From dd3cc78b2c4c0daa9526c822cd3164801fa98e1c Mon Sep 17 00:00:00 2001
From: Phillip <phillip.wirth@dataport.de>
Date: Mon, 17 Feb 2025 17:12:51 +0100
Subject: [PATCH] BC-8631 generate source SBOM (#56)

---
 .github/workflows/tag.yml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml
index b1840a49..ded3b1d7 100644
--- a/.github/workflows/tag.yml
+++ b/.github/workflows/tag.yml
@@ -50,3 +50,17 @@ jobs:
           pull: true
           tags: ${{ steps.docker_meta_img_hub.outputs.tags }}
           labels: ${{ steps.docker_meta_img_hub.outputs.labels }}
+
+  create_release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    steps:
+      - name: generate sbom via dependency-graph
+        run: gh api repos/${{ github.repository }}/dependency-graph/sbom > dependencies.sbom.json
+        env:
+          GH_TOKEN: ${{ github.token }}
+      - name: create release
+        uses: softprops/action-gh-release@v2
+        with:
+          files: dependencies.sbom.json
\ No newline at end of file