chore(deps): bump cachix/install-nix-action from 27 to 31

[dependabot]

Bumps cachix/install-nix-action from 27 to 31.

Release notes

Sourced from cachix/install-nix-action's releases.

v31

Starting with v31, this action will use semantic versioning for releases. Major tags, like v31, will be bumped to point to the latest minor/patch release. This is in line with how most GitHub actions manage releases.

What's Changed

• nix: 2.26.3 -> 2.28.2 by @​Mic92 in cachix/install-nix-action#232

• nix: 2.24.9 -> 2.25.2 by @​Mic92 in cachix/install-nix-action#218

• ci: fix latest installer tests by @​sandydoo in cachix/install-nix-action#220

• ci: add ubuntu-24.04-arm to matrix by @​msgilligan in cachix/install-nix-action#221

• nix: 2.25.2 -> 2.26.2 by @​Mic92 in cachix/install-nix-action#226

• nix: 2.26.2 -> 2.26.3 by @​sandydoo in cachix/install-nix-action#228

• feat: Pin actions to hashes by @​l0b0 in cachix/install-nix-action#201

• chore(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot in cachix/install-nix-action#234

• docs: document how to provide AWS credentials to the nix-daemon by @​sandydoo in cachix/install-nix-action#235

• nix: 2.28.2 -> 2.28.3 by @​Mic92 in cachix/install-nix-action#236

• nix: 2.28.3 -> 2.29.0 by @​Mic92 in cachix/install-nix-action#239 Release notes: https://nix.dev/manual/nix/latest/release-notes/rl-2.29

• Automate nix updates in CI by @​Mic92 in cachix/install-nix-action#241

• nix: 2.29.0 -> 2.29.1 by @​github-actions in cachix/install-nix-action#243 [SECURITY] https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017

• nix: 2.29.1 -> 2.30.0 by @​github-actions in cachix/install-nix-action#244 Release notes: https://nix.dev/manual/nix/2.30/release-notes/rl-2.30.html

• nix: 2.30.0 -> 2.30.1 by @​xokdvium in cachix/install-nix-action#245 [SECURITY] Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. GHSA-qc7j-jgf3-qmhg

• docs: add example for nix develop by @​jennydaman in cachix/install-nix-action#248

• nix: 2.30.2 -> 2.31.0 by @​github-actions[bot] in cachix/install-nix-action#250 Release notes: https://discourse.nixos.org/t/nix-2-31-0-released/68465

• nix: 2.31.0 -> 2.31.1 by @​github-actions[bot] in cachix/install-nix-action#253

• nix: 2.31.1 -> 2.31.2 by @​github-actions[bot] in cachix/install-nix-action#256

• feat: set up the environment based on the installer shell scripts by @​sandydoo in cachix/install-nix-action#251 Adds the bin directory from the user's profile to $PATH. Configures the following environment variables:

  • NIX_PROFILES
  • NIX_SSL_CERT_FILE (if not set)

• nix: 2.31.2 -> 2.32.0 by @​github-actions[bot] in cachix/install-nix-action#257 Release notes: https://discourse.nixos.org/t/nix-2-32-0-released/70528

• nix: 2.32.0 -> 2.32.1 by @​github-actions[bot] in cachix/install-nix-action#258

• nix: 2.32.1 -> 2.32.2 by @​github-actions[bot] in cachix/install-nix-action#259

• nix: 2.32.2 -> 2.32.3 by @​github-actions[bot] in cachix/install-nix-action#260

• nix: 2.32.3 -> 2.32.4 by @​github-actions[bot] in cachix/install-nix-action#261

• nix: 2.32.4 -> 2.33.0 by @​github-actions[bot] in cachix/install-nix-action#264

• nix: 2.33.0 -> 2.33.3 by @​github-actions[bot] in cachix/install-nix-action#266

• nix: 2.33.3 -> 2.34.0 by @​github-actions[bot] in cachix/install-nix-action#267 Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818 Rolled back due to reports of issues with cachix-action

• nix: 2.34.0 -> 2.34.1 by @​github-actions[bot] in cachix/install-nix-action#269 Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

• nix: 2.34.1 -> 2.34.2 by @​github-actions[bot] in cachix/install-nix-action#270

• nix: 2.34.2 -> 2.34.4 by @​github-actions[bot] in cachix/install-nix-action#271

... (truncated)

Changelog

Sourced from cachix/install-nix-action's changelog.

Release

As of v31, releases of this action follow Semantic Versioning.

Publishing a new release

Publish the release

Draft a new release on GitHub:

• In Choose a tag, create a new tag, like v31.2.1, following semver.
• Click Generate release notes.
• Set as the latest release should be selected automatically.
• Publish release

Update the major tag

The major tag, like v31, allows downstream users to opt-in to automatic non-breaking updates.

This process follows GitHub's own guidelines: https://github.com/actions/toolkit/blob/main/docs/action-versioning.md

Fetch the latest tags

git pull --tags --force

Move the tag

git tag -fa v31

git push origin v31 --force

Update the release notes for the major tag

Find the release on GitHub: https://github.com/cachix/install-nix-action/releases

Edit the release and click Generate release notes. Edit the formatting and publish.

Commits

• 96951a3 Merge pull request #271 from cachix/create-pull-request/patch
• 6281169 nix: 2.34.2 -> 2.34.4
• 51f3067 Revert "ci: use 25.11 for channel tests"
• 15118c1 ci: use 25.11 for channel tests
• e1ac057 Merge pull request #270 from cachix/create-pull-request/patch
• d181b96 nix: 2.34.1 -> 2.34.2
• 1ca7d21 Merge pull request #269 from cachix/create-pull-request/patch
• b613734 nix: 2.34.0 -> 2.34.1
• 19effe9 Merge pull request #267 from cachix/create-pull-request/patch
• d3f3b99 nix: 2.33.3 -> 2.34.0
• Additional commits viewable in compare view

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[arkanaai]

🔍 Arkana PR Review — ArkLabsHQ/enclave#33

Summary: Dependabot bump of cachix/install-nix-action from v27 → v31 across two CI workflows (integration-test.yml, release.yml).

Changes: Minimal — two line changes, version tag only. No config changes to nix_path or extra_nix_config.

Assessment:

• ✅ Safe upgrade — v31 brings Nix 2.27→2.34.2 with several security patches (privilege escalation fix in 2.29.1, macOS root execution fix in 2.30.1)
• ✅ No breaking changes to action inputs/outputs between v27 and v31
• ✅ Semantic versioning now used by install-nix-action starting at v31 — future minor/patch updates auto-included under the v31 tag
• ⚠️ Minor note: The jump skips v28-v30 entirely. The release notes mention a rollback of Nix 2.34.0 due to cachix-action auth key issues, but 2.34.1 fixed that. Current v31 pins to 2.34.2 which is stable.

Verdict: Clean dependency bump with security improvements. No concerns.