Swap SLSA releaser to use GH steps to pass through files, rather than downloading via HTTP

.github/workflows/slsa-releaser.yml

@@ -120,6 +120,12 @@ jobs:
     permissions:
       contents: write
     steps:
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: hishtory-darwin-arm64
+      - uses: actions/download-artifact@fb598a63ae348fa914e94cd0ff38f362e927b741
+        with:
+          name: hishtory-darwin-amd64
       - uses: actions/checkout@v2
       - name: Download and sign the latest executables
         env: 

scripts/actions-sign.py

@@ -4,11 +4,6 @@ import time
 import subprocess
 
 def main():
-    version = os.environ['GITHUB_REF'].split('/')[-1].split("-")[0]
-    print("Downloading binaries (this may pause for a while)")
-    waitUntilPublished(f"https://github.com/ddworken/hishtory/releases/download/{version}/hishtory-darwin-arm64", "hishtory-darwin-arm64")
-    waitUntilPublished(f"https://github.com/ddworken/hishtory/releases/download/{version}/hishtory-darwin-amd64", "hishtory-darwin-amd64")
-
     print("before sha1sum:")
     os.system("sha1sum hishtory-* 2>&1")
 
@@ -42,17 +37,5 @@ def notAscii(fn):
     if "ASCII text" in out:
         raise Exception(f"fn={fn} is of type {out}")
 
-def waitUntilPublished(url, output) -> None:
-    startTime = time.time()
-    while True:
-        r = requests.get(url, headers={'authorization': f'bearer {os.environ["GITHUB_TOKEN"]}'})
-        if r.status_code == 200:
-            break 
-        if (time.time() - startTime)/60 > 20:
-            raise Exception(f"failed to get url={url} (startTime={startTime}, endTime={time.time()}), status_code=" + str(r.status_code) + " body=" + str(r.content))
-        time.sleep(5)
-    with open(output, 'wb') as f:
-        f.write(r.content)
-
 if __name__ == '__main__':
     main()