fix: sign jars to avoid notorization issues

.github/workflows/signjars.yml

@@ -0,0 +1,56 @@
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ master ]
+  pull_request:
+    branches: [ master ]
+
+jobs:
+  build:
+
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    - name: Sign JARs
+      run: |
+        # Export secrets as environment variables
+        export JARSIGNER_KEYSTORE_B64=${{ secrets.JARSIGNER_REL_KEYSTORE_B64 }}
+        export JARSIGNER_STOREPASS=${{ secrets.JARSIGNER_REL_STOREPASS }}
+        export JARSIGNER_ALIAS=${{ secrets.JARSIGNER_REL_ALIAS }}
+
+        # Set up the keystore file path
+        KEYSTORE_FILE="${PWD}/{{secrets.JARSIGNER_KEYSTORE}}"
+        echo "Keystore file: ${KEYSTORE_FILE}"
+
+        # Decode and save the base64-encoded keystore to the file
+        printf "%s" "${JARSIGNER_KEYSTORE_B64}" | base64 -d > "${KEYSTORE_FILE}"
+
+        # Sign all JAR files located in the specified directory
+        LIB_DIR="${PWD}/BUNDLES/com.espressif.idf.serial.monitor/lib"
+        echo "Signing JAR files in ${LIB_DIR}"
+        for jar in "${LIB_DIR}"/*.jar; do
+          echo "Signing JAR file: ${jar}"
+          jarsigner -keystore "${KEYSTORE_FILE}" \
+                    -storepass "${JARSIGNER_STOREPASS}" \
+                    -signedjar "${jar}" \
+                    "${jar}" "${JARSIGNER_ALIAS}"
+        done
+
+        # Clean up the keystore file
+        rm -v "${KEYSTORE_FILE}"
+
+    - name: Upload Signed JAR Files
+      if: ${{ !cancelled() }}
+      uses: actions/upload-artifact@v4
+      with:
+        name: signed-jar-files
+        path: BUNDLES/com.espressif.idf.serial.monitor/lib/*.jar