From ac8f69ed9df4139771f5089cac71895101520a7d Mon Sep 17 00:00:00 2001
From: Cary Phillips <cary@ilm.com>
Date: Sat, 14 Sep 2024 15:48:59 -0700
Subject: [PATCH] Update sigstore release signing action

The default behavior of sigstore/gh-action-sigstore-python has
changed. Disable the automatic uploading of signed artifacts, since
this now includes artifacts named with just the tag, without the
"Imath-" prefix.

Also, the signature file now has a .json suffix.

Signed-off-by: Cary Phillips <cary@ilm.com>
---
 .github/workflows/release-sign.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/release-sign.yml b/.github/workflows/release-sign.yml
index 38663e81..d8ebf0c2 100644
--- a/.github/workflows/release-sign.yml
+++ b/.github/workflows/release-sign.yml
@@ -57,9 +57,11 @@ jobs:
         uses: sigstore/gh-action-sigstore-python@v3.0.0
         with:
           inputs: ${{ env.IMATH_TARBALL }}
+          upload-signing-artifacts: false
+          release-signing-artifacts: false
 
       - name: Upload release archive
         env:
           GH_TOKEN: ${{ github.token }}
-        run: gh release upload ${{ github.ref_name }} ${IMATH_TARBALL} ${IMATH_TARBALL}.sigstore
+        run: gh release upload ${{ github.ref_name }} ${IMATH_TARBALL} ${IMATH_TARBALL}.sigstore.json