From 1a21cf2f91fb73022ac3d0d60aae1bd5fd6b027b Mon Sep 17 00:00:00 2001
From: Ben Hearsum <ben@mozilla.com>
Date: Tue, 9 Jun 2026 14:07:51 -0400
Subject: [PATCH] revert: hash pinning on pypi publish workflow

Missed these ones in #980
---
 .github/workflows/pypi-publish.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/pypi-publish.yml b/.github/workflows/pypi-publish.yml
index addb21214..184f3249d 100644
--- a/.github/workflows/pypi-publish.yml
+++ b/.github/workflows/pypi-publish.yml
@@ -44,7 +44,8 @@ jobs:
           pip install build
           python -m build
       - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # v1.14.0
+        # deliberately pinned to release/v1 to be allowed by our action pinning requirements
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
           packages-dir: packages/pytest-taskgraph/dist
   pypi-publish-sphinx-taskgraph:
@@ -67,6 +68,7 @@ jobs:
           pip install build
           python -m build
       - name: Publish package distributions to PyPI
-        uses: pypa/gh-action-pypi-publish@cef221092ed1bacb1cc03d23a2d87d1d172e277b  # v1.14.0
+        # deliberately pinned to release/v1 to be allowed by our action pinning requirements
+        uses: pypa/gh-action-pypi-publish@release/v1
         with:
           packages-dir: packages/sphinx-taskgraph/dist