chore: add release audit workflow

Add GitHub Actions workflow to generate audit events for release branches.

Made-with: Cursor

Author: danielaEsc

.github/workflows/release-audit.yml

@@ -0,0 +1,53 @@
+name: release-audit
+
+on:
+  push:
+    branches:
+      - "release/v*"
+
+permissions:
+  contents: read
+
+jobs:
+  write-audit-event:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Generate audit event
+        run: |
+          mkdir -p release
+          ts="$(date -u +"%Y-%m-%dT%H:%M:%SZ")"
+          service="${GITHUB_REPOSITORY##*/}"
+          version="${GITHUB_REF_NAME#release/}"
+
+          jq -n \
+            --arg service "$service" \
+            --arg environment "unknown" \
+            --arg version "$version" \
+            --arg commit "$GITHUB_SHA" \
+            --arg release_branch "$GITHUB_REF_NAME" \
+            --arg pipeline_run_id "$GITHUB_RUN_ID" \
+            --arg requested_by "$GITHUB_ACTOR" \
+            --arg status "created" \
+            --arg timestamp "$ts" \
+            '{
+              service: $service,
+              environment: $environment,
+              version: $version,
+              commit: $commit,
+              release_branch: $release_branch,
+              pipeline_run_id: $pipeline_run_id,
+              approvers: [],
+              requested_by: $requested_by,
+              status: $status,
+              timestamp: $timestamp
+            }' >> release/audit-log.jsonl
+
+      - name: Upload audit log artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: release-audit-log
+          path: release/audit-log.jsonl
+