background grid image
Image for post determinate-nix-action
May 28, 2025 by Luc Perkins

Determinate Nix Action

announcement
nixactionsdeterminatedeterminate-nix

Shortly after releasing Determinate Nix Installer, we released nix-installer-action, a GitHub Action for installing Nix using Determinate Nix Installer, our next-generation installer written in Rust with support for seamlessly uninstalling Nix and more. This Action has successfully delivered Nix to millions of runners and thus served its purpose quite ably.

Since the launch of Determinate Nix, nix-installer-action has provided the option of installing Determinate Nix by applying determinate: true to your YAML configuration. But nix-installer-action has an important drawback: its version isn’t synced with the version of Determinate Nix, making it difficult to target Determinate Nix versions in CI runs.

And so today we’re announcing that we’ve created a new Action, determinate-nix-action that installs Determinate Nix both by default and with a synced version. That means that you can use, say, Determinate Nix version 3.6.1 by specifying this:

Targeted version
- uses: DeterminateSystems/determinate-nix-action@v3.6.1

Here’s a full example configuration:

.github/workflows/nix.yaml
on:
  pull_request:
  push:
    branches: [main]


jobs:
  build-nix-pkg:
    name: Build Nix package
    runs-on: ubuntu-latest
    permissions:
      id-token: write
      contents: read
    steps:
      - uses: actions/checkout@v4
      - uses: DeterminateSystems/determinate-nix-action@v3
      - name: Build package using Determinate Nix
        run: nix build

Note that the permissions block is necessary if you intend to use private flakes and FlakeHub Cache. And as an alternative to using v3, you can pin to a specific release, such as @v3.6.1 (the most recent release as of this writing). In terms of configuration, determinate-nix-action provides most of the same parameters that you’re used to from nix-installer-action—such as extra-conf for providing custom Nix configuration—leaving behind only those that don’t make sense in this new Action.

Keep your pinned Action up to date

If you do opt to pin to a specific version of determinate-nix-action, we strongly recommend using tools like Dependabot and Renovate to automatically bump the version when necessary, lest you end up running out-of-date versions of Determinate Nix.

If you’d like to target specific versions of Determinate Nix, we do recommend switching to this new Action. For more on why you should consider pinning your Actions, GitHub has a good primer. And as with all Actions, you can pin determinate-nix-action to a specific Git hash, such as 441b9e401ac050c38a07d8313748c5c2d17e8aff:

.github/workflows/nix.yaml
- uses: DeterminateSystems/determinate-nix-action@441b9e401ac050c38a07d8313748c5c2d17e8aff

If you’re currently using nix-installer-action to install Determinate Nix don’t worry: nothing is changing on that end and you can still set determinate: true to install Determinate Nix:

.github/workflows/nix.yaml
- uses: DeterminateSystems/nix-installer-action
  with:
    determinate: true
Share
Avatar for Luc Perkins
Written by Luc Perkins

Luc is a technical writer, software engineer, and Nix advocate who's always on the lookout for qualitatively better ways of building software. He originally hails from the Pacific Northwest but has recently taken to living abroad.

Would you like access to private flakes and FlakeHub Cache?

Sign up for FlakeHub