Draft: CI: enabling upload of sigstore signing artifacts & auto-verify

py-pdf · Dec 16, 2024 · 445e714 · 445e714
1 parent bca0695
commit 445e714
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
@@ -142,5 +142,7 @@ jobs:
         # Doc: https://github.com/marketplace/actions/gh-action-sigstore-python
         with:
           inputs: ./dist/*.tar.gz ./dist/*.whl
-          # For this setting to work, this pipeline should be triggered by a "release" event:
-          release-signing-artifacts: true
+          upload-signing-artifacts: true
+          verify: true
+          verify-oidc-issuer: https://github.com/login/oauth
+          verify-cert-identity: ?