Merge pull request #519 from DataDog/fix/release-tag-policy

fix(ci): correct release-tag trust policy claims

Author: jack-edmonds-dd

.github/chainguard/release-tag.sts.yaml

@@ -3,9 +3,11 @@ issuer: https://token.actions.githubusercontent.com
 subject: repo:DataDog/pup:pull_request
 
 claim_pattern:
+  base_ref: main
   event_name: pull_request
-  job_workflow_ref: DataDog/pup/\.github/workflows/release-tag\.yml@refs/pull/[0-9]+/merge
-  ref: refs/pull/[0-9]+/merge
+  head_ref: release/v[0-9]+\.[0-9]+\.[0-9]+
+  job_workflow_ref: DataDog/pup/\.github/workflows/release-tag\.yml@refs/heads/main
+  ref: refs/heads/main
   repository: DataDog/pup
 
 permissions: