Release v3.16.3 (#54)

* Prepare release v3.16.3

* Update the state.json for v3.16.3

* Update README.md and action.yml for v3.16.3

* flake.lock: Update

Flake lock file updates:

• Updated input 'nixpkgs':
    '019c71f3-061e-7c0e-b75b-ea375738503a/source.tar.gz' (2026-02-17)
  → '019c8e05-d2f6-7c7e-9ead-612154b18bfb/source.tar.gz' (2026-02-23)

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

.github/workflows/release.yml

@@ -1,7 +1,7 @@
 on:
   release:
     types:
-      - released
+      - published
 
 jobs:
   PushLooseTag:

README.md

@@ -11,16 +11,18 @@
 
 # ️❄️ Determinate Nix Action
 
-Determinate is the best way to use Nix on macOS, WSL, and Linux.
+[Determinate] is the best way to use Nix on macOS, WSL, and Linux.
 It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment.
 
-Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily.
+Based on the [Determinate Nix Installer][nix-installer] and its corresponding [Nix Installer Action][nix-installer-action], responsible for over tens of thousands of Nix installs daily.
 
-> [!NOTE] > **Why a different action?**
+> [!NOTE]
 >
-> We created a new action to synchronize version tags to Determinate Nix releases.
+> **Why a different Action?**
+>
+> We created a new Action to synchronize version tags to [Determinate Nix][det-nix] releases.
 > GitHub Actions are tagged with the specific version, like `v3.5.2`, with a moving `v3` tag for the major version.
-> We needed a fresh tag namespace since nix-installer-action already has a `v3` tag.
+> We needed a fresh tag namespace since `nix-installer-action` already has a `v3` tag.
 
 ## 🫶 Platform support
 
@@ -34,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -41,29 +45,32 @@ on:
     branches: [main]
 
 jobs:
-  lints:
+  build-pkg:
-    name: Build
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
+      id-token: write
-      contents: "read"
+      contents: read
     steps:
-      - uses: actions/checkout@v4.2.2
+      - uses: actions/checkout@v6.0.2
-      - uses: DeterminateSystems/determinate-nix-action@main # or v3.5.2 to pin to a release
+      - uses: DeterminateSystems/determinate-nix-action@main # or v3.16.3 to pin to a release
       - run: nix build .
 ```
 
-## 📌 Version Pinning: Lock It Down!
+> [!IMPORTANT]
+> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache].
 
-### Why Pin Your Action?
+## 📌 Version pinning: lock it down!
+
+### Why pin your Action?
 
 Unlike `DeterminateSystems/nix-installer-action`, we fully support explicit version pinning for maximum consistency.
-This action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment:
+This Action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment:
 
-📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.5.2` guarantees:
+📍 Pinning to `DeterminateSystems/determinate-nix-action@v3.16.3` guarantees:
 
 - Same `nix-installer-action` revision every time
-- Consistent Determinate Nix v3.5.2 installation
+- Consistent Determinate Nix v3.16.3 installation
 - Reproducible CI workflows, even years later
 
 ✨ Using `@main` instead? You'll:
@@ -72,19 +79,19 @@ This action is **automatically tagged** for every Determinate Nix release, givin
 - Occasionally participate in phased rollouts (helping us test new releases!)
 
 > [!IMPORTANT]
-> Set up Dependabot to stay current with Determinate Nix releases without sacrificing stability.
+> Set up [Dependabot] to stay current with Determinate Nix releases without sacrificing stability.
 
-### 🤖 Automate Updates with Dependabot
+### 🤖 Automate updates with Dependabot
 
-Keep your GitHub actions fresh without manual work! Create `.github/dependabot.yml` with:
+Keep your GitHub Actions fresh without manual work! Create `.github/dependabot.yml` with:
 
