From c97c52aaf5e1cd0b0e48cff1522311d3e091e70a Mon Sep 17 00:00:00 2001
From: Lucas Saavedra Vaz <32426024+lucasssvaz@users.noreply.github.com>
Date: Tue, 16 Dec 2025 16:20:49 -0300
Subject: [PATCH] ci(sign): Fix signing in Windows

---
 .github/workflows/build_py_tools.yml | 18 ++++++++----------
 1 file changed, 8 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/build_py_tools.yml b/.github/workflows/build_py_tools.yml
index e22d8df5eff..8751a280857 100644
--- a/.github/workflows/build_py_tools.yml
+++ b/.github/workflows/build_py_tools.yml
@@ -119,16 +119,14 @@ jobs:
 
       - name: Sign binaries
         if: matrix.os == 'windows-latest'
-        env:
-          CERTIFICATE: ${{ secrets.CERTIFICATE }}
-          CERTIFICATE_PASSWORD: ${{ secrets.CERTIFICATE_PASSWORD }}
-        shell: pwsh
-        run: |
-          $data = Write-Output ${{ env.CHANGED_TOOLS }}
-          foreach ( $node in $data )
-          {
-            ./.github/pytools/Sign-File.ps1 -Path ./${{ env.DISTPATH }}/$node.exe
-          }
+        uses: espressif/release-sign@33f3684091168d78b2cf6c8265bd9968c376254c # master
+        with:
+          path: ./${{ env.DISTPATH }}
+          azure-client-id: ${{ secrets.AZURE_CLIENT_ID }}
+          azure-client-secret: ${{ secrets.AZURE_CLIENT_SECRET }}
+          azure-tenant-id: ${{ secrets.AZURE_TENANT_ID }}
+          azure-keyvault-uri: ${{ secrets.AZURE_KEYVAULT_URI }}
+          azure-keyvault-cert-name: ${{ secrets.AZURE_KEYVAULT_CERT_NAME }}
 
       - name: Test binaries
         shell: bash