diff --git a/.github/workflows/build_orca.yml b/.github/workflows/build_orca.yml
index 4f6878fabd..c3713ac98d 100644
--- a/.github/workflows/build_orca.yml
+++ b/.github/workflows/build_orca.yml
@@ -108,13 +108,6 @@ jobs:
         run: |
           ./build_release_macos.sh -s -n -a ${{matrix.arch}}
 
-      - name: Create DMG
-        if: matrix.os == 'macos-12'
-        working-directory: ${{ github.workspace }}
-        run: |
-          ln -s /Applications ${{ github.workspace }}/build_${{matrix.arch}}/OrcaSlicer/Applications
-          hdiutil create -volname "OrcaSlicer" -srcfolder ${{ github.workspace }}/build_${{matrix.arch}}/OrcaSlicer -ov -format UDZO OrcaSlicer_Mac_${{matrix.arch}}_V${{ env.ver }}.dmg
-
       - name: Sign app
         if: github.ref == 'refs/heads/main' && matrix.os == 'macos-12'
         working-directory: ${{ github.workspace }}
@@ -133,6 +126,19 @@ jobs:
           security import $CERTIFICATE_PATH -P $P12_PASSWORD -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
           security list-keychain -d user -s $KEYCHAIN_PATH
           security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k $P12_PASSWORD $KEYCHAIN_PATH
+          codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" ${{ github.workspace }}/build_${{matrix.arch}}/OrcaSlicer/OrcaSlicer.app
+      
+      - name: Create DMG
+        if: matrix.os == 'macos-12'
+        working-directory: ${{ github.workspace }}
+        run: |
+          ln -s /Applications ${{ github.workspace }}/build_${{matrix.arch}}/OrcaSlicer/Applications
+          hdiutil create -volname "OrcaSlicer" -srcfolder ${{ github.workspace }}/build_${{matrix.arch}}/OrcaSlicer -ov -format UDZO OrcaSlicer_Mac_${{matrix.arch}}_V${{ env.ver }}.dmg
+
+      - name: Sign DMG
+        if: github.ref == 'refs/heads/main' && matrix.os == 'macos-12'
+        working-directory: ${{ github.workspace }}
+        run: |
           codesign --deep --force --verbose --options runtime --timestamp --entitlements ${{ github.workspace }}/scripts/disable_validation.entitlements --sign "$CERTIFICATE_ID" OrcaSlicer_Mac_${{matrix.arch}}_V${{ env.ver }}.dmg
       
       # Thanks to RaySajuuk, it's working now