[nooney]

Google [0] and GitHub [1] both released blog posts recently describing how to use Sigstore with GitHub Actions to sign build artifacts.

[0]: https://security.googleblog.com/2022/04/improving-software-s...

[1]: https://github.blog/2022-04-07-slsa-3-compliance-with-github...