From 2b8e2b29a82a6cf3bdc663c231a2b6a7ed5ef89f Mon Sep 17 00:00:00 2001
From: Sarah Chen <sarah.chen@datadoghq.com>
Date: Thu, 14 Aug 2025 12:29:05 -0400
Subject: [PATCH] Add policy for add-release-to-cloudfoundry

---
 .../self.add-release-to-cloudfoundry.sts.yaml        | 12 ++++++++++++
 1 file changed, 12 insertions(+)
 create mode 100644 .github/chainguard/self.add-release-to-cloudfoundry.sts.yaml

diff --git a/.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml b/.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml
new file mode 100644
index 00000000000..c20755a8de3
--- /dev/null
+++ b/.github/chainguard/self.add-release-to-cloudfoundry.sts.yaml
@@ -0,0 +1,12 @@
+issuer: https://token.actions.githubusercontent.com
+
+subject: repo:DataDog/dd-trace-java:ref:refs/heads/master
+
+claim_pattern:
+  event_name: release
+  ref: refs/heads/master
+  ref_protected: "true"
+  job_workflow_ref: DataDog/dd-trace-java/\.github/workflows/add-release-to-cloudfoundry\.yaml@refs/heads/master
+
+permissions:
+  contents: write