From c226a160db7b720ffad34cf6bfc00ee918957082 Mon Sep 17 00:00:00 2001
From: Thara Palanivel <130496890+tharapalanivel@users.noreply.github.com>
Date: Sat, 5 Apr 2025 09:48:16 -0700
Subject: [PATCH 1/2] Update gh-action-pypi-publish version

Signed-off-by: Thara Palanivel <130496890+tharapalanivel@users.noreply.github.com>
---
 .github/workflows/pypi.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index ad3e57f0..40a48781 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -77,7 +77,7 @@ jobs:
                   path: dist
 
             - name: Upload to Test PyPI
-              uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
+              uses: pypa/gh-action-pypi-publish@v12.2.4
               with:
                   repository-url: https://test.pypi.org/legacy/
 
@@ -122,4 +122,4 @@ jobs:
               run: rm ./dist/*.sigstore.json
 
             - name: Upload to PyPI
-              uses: pypa/gh-action-pypi-publish@15c56dba361d8335944d31a2ecd17d700fc7bcbc # v1.12.2
+              uses: pypa/gh-action-pypi-publish@v12.2.4

From 09aa694c340b8fde1c245bb7f94e3483721e7ea0 Mon Sep 17 00:00:00 2001
From: Thara Palanivel <130496890+tharapalanivel@users.noreply.github.com>
Date: Sat, 5 Apr 2025 10:01:47 -0700
Subject: [PATCH 2/2] Move to using commit hash for consistency

Signed-off-by: Thara Palanivel <130496890+tharapalanivel@users.noreply.github.com>
---
 .github/workflows/pypi.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pypi.yml b/.github/workflows/pypi.yml
index 40a48781..c5ff631e 100644
--- a/.github/workflows/pypi.yml
+++ b/.github/workflows/pypi.yml
@@ -44,7 +44,7 @@ jobs:
                   # for setuptools-scm
                   fetch-depth: 0
 
-            - uses: hynek/build-and-inspect-python-package@v2
+            - uses: hynek/build-and-inspect-python-package@b5076c307dc91924a82ad150cdd1533b444d3310 # v2.12.0
 
     # push to Test PyPI on
     # - a new GitHub release is published
@@ -77,7 +77,7 @@ jobs:
                   path: dist
 
             - name: Upload to Test PyPI
-              uses: pypa/gh-action-pypi-publish@v12.2.4
+              uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4
               with:
                   repository-url: https://test.pypi.org/legacy/
 
@@ -122,4 +122,4 @@ jobs:
               run: rm ./dist/*.sigstore.json
 
             - name: Upload to PyPI
-              uses: pypa/gh-action-pypi-publish@v12.2.4
+              uses: pypa/gh-action-pypi-publish@76f52bc884231f62b9a034ebfe128415bbaabdfc # v1.12.4