𝗗𝗶𝘀𝘁𝗿𝗶𝗯𝘂𝘁𝗶𝗻𝗴 𝗣𝘆𝘁𝗵𝗼𝗻 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 𝗔𝗽𝗽𝘀 𝗼𝗻 𝗪𝗶𝗻𝗱𝗼𝘄𝘀 𝗮𝗻𝗱 𝗠𝗮𝗰
Python is cross-platform. You write code once and run it anywhere.
But distributing that code is a different story. The pipeline for Windows and macOS is completely separate. You must handle different tools and different rules for each system.
Here is the breakdown of the release process:
Mac Pipeline • Build: Use PyInstaller with x86_64 architecture. • Format: Create an .app bundle and then a .dmg file. • Signing: Use codesign with a Developer ID certificate. • Validation: Submit your app to Apple for Notarization.
Windows Pipeline • Build: Use PyInstaller. • Format: Use Inno Setup to create an .exe installer. • Signing: Use eSigner CSC for cloud-based signing. • Validation: Build reputation in the Microsoft SmartScreen system.
Common Pitfalls
Mac Architecture If you build on an Apple Silicon Mac, your binaries might only work on ARM64. This means they will fail on Intel Macs. Always run your build through the x86_64 architecture to ensure your app runs on both types of Macs.
Mac Signing Simple signing often fails with the Hardened Runtime. You must find every Mach-O binary inside your app bundle and sign them one by one from the inside out.
Mac Notarization Notarization can stall for days. This is often not a technical bug. Check your Apple Developer account for missing tax forms or banking info. These administrative issues often block your release.
Windows Installation Use Inno Setup to install your app in user mode. This installs the app to the user folder instead of the system folder. It allows users to install your software without admin rights. This prevents many support tickets.
Windows Signing Traditional signing requires a physical USB token. This makes automation difficult. Use cloud signing services like eSigner CSC to sign your files directly from your scripts.
The Versioning Problem You must keep version numbers synchronized across all files. If your Python code, your installer script, and your web server use different version numbers, your update checks will fail.
Build the pipeline once. It takes time to set up. But once it works, you can ship new releases in 30 minutes.