Add permissions to doc and workflows (#631)

* Add permissions

* Update e2e-target.yaml

* Update README.md

* Fix e2e permissions

.github/workflows/e2e-target.yaml

@@ -12,6 +12,10 @@ jobs:
     name: test / ${{ github.event_name }} / ${{ github.event.action }}
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      actions: read
+      checks: write
+      contents: read
     steps:
       - name: Event
         uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0

.github/workflows/e2e.yaml

@@ -7,6 +7,9 @@ on:
     types:
       - completed
   pull_request:
+    types:
+      - opened
+      - closed
   push:
     branches:
       - main
@@ -18,6 +21,11 @@ jobs:
     name: test / ${{ github.event_name }} / ${{ github.event.action }}
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      actions: read
+      checks: read
+      contents: read
+      pull-requests: read
     steps:
       - name: Event
         uses: actions/github-script@98814c53be79b1d30f795b907e553d8679345975 # v6.4.0

.github/workflows/release.yaml

@@ -14,6 +14,8 @@ jobs:
   tag:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: write
     steps:
       - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0

.github/workflows/ts.yaml

@@ -39,6 +39,9 @@ jobs:
   generate:
     runs-on: ubuntu-latest
     timeout-minutes: 10
+    permissions:
+      contents: write
+      pull-requests: write
     steps:
       - uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
       - uses: actions/setup-node@64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c # v3.6.0

README.md

@@ -201,13 +201,10 @@ It has the following tags:
 
 ### Enable job or step metrics
 
-Note that this action calls GitHub GraphQL API to get jobs and steps of a workflow run.
-It may cause the rate exceeding error if too many workflows are run.
-It may also increase the cost of custom metrics in Datadog.
-
 To send the metrics of jobs and steps:
 
 ```yaml
+    steps:
       - uses: int128/datadog-actions-metrics@v1
         with:
           datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
@@ -218,13 +215,26 @@ To send the metrics of jobs and steps:
 To send the metrics of jobs and steps on the default branch only:
 
 ```yaml
+    steps:
       - uses: int128/datadog-actions-metrics@v1
         with:
           datadog-api-key: ${{ secrets.DATADOG_API_KEY }}
           collect-job-metrics: ${{ github.event.workflow_run.head_branch == github.event.repository.default_branch }}
           collect-step-metrics: ${{ github.event.workflow_run.head_branch == github.event.repository.default_branch }}
 ```
 
+This action calls GitHub GraphQL API to get jobs and steps of the current workflow run.
+Note that it may cause the rate exceeding error if too many workflows are run.
+
+If the job or step metrics is enabled, this action requires the following permissions:
+
+```yaml
+    permissions:
+      actions: read
+      checks: read
+      contents: read
+```
+
 
 ## Metrics for pull_request event
 
@@ -250,7 +260,6 @@ It has the following tags:
 - `base_ref`
 - `head_ref`
 
-
 ### Pull request (closed)
 
 This action sends the following metrics on `closed` type.
@@ -285,6 +294,15 @@ It has the following tags:
   - Label(s) of a pull request
   - Available if `send-pull-request-labels` is set
 
+### Permissions
+
+For pull_request event, this action requires the following permissions:
+
+```yaml
+    permissions:
+      pull-requests: read
+```
+
 
 ## Metrics for push event
 
@@ -320,6 +338,15 @@ It has the following tags:
 
 It is useful for monitoring self-hosted runners.
 
+### Permissions
+
+For schedule event, this action requires the following permissions:
+
+```yaml
+    permissions:
+      actions: read
+```
+
 
 ## Metrics for all supported events