Skip to content

Commit

Permalink
Merge pull request #145 from instructlab/dependabot/github_actions/si…
Browse files Browse the repository at this point in the history 
…gstore/gh-action-sigstore-python-3.0.0

build(deps): bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0
  • Loading branch information
@markmc
markmc authored Jul 27, 2024
2 parents d9cc9b7 + 66f0131 commit ca30d98
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions .github/workflows/pypi.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,11 +110,12 @@ jobs:
path: dist

- name: "Sigstore sign package"
uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
with:
inputs: |
./dist/*.tar.gz
./dist/*.whl
release-signing-artifacts: false

- name: "Upload artifacts and signatures to GitHub release"
run: |
Expand All @@ -126,7 +127,7 @@ jobs:
# gh-action-pypi-publish has no option to ignore them.
- name: "Remove sigstore signatures before uploading to PyPI"
run: |
rm ./dist/*.sigstore
rm ./dist/*.sigstore.json
- name: "Upload to PyPI"
uses: pypa/gh-action-pypi-publish@ec4db0b4ddc65acdf4bff5fa45ac92d78b56bdf0 # v1.9.0

0 comments on commit ca30d98

Please sign in to comment.