add sts policy for pr audit service (#71)

chainguard-dev · Oct 24, 2024 · 18d63b7 · 18d63b7
1 parent bcbe798
commit 18d63b7
Showing 1 changed file with 14 additions and 0 deletions.
diff --git a/.github/chainguard/pr-review-audit.sts.yaml b/.github/chainguard/pr-review-audit.sts.yaml
@@ -0,0 +1,14 @@
+issuer: https://accounts.google.com
+
+# you can find the code and explanation for this in https://github.com/chainguard-dev/chainguard-devops/blob/main/github-audit-prs/README.md
+
+# staging-support-tools-2b84: devops-github-audit-prs@staging-support-tools-2b84.iam.gserviceaccount.com
+subject_pattern: "103467134585088586606"
+
+# to be able to write issues and see the repos if is private
+permissions:
+  issues: write
+  pull_requests: write
+  contents: read
+
+repositories: []  # Act over all of the repos in the org.