From 6d684f6c1fbcd4c9e396de05d9da0fbb41a00c68 Mon Sep 17 00:00:00 2001
From: William Woodruff <william@trailofbits.com>
Date: Mon, 30 Sep 2024 16:10:28 -0400
Subject: [PATCH] release: switch to PEP 740 attestations

Signed-off-by: William Woodruff <william@trailofbits.com>
---
 .github/workflows/release.yml | 24 ++----------------------
 1 file changed, 2 insertions(+), 22 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 1057715..5cb9934 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,28 +31,6 @@ jobs:
           name: python-package-distributions
           path: dist/
 
-  sign-release:
-    name: Sign and attach signatures to GitHub release
-    needs:
-      - build
-    runs-on: ubuntu-latest
-    permissions:
-      id-token: write # Used to sign the release artifacts.
-      contents: write # Used to attach signing artifacts to the release.
-
-    steps:
-      - name: Download distributions
-        uses: actions/download-artifact@v4
-        with:
-          name: python-package-distributions
-          path: dist/
-
-      - name: sign
-        uses: sigstore/gh-action-sigstore-python@v3.0.0
-        with:
-          inputs: ./dist/*.tar.gz ./dist/*.whl
-          release-signing-artifacts: true
-
   publish:
     name: upload distributions to PyPI
     needs:
@@ -70,3 +48,5 @@ jobs:
 
       - name: publish
         uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true