diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml
index f1c55ab65..40ca021a0 100644
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -6,6 +6,10 @@ name: Nightly builds
 on:
   schedule:
     - cron: "0 0 * * *"
+  pull_request:
+    branches:
+      - master
+      - release/**
 
 permissions:
   contents: read
@@ -122,23 +126,43 @@ jobs:
         /usr/bin/security unlock-keychain -p espressif build.keychain
         /usr/bin/security import certificate.p12 -k build.keychain -P $MACOS_CERTIFICATE_PWD -T /usr/bin/codesign
         /usr/bin/security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k espressif build.keychain
-        
+        /usr/bin/security list-keychains -d user -s build.keychain $(security list-keychains -d user | sed s/\"//g)
+
+        curl -fsSL https://www.apple.com/certificateauthority/DeveloperIDCA.cer -o DeveloperIDCA.cer
+        curl -fsSL https://www.apple.com/certificateauthority/DeveloperIDG2CA.cer -o DeveloperIDG2CA.cer
+        curl -fsSL https://www.apple.com/appleca/AppleIncRootCertificate.cer -o AppleIncRootCertificate.cer
+        /usr/bin/security import DeveloperIDCA.cer -k build.keychain || true
+        /usr/bin/security import DeveloperIDG2CA.cer -k build.keychain || true
+        /usr/bin/security import AppleIncRootCertificate.cer -k build.keychain || true
+
+        echo "---- Identities (default search list) ----"
+        /usr/bin/security find-identity -v -p codesigning || true
+        /usr/bin/security find-identity -v || true
+        echo "---- Identities in build.keychain ----"
+        /usr/bin/security find-identity -v -p codesigning build.keychain || true
+        echo "---- Verify leaf cert chain ----"
+        /usr/bin/security find-certificate -c "Developer ID Application" -p build.keychain > leaf.pem || true
+        /usr/bin/security verify-cert -c leaf.pem -p codeSign -L 2>&1 || true
+        echo "---- end ----"
+
+        SIGN_ID="QWXF6GB4AV"
+
         echo "codesigning espressif-ide-macosx.cocoa.x86_64"
-        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
+        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "$SIGN_ID" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app -v
         /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/x86_64/Espressif-IDE.app
 
         echo "codesigning espressif-ide-macosx.cocoa.aarch64"
-        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
+        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "$SIGN_ID" $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app -v
         /usr/bin/codesign -v -vvv --deep $PWD/releng/com.espressif.idf.product/target/products/com.espressif.idf.product/macosx/cocoa/aarch64/Espressif-IDE.app
-        
+
         echo "Creating dmg for espressif-ide-macosx.cocoa.x86_64"
         $PWD/releng/ide-dmg-builder/ide-dmg-builder.sh
-        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
+        /usr/bin/codesign --entitlements $PWD/releng/com.espressif.idf.product/entitlements/espressif-ide.entitlement --options runtime --force -s "$SIGN_ID" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg -v
         /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-x86_64.dmg
-      
+
         echo "Creating dmg for espressif-ide-macosx.cocoa.aarch64"
         $PWD/releng/ide-dmg-builder/ide-dmg-builder-aarch64.sh
-        /usr/bin/codesign --options runtime --force -s "ESPRESSIF SYSTEMS (SHANGHAI) CO., LTD. (QWXF6GB4AV)" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
+        /usr/bin/codesign --options runtime --force -s "$SIGN_ID" $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg -v
         /usr/bin/codesign -v -vvv --deep $PWD/releng/ide-dmg-builder/Espressif-IDE-macosx-cocoa-aarch64.dmg
 
     - name: Notarization of Espressif-IDE dmg files