Skip to content

Commit 4942c7c

Browse files
davidismdavidism
committed
remove slsa provenance
PyPI and trusted publishing has built-in attestation support now.
1 parent 1bfbd34 commit 4942c7c

File tree

1 file changed

+3
-22
lines changed

1 file changed

+3
-22
lines changed

.github/workflows/publish.yaml

Lines changed: 3 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -6,8 +6,6 @@ on:
66
jobs:
77
build:
88
runs-on: ubuntu-latest
9-
outputs:
10-
hash: ${{ steps.hash.outputs.hash }}
119
steps:
1210
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
1311
- uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
@@ -19,27 +17,11 @@ jobs:
1917
# Use the commit date instead of the current date during the build.
2018
- run: echo "SOURCE_DATE_EPOCH=$(git log -1 --pretty=%ct)" >> $GITHUB_ENV
2119
- run: python -m build
22-
# Generate hashes used for provenance.
23-
- name: generate hash
24-
id: hash
25-
run: cd dist && echo "hash=$(sha256sum * | base64 -w0)" >> $GITHUB_OUTPUT
2620
- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
2721
with:
2822
path: ./dist
29-
provenance:
30-
needs: [build]
31-
permissions:
32-
actions: read
33-
id-token: write
34-
contents: write
35-
# Can't pin with hash due to how this workflow works.
36-
uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.0.0
37-
with:
38-
base64-subjects: ${{ needs.build.outputs.hash }}
3923
create-release:
40-
# Upload the sdist, wheels, and provenance to a GitHub release. They remain
41-
# available as build artifacts for a while as well.
42-
needs: [provenance]
24+
needs: [build]
4325
runs-on: ubuntu-latest
4426
permissions:
4527
contents: write
@@ -48,12 +30,11 @@ jobs:
4830
- name: create release
4931
run: >
5032
gh release create --draft --repo ${{ github.repository }}
51-
${{ github.ref_name }}
52-
*.intoto.jsonl/* artifact/*
33+
${{ github.ref_name }} artifact/*
5334
env:
5435
GH_TOKEN: ${{ github.token }}
5536
publish-pypi:
56-
needs: [provenance]
37+
needs: [build]
5738
# Wait for approval before attempting to upload to PyPI. This allows reviewing the
5839
# files in the draft release.
5940
environment:

0 commit comments

Comments
 (0)