Store SBOMs in a better place (#153)

Add the generated SBOM to the release page Remove uploading of SBOMs to artifacts during the build process
mostafa · Aug 11, 2022 · 2fdfc2f · 2fdfc2f
1 parent f2bd747
commit 2fdfc2f
Showing 1 changed file with 4 additions and 10 deletions.
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -38,18 +38,12 @@ jobs:
           go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
           cyclonedx-gomod mod -json -licenses -output cyclonedx-xk6-kafka-${{ github.ref_name }}.json
 
-      - name: Upload CycloneDX SBOM artifact for go.mod 💾
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        uses: actions/upload-artifact@v3
-        with:
-          name: cyclonedx-xk6-kafka-${{ github.ref_name }}.json
-          path:
-            cyclonedx-xk6-kafka-${{ github.ref_name }}.json
-
-      - name: Create Release 📦
+      - name: Create Release 📦 and add binaries and SBOM files 💾
         uses: softprops/action-gh-release@v1
         with:
-          files: dist/*.tar.gz
+          files: |
+            dist/*.tar.gz
+            cyclonedx-xk6-kafka-${{ github.ref_name }}.json
 
       - name: Docker meta 📝
         id: meta