 ```yaml
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: github-actions
-    directory: "/"
+    directory: /
     schedule:
-      interval: "weekly"
+      interval: weekly
 ```
 
 ## ️⚙️ Configuration
@@ -94,26 +101,27 @@ updates:
 | `extra-conf`            | Extra configuration lines for `/etc/nix/nix.conf` (includes `access-tokens` with `secrets.GITHUB_TOKEN` automatically if `github-token` is set)                                                                                                                                |          |                            |
 | `github-server-url`     | The URL for the GitHub server, to use with the `github-token` token. Defaults to the current GitHub server, supporting GitHub Enterprise Server automatically. Only change this value if the provided `github-token` is for a different GitHub server than the current server. |          | `${{ github.server_url }}` |
 | `github-token`          | A GitHub token for making authenticated requests (which have a higher rate-limit quota than unauthenticated requests)                                                                                                                                                          |          | `${{ github.token }}`      |
-| `trust-runner-user`     | Whether to make the runner user trusted by the Nix daemon                                                                                                                                                                                                                      |          | `True`                     |
+| `trust-runner-user`     | Whether to make the runner user trusted by the Nix daemon                                                                                                                                                                                                                      |          | `true`                     |
-| `force-no-systemd`      | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.                                                                                                                                                             |          | `False`                    |
+| `summarize`             | Whether to add a build summary and timeline chart to the GitHub job summary                                                                                                                                                                                                    |          | `true`                     |
+| `force-no-systemd`      | Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.                                                                                                                                                             |          | `false`                    |
 | `init`                  | The init system to configure, requires `planner: linux-multi` (allowing the choice between `none` or `systemd`)                                                                                                                                                                |          |                            |
-| `kvm`                   | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.                                                                                                                                                                            |          | `True`                     |
+| `kvm`                   | Automatically configure the GitHub Actions Runner for NixOS test supports, if the host supports it.                                                                                                                                                                            |          | `true`                     |
 | `planner`               | A planner to use                                                                                                                                                                                                                                                               |          |                            |
 | `proxy`                 | The proxy to use (if any), valid proxy bases are `https://$URL`, `http://$URL` and `socks5://$URL`                                                                                                                                                                             |          |                            |
-| `reinstall`             | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)                                                                                                                                                                                   |          | `False`                    |
+| `reinstall`             | Force a reinstall if an existing installation is detected (consider backing up `/nix/store`)                                                                                                                                                                                   |          | `false`                    |
 | `source-binary`         | Run a version of the nix-installer binary from somewhere already on disk. Conflicts with all other `source-*` options. Intended only for testing this Action.                                                                                                                  |          |                            |
 | `source-branch`         | The branch of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-pr`)                                                                                                                                                                             |          |                            |
 | `source-pr`             | The PR of `nix-installer` to use (conflicts with `source-tag`, `source-revision`, `source-branch`)                                                                                                                                                                             |          |                            |
 | `source-revision`       | The revision of `nix-installer` to use (conflicts with `source-tag`, `source-branch`, `source-pr`)                                                                                                                                                                             |          |                            |
-| `source-tag`            | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)                                                                                                                                                                             |          | `v3.5.2`                   |
+| `source-tag`            | The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)                                                                                                                                                                             |          | `v3.16.3`                  |
 | `source-url`            | A URL pointing to a `nix-installer` executable                                                                                                                                                                                                                                 |          |                            |
 | `backtrace`             | The setting for `RUST_BACKTRACE` (see https://doc.rust-lang.org/std/backtrace/index.html#environment-variables)                                                                                                                                                                |          |                            |
 | `diagnostic-endpoint`   | Diagnostic endpoint url where the installer sends data to. To disable set this to an empty string.                                                                                                                                                                             |          | `-`                        |
 | `log-directives`        | A list of Tracing directives, comma separated, `-`s replaced with `_` (eg. `nix_installer=trace`, see https://docs.rs/tracing-subscriber/latest/tracing_subscriber/filter/struct.EnvFilter.html#directives)                                                                    |          |                            |
 | `logger`                | The logger to use for install (eg. `pretty`, `json`, `full`, `compact`)                                                                                                                                                                                                        |          |                            |
-| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.                                                                                                                                                               |          | `False`                    |
+| `_internal-strict-mode` | Whether to fail when any errors are thrown. Used only to test the Action; do not set this in your own workflows.                                                                                                                                                               |          | `false`                    |
 
-## 🛟 Need Help? We're Here For You!
+## 🛟 Need help? We're here for you!
 
 We're committed to making your experience with Determinate Nix as smooth as possible. If you encounter any issues or have questions, here's how to reach us:
 
@@ -122,3 +130,11 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[cache]: https://flakehub.com/cache
+[dependabot]: https://github.com/dependabot
+[det-nix]: https://docs.determinate.systems/determinate-nix
+[determinate]: https://docs.determinate.systems
+[flakehub]: https//flakehub.com
+[nix-installer]: https://github.com/DeterminateSystems/nix-installer
+[nix-installer-action]: https://github.com/DeterminateSystems/nix-installer-action

action.yml

@@ -22,6 +22,10 @@
             "description": "Whether to make the runner user trusted by the Nix daemon",
             "default": true
         },
+        "summarize": {
+            "description": "Whether to add a build summary and timeline chart to the GitHub job summary",
+            "default": true
+        },
         "force-no-systemd": {
             "description": "Force using other methods than systemd to launch the daemon. This setting is automatically enabled when necessary.",
             "required": false,
@@ -68,7 +72,7 @@
         "source-tag": {
             "description": "The tag of `nix-installer` to use (conflicts with `source-revision`, `source-branch`, `source-pr`)",
             "required": false,
-            "default": "v3.5.2"
+            "default": "v3.16.3"
         },
         "source-url": {
             "description": "A URL pointing to a `nix-installer` executable",
@@ -101,12 +105,13 @@
         "using": "composite",
         "steps": [
             {
-                "uses": "DeterminateSystems/nix-installer-action@780ad73c034fe05a894ab1de77fa8691ad69228d",
+                "uses": "DeterminateSystems/nix-installer-action@95f009f8cba987d36d7e3396d29de81b2883654a",
                 "with": {
                     "extra-conf": "${{ inputs.extra-conf }}",
                     "github-server-url": "${{ inputs.github-server-url }}",
                     "github-token": "${{ inputs.github-token }}",
                     "trust-runner-user": "${{ inputs.trust-runner-user }}",
+                    "summarize": "${{ inputs.summarize }}",
                     "force-no-systemd": "${{ inputs.force-no-systemd }}",
                     "init": "${{ inputs.init }}",
                     "kvm": "${{ inputs.kvm }}",

flake.lock

@@ -2,12 +2,12 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1747179050,
+        "lastModified": 1771848320,
-        "narHash": "sha256-qhFMmDkeJX9KJwr5H32f1r7Prs7XbQWtO0h3V0a0rFY=",
+        "narHash": "sha256-0MAd+0mun3K/Ns8JATeHT1sX28faLII5hVLq0L3BdZU=",
-        "rev": "adaa24fbf46737f3f1b5497bf64bae750f82942e",
+        "rev": "2fc6539b481e1d2569f25f8799236694180c0993",
-        "revCount": 799423,
+        "revCount": 953160,
         "type": "tarball",
-        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.799423%2Brev-adaa24fbf46737f3f1b5497bf64bae750f82942e/0196d1c3-1974-7bf1-bcf6-06620ac40c8c/source.tar.gz"
+        "url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.953160%2Brev-2fc6539b481e1d2569f25f8799236694180c0993/019c8e05-d2f6-7c7e-9ead-612154b18bfb/source.tar.gz"
       },
       "original": {
         "type": "tarball",

tools/README.template.md

@@ -11,16 +11,18 @@
 
 # ️❄️ Determinate Nix Action
 
-Determinate is the best way to use Nix on macOS, WSL, and Linux.
+[Determinate] is the best way to use Nix on macOS, WSL, and Linux.
 It is an end-to-end toolchain for using Nix, from installation to collaboration to deployment.
 
-Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/nix-installer) and its corresponding [Nix Installer Action](https://github.com/DeterminateSystems/nix-installer-action), responsible for over tens of thousands of Nix installs daily.
+Based on the [Determinate Nix Installer][nix-installer] and its corresponding [Nix Installer Action][nix-installer-action], responsible for over tens of thousands of Nix installs daily.
 
-> [!NOTE] > **Why a different action?**
+> [!NOTE]
 >
-> We created a new action to synchronize version tags to Determinate Nix releases.
+> **Why a different Action?**
+>
+> We created a new Action to synchronize version tags to [Determinate Nix][det-nix] releases.
 > GitHub Actions are tagged with the specific version, like `v3.5.2`, with a moving `v3` tag for the major version.
-> We needed a fresh tag namespace since nix-installer-action already has a `v3` tag.
+> We needed a fresh tag namespace since `nix-installer-action` already has a `v3` tag.
 
 ## 🫶 Platform support
 
@@ -34,6 +36,8 @@ Based on the [Determinate Nix Installer](https://github.com/DeterminateSystems/n
 
 ## ️🔧 Usage
 
+Here's an example Actions workflow configuration that uses `determinate-nix-action`:
+
 ```yaml
 on:
   pull_request:
@@ -41,24 +45,27 @@ on:
     branches: [main]
 
