From 49777c10c0bbf5c1712fd08e9d3e2b2d4c18252a Mon Sep 17 00:00:00 2001
From: Matthew Feickert <matthew.feickert@cern.ch>
Date: Wed, 24 Jan 2024 15:39:06 -0600
Subject: [PATCH] CI: Pin scientific-python/upload-nightly-action to release
 sha

* For security best practices, use the action from known commit shas that
  correspond to tagged releases. These can be updated via dependabot.
---
 .github/workflows/nightly-wheels.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/nightly-wheels.yml b/.github/workflows/nightly-wheels.yml
index 0f74ba4b2ce..30c15e58e32 100644
--- a/.github/workflows/nightly-wheels.yml
+++ b/.github/workflows/nightly-wheels.yml
@@ -38,7 +38,7 @@ jobs:
           fi
 
       - name: Upload wheel
-        uses: scientific-python/upload-nightly-action@main
+        uses: scientific-python/upload-nightly-action@6e9304f7a3a5501c6f98351537493ec898728299 # 0.3.0
         with:
           anaconda_nightly_upload_token: ${{ secrets.ANACONDA_NIGHTLY }}
           artifacts_path: dist