sudacode/metrics
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs: notice about token permissions and usage (relates #1050, #1076)

Browse Source
This commit is contained in:
lowlighter
2022-05-31 17:48:35 -04:00
parent b25fc280d6
commit 814acf63c6
5 changed files with 66 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.github/readme/imgs/setup_workflow_permissions.dark.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 26 KiB

BIN
.github/readme/imgs/setup_workflow_permissions.light.png vendored Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 27 KiB

8
.github/readme/partials/documentation/setup/action.md vendored
View File

@@ -16,6 +16,8 @@ Its `README.md` will be displayed on your user profile:
## 1 Create a GitHub personal token ## 1 Create a GitHub personal token
> 💡 A GitHub personal token is required since this action will fetch data that cannot be accessed through repository-scoped tokens (like [`${{ secrets.GITHUB_TOKEN }}` or `${{ github.token }}`](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret)) such as users, organizations, issues, pull requests, comments, commits, activity, etc.
From the `Developer settings` of your account settings, select `Personal access tokens` to create a new token. From the `Developer settings` of your account settings, select `Personal access tokens` to create a new token.
No scopes are required, but additional one may be required depending on which features will be used. Each plugin documentation enumerates which scopes are required to make it work. No scopes are required, but additional one may be required depending on which features will be used. Each plugin documentation enumerates which scopes are required to make it work.
@@ -65,17 +67,21 @@ on:
jobs: jobs:
github-metrics: github-metrics:
runs-on: ubuntu-latest runs-on: ubuntu-latest
permissions:
contents: write
steps: steps:
- uses: lowlighter/metrics@latest - uses: lowlighter/metrics@latest
with: with:
token: ${{ secrets.METRICS_TOKEN }} token: ${{ secrets.METRICS_TOKEN }}
``` ```
Rendered metrics will be committed to repository on each run. Default output action is to commit rendered metrics to target repository on each run.
![Action update example](/.github/readme/imgs/example_action_update.light.png#gh-light-mode-only) ![Action update example](/.github/readme/imgs/example_action_update.light.png#gh-light-mode-only)
![Action update example](/.github/readme/imgs/example_action_update.dark.png#gh-dark-mode-only) ![Action update example](/.github/readme/imgs/example_action_update.dark.png#gh-dark-mode-only)
Use [`output_action`](/source/plugins/core/README.md#-configuring-output-action) to change this behaviour to use either pull requests, gists or manually handle renders.
### 3.1 Choosing between `@latest`, `@master`/`@main`, a fork or a pinned version ### 3.1 Choosing between `@latest`, `@master`/`@main`, a fork or a pinned version
There are several *metrics* versions that can be used in workflows: There are several *metrics* versions that can be used in workflows:

2
source/app/web/statics/app.js
View File

@@ -214,6 +214,8 @@
`jobs:`, `jobs:`,
` github-metrics:`, ` github-metrics:`,
` runs-on: ubuntu-latest`, ` runs-on: ubuntu-latest`,
` permissions:`,
` contents: write`,
` steps:`, ` steps:`,
` - uses: lowlighter/metrics@latest`, ` - uses: lowlighter/metrics@latest`,
` with:`, ` with:`,

23
source/plugins/core/README.md
View File

@@ -231,6 +231,14 @@ It is possible to generate a self-contained HTML file containing `✨ Metrics in
## 🧶 Configuring output action ## 🧶 Configuring output action
Before configuring output action, ensure that workflows permissions are properly set.
These can be changed either through repository settings in Actions tab:
![Setting workflows permissions](/.github/readme/imgs/setup_workflow_permissions.light.png#gh-light-mode-only)
![Setting workflows permissions](/.github/readme/imgs/setup_workflow_permissions.dark.png#gh-dark-mode-only)
Or more granulary [at job or workflow level](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).
### Using commits (default) ### Using commits (default)
Use `config_output: commit` to make the action directly push changes to `committer_branch` with a commit. Use `config_output: commit` to make the action directly push changes to `committer_branch` with a commit.
@@ -240,6 +248,10 @@ A custom commit message can be used through `committer_message`.
*Example: push output to metrics-renders branch rather than the default branch* *Example: push output to metrics-renders branch rather than the default branch*
```yaml ```yaml
metrics:
permissions:
contents: write
steps:
- uses: lowlighter/metrics@latest - uses: lowlighter/metrics@latest
with: with:
output_action: commit output_action: commit
@@ -257,6 +269,11 @@ The last step should use either `pull-request-merge`, `pull-request-squash` or `
*Example: push two outputs using a merge pull request* *Example: push two outputs using a merge pull request*
```yaml ```yaml
metrics:
permissions:
contents: write
pull-requests: write
steps:
- uses: lowlighter/metrics@latest - uses: lowlighter/metrics@latest
with: with:
filename: my-metrics-0.svg filename: my-metrics-0.svg
@@ -277,6 +294,8 @@ It is required to provide a gist id to `committer_gist` option to make it work.
*Example: push output to a gist* *Example: push output to a gist*
```yaml ```yaml
metrics:
steps:
- uses: lowlighter/metrics@latest - uses: lowlighter/metrics@latest
with: with:
output_action: gist output_action: gist
@@ -290,6 +309,10 @@ They will be available under `/metrics_renders/{filename}` in the runner.
*Example: generate outputs and manually push them* *Example: generate outputs and manually push them*
```yaml ```yaml
metrics:
permissions:
contents: write
steps:
- name: Checkout repository - name: Checkout repository
uses: actions/checkout@v2 uses: actions/checkout@v2
with: with: