From e6ea8edc0c0de341fd0df21c3911eea0c94b98ec Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Fri, 19 Jun 2026 17:52:04 +0000 Subject: [PATCH] Update README.md and action.yml for v3.21.2 --- README.md | 63 ++++++++++++++++++++++++++++++------------------------ action.yml | 14 ++++++++++-- 2 files changed, 47 insertions(+), 30 deletions(-) diff --git a/README.md b/README.md index b9edfde..3df1f1c 100644 --- a/README.md +++ b/README.md @@ -52,8 +52,8 @@ jobs: id-token: write contents: read steps: - - uses: actions/checkout@v6.0.3 - - uses: DeterminateSystems/determinate-nix-action@main # or v3.21.1 to pin to a release + - uses: actions/checkout@v7.0.0 + - uses: DeterminateSystems/determinate-nix-action@main # or v3.21.2 to pin to a release - run: nix build . ``` @@ -67,10 +67,10 @@ jobs: Unlike `DeterminateSystems/nix-installer-action`, we fully support explicit version pinning for maximum consistency. This Action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment: -📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.21.1` guarantees: +📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.21.2` guarantees: - Same `nix-installer-action` revision every time -- Consistent Determinate Nix v3.21.1 installation +- Consistent Determinate Nix v3.21.2 installation - Reproducible CI workflows, even years later ✨ Using `@main` instead? You'll: @@ -96,30 +96,37 @@ updates: ## ️⚙️ Configuration -| Parameter | Description | Required | Default | -|-------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|----------------------------| -| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | | | -| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | | `${{ github.server_url }}` | -| `github-token` | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | | `${{ github.token }}` | -| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `true` | -| `summarize` | Whether to add a build summary and timeline chart to the GitHub job summary | | `true` | -| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `false` | -| `init` | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`) | | | -| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `true` | -| `planner` | A planner to use | | | -| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | | | -| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `false` | -| `source-binary` | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action. | | | -| `source-branch` | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`) | | | -| `source-pr` | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`) | | | -| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`) | | | -| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.21.1` | -| `source-url` | A URL pointing to a `nix-installer` executable | | | -| `backtrace` | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) | | | -| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string. | | `-` | -| `log-directives` | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) | | | -| `logger` | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) | | | -| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `false` | +| Parameter | Description | Required | Default | +|---------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|----------------------------| +| `extra-conf` | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set) | | | +| `github-server-url` | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. | | `${{ github.server_url }}` | +| `github-token` | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests) | | `${{ github.token }}` | +| `trust-runner-user` | Whether to make the runner user trusted by the Nix daemon | | `true` | +| `summarize` | Whether to add a build summary and timeline chart to the GitHub job summary | | `true` | +| `force-no-systemd` | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary. | | `false` | +| `init` | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`) | | | +| `kvm` | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it. | | `true` | +| `planner` | A planner to use | | | +| `proxy` | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL` | | | +| `reinstall` | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`) | | `false` | +| `source-binary` | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action. | | | +| `source-branch` | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`) | | | +| `source-pr` | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`) | | | +| `source-revision` | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`) | | | +| `source-tag` | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`) | | `v3.21.2` | +| `source-url` | A URL pointing to a `nix-installer` executable | | | +| `source-checksums-url` | URL of a `shasum`-format checksums file listing the SHA-256 of each +`nix-installer--` artifact. Used together with +`source-checksums-sha256` to verify the downloaded installer. + | | | +| `source-checksums-sha256` | Pinned SHA-256 (hex) of the file served at `source-checksums-url`. Must +be set together with `source-checksums-url`. + | | | +| `backtrace` | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables) | | | +| `diagnostic-endpoint` | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string. | | `-` | +| `log-directives` | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives) | | | +| `logger` | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`) | | | +| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows. | | `false` | ## 🛟 Need help? We're here for you! diff --git a/action.yml b/action.yml index 511c0c8..9957917 100644 --- a/action.yml +++ b/action.yml @@ -72,12 +72,20 @@ "source-tag": { "description": "The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)", "required": false, - "default": "v3.21.1" + "default": "v3.21.2" }, "source-url": { "description": "A URL pointing to a `nix-installer` executable", "required": false }, + "source-checksums-url": { + "description": "URL of a `shasum`-format checksums file listing the SHA-256 of each\n`nix-installer--` artifact. Used together with\n`source-checksums-sha256` to verify the downloaded installer.\n", + "required": false + }, + "source-checksums-sha256": { + "description": "Pinned SHA-256 (hex) of the file served at `source-checksums-url`. Must\nbe set together with `source-checksums-url`.\n", + "required": false + }, "backtrace": { "description": "The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)", "required": false @@ -105,7 +113,7 @@ "using": "composite", "steps": [ { - "uses": "DeterminateSystems/nix-installer-action@1d87d45818068401a10cf16bdc5f00b24994a83f", + "uses": "DeterminateSystems/nix-installer-action@a7ad9c4f0c65208097f4d34f3cfa1913b80cce5c", "with": { "extra-conf": "${{ inputs.extra-conf }}", "github-server-url": "${{ inputs.github-server-url }}", @@ -124,6 +132,8 @@ "source-revision": "${{ inputs.source-revision }}", "source-tag": "${{ inputs.source-tag }}", "source-url": "${{ inputs.source-url }}", + "source-checksums-url": "${{ inputs.source-checksums-url }}", + "source-checksums-sha256": "${{ inputs.source-checksums-sha256 }}", "backtrace": "${{ inputs.backtrace }}", "diagnostic-endpoint": "${{ inputs.diagnostic-endpoint }}", "log-directives": "${{ inputs.log-directives }}",