From 1d6102ace06b3625261f548370a2e4ef4fb15994 Mon Sep 17 00:00:00 2001
From: jremitz <jake@remitz.us>
Date: Tue, 7 Apr 2026 23:33:03 -0500
Subject: [PATCH 1/2] test gpg

---
 test.txt | 2 ++
 1 file changed, 2 insertions(+)
 create mode 100644 test.txt

diff --git a/test.txt b/test.txt
new file mode 100644
index 0000000..139597f
--- /dev/null
+++ b/test.txt
@@ -0,0 +1,2 @@
+
+

From b3ab693768a62a7534851b8944dfab7770122ddd Mon Sep 17 00:00:00 2001
From: jremitz <jake@remitz.us>
Date: Wed, 8 Apr 2026 07:39:32 -0500
Subject: [PATCH 2/2] ci: enable Sigstore attestations for PyPI releases

Add attestations: true to pypa/gh-action-pypi-publish and
attestations: write permission so each release generates
verifiable Sigstore provenance tied to the GitHub Actions workflow.

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/release.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 55cb960..f324c42 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,6 +15,7 @@ jobs:
     environment: release
     permissions:
       id-token: write
+      attestations: write
 
     steps:
       - uses: actions/checkout@v4
@@ -43,3 +44,5 @@ jobs:
 
       - name: Publish to PyPI
         uses: pypa/gh-action-pypi-publish@release/v1
+        with:
+          attestations: true