I would like to use XCode to automate my Mac app's entire build process, including creating an app archive for end users to download (my own very custom archive, which is not the bag of folders and dSYMs that XCode calls an Archive).
I use to create my archive using a target with a custom "Run script" phase, but since XCode 8 this clashes with automatic code signing (I have a complex combination of app extensions, app groups, nested shared frameworks and helper executables which are PITA to sign). XCode automatically manages signing, but it intentionally chooses a "Mac Developer" identity for all builds except the "Archive" build type.
I have to use a "Developer ID" identity for my app, but I don't see any non-hacky way to automatically run my own archive build process after the "Archive" build in XCode.
How can I make XCode automatically sign everything with my "Developer ID" identity, and still allow me to reliably run my own tarball-making shell scripts on the fully built, fully-signed Mac app bundle?