From c1c930f84be38f80d672c0e55007d39765e5d643 Mon Sep 17 00:00:00 2001
From: Sergei Zharinov <zharinov@users.noreply.github.com>
Date: Mon, 12 Jan 2026 22:07:09 -0300
Subject: [PATCH] fix: Grant permissions to bump workflow caller

---
 .github/workflows/bump.yml    | 5 ++++-
 .github/workflows/release.yml | 3 +++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/bump.yml b/.github/workflows/bump.yml
index 59eec38..bf31623 100644
--- a/.github/workflows/bump.yml
+++ b/.github/workflows/bump.yml
@@ -32,7 +32,10 @@ jobs:
         uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
 
       - name: Install tomato-toml
-        run: cargo install tomato-toml --locked
+        uses: baptiste0928/cargo-install@b687c656bda5733207e629b50a22bf68974a0305 # v3.3.2
+        with:
+          crate: tomato-toml
+          locked: true
 
       - name: Calculate next version
         id: version
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 2348848..b89ffe3 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -56,3 +56,6 @@ jobs:
       bump: patch
     secrets:
       PLOTNIK_PAT: ${{ secrets.PLOTNIK_PAT }}
+    permissions:
+      contents: write
+      pull-requests: write