Add retry mechanism for .dmg signing in macOS release workflow

.github/workflows/macos-release-build.yml

@@ -160,6 +160,20 @@ jobs:
             --wait
           xcrun stapler staple "zen.macos-${{ matrix.arch }}.dmg"
 
+      - name: Sign .dmg again if failed
+        if: failure()
+        run: |
+          set -ex
+          hdiutil convert ./dist/*.dmg -format UDZO -imagekey zlib-level=9 -o zen.macos-${{ matrix.arch }}.dmg
+          xattr -cr zen.macos-${{ matrix.arch }}.dmg
+          codesign -s "${{ secrets.macOS_AppleDeveloperId }}" zen.macos-${{ matrix.arch }}.dmg
+          xcrun notarytool submit "zen.macos-${{ matrix.arch }}.dmg" \
+            --apple-id "${{ secrets.macOS_AppleAccountId }}" \
+            --team-id "${{ secrets.macOS_AppleDeveloperIdTeamId }}" \
+            --password "${{ secrets.macOS_AppleDeveloperIdPassword }}" \
+            --wait
+          xcrun stapler staple "zen.macos-${{ matrix.arch }}.dmg"
+
       - name: Upload build artifact
         uses: actions/upload-artifact@v4
         with: