From a2324beef30b36541f6a16acd098f827db946eaf Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Mon, 17 Jun 2024 11:07:23 -0400 Subject: [PATCH] action: flip `release-signing-artifacts` Signed-off-by: William Woodruff --- README.md | 11 +++-------- action.yml | 10 +++++----- 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 9910109..a192f31 100644 --- a/README.md +++ b/README.md @@ -314,7 +314,7 @@ Example: ### `release-signing-artifacts` -**Default**: `false` +**Default**: `true` The `release-signing-artifacts` setting controls whether or not `sigstore-python` uploads signing artifacts to the release publishing event that triggered this run. @@ -323,8 +323,6 @@ This setting has no effect on non-`release` events. If enabled, this setting also re-uploads and signs GitHub's default source code artifacts, as they are not guaranteed to be stable. -By default, no release assets are uploaded. - Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token). Example: @@ -342,8 +340,7 @@ permissions: ``` On release events, it is also valid to have no explicit inputs. When used on release -events with `release-signing-artifacts: true`, this action will sign any pre-existing -release artifacts: +events, this action will sign any pre-existing release artifacts: ```yaml permissions: @@ -351,10 +348,8 @@ permissions: # ... +# no explicit settings needed, signs all pre-existing release artifacts - uses: sigstore/gh-action-sigstore-python@v2.1.1 - with: - # Only valid on release events - release-signing-artifacts: true ``` ### Internal options diff --git a/action.yml b/action.yml index 7dc3faa..b9daa7d 100644 --- a/action.yml +++ b/action.yml @@ -47,11 +47,11 @@ inputs: staging: description: "use sigstore's staging instances, instead of the default production instances" required: false - default: false + default: "false" verify: description: "verify the generated signatures after signing" required: false - default: false + default: "false" verify-cert-identity: description: | verify the identity in the signing certificate's Subject Alternative Name @@ -69,15 +69,15 @@ inputs: upload-signing-artifacts: description: "upload all signing artifacts as workflow artifacts" required: false - default: false + default: "false" release-signing-artifacts: description: "attach all signing artifacts as release assets" required: false - default: false + default: "true" internal-be-careful-debug: description: "run with debug logs (default false)" required: false - default: false + default: "false" runs: using: "composite"