From 1fec55d41cad0b481888786c36cb4fb2d88daec1 Mon Sep 17 00:00:00 2001
From: Philippe Deslauriers <philde@chainguard.dev>
Date: Tue, 28 Jan 2025 15:02:45 -0800
Subject: [PATCH 1/2] octo-sts: Policy for Apps Script integrations

---
 .github/chainguard/appscript.sts.yaml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 .github/chainguard/appscript.sts.yaml

diff --git a/.github/chainguard/appscript.sts.yaml b/.github/chainguard/appscript.sts.yaml
new file mode 100644
index 0000000..3b4d3cc
--- /dev/null
+++ b/.github/chainguard/appscript.sts.yaml
@@ -0,0 +1,17 @@
+# Copyright 2024 Chainguard, Inc.
+# SPDX-License-Identifier: Apache-2.0
+
+issuer: https://accounts.google.com
+subject_pattern: .*
+# Allow client IDs from the `philde-appscripts` project.
+audience_pattern: 292217359313-[a-z0-9]+\.apps\.googleusercontent\.com
+claim_pattern:
+  email_verified: "true"
+  email: .*@chainguard.dev
+
+permissions:
+  contents: read
+  issues: read
+  organization_projects: read
+
+repositories: [] # Act over all of the repos in the org.

From 6d154693d94605f0874c2ccd400c43b4f417597b Mon Sep 17 00:00:00 2001
From: Phil <philippe@deslauriers.me>
Date: Wed, 29 Jan 2025 12:06:52 -0800
Subject: [PATCH 2/2] Update .github/chainguard/appscript.sts.yaml

Co-authored-by: Carlos Tadeu Panato Junior <ctadeu@gmail.com>
Signed-off-by: Phil <philippe@deslauriers.me>
---
 .github/chainguard/appscript.sts.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/chainguard/appscript.sts.yaml b/.github/chainguard/appscript.sts.yaml
index 3b4d3cc..de29f66 100644
--- a/.github/chainguard/appscript.sts.yaml
+++ b/.github/chainguard/appscript.sts.yaml
@@ -1,4 +1,4 @@
-# Copyright 2024 Chainguard, Inc.
+# Copyright 2025 Chainguard, Inc.
 # SPDX-License-Identifier: Apache-2.0
 
 issuer: https://accounts.google.com