From 18d63b71a26b96712e5f81be864254dbd7794ba1 Mon Sep 17 00:00:00 2001
From: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Date: Thu, 24 Oct 2024 10:17:34 +0200
Subject: [PATCH] add sts policy for pr audit service (#71)

---
 .github/chainguard/pr-review-audit.sts.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/chainguard/pr-review-audit.sts.yaml

diff --git a/.github/chainguard/pr-review-audit.sts.yaml b/.github/chainguard/pr-review-audit.sts.yaml
new file mode 100644
index 0000000..89823f4
--- /dev/null
+++ b/.github/chainguard/pr-review-audit.sts.yaml
@@ -0,0 +1,14 @@
+issuer: https://accounts.google.com
+
+# you can find the code and explanation for this in https://github.com/chainguard-dev/chainguard-devops/blob/main/github-audit-prs/README.md
+
+# staging-support-tools-2b84: devops-github-audit-prs@staging-support-tools-2b84.iam.gserviceaccount.com
+subject_pattern: "103467134585088586606"
+
+# to be able to write issues and see the repos if is private
+permissions:
+  issues: write
+  pull_requests: write
+  contents: read
+
+repositories: []  # Act over all of the repos in the org.