From bafd11f6df352e49f6dde063eaebe32e983aca86 Mon Sep 17 00:00:00 2001
From: Vadym Lesich <91897926+vlesich-sylabs@users.noreply.github.com>
Date: Wed, 30 Mar 2022 18:29:58 +0300
Subject: [PATCH] ci: SBOM for releases

Add source bill of materials (SBOM) generation in goreleaser config.
---
 .circleci/config.yml | 6 ++++++
 .goreleaser.yml      | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/.circleci/config.yml b/.circleci/config.yml
index 3ed484ee..db4f254f 100644
--- a/.circleci/config.yml
+++ b/.circleci/config.yml
@@ -87,6 +87,9 @@ jobs:
     executor: golang-latest
     steps:
       - checkout
+      - run:
+          name: Install syft
+          command: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - run:
           name: Test Release
           command: curl -sL https://git.io/goreleaser | bash -s -- --snapshot --skip-publish
@@ -95,6 +98,9 @@ jobs:
     executor: golang-latest
     steps:
       - checkout
+      - run:
+          name: Install syft
+          command: curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - run:
           name: Publish Release
           command: curl -sL https://git.io/goreleaser | bash
diff --git a/.goreleaser.yml b/.goreleaser.yml
index cac39d57..f8a3532e 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -65,3 +65,6 @@ archives:
   - id: linux-archives
     builds:
       - linux-builds
+
+sboms:
+  - artifacts: archive