diff --git a/.github/workflows/flake-update.yml b/.github/workflows/flake-update.yml
index 5eb32af..1b7002a 100644
--- a/.github/workflows/flake-update.yml
+++ b/.github/workflows/flake-update.yml
@@ -10,18 +10,45 @@ jobs:
     if: github.ref == 'refs/heads/main' # ensure workflow_dispatch only runs on main
     steps:
       - uses: actions/checkout@v4
+      - uses: DeterminateSystems/magic-nix-cache-action@main
       - name: Install Nix
         uses: cachix/install-nix-action@v24
         with:
           extra_nix_config: |
             experimental-features = nix-command flakes
           install_url: https://releases.nixos.org/nix/nix-2.19.0/install
+      - name: Calculate pre-drv
+        run: nix ./utils/eval-to-drv.sh pre
       - name: Pull latest docker images
         run: nix ./utils/fetch-docker.sh
+      - name: Update flake.lock (part 1)
+        run: nix flake update
+      - name: Calculate post-drv
+        run: nix ./utils/eval-to-drv.sh post
+      - name: Calculate diff
+        run: nix ./utils/diff-evals
+      - name: Read diff into environment
+        uses: andstor/file-reader-action@v1
+        id: post_diff
+        with:
+          path: "post-diff"
+      - name: Restore flake.lock for next step
+        run: git restore flake.lock
       - name: Update flake.lock
         id: update
         uses: DeterminateSystems/update-flake-lock@main
         with:
+          # token: ${{ secrets.GH_TOKEN_FOR_UPDATES }}
+          pr-body: |
+            Automated changes by the [update-flake-lock](https://github.com/DeterminateSystems/update-flake-lock) GitHub Action.
+
+            ```
+            {{ env.GIT_COMMIT_MESSAGE }}
+            ```
+
+            ```
+            {{ env.steps.post_diff.outputs.contents }}
+            ```
           pr-labels: |                  # Labels to be set on the PR
             dependencies
             automated
diff --git a/.gitignore b/.gitignore
index 3737723..771cf5c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -17,3 +17,8 @@ result-*
 
 # allows test file in reopsitory
 test.*
+
+# flake update artifacts
+pre-drv
+post-drv
+post-diff
diff --git a/utils/diff-evals.sh b/utils/diff-evals.sh
new file mode 100644
index 0000000..1ee6cd1
--- /dev/null
+++ b/utils/diff-evals.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env nix
+#! nix shell nixpkgs#bash nixpkgs#gnugrep nixpkgs#nvd --command bash
+
+# diffs each derivation
+
+set -x
+set -v
+set -e
+
+script_path=$(dirname "$(readlink -f $0)")
+parent_path=$(dirname "$script_path")
+
+readarray -t pre_drv < "$parent_path/pre-drv"
+readarray -t post_drv < "$parent_path/post-drv"
+
+post_drv_path="$parent_path/post-diff"
+# cleanup any files with the same name
+rm "$post_drv_path" || true
+touch "$post_drv_path"
+
+for i in $(seq 0 $(( "${#pre_drv[@]}" -1 ))); do
+    echo "Diffing updates to $(echo "${pre_drv[$i]}" | cut -f 2- -d '-')" >> "$post_drv_path"
+    nvd diff "${pre_drv[$i]}" "${post_drv[$i]}" >> "$post_drv_path"
+done
diff --git a/utils/eval-to-drv.sh b/utils/eval-to-drv.sh
new file mode 100644
index 0000000..49c8bbb
--- /dev/null
+++ b/utils/eval-to-drv.sh
@@ -0,0 +1,21 @@
+#!/usr/bin/env nix
+#! nix shell nixpkgs#bash nixpkgs#gnugrep --command bash
+
+# diffs each derivation
+
+set -x
+set -v
+set -e
+
+if [ "$#" -ne 2 ]; then
+    echo "$0 (pre|post)"
+fi
+
+script_path=$(dirname "$(readlink -f $0)")
+parent_path=$(dirname "$script_path")
+out_path="$parent_path/$1-drv"
+
+
+drv=$(nix flake check --verbose 2> >(grep -P -o "derivation evaluated to (/nix/store/.*\.drv)" | grep -P -o "/nix/store/.*\.drv"))
+
+echo "$drv" > "$out_path"