📦🔏 Sign dists via Sigstore upon release

Author: webknjaz

.github/workflows/ci-cd.yml

@@ -102,7 +102,7 @@ jobs:
     if: github.event_name == 'push' && contains(github.ref, 'refs/tags/')
 
     permissions:
-      id-token: write  # IMPORTANT: mandatory for trusted publishing
+      id-token: write  # IMPORTANT: mandatory for trusted publishing & sigstore
 
     environment:
       name: pypi
@@ -135,3 +135,10 @@ jobs:
     - name: >-
         Publish 🐍📦 to PyPI
       uses: pypa/gh-action-pypi-publish@release/v1
+
+    - name: Sign the dists with Sigstore
+      uses: sigstore/[email protected]
+      with:
+        inputs: >-
+          ./dist/*.tar.gz
+          ./dist/*.whl