Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Pin DeterminateSystems/nix-installer-action to SHA (#32)
GitHub recommends pinning 3rd party actions for security and reproducibility. This should be a familiar idea for folks who've worked with Nix. π https://docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions For now, I've excluded dependencies from `actions/` as these are "2nd party" actions, developed and published by GitHub. We have higher trust that GitHub published actions won't spuriously force push tag values, resulting in non deterministic runtime behavior. If you'd like to pin all dependencies, let me know and I'll update this to include everything. This will result in a higher sustaining burden, as Dependabot (#31) will generate many more updates for pinned `actions/` actions.
- Loading branch information