Complete migration to sigstore org (#31)

* Remove one remaining reference to `trailofbits`

Signed-off-by: Alex Cameron <[email protected]>

* Add some extras in the README that belong to sigstore projects

Signed-off-by: Alex Cameron <[email protected]>

* Add sigstore copyright notices to non-trivial code and configuration

Signed-off-by: Alex Cameron <[email protected]>

* Fix author field in yaml file

Signed-off-by: Alex Cameron <[email protected]>

Signed-off-by: Alex Cameron <[email protected]>

Author: tetsuo-cpp

.github/workflows/selftest.yml

@@ -78,7 +78,7 @@ jobs:
   #       id: sigstore-python
   #       with:
   #         inputs: ./test/artifact.txt
-  #         verify-cert-email: https://github.com/trailofbits/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
+  #         verify-cert-email: https://github.com/sigstore/gh-action-sigstore-python/.github/workflows/selftest.yml@${{ github.ref }}
   #         staging: true
 
   selftest-verify-issuer:

README.md

@@ -382,3 +382,15 @@ permissions:
 
 Everyone interacting with this project is expected to follow the
 [sigstore Code of Conduct](https://github.com/sigstore/.github/blob/main/CODE_OF_CONDUCT.md)
+
+## Security
+
+Should you discover any security issues, please refer to sigstore's [security
+process](https://github.com/sigstore/.github/blob/main/SECURITY.md).
+
+## Info
+
+`gh-action-sigstore-python` is developed as part of the [`sigstore`](https://sigstore.dev) project.
+
+We also use a [slack channel](https://sigstore.slack.com)!
+Click [here](https://join.slack.com/t/sigstore/shared_invite/zt-mhs55zh0-XmY3bcfWn4XEyMqUUutbUQ) for the invite link.

action.py

@@ -1,5 +1,19 @@
 #!/usr/bin/env python3
 
+# Copyright 2022 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 # action.py: run sigstore-python
 #
 # most state is passed in as environment variables; the only argument

action.yml

@@ -1,5 +1,19 @@
+# Copyright 2022 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 name: "gh-action-sigstore-python"
-author: "Alex Cameron <alex.cameron@trailofbits.com>"
+author: "Sigstore Authors <sigstore-dev@googlegroups.com>"
 description: "Use sigstore-python to sign Python packages"
 inputs:
   inputs:

setup/setup.bash

@@ -1,5 +1,19 @@
 #!/usr/bin/env bash
 
+# Copyright 2022 The Sigstore Authors
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
 set -eo pipefail
 
 die() {