 jobs:
-  lints:
+  build-pkg:
-    name: Build
+    name: Build Nix package
     runs-on: ubuntu-latest
     permissions:
-      id-token: "write"
+      id-token: write
-      contents: "read"
+      contents: read
     steps:
       - uses: actions/checkout@<!-- checkout_action_tag -->
       - uses: DeterminateSystems/determinate-nix-action@main # or <!-- version --> to pin to a release
       - run: nix build .
 ```
 
-## 📌 Version Pinning: Lock It Down!
+> [!IMPORTANT]
+> If you use [FlakeHub], you need to add a `permissions` block like the one in the example above or else Determinate Nix can't authenticate with FlakeHub or [FlakeHub Cache][cache].
 
-### Why Pin Your Action?
+## 📌 Version pinning: lock it down!
+
+### Why pin your Action?
 
 Unlike `DeterminateSystems/nix-installer-action`, we fully support explicit version pinning for maximum consistency.
-This action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment:
+This Action is **automatically tagged** for every Determinate Nix release, giving you complete control over your CI environment:
 
 📍 Pinning to `DeterminateSystems/determinate-nix-action@<!-- version -->` guarantees:
 
@@ -72,26 +79,26 @@ This action is **automatically tagged** for every Determinate Nix release, givin
 - Occasionally participate in phased rollouts (helping us test new releases!)
 
 > [!IMPORTANT]
-> Set up Dependabot to stay current with Determinate Nix releases without sacrificing stability.
+> Set up [Dependabot] to stay current with Determinate Nix releases without sacrificing stability.
 
-### 🤖 Automate Updates with Dependabot
+### 🤖 Automate updates with Dependabot
 
-Keep your GitHub actions fresh without manual work! Create `.github/dependabot.yml` with:
+Keep your GitHub Actions fresh without manual work! Create `.github/dependabot.yml` with:
 
