From bec638cf5d2f2d61190680862c990337b651f045 Mon Sep 17 00:00:00 2001
From: Jozef Kralik <jozef.kralik@plgd.dev>
Date: Fri, 26 Jan 2024 15:02:10 +0000
Subject: [PATCH] github/actions: Generate SBOM

---
 .github/workflows/release.yml | 5 +++++
 .goreleaser.yaml              | 2 ++
 2 files changed, 7 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index f603df34..c676ad4a 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -44,6 +44,11 @@ jobs:
       - name: Print supported platforms
         run: go tool dist list
 
+      - name: Install syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
+          syft version
+
       - name: Set ui_file
         id: vars
         run: |
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 10654992..383796e1 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -50,3 +50,5 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
+sboms:
+  - artifacts: source
\ No newline at end of file