feat: [CODE-2523]: Audit log bypassed branch deletions (#2851)

* feat: [CODE-2523]: Audit log bypassed branch deletions

app/api/controller/pullreq/delete_branch.go

@@ -21,7 +21,9 @@ import (
 	"github.com/harness/gitness/app/api/controller"
 	"github.com/harness/gitness/app/api/usererror"
 	"github.com/harness/gitness/app/auth"
+	"github.com/harness/gitness/app/paths"
 	"github.com/harness/gitness/app/services/protection"
+	"github.com/harness/gitness/audit"
 	"github.com/harness/gitness/errors"
 	"github.com/harness/gitness/git"
 	"github.com/harness/gitness/types"
@@ -133,6 +135,40 @@ func (c *Controller) DeleteBranch(ctx context.Context,
 		log.Ctx(ctx).Err(err).Msgf("failed to write pull request activity for successful branch delete")
 	}
 
+	if protection.IsBypassed(violations) {
+		err = c.auditService.Log(ctx,
+			session.Principal,
+			audit.NewResource(
+				audit.ResourceTypeRepository,
+				repo.Identifier,
+				audit.RepoPath,
+				repo.Path,
+				audit.BypassedResourceType,
+				audit.BypassedResourceTypeBranch,
+				audit.BypassedResourceName,
+				branchName,
+				audit.BypassAction,
+				audit.BypassActionDeleted,
+				audit.ResourceName,
+				fmt.Sprintf(
+					audit.BypassSHALabelFormat,
+					repo.Identifier,
+					branchName,
+				),
+			),
+			audit.ActionBypassed,
+			paths.Parent(repo.Path),
+			audit.WithNewObject(audit.BranchObject{
+				BranchName:     branchName,
+				RepoPath:       repo.Path,
+				RuleViolations: violations,
+			}),
+		)
+		if err != nil {
+			log.Ctx(ctx).Warn().Msgf("failed to insert audit log for delete branch operation: %s", err)
+		}
+	}
+
 	return types.DeleteBranchOutput{
 		DryRunRulesOutput: types.DryRunRulesOutput{
 			RuleViolations: violations,