Started on recording who did an approval of a release (#13)

ToreMerkely · web-flow · commit 0eb698d2b6a2 · 2025-04-14T11:28:37.000+02:00
diff --git a/.github/workflows/build-deploy-backend.yml b/.github/workflows/build-deploy-backend.yml
@@ -124,6 +124,43 @@ jobs:
     secrets: inherit
 
 
+  get-approver-for-stage:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Get workflow run ID
+        id: get-run-id
+        run: echo "workflow_run_id=${{ github.run_id }}" >> $GITHUB_ENV
+
+      - name: Get approval actor from audit log
+        id: get-approver
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          OWNER: kosli-dev
+          REPO: github-release-example
+          WORKFLOW_RUN_ID: ${{ github.run_id }}
+        run: |
+          API_URL="https://api.github.com/orgs/${OWNER}/audit-log"
+          TIMESTAMP_24H_AGO=$(date -u -d '1 day ago' +"%Y-%m-%dT%H:%M:%SZ")
+
+          curl -s -H "Authorization: Bearer ${GH_TOKEN}" \
+               -H "Accept: application/vnd.github+json" \
+               --get \
+               --data-urlencode "phrase=repo:${OWNER}/${REPO}" \
+               --data-urlencode "phrase=action:workflows.approve_workflow_job" \
+               --data-urlencode "created_after=${TIMESTAMP_24H_AGO}" \
+               "$API_URL" > audit.json
+
+          APPROVER=$(jq -r --arg run_id "$WORKFLOW_RUN_ID" '
+            map(select(.workflow_run_id | tostring == $run_id))
+            | sort_by(.created_at) 
+            | reverse 
+            | .[0].actor // "unknown"
+          ' audit.json)
+
+          echo "Approver: $APPROVER"
+          echo "approver=$APPROVER" >> $GITHUB_OUTPUT
+
+
   semver-tag:
     needs: [build,deploy-stage]
     name: Check for semver tag
