From 1923a47ffd6b1bac3da971ca7a3248b4522e449e Mon Sep 17 00:00:00 2001
From: Cary Phillips <cary@ilm.com>
Date: Tue, 10 Sep 2024 16:46:01 -0700
Subject: [PATCH] materialx

Signed-off-by: Cary Phillips <cary@ilm.com>
---
 .github/workflows/release-sign.yml | 60 ++++++++++++++++++++++++++++++
 1 file changed, 60 insertions(+)
 create mode 100644 .github/workflows/release-sign.yml

diff --git a/.github/workflows/release-sign.yml b/.github/workflows/release-sign.yml
new file mode 100644
index 0000000..ffaff75
--- /dev/null
+++ b/.github/workflows/release-sign.yml
@@ -0,0 +1,60 @@
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright (c) Contributors to the OpenEXR Project.
+
+#
+# Releases are signed via https://github.com/sigstore/sigstore-python.
+# See https://docs.sigstore.dev for information about sigstore.
+#
+# This action creates a .tar.gz of the complete Imath source tree at
+# the given release tag, signs it via sigstore, and uploads the
+# .tar.gz and the associated .tar.gz.sigstore credential bundle.
+#
+# To verify a downloaded release at a given tag:
+# 
+#   % pip install sigstore
+#   % sigstore verify github --cert-identity https://github.com/AcademySoftwareFoundation/Imath/.github/workflows/release-sign.yml@refs/tags/<tag> Imath-<tag>.tar.gz
+#
+
+name: Sign Release
+
+on:
+  release:
+    types: [published]
+
+permissions:
+  contents: read
+  
+jobs:
+
+  release:
+    name: Sign & upload release artifacts
+    runs-on: ubuntu-latest
+    env:
+       RELEASE_TAG: ${{ github.ref_name }}
+    permissions:
+      contents: write
+      id-token: write
+      repository-projects: write
+
+    steps:
+      - name: Sync Repository
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Create Archive Name
+        run: echo "IMATH_ARCHIVE=Imath-${RELEASE_TAG//v}" >> $GITHUB_ENV
+
+      - name: Generate Archives
+        run: |
+          git archive --prefix ${IMATH_ARCHIVE}/ --output ${IMATH_ARCHIVE}.zip ${RELEASE_TAG}
+          git archive --prefix ${IMATH_ARCHIVE}/ --output ${IMATH_ARCHIVE}.tar.gz ${RELEASE_TAG}
+
+      - name: Sign and Upload Archives
+        uses: sigstore/gh-action-sigstore-python@v3.0.0
+        with:
+          inputs: |
+            ${{ env.IMATH_ARCHIVE }}.zip
+            ${{ env.IMATH_ARCHIVE }}.tar.gz
+          upload-signing-artifacts: true
+          release-signing-artifacts: false