chore(ci): bump cachix/install-nix-action from 30 to 31

[dependabot]

Bumps cachix/install-nix-action from 30 to 31.

Release notes

Sourced from cachix/install-nix-action's releases.

v31

Starting with v31, this action will use semantic versioning for releases. Major tags, like v31, will be bumped to point to the latest minor/patch release. This is in line with how most GitHub actions manage releases.

What's Changed

• nix: 2.26.3 -> 2.28.2 by @​Mic92 in cachix/install-nix-action#232

• nix: 2.24.9 -> 2.25.2 by @​Mic92 in cachix/install-nix-action#218

• ci: fix latest installer tests by @​sandydoo in cachix/install-nix-action#220

• ci: add ubuntu-24.04-arm to matrix by @​msgilligan in cachix/install-nix-action#221

• nix: 2.25.2 -> 2.26.2 by @​Mic92 in cachix/install-nix-action#226

• nix: 2.26.2 -> 2.26.3 by @​sandydoo in cachix/install-nix-action#228

• feat: Pin actions to hashes by @​l0b0 in cachix/install-nix-action#201

• chore(deps): bump actions/checkout from 4.1.1 to 4.2.2 by @​dependabot in cachix/install-nix-action#234

• docs: document how to provide AWS credentials to the nix-daemon by @​sandydoo in cachix/install-nix-action#235

• nix: 2.28.2 -> 2.28.3 by @​Mic92 in cachix/install-nix-action#236

• nix: 2.28.3 -> 2.29.0 by @​Mic92 in cachix/install-nix-action#239 Release notes: https://nix.dev/manual/nix/latest/release-notes/rl-2.29

• Automate nix updates in CI by @​Mic92 in cachix/install-nix-action#241

• nix: 2.29.0 -> 2.29.1 by @​github-actions in cachix/install-nix-action#243 [SECURITY] https://discourse.nixos.org/t/security-advisory-privilege-escalations-in-nix-lix-and-guix/66017

• nix: 2.29.1 -> 2.30.0 by @​github-actions in cachix/install-nix-action#244 Release notes: https://nix.dev/manual/nix/2.30/release-notes/rl-2.30.html

• nix: 2.30.0 -> 2.30.1 by @​xokdvium in cachix/install-nix-action#245 [SECURITY] Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. GHSA-qc7j-jgf3-qmhg

• docs: add example for nix develop by @​jennydaman in cachix/install-nix-action#248

• nix: 2.30.2 -> 2.31.0 by @​github-actions[bot] in cachix/install-nix-action#250 Release notes: https://discourse.nixos.org/t/nix-2-31-0-released/68465

• nix: 2.31.0 -> 2.31.1 by @​github-actions[bot] in cachix/install-nix-action#253

• nix: 2.31.1 -> 2.31.2 by @​github-actions[bot] in cachix/install-nix-action#256

• feat: set up the environment based on the installer shell scripts by @​sandydoo in cachix/install-nix-action#251 Adds the bin directory from the user's profile to $PATH. Configures the following environment variables:

  • NIX_PROFILES
  • NIX_SSL_CERT_FILE (if not set)

• nix: 2.31.2 -> 2.32.0 by @​github-actions[bot] in cachix/install-nix-action#257 Release notes: https://discourse.nixos.org/t/nix-2-32-0-released/70528

• nix: 2.32.0 -> 2.32.1 by @​github-actions[bot] in cachix/install-nix-action#258

• nix: 2.32.1 -> 2.32.2 by @​github-actions[bot] in cachix/install-nix-action#259

• nix: 2.32.2 -> 2.32.3 by @​github-actions[bot] in cachix/install-nix-action#260

• nix: 2.32.3 -> 2.32.4 by @​github-actions[bot] in cachix/install-nix-action#261

• nix: 2.32.4 -> 2.33.0 by @​github-actions[bot] in cachix/install-nix-action#264

• nix: 2.33.0 -> 2.33.3 by @​github-actions[bot] in cachix/install-nix-action#266

• nix: 2.33.3 -> 2.34.0 by @​github-actions[bot] in cachix/install-nix-action#267 Release notes: https://discourse.nixos.org/t/nix-2-34-0-released/75818 Rolled back due to reports of issues with cachix-action

• nix: 2.34.0 -> 2.34.1 by @​github-actions[bot] in cachix/install-nix-action#269 Fixes a bug introduced in 2.34.0 that made the Nix daemon fail to load authentication keys configured by cachix-action.

• nix: 2.34.1 -> 2.34.2 by @​github-actions[bot] in cachix/install-nix-action#270

• nix: 2.34.2 -> 2.34.4 by @​github-actions[bot] in cachix/install-nix-action#271

... (truncated)

Changelog

Sourced from cachix/install-nix-action's changelog.

Release

As of v31, releases of this action follow Semantic Versioning.

Publishing a new release

Publish the release

Draft a new release on GitHub:

• In Choose a tag, create a new tag, like v31.2.1, following semver.
• Click Generate release notes.
• Set as the latest release should be selected automatically.
• Publish release

Update the major tag

The major tag, like v31, allows downstream users to opt-in to automatic non-breaking updates.

This process follows GitHub's own guidelines: https://github.com/actions/toolkit/blob/main/docs/action-versioning.md

Fetch the latest tags

git pull --tags --force

Move the tag

git tag -fa v31

git push origin v31 --force

Update the release notes for the major tag

Find the release on GitHub: https://github.com/cachix/install-nix-action/releases

Edit the release and click Generate release notes. Edit the formatting and publish.

Commits

• 96951a3 Merge pull request #271 from cachix/create-pull-request/patch
• 6281169 nix: 2.34.2 -> 2.34.4
• 51f3067 Revert "ci: use 25.11 for channel tests"
• 15118c1 ci: use 25.11 for channel tests
• e1ac057 Merge pull request #270 from cachix/create-pull-request/patch
• d181b96 nix: 2.34.1 -> 2.34.2
• 1ca7d21 Merge pull request #269 from cachix/create-pull-request/patch
• b613734 nix: 2.34.0 -> 2.34.1
• 19effe9 Merge pull request #267 from cachix/create-pull-request/patch
• d3f3b99 nix: 2.33.3 -> 2.34.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

AI Analysis

Technical Summary:

This pull request updates the GitHub Action dependency cachix/install-nix-action from version 30 to version 31 in the CI workflow.

---

Key Technical Details:

• Version Bump:
  The upgrade moves to v31 of cachix/install-nix-action, which marks a significant change where the project adopts Semantic Versioning (semver) for its releases. Major tags (like v31) now point to the latest minor/patch release, allowing downstream users to opt into automatic non-breaking updates.

• Nix Version Updates:
  Between v30 and v31 of the action, the embedded Nix versions have been incrementally updated multiple times, now arriving at Nix 2.34.4. This includes security patches and bug fixes:

  • Several security fixes related to privilege escalation in Nix builds.
  • Fixes for daemon authentication bugs affecting the cachix-action.
  • Updates

---

This summary was automatically generated by AI to help with triage and may not be 100% accurate.

Suggested Labels: bug security test