Update sigstore release signing action (#1822)

The default behavior of sigstore/gh-action-sigstore-python has changed. Disable the automatic uploading of signed artifacts, since this now includes artifacts named with just the tag, without the "openexr-" prefix. Also, the signature file now has a .json suffix. Signed-off-by: Cary Phillips <[email protected]>
AcademySoftwareFoundation · Sep 20, 2024 · 8b0caea · 8b0caea
1 parent 176ec27
commit 8b0caea
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/.github/workflows/release-sign.yml b/.github/workflows/release-sign.yml
@@ -58,9 +58,11 @@ jobs:
         uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
         with:
           inputs: ${{ env.OPENEXR_TARBALL }}
+          upload-signing-artifacts: false
+          release-signing-artifacts: false
 
       - name: Upload release archive
         env:
           GH_TOKEN: ${{ github.token }}
-        run: gh release upload ${{ github.ref_name }} ${OPENEXR_TARBALL} ${OPENEXR_TARBALL}.sigstore
+        run: gh release upload ${TAG} ${OPENEXR_TARBALL} ${OPENEXR_TARBALL}.sigstore.json