diff --git a/.travis.yml b/.travis.yml
index fce3498..4c68352 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,6 +27,7 @@ script:
   - ./trigger-azure.sh
 
 before_deploy:
+  - ./sign_mac_app.sh
   - ./create_zip.sh
   - ./sum.sh
 
diff --git a/create_zip.sh b/create_zip.sh
index 1abb6f3..97780ee 100755
--- a/create_zip.sh
+++ b/create_zip.sh
@@ -3,7 +3,7 @@
 if [[ "$SHOULD_BUILD" == "yes" ]]; then
   if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
     cd VSCode-darwin
-    zip -r -X -y ../VSCodium-darwin-${LATEST_MS_TAG}.zip ./*
+    zip -r -X -y ../VSCodium-darwin-${LATEST_MS_TAG}.zip ./*.app
   elif [[ "$BUILDARCH" == "ia32" ]]; then
     cd VSCode-linux-ia32
     tar czf ../VSCodium-linux-ia32-${LATEST_MS_TAG}.tar.gz .
diff --git a/sign_mac_app.sh b/sign_mac_app.sh
new file mode 100755
index 0000000..1f3032a
--- /dev/null
+++ b/sign_mac_app.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+# thanks to https://www.jviotti.com/2016/03/16/how-to-code-sign-os-x-electron-apps-in-travis-ci.html
+# for the helpful instructions
+if [[ "$SHOULD_BUILD" == "yes" ]]; then
+  if [[ "$TRAVIS_OS_NAME" == "osx" ]]; then
+    if [ -d "VSCode-darwin" ]; then # just in case the build failed
+      cd VSCode-darwin
+      export CERTIFICATE_P12=VSCodium.p12
+      echo $CERTIFICATE_OSX_P12 | base64 --decode > $CERTIFICATE_P12
+      export KEYCHAIN=build.keychain
+      security create-keychain -p mysecretpassword $KEYCHAIN
+      security default-keychain -s $KEYCHAIN
+      security unlock-keychain -p mysecretpassword $KEYCHAIN
+      security import $CERTIFICATE_P12 -k $KEYCHAIN -P $CERTIFICATE_OSX_PASSWORD -T /usr/bin/codesign
+      
+      # https://docs.travis-ci.com/user/common-build-problems/
+      security set-key-partition-list -S apple-tool:,apple: -s -k mysecretpassword $KEYCHAIN
+      
+      codesign --deep --force --verbose --sign "$CERTIFICATE_OSX_ID" VSCodium.app
+    fi
+  fi
+fi