@@ -141,15 +141,40 @@ jobs:
141141 WORKFLOW_RUN_ID : ${{ github.run_id }}
142142 run : |
143143 API_URL="https://api.github.com/orgs/${OWNER}/audit-log"
144+ MAX_PAGES=5
145+ PER_PAGE=5
146+ APPROVER=""
147+
148+ for PAGE in $(seq 1 $MAX_PAGES); do
149+ echo "Checking page $PAGE..."
150+ curl -s -H "Authorization: Bearer ${GH_TOKEN}" \
151+ -H "Accept: application/vnd.github+json" \
152+ --get \
153+ --data-urlencode "phrase=repo:${OWNER}/${REPO}" \
154+ --data-urlencode "phrase=action:workflows.approve_workflow_job" \
155+ --data-urlencode "per_page=${PER_PAGE}" \
156+ --data-urlencode "page=${PAGE}" \
157+ "$API_URL" > audit.json
158+
159+ cat audit.json >> $GITHUB_STEP_SUMMARY
160+
161+ MATCH=$(jq -r --arg run_id "$WORKFLOW_RUN_ID" '
162+ .[] | select(.workflow_run_id == ($run_id | tonumber)) | .actor' audit.json)
163+
164+ if [[ -n "$MATCH" ]]; then
165+ echo "Found matching approval by: $MATCH"
166+ APPROVER="$MATCH"
167+ break
168+ fi
169+ done
170+
171+ if [[ -z "$APPROVER" ]]; then
172+ echo "No approval found for workflow_run_id: $WORKFLOW_RUN_ID"
173+ exit 1
174+ fi
144175
145- curl -s -H "Authorization: Bearer ${GH_TOKEN}" \
146- -H "Accept: application/vnd.github+json" \
147- --get \
148- --data-urlencode "phrase=repo:${OWNER}/${REPO}" \
149- --data-urlencode "phrase=action:workflows.approve_workflow_job" \
150- --data-urlencode "per_page=1" \
151- --data-urlencode "page=1" \
152- "$API_URL" > audit.json
176+ echo "approver=$APPROVER" >> $GITHUB_OUTPUT
177+ echo "### Approval Actor: $APPROVER" >> $GITHUB_STEP_SUMMARY
153178
154179 cat audit.json >> $GITHUB_STEP_SUMMARY
155180
0 commit comments