Drone CD promotes, how can we fetch information related to the Git user who clicked on Deploy. There might be multiple scenarios push happens with git user id but Deploy can be clicked by any user who has access to the Drone CI. How do we know or control the user clicking on the promote button?
deploy cannot be clicked by anyone that has access to Drone. It can only be clicked by a user that has write or admin access to the repository. If you want to further limit who can promote a pipeline, a third party community extension is available that allows you to do so. See Promote auth extension
Thanks for the help. Is there a way to find out the GitHub/Git user who has write permissions to the repository and click on deploy/promote for auditing purposes?
Drone inherits the permissions from GitHub. So anyone that has write or admin access to your repository in GitHub will have write or admin access to the repository in Drone. You can therefore query GitHub to get a list of all users with write or admin access, or you can use the following API endpoint in Drone to get a list of user permissions:
GET /api/repos/{owner}/{repo}/builds//collaborators
When a user clicks the promote button, their username is captured and stored in the database in the trigger field, which you can view using the following API endpoint:
GET /api/repos/{owner}/{repo}/builds/{build}