This enables attestation generation while uploading to PyPI. Future versions of the gh-action-pypi-publish action will enable this by default, but we want to get in on the ground floor.
It also disables uploading of the "smoketest" artifacts to the GitHub-side release, since these don't correspond 1-1 with the PyPI attestations (they're composed only of hashes of the file, and don't use a DSSE payload). This will hopefully eliminate some confusion + guide users towards the PyPI hosted ones as canonical.
This enables attestation generation while uploading to PyPI. Future versions of the
gh-action-pypi-publishaction will enable this by default, but we want to get in on the ground floor.It also disables uploading of the "smoketest" artifacts to the GitHub-side release, since these don't correspond 1-1 with the PyPI attestations (they're composed only of hashes of the file, and don't use a DSSE payload). This will hopefully eliminate some confusion + guide users towards the PyPI hosted ones as canonical.