You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-8Lines changed: 3 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -314,7 +314,7 @@ Example:
314
314
315
315
### `release-signing-artifacts`
316
316
317
-
**Default**: `false`
317
+
**Default**: `true`
318
318
319
319
The `release-signing-artifacts` setting controls whether or not `sigstore-python`
320
320
uploads signing artifacts to the release publishing event that triggered this run.
@@ -323,8 +323,6 @@ This setting has no effect on non-`release` events.
323
323
If enabled, this setting also re-uploads and signs GitHub's default source code artifacts,
324
324
as they are not guaranteed to be stable.
325
325
326
-
By default, no release assets are uploaded.
327
-
328
326
Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
329
327
330
328
Example:
@@ -342,19 +340,16 @@ permissions:
342
340
```
343
341
344
342
On release events, it is also valid to have no explicit inputs. When used on release
345
-
events with `release-signing-artifacts: true`, this action will sign any pre-existing
346
-
release artifacts:
343
+
events, this action will sign any pre-existing release artifacts:
347
344
348
345
```yaml
349
346
permissions:
350
347
contents: write
351
348
352
349
# ...
353
350
351
+
# no explicit settings needed, signs all pre-existing release artifacts
0 commit comments