From a7180c7e56ecb309c954a53cac65223786a09aed Mon Sep 17 00:00:00 2001
From: Jan Gottschick <han.gottschick@fokus.fraunhofer.de>
Date: Fri, 3 May 2024 10:16:15 +0200
Subject: [PATCH] * SBOM using CycloneDX directly

---
 .github/workflows/releaser.yml | 7 +++++--
 .goreleaser.yaml               | 7 -------
 core/version                   | 2 +-
 3 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/releaser.yml b/.github/workflows/releaser.yml
index c377f10..43b3eba 100644
--- a/.github/workflows/releaser.yml
+++ b/.github/workflows/releaser.yml
@@ -15,6 +15,11 @@ jobs:
   release:
     runs-on: ubuntu-latest
     steps:
+      - name: Generate SBOM
+        uses: CycloneDX/gh-gomod-generate-sbom@v2
+        with:
+          version: v1
+          args: mod -licenses -json -output bom.json
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
@@ -26,8 +31,6 @@ jobs:
         run: |
           go install golang.org/x/tools/cmd/goimports@latest
           go install github.com/a-h/templ/cmd/templ@latest
-          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
-          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh | sh -s -- -b /usr/local/bin
       - name: Templ
         run: templ generate web/pages/*.templ
       - uses: goreleaser/goreleaser-action@v5
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index ffa7cc2..02bb018 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -34,10 +34,3 @@ changelog:
     exclude:
       - '^docs:'
       - '^test:'
-
-sboms:
-  - documents:
-      - "{{ .ProjectName }}.cdx.sbom"
-    artifacts: source
-    cmd: cyclonedx-gomod
-    args: ["app",  "-json", "-output", "$document", "$artifact"]
\ No newline at end of file
diff --git a/core/version b/core/version
index a53741c..967b33f 100644
--- a/core/version
+++ b/core/version
@@ -1 +1 @@
-0.2.6
\ No newline at end of file
+0.2.7
\ No newline at end of file