From 8844f322f2f8f09b97bc8b6825f5aac1427fd049 Mon Sep 17 00:00:00 2001
From: Nghia Tran <tcnghia@gmail.com>
Date: Tue, 11 Nov 2025 12:37:37 -0800
Subject: [PATCH] Add staging-autofix STS policy for os repo

Signed-off-by: Nghia Tran <tcnghia@gmail.com>
---
 .github/chainguard/staging-autofix.sts.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 .github/chainguard/staging-autofix.sts.yaml

diff --git a/.github/chainguard/staging-autofix.sts.yaml b/.github/chainguard/staging-autofix.sts.yaml
new file mode 100644
index 0000000..0429fd8
--- /dev/null
+++ b/.github/chainguard/staging-autofix.sts.yaml
@@ -0,0 +1,14 @@
+issuer: https://accounts.google.com
+# autofix@staging-enforce-cd1e.iam.gserviceaccount.com
+subject: "118295070799166027529"
+
+permissions:
+  actions: read
+  checks: write
+  contents: write
+  pull_requests: read
+  statuses: read
+  workflows: write # Allow triggering actions when authoring commits.
+
+repositories:
+  - os