diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 641fd592..521bc25b 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -2,9 +2,10 @@ name: ci
 
 on:
   push:
-    branches: [ main ]
+    branches: [ main, v* ]
   pull_request:
-    branches: [ main ]
+    branches: [ main, v* ]
+  workflow_dispatch:
 
 jobs:
   windows-x64:
@@ -40,7 +41,7 @@ jobs:
       shell: cmd
     - uses: actions/upload-artifact@v3
       with:
-        name: ${{ matrix.os }}_${{ matrix.configuration }}_x86
+        name: ${{ matrix.os }}_${{ matrix.configuration }}_${{ matrix.architecture }}
         path: |
           ./artifacts/bin/**/*
           ./artifacts/log/**/*
@@ -96,14 +97,6 @@ jobs:
       env:
         EXCLUDE_RUN_ID_FROM_PACKAGE: true
         EXCLUDE_SUFFIX_FROM_VERSION: false
-    - uses: actions/setup-dotnet@v2
-      if: ${{ github.event_name == 'push' }}
-      with:
-        dotnet-version: '6.0.x'
-    - run: dotnet tool install --tool-path ./artifacts/tools SignClient
-      if: ${{ github.event_name == 'push' }}
-    - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp"
-      if: ${{ github.event_name == 'push' }}
     - uses: actions/upload-artifact@v3
       with:
         name: nuget_preview
@@ -113,6 +106,29 @@ jobs:
           ./artifacts/pkg/**/*
           ./artifacts/tst/**/*
         if-no-files-found: error
+  sign-nuget-preview:
+    runs-on: windows-latest
+    if: ${{ github.event_name == 'push' }}
+    needs: [ build-nuget-preview ]
+    permissions:
+      id-token: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/download-artifact@v3
+      with:
+        name: nuget_preview
+        path: ./artifacts
+    - uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: '6.0.x'
+    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3
+    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "ClangSharp" --description-url "https://github.com/dotnet/clangsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
+    - uses: actions/upload-artifact@v3
+      with:
+        name: sign_nuget_preview
+        path: |
+          ./artifacts/pkg/**/*
+        if-no-files-found: error
   build-nuget-release:
     runs-on: windows-latest
     steps:
@@ -122,14 +138,6 @@ jobs:
       env:
         EXCLUDE_RUN_ID_FROM_PACKAGE: true
         EXCLUDE_SUFFIX_FROM_VERSION: true
-    - uses: actions/setup-dotnet@v2
-      if: ${{ github.event_name == 'push' }}
-      with:
-        dotnet-version: '6.0.x'
-    - run: dotnet tool install --tool-path ./artifacts/tools SignClient
-      if: ${{ github.event_name == 'push' }}
-    - run: ./artifacts/tools/SignClient "Sign" --baseDirectory "${{ github.workspace }}/artifacts/pkg" --input "**/*.nupkg" --config "${{ github.workspace }}/scripts/SignClientSettings.json" --filelist "${{ github.workspace }}/scripts/SignClientFileList.txt" --user "${{ secrets.SC_USER }}" --secret "${{ secrets.SC_PASS }}" --name "ClangSharp" --description "ClangSharp" --descriptionUrl "https://github.com/dotnet/clangsharp"
-      if: ${{ github.event_name == 'push' }}
     - uses: actions/upload-artifact@v3
       with:
         name: nuget_release
@@ -139,12 +147,35 @@ jobs:
           ./artifacts/pkg/**/*
           ./artifacts/tst/**/*
         if-no-files-found: error
+  sign-nuget-release:
+    runs-on: windows-latest
+    if: ${{ github.event_name == 'push' }}
+    needs: [ build-nuget-release ]
+    permissions:
+      id-token: write
+    steps:
+    - uses: actions/checkout@v3
+    - uses: actions/download-artifact@v3
+      with:
+        name: nuget_release
+        path: ./artifacts
+    - uses: actions/setup-dotnet@v3
+      with:
+        dotnet-version: '6.0.x'
+    - run: dotnet tool install --tool-path ./artifacts/tools sign --version 0.9.0-beta.23063.3
+    - run: ./artifacts/tools/sign code azure-key-vault "**/*.nupkg" --timestamp-url "http://timestamp.digicert.com" --base-directory "${{ github.workspace }}/artifacts/pkg" --file-list "${{ github.workspace }}/scripts/SignClientFileList.txt" --publisher-name ".NET Foundation" --description "ClangSharp" --description-url "https://github.com/dotnet/clangsharp" --azure-key-vault-certificate "${{ secrets.SC_KEY_VAULT_CERTIFICATE_ID }}" --azure-key-vault-client-id "${{ secrets.SC_AZURE_CLIENT_ID }}" --azure-key-vault-client-secret "${{ secrets.SC_AZURE_CLIENT_SECRET }}" --azure-key-vault-tenant-id "${{ secrets.SC_AZURE_TENANT_ID }}" --azure-key-vault-url "${{ secrets.SC_KEY_VAULT_URL }}"
+    - uses: actions/upload-artifact@v3
+      with:
+        name: sign_nuget_release
+        path: |
+          ./artifacts/pkg/**/*
+        if-no-files-found: error
   publish-nightlies-azure:
     runs-on: ubuntu-latest
     if: ${{ github.event_name == 'push' }}
-    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ]
+    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ]
     steps:
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: windows_release_x64
         path: ./artifacts
@@ -158,9 +189,9 @@ jobs:
   publish-nightlies-github:
     runs-on: ubuntu-latest
     if: false
-    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, build-nuget-preview ]
+    needs: [ windows-x64, windows-x86, linux-x64, macos-x64, sign-nuget-preview, sign-nuget-release ]
     steps:
-    - uses: actions/download-artifact@v2
+    - uses: actions/download-artifact@v3
       with:
         name: windows_release_x64
         path: ./artifacts
diff --git a/Directory.Build.props b/Directory.Build.props
index 9ca0e4ac..e523cddd 100644
--- a/Directory.Build.props
+++ b/Directory.Build.props
@@ -45,7 +45,7 @@
     <PackageOutputPath>$(BaseArtifactsPath)pkg/$(Configuration)/</PackageOutputPath>
     <Product>ClangSharp</Product>
     <RootNamespace>ClangSharp</RootNamespace>
-    <VersionPrefix>15.0.2</VersionPrefix>
+    <VersionPrefix>15.0.3</VersionPrefix>
     <VersionSuffix Condition="'$(EXCLUDE_SUFFIX_FROM_VERSION)' != 'true'">rc1</VersionSuffix>
     <VersionSuffix Condition="'$(GITHUB_EVENT_NAME)' == 'pull_request'">pr</VersionSuffix>
   </PropertyGroup>
diff --git a/Directory.Packages.props b/Directory.Packages.props
index b45d2ecd..9552abe2 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -15,11 +15,11 @@
     <PackageVersion Include="libClang" Version="15.0.0" />
     <PackageVersion Include="libClangSharp" Version="15.0.0" />
     <PackageVersion Include="Microsoft.Bcl.HashCode" Version="1.1.1" />
-    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.3.1" />
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
     <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="1.1.1" />
     <PackageVersion Include="NUnit" Version="3.13.3" />
-    <PackageVersion Include="NUnit3TestAdapter" Version="4.2.1" />
-    <PackageVersion Include="System.CommandLine" Version="2.0.0-beta3.22114.1" />
+    <PackageVersion Include="NUnit3TestAdapter" Version="4.3.1" />
+    <PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
     <PackageVersion Include="System.Memory" Version="4.5.5" />
   </ItemGroup>
 
