From 6832e538fd8250093fbc933f3c048ffc23c203b1 Mon Sep 17 00:00:00 2001
From: Steven Silvester <steve.silvester@mongodb.com>
Date: Tue, 29 Apr 2025 09:15:27 -0500
Subject: [PATCH] INTPYTHON-608 Use pinned sources for GitHub Actions

---
 .github/workflows/dist.yml           | 2 +-
 .github/workflows/release-python.yml | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/dist.yml b/.github/workflows/dist.yml
index cd495d1..4375f53 100644
--- a/.github/workflows/dist.yml
+++ b/.github/workflows/dist.yml
@@ -32,7 +32,7 @@ jobs:
     name: Build CPython-${{ matrix.os }}
     steps:
       - uses: actions/checkout@v4
-      - uses: pypa/cibuildwheel@v2.23.3
+      - uses: pypa/cibuildwheel@faf86a6ed7efa889faf6996aa23820831055001a # v2.23.3
         env:
           CIBW_ARCHS_MACOS: x86_64 universal2
           CIBW_TEST_SKIP: '*universal2:arm64'
diff --git a/.github/workflows/release-python.yml b/.github/workflows/release-python.yml
index 25a41b6..6c9354f 100644
--- a/.github/workflows/release-python.yml
+++ b/.github/workflows/release-python.yml
@@ -76,14 +76,14 @@ jobs:
         name: all-dist-${{ github.run_id }}
         path: dist/
     - name: Publish package distributions to TestPyPI
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1
       with:
         repository-url: https://test.pypi.org/legacy/
         skip-existing: true
         attestations: ${{ env.DRY_RUN }}
     - name: Publish distribution 📦 to PyPI
       if: startsWith(env.DRY_RUN, 'false')
-      uses: pypa/gh-action-pypi-publish@release/v1
+      uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # release/v1
 
   post-publish:
     needs: [publish]