From 66f0131e614d2a523f5fc33edd6233c440928838 Mon Sep 17 00:00:00 2001
From: Mark McLoughlin <markmc@redhat.com>
Date: Sat, 27 Jul 2024 08:31:09 +0100
Subject: [PATCH] Fixes for sigstore action update

Add release-signing-artifacts: false to the sigstore action config to
prevent the action from performing a GitHub release.

Delete of sigstore artifacts before pypi action needs to delete
*.sigstore.json.

Co-authored-by: BJ Hargrave <hargrave@us.ibm.com>
Signed-off-by: Mark McLoughlin <markmc@redhat.com>
---
 .github/workflows/pypi.yaml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
index f5d1427b..f73c03cd 100644
--- a/.github/workflows/pypi.yaml
+++ b/.github/workflows/pypi.yaml
@@ -115,6 +115,7 @@ jobs:
                   inputs: |
                       ./dist/*.tar.gz
                       ./dist/*.whl
+                  release-signing-artifacts: false
 
             - name: "Upload artifacts and signatures to GitHub release"
               run: |
@@ -126,7 +127,7 @@ jobs:
             # gh-action-pypi-publish has no option to ignore them.
             - name: "Remove sigstore signatures before uploading to PyPI"
               run: |
-                  rm ./dist/*.sigstore
+                  rm ./dist/*.sigstore.json
 
             - name: "Upload to PyPI"
               uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0