diff --git a/scripts/SignClientSettings.json b/scripts/SignClientSettings.json
deleted file mode 100644
index fe1c8c9b..00000000
--- a/scripts/SignClientSettings.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "SignClient": {
-    "AzureAd": {
-      "AADInstance": "https://login.microsoftonline.com/",
-      "ClientId": "c248d68a-ba6f-4aa9-8a68-71fe872063f8",
-      "TenantId": "16076fdc-fcc1-4a15-b1ca-32c9a255900e"
-    },
-    "Service": {
-      "Url": "https://codesign.dotnetfoundation.org/",
-      "ResourceId": "https://SignService/3c30251f-36f3-490b-a955-520addb85001"
-    }
-  }
-}
diff --git a/scripts/build.ps1 b/scripts/build.ps1
index 523c91b1..61197fd6 100644
--- a/scripts/build.ps1
+++ b/scripts/build.ps1
@@ -173,7 +173,7 @@ try {
     Create-Directory -Path $DotNetInstallDirectory
 
     & $DotNetInstallScript -Channel 6.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture
-    & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture -Quality preview
+    & $DotNetInstallScript -Channel 7.0 -Version latest -InstallDir $DotNetInstallDirectory -Architecture $architecture
 
     $env:PATH="$DotNetInstallDirectory;$env:PATH"
   }
diff --git a/scripts/build.sh b/scripts/build.sh
index 371a6792..a7fbb8a7 100755
--- a/scripts/build.sh
+++ b/scripts/build.sh
@@ -205,7 +205,7 @@ if [[ ! -z "$architecture" ]]; then
   CreateDirectory "$DotNetInstallDirectory"
 
   . "$DotNetInstallScript" --channel 6.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture"
-  . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture" --quality preview
+  . "$DotNetInstallScript" --channel 7.0 --version latest --install-dir "$DotNetInstallDirectory" --architecture "$architecture"
 
   PATH="$DotNetInstallDirectory:$PATH:"
 fi