[FR] Return a list of signature paths as an output

[webknjaz]

Usually, when people want to refer to specific signatures for manual upload, they tend to use wildcards. However, the file extensions have already changed twice, and it's not really future-proof to keep doing that and remember to change them whenever the action updates. This is especially problematic with auto-merges, since they typically can't catch the mismatch, as this action would only run on release. And it's quite unpleasant to face with having to fix things this late in the process.

Providing a way to grab that list (LF-separated would be best I think) and feed it to another action input seems like a good solution to the problem.

[woodruffw]

Makes sense. Users can currently access this list via the GHA_SIGSTORE_PYTHON_INTERNAL_SIGNING_ARTIFACTS environment variable that we inject after signing completes, although that list also includes each input next to its signed bundle.

Adding a separate explicitly stable output for just the bundle paths should be straightforward 🙂