 ```yaml
 version: 2
 updates:
-  - package-ecosystem: "github-actions"
+  - package-ecosystem: github-actions
-    directory: "/"
+    directory: /
     schedule:
-      interval: "weekly"
+      interval: weekly
 ```
 
 ## ️⚙️ Configuration
 
 <!-- table -->
 
-## 🛟 Need Help? We're Here For You!
+## 🛟 Need help? We're here for you!
 
 We're committed to making your experience with Determinate Nix as smooth as possible. If you encounter any issues or have questions, here's how to reach us:
 
@@ -100,3 +107,11 @@ We're committed to making your experience with Determinate Nix as smooth as poss
 - 📧 **Need direct support?** Email us at [support@determinate.systems](mailto:support@determinate.systems)
 
 🤝 **Looking for enterprise support?** We offer dedicated support contracts and shared Slack channels for organizations requiring priority assistance. [Contact us](mailto:support@determinate.systems) to learn more.
+
+[cache]: https://flakehub.com/cache
+[dependabot]: https://github.com/dependabot
+[det-nix]: https://docs.determinate.systems/determinate-nix
+[determinate]: https://docs.determinate.systems
+[flakehub]: https//flakehub.com
+[nix-installer]: https://github.com/DeterminateSystems/nix-installer
+[nix-installer-action]: https://github.com/DeterminateSystems/nix-installer-action

tools/generate.py

@@ -16,12 +16,19 @@ def make_inputs_table(inputs):
         required = input_options.get("required", False)
         default = input_options.get("default")
 
+        if isinstance(default, bool):
+            default_str = f"`{str(default).lower()}`"
+        elif default is not None:
+            default_str = f"`{default}`"
+        else:
+            default_str = ""
+
         rows.append(
             [
                 f"`{input_name}`",
                 input_options["description"],
                 "📍" if required else "",
-                f"`{default}`" if default is not None else "",
+                default_str,
             ]
         )
 
@@ -52,6 +59,7 @@ keep_inputs = [
     "github-server-url",
     "github-token",
     "trust-runner-user",
+    "summarize",
     # Advanced run-time environment options
     "force-no-systemd",
     "init",

tools/state.json

@@ -1,5 +1,5 @@
 {
-  "nix_installer_action_revision": "780ad73c034fe05a894ab1de77fa8691ad69228d",
+  "nix_installer_action_revision": "95f009f8cba987d36d7e3396d29de81b2883654a",
-  "determinate_nix_tag": "v3.5.2",
+  "determinate_nix_tag": "v3.16.3",
-  "checkout_action_tag": "v4.2.2"
+  "checkout_action_tag": "v6.0.2"
 }