Skip to content

Commit 6ab9979

Browse files
woodruffwwoodruffw
authored
github: bump signing step, use dependabot (#329)
1 parent 9e666c4 commit 6ab9979

File tree

2 files changed

+14
-1
lines changed

2 files changed

+14
-1
lines changed

.github/dependabot.yml

+13
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
version: 2
2+
3+
updates:
4+
- package-ecosystem: github-actions
5+
directory: /
6+
schedule:
7+
interval: daily
8+
open-pull-requests-limit: 99
9+
rebase-strategy: "disabled"
10+
groups:
11+
actions:
12+
patterns:
13+
- "*"

.github/workflows/release.yml

+1-1
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ jobs:
3535
uses: pypa/gh-action-pypi-publish@release/v1
3636

3737
- name: sign
38-
uses: sigstore/gh-action-sigstore-python@v2.0.1
38+
uses: sigstore/gh-action-sigstore-python@v2.1.1
3939
with:
4040
inputs: ./dist/*.tar.gz ./dist/*.whl
4141
release-signing-artifacts: true

0 commit comments

Comments
 (0)