From 3d3e8ced6f54fe0ab2a52d1580d3ab8628171a42 Mon Sep 17 00:00:00 2001
From: doprz <52579214+doprz@users.noreply.github.com>
Date: Tue, 14 Oct 2025 16:27:56 -0500
Subject: [PATCH] refactor(nix): use DeterminateSystems nix CI GHAs

---
 .github/workflows/release.yml | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e3234a08..a9fa4acf 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -11,12 +11,16 @@ concurrency: ${{ github.workflow }}-${{ github.ref }}
 jobs:
   nix-check:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: "write"
+      contents: "read"
     steps:
-    - uses: actions/checkout@v5
-    - uses: cachix/install-nix-action@v31
-      with:
-        github_access_token: ${{ secrets.GITHUB_TOKEN }}
-    - run: nix flake check
+      - uses: actions/checkout@v4
+      - uses: DeterminateSystems/nix-installer-action@main
+      - uses: DeterminateSystems/magic-nix-cache-action@main
+      - uses: DeterminateSystems/flake-checker-action@main
+      - name: Run `nix flake check`
+        run: nix flake check
 
   release:
     name: Release
@@ -38,7 +42,7 @@ jobs:
           github_access_token: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Install Dependencies
-        run: nix develop .#full --command pnpm install
+        run: nix develop .#full --command pnpm install --frozen-lockfile
 
       - name: Create Release Pull Request or Publish
         id: changesets