fix: pin GitHub Actions to full SHA (CLOUDEVOPS-4942)

Author: github-actions[bot]

.github/workflows/workflow.yml

@@ -10,9 +10,9 @@ jobs:
     name: Build and publish Python 🐍 distributions 📦 to PyPI
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@master
+    - uses: actions/checkout@61b9e3751b92087fd0b06925ba6dd6314e06f089 # master
     - name: Set up Python 3.9
-      uses: actions/setup-python@v1
+      uses: actions/setup-python@0f07f7f756721ebd886c2462646a35f78a8bc4de # v1
       with:
         python-version: 3.9
     - name: Install pypa/build
@@ -30,12 +30,12 @@ jobs:
         --outdir dist/
         .
 #    - name: Publish distribution 📦 to Test PyPI
-#      uses: pypa/gh-action-pypi-publish@master
+#      uses: pypa/gh-action-pypi-publish@c1b34028248d0c9f7d90fe29fef2122e2276ff6f # master
 #      with:
 #        password: ${{ secrets.TEST_PYPI_API_TOKEN }}
 #        repository_url: https://test.pypi.org/legacy/
     - name: Publish distribution 📦 to PyPI
       if: startsWith(github.ref, 'refs/tags')
-      uses: pypa/gh-action-pypi-publish@master
+      uses: pypa/gh-action-pypi-publish@c1b34028248d0c9f7d90fe29fef2122e2276ff6f # master
       with:
         password: ${{ secrets.PYPI_API_TOKEN }}