Commit graph

4 commits

Author SHA1 Message Date
Sviatoslav Sydorenko
f14df0bb20
💅 Add a return type to die() @ attestations 2024-12-10 01:35:33 +01:00
William Woodruff
fec2f0c0ce
attestations: collect *.zip sdists as well
Signed-off-by: William Woodruff <william@trailofbits.com>
2024-11-06 13:43:44 -05:00
Sviatoslav Sydorenko
0ab0b79471
🚑 Invert the dists-to-attest validity check
Some checks failed
🧪 / smoke-test (push) Has been cancelled
This bug sneaked into #236 but should not affect many people as the
attestations generation feature is experimental and opt-in.

Fixes #256
2024-09-03 10:25:06 +02:00
William Woodruff
8a08d61689
Expose PEP 740 attestations functionality
Some checks failed
🧪 / smoke-test (push) Has been cancelled
PR #236

This patch adds PEP 740 attestation generation to the workflow: when the Trusted Publishing flow is used, this will generate a publish attestation for each distribution being uploaded. These generated attestations are then fed into `twine`, which newly supports them via `--attestations`.

Ref: https://github.com/pypi/warehouse/issues/15871
2024-09-01 02:50:29 +02:00