From 769948d79878f686850a1852910167823d79d180 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 15:09:41 -0400
Subject: [PATCH 1/2] Add note about permissions block

---
 README.md                | 15 +++++++++++----
 tools/README.template.md | 15 +++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index d50fbed..13fd497 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -43,18 +45,21 @@ on:
     branches: [main]
 
 jobs:
-  lints:
-    name: Build
+  build-pkg:
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v4.2.2
       - uses: DeterminateSystems/determinate-nix-action@main # or v3.5.2 to pin to a release
       - run: nix build .
 ```
 
+> [!IMPORTANT]
+> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+
 ## 📌 Version Pinning: Lock It Down!
 
 ### Why Pin Your Action?
@@ -124,3 +129,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[flakehub]: https//flakehub.com
diff --git a/tools/README.template.md b/tools/README.template.md
index d46a51f..6b9d698 100644
--- a/tools/README.template.md
+++ b/tools/README.template.md
@@ -36,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -43,18 +45,21 @@ on:
     branches: [main]
 
 jobs:
-  lints:
-    name: Build
+  build-pkg:
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@<!-- checkout_action_tag -->
       - uses: DeterminateSystems/determinate-nix-action@main # or <!-- version --> to pin to a release
       - run: nix build .
 ```
 
+> [!IMPORTANT]
+> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+
 ## 📌 Version Pinning: Lock It Down!
 
 ### Why Pin Your Action?
@@ -102,3 +107,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[flakehub]: https//flakehub.com

From 0c803e71017b0f5ea6f2695a4647fb795cdfd68f Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 16:03:22 -0400
Subject: [PATCH 2/2] Update wording

---
 README.md                | 3 ++-
 tools/README.template.md | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 13fd497..bb15360 100644
--- a/README.md
+++ b/README.md
@@ -58,7 +58,7 @@ jobs:
 ```
 
 > [!IMPORTANT]
-> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache].
 
 ## 📌 Version Pinning: Lock It Down!
 
@@ -130,4 +130,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
 
+[cache]: https://flakehub.com/cache
 [flakehub]: https//flakehub.com
diff --git a/tools/README.template.md b/tools/README.template.md
index 6b9d698..f5f6d8b 100644
--- a/tools/README.template.md
+++ b/tools/README.template.md
@@ -58,7 +58,7 @@ jobs:
 ```
 
 > [!IMPORTANT]
-> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache].
 
 ## 📌 Version Pinning: Lock It Down!
 
@@ -108,4 +108,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
 
+[cache]: https://flakehub.com/cache
 [flakehub]: https//flakehub.com