@@ -139,46 +139,7 @@ jobs:
139139 - name : Debug
140140 run : |
141141 echo "### Approval Actor for stage: ${{ steps.get-approver.outputs.approver }}" >> $GITHUB_STEP_SUMMARY
142-
143- # - name: Get approval actor from audit log
144- # env:
145- # GH_TOKEN: ${{ secrets.READ_AUDIT_LOG }}
146- # OWNER: kosli-dev
147- # REPO: github-release-example
148- # run: |
149- # API_URL="https://api.github.com/orgs/${OWNER}/audit-log"
150- # MAX_PAGES=5
151- # PER_PAGE=5
152- # APPROVER=""
153- #
154- # for PAGE in $(seq 1 $MAX_PAGES); do
155- # echo "Checking page $PAGE..."
156- # curl -s -H "Authorization: Bearer ${GH_TOKEN}" \
157- # -H "Accept: application/vnd.github+json" \
158- # --get \
159- # --data-urlencode "phrase=repo:${OWNER}/${REPO}" \
160- # --data-urlencode "phrase=action:workflows.approve_workflow_job" \
161- # --data-urlencode "per_page=${PER_PAGE}" \
162- # --data-urlencode "page=${PAGE}" \
163- # "$API_URL" > audit.json
164- #
165- # MATCH=$(jq -r --arg run_id ${{ github.run_id }} '
166- # .[] | select(.workflow_run_id == ($run_id | tonumber)) | .actor' audit.json)
167- #
168- # if [[ -n "$MATCH" ]]; then
169- # echo "Found matching approval by: $MATCH"
170- # APPROVER="$MATCH"
171- # break
172- # fi
173- # done
174- #
175- # if [[ -z "$APPROVER" ]]; then
176- # echo "No approval found for workflow_run_id: $WORKFLOW_RUN_ID"
177- # exit 1
178- # fi
179- #
180- # echo "approver=$APPROVER" >> $GITHUB_OUTPUT
181- # echo "### Approval Actor for stage: $APPROVER" >> $GITHUB_STEP_SUMMARY
142+ cat ${{ steps.get-approver.outputs.approver }} >> $GITHUB_STEP_SUMMARY
182143
183144semver-tag :
184145 needs : [build,deploy-stage]
@@ -252,41 +213,12 @@ jobs:
252213 needs : deploy-production
253214 runs-on : ubuntu-latest
254215 steps :
216+ - uses : actions/checkout@v4
217+
255218 - name : Get approval actor from audit log
256- env :
257- GH_TOKEN : ${{ secrets.READ_AUDIT_LOG }}
258- OWNER : kosli-dev
259- REPO : github-release-example
260- run : |
261- API_URL="https://api.github.com/orgs/${OWNER}/audit-log"
262- MAX_PAGES=5
263- PER_PAGE=5
264- APPROVER=""
265-
266- for PAGE in $(seq 1 $MAX_PAGES); do
267- echo "Checking page $PAGE..."
268- curl -s -H "Authorization: Bearer ${GH_TOKEN}" \
269- -H "Accept: application/vnd.github+json" \
270- --get \
271- --data-urlencode "phrase=repo:${OWNER}/${REPO}" \
272- --data-urlencode "phrase=action:workflows.approve_workflow_job" \
273- --data-urlencode "per_page=${PER_PAGE}" \
274- --data-urlencode "page=${PAGE}" \
275- "$API_URL" > audit.json
276-
277- MATCH=$(jq -r --arg run_id ${{ github.run_id }} '
278- .[] | select(.workflow_run_id == ($run_id | tonumber)) | .actor' audit.json)
279-
280- if [[ -n "$MATCH" ]]; then
281- echo "Found matching approval by: $MATCH"
282- APPROVER="$MATCH"
283- break
284- fi
285- done
286-
287- if [[ -z "$APPROVER" ]]; then
288- echo "No approval found for workflow_run_id: $WORKFLOW_RUN_ID"
289- exit 1
290- fi
219+ id : get-approver
220+ uses : ./.github/actions/get-github-workflow-approver
221+ with :
222+ gh-audit-log-reader-token : ${{ secrets.READ_AUDIT_LOG }}
223+
291224
292- echo "### Approval Actor for production: $APPROVER" >> $GITHUB_STEP_SUMMARY
0 commit comments