
new file mode 100755
index 00000000..b4b803f5
--- /dev/null
+++ b/enjoy/scripts/add-macos-cert.sh
@@ -0,0 +1,23 @@
+#!/usr/bin/env sh
+
+KEY_CHAIN=build.keychain
+CERTIFICATE_P12=certificate.p12
+
+# Recreate the certificate from the secure environment variable
+echo $CERTIFICATE_OSX_APPLICATION | base64 --decode > $CERTIFICATE_P12
+
+#create a keychain
+security create-keychain -p actions $KEY_CHAIN
+
+# Make the keychain the default so identities are found
+security default-keychain -s $KEY_CHAIN
+
+# Unlock the keychain
+security unlock-keychain -p actions $KEY_CHAIN
+
+security import $CERTIFICATE_P12 -k $KEY_CHAIN -P $CERTIFICATE_PASSWORD -T /usr/bin/codesign;
+
+security set-key-partition-list -S apple-tool:,apple: -s -k actions $KEY_CHAIN
+
+# remove certs
+rm -fr *.p12