From a184fa22819bbd47be61beda23a164aa4e963d85 Mon Sep 17 00:00:00 2001
From: Steve Morgan <steve@rebelops.io>
Date: Sun, 1 Dec 2024 17:02:49 -0500
Subject: [PATCH] chore: update ci

---
 .github/workflows/ci.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index aee6c30..f27bc31 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,6 +6,11 @@ on:
   pull_request:
     branches: [main]
 
+permissions:
+  contents: write # Needed for semantic-release to push tags
+  issues: write # Needed for semantic-release to create GitHub releases
+  pull-requests: write # Needed for semantic-release to comment on PRs
+
 jobs:
   test:
     name: Test
@@ -49,19 +54,27 @@ jobs:
     runs-on: ubuntu-latest
     needs: [test]
     if: github.ref == 'refs/heads/main'
+    permissions:
+      contents: write
+      issues: write
+      pull-requests: write
 
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
+          token: ${{ secrets.RELEASE_TOKEN }} # Use a custom token
 
       - name: Install Rust toolchain
         uses: dtolnay/rust-toolchain@stable
 
+      - name: Make scripts executable
+        run: chmod +x ./scripts/bump-version.sh
+
       - name: Semantic Release
         uses: cycjimmy/semantic-release-action@v4
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
           CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
         with:
           extra_plugins: |