Sigstore v1.9 not compatible with previous v.1.8 integration

[enteraga6]

Description Hi! In slsa-github-generator, we use Sigstore to generate and verify our signing tokens. Our workflows were working with Sigstore v1.8, however, when we upgraded to v1.9, we experienced issues with the generation and verification of the signing tokens. We were curious if this backwards incompatibility was intentional or not.

The first issue for us lies within the sign function. In this workflow, we see that in v1.9, our sigstore.sign function fails, not identifying that it is in a GHA workflow.

However, the attest function also has the same issue. In this workflow run, we use v1.8 version of sign but use the v1.9 version of sigstore.attest, and have the same issue of the not identifying that it is in a GHA workflow on a later job.

Is this functionality the intended behavior? Thank you!

Version Issues with Sigstore v1.9 Expected behavior with Sigstore v1.8