Merge branch 'release/6.x' into backport-6-pre-vote

Author: cjen1-msft

.github/workflows/release-attestation.yml

@@ -14,7 +14,9 @@ jobs:
   attest-release-assets:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      # Necessary to push the attestation to the release
+      contents: write
+      # Necessary to persist attestations
       attestations: write
       id-token: write
     steps:
@@ -34,6 +36,16 @@ jobs:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Attest release assets
-        uses: actions/attest-build-provenance@v2
+        id: attest
+        uses: actions/attest-build-provenance@v3
         with:
           subject-path: "release-assets/*"
+
+      - run: |
+          set -ex
+          # Rename to match https://github.com/ossf/scorecard/blob/main/docs/checks.md#signed-releases
+          cp ${{ steps.attest.outputs.bundle-path }} release-assets/attestation.sigstore.json
+          gh release upload --repo microsoft/ccf ${{ steps.download.outputs.release_tag }} release-assets/attestation.sigstore.json --clobber
+        shell: bash
+        env:
+          GH_TOKEN: ${{ github.token }}

.ruff.toml

@@ -1,2 +1 @@
-extend-exclude = ["*_pb2*.py"]
-line-length = 2000
+line-length = 320