From ea1f1d0877ad776695f9cc5cf19eecc9b68c507d Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 4 Sep 2024 03:01:30 +0000
Subject: [PATCH 1/2] build(deps): Bump pypa/gh-action-pypi-publish

Bumps the github-actions group with 1 update: [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish).


Updates `pypa/gh-action-pypi-publish` from 1.10.0 to 1.10.1
- [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases)
- [Commits](https://github.com/pypa/gh-action-pypi-publish/compare/8a08d616893759ef8e1aa1f2785787c0b97e20d6...0ab0b79471669eb3a4d647e625009c62f9f3b241)

---
updated-dependencies:
- dependency-name: pypa/gh-action-pypi-publish
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/build-publish.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 44fb112..622f782 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -61,7 +61,7 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Publish distribution to TestPyPI
-      uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # v1.10.0
+      uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
       with:
         skip-existing: true
         repository-url: https://test.pypi.org/legacy/
@@ -84,7 +84,7 @@ jobs:
         name: python-package-distributions
         path: dist/
     - name: Publish distribution to PyPI
-      uses: pypa/gh-action-pypi-publish@8a08d616893759ef8e1aa1f2785787c0b97e20d6 # v1.10.0
+      uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
       with:
         skip-existing: true
 

From e0ac9d7dc40ef9f997c49ece9ea1815a0d1f7a37 Mon Sep 17 00:00:00 2001
From: Chris Swan <478926+cpswan@users.noreply.github.com>
Date: Wed, 4 Sep 2024 10:07:14 +0100
Subject: [PATCH 2/2] build: Enable attestations

---
 .github/workflows/build-publish.yml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/build-publish.yml b/.github/workflows/build-publish.yml
index 622f782..4d079cf 100644
--- a/.github/workflows/build-publish.yml
+++ b/.github/workflows/build-publish.yml
@@ -64,6 +64,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
       with:
         skip-existing: true
+        attestations: true
         repository-url: https://test.pypi.org/legacy/
 
   publish-to-pypi:
@@ -87,6 +88,7 @@ jobs:
       uses: pypa/gh-action-pypi-publish@0ab0b79471669eb3a4d647e625009c62f9f3b241 # v1.10.1
       with:
         skip-existing: true
+        attestations: true
 
   github-release:
     name: Attest Python distribution artifacts and upload them to the GitHub Release