From e2f777b54813e18dd10d15c4e9f676efc910d8a1 Mon Sep 17 00:00:00 2001
From: Sylwester Arabas <sylwester.arabas@agh.edu.pl>
Date: Wed, 13 Nov 2024 20:23:26 +0100
Subject: [PATCH] disable pypi attestations, pin gh-upload action version

---
 .github/workflows/tests+pypi.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/tests+pypi.yml b/.github/workflows/tests+pypi.yml
index 801209f..28292d8 100644
--- a/.github/workflows/tests+pypi.yml
+++ b/.github/workflows/tests+pypi.yml
@@ -261,15 +261,17 @@ jobs:
           path: dist
 
       - if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-        uses: pypa/gh-action-pypi-publish@unstable/v1
+        uses: pypa/gh-action-pypi-publish@release/v1.12
         with:
           password: ${{ secrets.TEST_PYPI_API_TOKEN }}
           repository_url: https://test.pypi.org/legacy/
+          attestations: false
 
       - if: startsWith(github.ref, 'refs/tags')
-        uses: pypa/gh-action-pypi-publish@unstable/v1
+        uses: pypa/gh-action-pypi-publish@release/v1.12
         with:
           password: ${{ secrets.PYPI_API_TOKEN }}
+          attestations: false
 
   devops_tests:
     runs-on: ubuntu-latest