Skip to content

Commit

Permalink
CI: Disable attestation for releases for now
Browse files Browse the repository at this point in the history 
With v1.11.0 gh-action-pypi-publish has switched on attestations by
default:
https://github.com/pypa/gh-action-pypi-publish/releases/tag/v1.11.0

According to it's README they are still beta:
https://github.com/pypa/gh-action-pypi-publish/blob/fb13cb306901256ace3dab689990e13a5550ffaa/README.md?plain=1#L102

So we will disable attestations for releases to production for now.
This way we can still evaluate this supply chain feature in testing, but
keep our stable release workflow more stable.

Attestations can be enabled for production once they are stable.

Signed-off-by: Chris Fiege <cfi@pengutronix.de>
  • Loading branch information
@SmithChart
SmithChart committed Nov 4, 2024
1 parent 457886b commit 5b6a79c
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions .github/workflows/check-and-publish.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,5 @@ jobs:
- name: Publish distribution package to PyPI
if: ${{ startsWith(github.ref, 'refs/tags') }}
uses: pypa/gh-action-pypi-publish@release/v1
with:
attestations: false

0 comments on commit 5b6a79c

Please sign in to comment.