Merge pull request #76 from instructlab/dependabot/github_actions/sig…

…store/gh-action-sigstore-python-3.0.0 Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0
instructlab · Sep 26, 2024 · a3a958b · a3a958b
2 parents 030b8c9 + 6946237
commit a3a958b
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/.github/workflows/pypi.yaml b/.github/workflows/pypi.yaml
@@ -109,8 +109,9 @@ jobs:
                   path: dist
 
             - name: "Sigstore sign package"
-              uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
+              uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
               with:
+                  release-signing-artifacts: false
                   inputs: |
                       ./dist/*.tar.gz
                       ./dist/*.whl
@@ -125,7 +126,7 @@ jobs:
             # gh-action-pypi-publish has no option to ignore them.
             - name: "Remove sigstore signatures before uploading to PyPI"
               run: |
-                  rm ./dist/*.sigstore
+                  rm ./dist/*.sigstore.json
 
             - name: "Upload to PyPI"
               uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2