build(deps): bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0

[dependabot]

Bumps sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0.

Release notes

Sourced from sigstore/gh-action-sigstore-python's releases.

v3.0.0

Added

• inputs now allows recursive globbing with ** (#106)

Removed

• The following settings have been removed: fulcio-url, rekor-url, ctfe, rekor-root-pubkey (#140)
• The following output settings have been removed: signature, certificate, bundle (#146)

Changed

• inputs is now parsed according to POSIX shell lexing rules, improving the action's consistency when used with filenames containing whitespace or other significant characters (#104)

• inputs is now optional if release-signing-artifacts is true and the action's event is a release event. In this case, the action takes no explicit inputs, but signs the source archives already attached to the associated release (#110)

• The default suffix has changed from .sigstore to .sigstore.json, per Sigstore's client specification (#140)

• release-signing-artifacts now defaults to true (#142)

Fixed

• The release-signing-artifacts setting no longer causes a hard error when used under the incorrect event (#103)

• Various deprecations present in sigstore-python's 2.x series have been resolved (#140)

• This workflow now supports CI runners that use PEP 668 to constrain global package prefixes (#145)

... (truncated)

Changelog

Sourced from sigstore/gh-action-sigstore-python's changelog.

[3.0.0]

Added

• inputs now allows recursive globbing with ** (#106)

Removed

• The following settings have been removed: fulcio-url, rekor-url, ctfe, rekor-root-pubkey (#140)
• The following output settings have been removed: signature, certificate, bundle (#146)

Changed

• inputs is now parsed according to POSIX shell lexing rules, improving the action's consistency when used with filenames containing whitespace or other significant characters (#104)

• inputs is now optional if release-signing-artifacts is true and the action's event is a release event. In this case, the action takes no explicit inputs, but signs the source archives already attached to the associated release (#110)

• The default suffix has changed from .sigstore to .sigstore.json, per Sigstore's client specification (#140)

• release-signing-artifacts now defaults to true (#142)

Fixed

• The release-signing-artifacts setting no longer causes a hard error when used under the incorrect event (#103)

• Various deprecations present in sigstore-python's 2.x series have been resolved (#140)

• This workflow now supports CI runners that use PEP 668 to constrain global package prefixes (#145)

... (truncated)

Commits

• f514d46 Prep 3.0.0 (#143)
• da238ad Cleanup workflows (#148)
• 551a497 action: remove old output settings (#146)
• 16fbe9a action: flip release-signing-artifacts (#142)
• 1ddeb82 action: use a venv to prevent PEP 668 errors (#145)
• 9466100 requirements: sigstore ~3.0 (#140)
• 26de745 schedule-selftest: reduce nagging (#134)
• 4dde77f build(deps): bump the actions group with 1 update (#111)
• 08a568c Allow empty inputs with release artifacts (#110)
• 8579d48 build(deps): bump the actions group with 1 update (#107)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 99.27%. Comparing base (906ab43) to head (640b2da).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #121   +/-   ##
=======================================
  Coverage   99.27%   99.27%           
=======================================
  Files           3        3           
  Lines         276      276           
  Branches       48       14   -34     
=======================================
  Hits          274      274           
  Partials        2        2           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[codspeed-hq]

CodSpeed Performance Report

Merging #121 will improve performances by 24.42%

_{Comparing dependabot/github_actions/sigstore/gh-action-sigstore-python-3.0.0 (640b2da) with main (906ab43)}

Summary

⚡ 20 improvements

Benchmarks breakdown

	Benchmark	main	dependabot/github_actions/sigstore/gh-action-sigstore-python-3.0.0	Change
⚡	test_clnv[best]	22.9 ms	18.1 ms	+26.76%
⚡	test_clnv[ex]	22.9 ms	18.1 ms	+26.98%
⚡	test_depth	15.9 ms	12.4 ms	+28.26%
⚡	test_emo[best]	16.9 ms	13.2 ms	+27.76%
⚡	test_emo[ex]	16.9 ms	13.2 ms	+27.98%
⚡	test_lr[best]	15.7 ms	12.2 ms	+28.49%
⚡	test_lr[ex]	15.7 ms	12.2 ms	+28.45%
⚡	test_quote_rule[best]	13.9 ms	10.8 ms	+28.7%
⚡	test_quote_rule[ex]	13.9 ms	10.8 ms	+29.15%
⚡	test_rev_clnv[best]	22.9 ms	18.1 ms	+26.92%
⚡	test_rev_clnv[ex]	22.9 ms	18.1 ms	+27.04%
⚡	test_rev_emo[best]	16.9 ms	13.2 ms	+28.02%
⚡	test_rev_emo[ex]	16.9 ms	13.2 ms	+28.04%
⚡	test_rev_lr[best]	15.8 ms	12.3 ms	+28.39%
⚡	test_rev_lr[ex]	15.8 ms	12.3 ms	+28.44%
⚡	test_rev_tick_rule[all]	11.7 ms	9 ms	+30.64%
⚡	test_rev_tick_rule[ex]	11.7 ms	9 ms	+30.47%
⚡	test_tick_rule[all]	11.8 ms	9.5 ms	+24.42%
⚡	test_tick_rule[ex]	11.7 ms	9 ms	+30.44%
⚡	test_trade_size	12.3 ms	9.5 ms	+29.79%