From 5a4dd2e65df4189d85b30b8e01eefa39ecb24ada Mon Sep 17 00:00:00 2001
From: Joe Borg <joe.borg@chainguard.dev>
Date: Thu, 20 Nov 2025 13:59:12 -0500
Subject: [PATCH] Add approver bot STS for prod

Signed-off-by: Joe Borg <joe.borg@chainguard.dev>
---
 .github/chainguard/approver-bot.sts.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .github/chainguard/approver-bot.sts.yaml

diff --git a/.github/chainguard/approver-bot.sts.yaml b/.github/chainguard/approver-bot.sts.yaml
new file mode 100644
index 0000000..038079b
--- /dev/null
+++ b/.github/chainguard/approver-bot.sts.yaml
@@ -0,0 +1,12 @@
+issuer: https://accounts.google.com
+
+# approver-bot@prod-enforce-fabc.iam.gserviceaccount.com
+subject: "114898805784176589833"
+
+permissions:
+  contents: read
+  checks: read
+  pull_requests: write
+
+repositories:
+- os