Notarization issue

TL;DR - What have I messed up on this notarization workflow? I'm completely new to Apple development.

I have been trying to notarize an application I have written, that is then packaged as a .dmg.

I am trying to notarize it using the command line tools (as it is an existing app, and not written in Xcode/Swift).

My steps so far are as follows:

1. All libraries, frameworks, and other executables have been signed (.dylib, .so etc.). I have avoided using --deep as I understand this is not recommended.
2. The above includes all similar files included within zip archives (the cross platform framework I use places some inside a zip container). I have unzipped, signed, and rezipped.
3. I have signed the main executable within "[NAME].app/MacOS" and the "[NAME].app" with an .entitlements file, and a certificate.

codesign  --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --timestamp --force --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app/Contents/MacOS/$APP_NAME"

codesign --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" --options runtime  --entitlements "$APP_NAME.entitlements" "$BUILD_DIR/$APP_NAME.app"  --force --timestamp

echo "Checking for unsigned components..."
codesign --verify --deep --verbose=4 "$BUILD_DIR/$APP_NAME.app"

echo "Verifying entitlements..."
codesign --display --entitlements :- "$BUILD_DIR/$APP_NAME.app"

1. Both of the above checks come back as ok.
2. Then, I have the following script lines which package the app as a .dmg and submit it to notarisation.

hdiutil create -volname "$APP_NAME" -srcfolder $BUILD_DIR/$APP_NAME.app" -ov -format UDZO "$BUILD_DIR/$DMG_NAME"

# Sign the DMG
codesign --force --verify --verbose --sign "$DEVELOPER_ID_APP_CERT" "$BUILD_DIR/$DMG_NAME"

# Notarize the DMG
xcrun notarytool submit "$BUILD_DIR/$DMG_NAME" --key "[AUTH_KEY_LOCATION].p8" --key-id "[KEYID]" --issuer "[ISSUERID]" --wait

# Staple the notarization ticket to the DMG
xcrun stapler staple "$BUILD_DIR/$DMG_NAME"

# Verify the notarization
xcrun stapler validate "$BUILD_DIR/$DMG_NAME"

1. After a 20 hour wait, I get the following back from the notarization service:

 id: 41931e00-2f34-4389-b5e1-fd76707c2162
 status: Invalid
Processing: [PATH]/[APP].dmg
CloudKit query for [APP].dmg (2/a428f96446e143497380c0ae1f2b70661050aed6) failed due to "Record not found".
Could not find base64 encoded ticket in response for 2/a428f96446e143497380c0ae1f2b70661050aed6
The staple and validate action failed! Error 65.
Processing: [PATH]/[APP].dmg
FotoLabAI.dmg does not have a ticket stapled to it.

1. On a seperate submission, I noticed something about a note about audit.log not being found, but I can't find a reference to this on Google. So far as I understand, this is the file that is supposed to help me debug notarization errors.

Normally I'd try more debugging myself, but I can't afford to wait 24h for feedback.