Merge pull request #76 from instructlab/dependabot/github_actions/sigstore/gh-action-sigstore-python-3.0.0

Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0

Author: danmcp

.github/workflows/pypi.yaml

@@ -109,8 +109,9 @@ jobs:
                   path: dist
 
             - name: "Sigstore sign package"
-              uses: sigstore/gh-action-sigstore-python@61f6a500bbfdd9a2a339cf033e5421951fbc1cd2 # v2.1.1
+              uses: sigstore/gh-action-sigstore-python@f514d46b907ebcd5bedc05145c03b69c1edd8b46 # v3.0.0
               with:
+                  release-signing-artifacts: false
                   inputs: |
                       ./dist/*.tar.gz
                       ./dist/*.whl
@@ -125,7 +126,7 @@ jobs:
             # gh-action-pypi-publish has no option to ignore them.
             - name: "Remove sigstore signatures before uploading to PyPI"
               run: |
-                  rm ./dist/*.sigstore
+                  rm ./dist/*.sigstore.json
 
             - name: "Upload to PyPI"
               uses: pypa/gh-action-pypi-publish@897895f1e160c830e369f9779632ebc134688e1b # v1.10.2