From 54630fad7b0620885eb2d14ae4f40b77ab2c5017 Mon Sep 17 00:00:00 2001
From: Martin Wimpress <martin@wimpress.org>
Date: Thu, 15 May 2025 18:21:23 +0100
Subject: [PATCH 1/4] ci: migrate to determinate-nix-action

---
 .github/workflows/validate.yml |  6 ++----
 .github/workflows/workflow.yml | 12 +++---------
 2 files changed, 5 insertions(+), 13 deletions(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index be9e83e..fd3b0e2 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,6 +1,6 @@
 on:
   push:
-    branches: main
+    branches: [ main ]
   pull_request:
   workflow_dispatch:
 
@@ -13,9 +13,7 @@ jobs:
     steps:
       - name: git checkout
         uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
       - uses: DeterminateSystems/flakehub-cache-action@main
       - run: nix develop -c action-validator -v ./.github/workflows/workflow.yml
       - run: nix develop -c prettier --check .
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index d10bc7c..8f34d51 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -95,9 +95,7 @@ jobs:
       - uses: actions/checkout@v4
       # disabled pending strategy discussion on exposing tunables
       # - uses: Determinatesystems/flake-checker-action@main
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
       - uses: DeterminateSystems/flakehub-cache-action@main
       - uses: webfactory/ssh-agent@v0.9.0
         if: ${{ inputs.enable-ssh-agent }}
@@ -125,9 +123,7 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
-      - uses: DeterminateSystems/nix-installer-action@main
-        with:
-          determinate: true
+      - uses: DeterminateSystems/determinate-nix-action@v3
       - uses: DeterminateSystems/flakehub-cache-action@main
       - uses: webfactory/ssh-agent@v0.9.0
         if: ${{ inputs.enable-ssh-agent }}
@@ -163,10 +159,8 @@ jobs:
           contains(needs.*.result, 'cancelled')
       - uses: actions/checkout@main
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/determinate-nix-action@v3
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-        with:
-          determinate: true
       - uses: DeterminateSystems/flakehub-cache-action@main
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
       - uses: "DeterminateSystems/flakehub-push@main"

From 555ade38c33c6d02eec48836e72426e84166b3d5 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 13:27:11 -0400
Subject: [PATCH 2/4] Fix formatting

---
 .github/workflows/validate.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index fd3b0e2..71d8f42 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -1,6 +1,6 @@
 on:
   push:
-    branches: [ main ]
+    branches: [main]
   pull_request:
   workflow_dispatch:
 

From 43c9a92ae024eff59eee5da274b9845db7e809a1 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 13:28:42 -0400
Subject: [PATCH 3/4] Standardize

---
 .github/workflows/validate.yml |  4 ++--
 .github/workflows/workflow.yml | 16 ++++++++--------
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml
index 71d8f42..b7e02ef 100644
--- a/.github/workflows/validate.yml
+++ b/.github/workflows/validate.yml
@@ -21,7 +21,7 @@ jobs:
   DeterminateCI:
     uses: ./.github/workflows/workflow.yml
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
     with:
       directory: ./tests/smoke
diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 8f34d51..8500659 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -88,8 +88,8 @@ jobs:
       systems: ${{ steps.inventory.outputs.systems }}
 
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
 
     steps:
       - uses: actions/checkout@v4
@@ -118,8 +118,8 @@ jobs:
         systems: ${{ fromJSON(needs.inventory.outputs.systems) }}
 
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
 
     steps:
       - uses: actions/checkout@v4
@@ -141,8 +141,8 @@ jobs:
     needs: build
     if: ${{ always() }}
     permissions:
-      id-token: "write"
-      contents: "read"
+      id-token: write
+      contents: read
 
     outputs:
       flake_name: ${{ steps.publish.outputs.flake_name }}
@@ -150,7 +150,7 @@ jobs:
       flakeref_exact: ${{ steps.publish.outputs.flakeref_exact }}
       flakeref_at_least: ${{ steps.publish.outputs.flakeref_at_least }}
     steps:
-      - run: "true"
+      - run: true
       - run: |
           echo "A dependent in the build matrix failed."
           exit 1
@@ -163,7 +163,7 @@ jobs:
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
       - uses: DeterminateSystems/flakehub-cache-action@main
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
-      - uses: "DeterminateSystems/flakehub-push@main"
+      - uses: DeterminateSystems/flakehub-push@main
         if: ${{ !github.repository.fork && inputs.visibility != '' && (github.ref == format('refs/heads/{0}', inputs.default-branch) || startsWith(github.ref, 'refs/tags/')) }}
         id: publish
         with:

From 6571ed89511bb574eda721dc8e02fd3bcb245be2 Mon Sep 17 00:00:00 2001
From: Luc Perkins <lucperkins@gmail.com>
Date: Thu, 15 May 2025 13:34:01 -0400
Subject: [PATCH 4/4] Fix action validation issue

---
 .github/workflows/workflow.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 8500659..b1963a7 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -150,7 +150,7 @@ jobs:
       flakeref_exact: ${{ steps.publish.outputs.flakeref_exact }}
       flakeref_at_least: ${{ steps.publish.outputs.flakeref_at_least }}
     steps:
-      - run: true
+      - run: "true"
       - run: |
           echo "A dependent in the build matrix failed."
           exit 1