==> /usr/bin/git log -n1 <==
commit 8f038486672564190a78307e4fb5ce2da6c43d45
Author: Alibek Zhakubayev <alibek@meta.com>
Date:   Fri May 22 11:52:33 2026 -0700

    Disable attestations for prod PyPI publish (#5230)
    
    Summary:
    Pull Request resolved: https://github.com/facebookresearch/faiss/pull/5230
    
    Disables Sigstore attestations (`attestations: false`) in the prod PyPI publish step. The `pypa/gh-action-pypi-publish` action generates attestation certificates that carry the top-level workflow (`build.yml`) as the Build Config URI, but PyPI verifies attestations against the trusted publisher which is configured as `build-pip.yml` (the reusable workflow where the publish job is defined). This mismatch causes a `400 Invalid attestations` rejection when `build.yml` calls `build-pip.yml` via `workflow_call`.
    
    TestPyPI is unaffected because `workflow_dispatch` triggers `build-pip.yml` directly, so the certificate and publisher both say `build-pip.yml`.
    
    This is a known limitation of `pypa/gh-action-pypi-publish` with reusable workflows. Attestations can be re-enabled once PyPI supports matching against `workflow_ref` in addition to `job_workflow_ref` for attestation verification, or once the publish job is moved out of the reusable workflow.
    
    Reviewed By: mnorris11
    
    Differential Revision: D106110673
    
    fbshipit-source-id: 1fc3b4cf2a0b92839dd0770ee4b78ae01259f990
==> /usr/bin/git describe --tags --dirty <==
v1.14.2
==> /usr/bin/git status <==
Not currently on any branch.
Untracked files:
  (use "git add <file>..." to include in what will be committed)
	build-lib.sh
	build-pkg.sh
	metadata_conda_debug.yaml

nothing added to commit but untracked files present (use "git add" to track)
