Skip to content

Commit

Permalink
action: flip release-signing-artifacts (#142)
Browse files Browse the repository at this point in the history
Signed-off-by: William Woodruff <william@trailofbits.com>
  • Loading branch information
woodruffw authored Jul 8, 2024
1 parent 1ddeb82 commit 16fbe9a
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 13 deletions.
11 changes: 3 additions & 8 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -314,7 +314,7 @@ Example:

### `release-signing-artifacts`

**Default**: `false`
**Default**: `true`

The `release-signing-artifacts` setting controls whether or not `sigstore-python`
uploads signing artifacts to the release publishing event that triggered this run.
Expand All @@ -323,8 +323,6 @@ This setting has no effect on non-`release` events.
If enabled, this setting also re-uploads and signs GitHub's default source code artifacts,
as they are not guaranteed to be stable.

By default, no release assets are uploaded.

Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).

Example:
Expand All @@ -342,19 +340,16 @@ permissions:
```

On release events, it is also valid to have no explicit inputs. When used on release
events with `release-signing-artifacts: true`, this action will sign any pre-existing
release artifacts:
events, this action will sign any pre-existing release artifacts:

```yaml
permissions:
contents: write
# ...
# no explicit settings needed, signs all pre-existing release artifacts
- uses: sigstore/gh-action-sigstore-python@v2.1.1
with:
# Only valid on release events
release-signing-artifacts: true
```

### Internal options
Expand Down
10 changes: 5 additions & 5 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -47,11 +47,11 @@ inputs:
staging:
description: "use sigstore's staging instances, instead of the default production instances"
required: false
default: false
default: "false"
verify:
description: "verify the generated signatures after signing"
required: false
default: false
default: "false"
verify-cert-identity:
description: |
verify the identity in the signing certificate's Subject Alternative Name
Expand All @@ -69,15 +69,15 @@ inputs:
upload-signing-artifacts:
description: "upload all signing artifacts as workflow artifacts"
required: false
default: false
default: "false"
release-signing-artifacts:
description: "attach all signing artifacts as release assets"
required: false
default: false
default: "true"
internal-be-careful-debug:
description: "run with debug logs (default false)"
required: false
default: false
default: "false"

runs:
using: "composite"
Expand Down

0 comments on commit 16fbe9a

Please sign in to comment.