Fixes for sigstore action update

Add release-signing-artifacts: false to the sigstore action config to prevent the action from performing a GitHub release. Delete of sigstore artifacts before pypi action needs to delete *.sigstore.json. Co-authored-by: BJ Hargrave <[email protected]> Signed-off-by: Mark McLoughlin <[email protected]>
instructlab · Jul 27, 2024 · 66f0131 · 66f0131
1 parent 0005b07
commit 66f0131
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
@@ -115,6 +115,7 @@ jobs:
                   inputs: |
                       ./dist/*.tar.gz
                       ./dist/*.whl
+                  release-signing-artifacts: false
 
             - name: "Upload artifacts and signatures to GitHub release"
               run: |
@@ -126,7 +127,7 @@ jobs:
             # gh-action-pypi-publish has no option to ignore them.
             - name: "Remove sigstore signatures before uploading to PyPI"
               run: |
-                  rm ./dist/*.sigstore
+                  rm ./dist/*.sigstore.json
 
             - name: "Upload to PyPI"
               uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0