Which API permissions are needed?

[ilovelinux]

Hi,

I like this plugin. I was about to use it but I don't want to create a full-privileged API.
I looked into the documentation but I haven´t been able to find anything.

Related to #1050 and partially solved by 814acf6 but I would like a more in-depth response

[lowlighter]

Hi 👋 !

For personal access tokens (i.e. tokens used to fetch data), the revelant documentation is here:

A a general rule, the following scopes may be required:

• public_repo for some plugins
• read:org for all organizations related metrics
• repo for all private repositories related metrics
  • read:user for some private repositories related metrics
• read:packages for some packages related metrics
• gist for publishing renders to gists instead of a repository

If you click on a plugin documentation in the plugin list, you'll be able to see a table that tell which scopes are required to make it work, like below:

In the example above, the personal access token should have read:user and read:org scopes, while the read:packages/repo are optional and could result in additional stats.

Concerning comitter tokens (i.e. tokens used to publish results), it mostly depends on output_action.

Unfortunately the GitHub doc about this is not very extensive and I'm not sure what each scope means as they're named differently from access tokens:

However, I'm pretty sure you'll just need contents: write if you use any output that will push to said repository (either commit/merge), and pull-requests: write if you use the pull request mode. If you use the gist feature, then I think no permissions are required, except that the personal access token need to have gists scope since it'll write in them

Hope this helps, and thanks for using metrics 😄 !