From 769948d79878f686850a1852910167823d79d180 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 15:09:41 -0400
Subject: [PATCH] Add note about permissions block

---
 README.md                | 15 +++++++++++----
 tools/README.template.md | 15 +++++++++++----
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index d50fbed..13fd497 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -43,18 +45,21 @@ on:
     branches: [main]
 
 jobs:
-  lints:
-    name: Build
+  build-pkg:
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@v4.2.2
       - uses: DeterminateSystems/determinate-nix-action@main # or v3.5.2 to pin to a release
       - run: nix build .
 ```
 
+> [!IMPORTANT]
+> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+
 ## 📌 Version Pinning: Lock It Down!
 
 ### Why Pin Your Action?
@@ -124,3 +129,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[flakehub]: https//flakehub.com
diff --git a/tools/README.template.md b/tools/README.template.md
index d46a51f..6b9d698 100644
--- a/tools/README.template.md
+++ b/tools/README.template.md
@@ -36,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -43,18 +45,21 @@ on:
     branches: [main]
 
 jobs:
-  lints:
-    name: Build
+  build-pkg:
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
     steps:
       - uses: actions/checkout@<!-- checkout_action_tag -->
       - uses: DeterminateSystems/determinate-nix-action@main # or <!-- version --> to pin to a release
       - run: nix build .
 ```
 
+> [!IMPORTANT]
+> You must add a `permissions` block like the one in the example above or else Determinate Nix won't be able to authenticate with [FlakeHub].
+
 ## 📌 Version Pinning: Lock It Down!
 
 ### Why Pin Your Action?
@@ -102,3 +107,5 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[flakehub]: https//flakehub.com