Grant export workflows read/write permission (#78629)

jonjohnsonjr · web-flow · commit e1fc79cadadc · 2026-02-17T15:18:08.000-08:00
Signed-off-by: Jon Johnson &lt;jon.johnson@chainguard.dev&gt;
diff --git a/.github/chainguard/stereo.sts.yaml b/.github/chainguard/stereo.sts.yaml
@@ -0,0 +1,11 @@
+issuer: https://token.actions.githubusercontent.com
+
+subject_pattern: repo:chainguard-dev/stereo:ref:refs/heads/main
+
+claim_pattern:
+  job_workflow_ref: chainguard-dev/stereo/.github/workflows/(export|publish)-wolfi.yaml@refs/heads/main
+
+permissions:
+  contents: write
+  pull_requests: write
+  workflows: write
