From 9d0e58ed92da13937f91a87ab763bc9f5e303496 Mon Sep 17 00:00:00 2001
From: nscuro <nscuro@protonmail.com>
Date: Mon, 11 Apr 2022 20:01:02 +0200
Subject: [PATCH] build(goreleaser): use native sboms feature

Signed-off-by: nscuro <nscuro@protonmail.com>
---
 .github/workflows/goreleaser.yml |  3 +-
 .goreleaser.yml                  | 58 +++++++++++++++++++-------------
 2 files changed, 36 insertions(+), 25 deletions(-)

diff --git a/.github/workflows/goreleaser.yml b/.github/workflows/goreleaser.yml
index e5ed896..2cfca0e 100644
--- a/.github/workflows/goreleaser.yml
+++ b/.github/workflows/goreleaser.yml
@@ -23,11 +23,10 @@ jobs:
       with:
         go-version: "1.17"
         check-latest: true
-    - name: Generate SBOM
+    - name: Install cyclonedx-gomod
       uses: CycloneDX/gh-gomod-generate-sbom@v1
       with:
         version: v1
-        args: mod -licenses -json -output bom.json -type library -verbose
     - name: Run GoReleaser
       uses: goreleaser/goreleaser-action@v2
       with:
diff --git a/.goreleaser.yml b/.goreleaser.yml
index ceae16d..79751f9 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,32 +1,44 @@
 builds:
-  # This is a library project, we don't want to build any binaries.
-  # Building and testing is performed in the CI workflow
-  - skip: true
+# This is a library project, we don't want to build any binaries.
+# Building and testing is performed in the CI workflow
+- skip: true
+
 release:
-  extra_files:
-    - glob: ./bom.json
+  prerelease: auto
+
+source:
+  enabled: true
+
+sboms:
+- artifacts: source
+  documents:
+  - "${artifact}.cdx.sbom"
+  cmd: cyclonedx-gomod
+  args: [ "mod", "-licenses", "-json", "-output", "$document", "./.." ]
+
 milestones:
-  - name_template: "{{ .Tag }}"
-    close: true
+- name_template: "{{ .Tag }}"
+  close: true
+
 changelog:
   use: github
   sort: asc
   groups:
-    - title: Features
-      regexp: "^.*feat[(\\w)]*:+.*$"
-      order: 0
-    - title: Fixes
-      regexp: "^.*fix[(\\w)]*:+.*$"
-      order: 1
-    - title: Building and Packaging
-      regexp: "^.*build[(\\w)]*:+.*$"
-      order: 2
-    - title: Documentation
-      regexp: "^.*docs[(\\w)]*:+.*$"
-      order: 3
-    - title: Others
-      order: 999
+  - title: Features
+    regexp: "^.*feat[(\\w)]*:+.*$"
+    order: 0
+  - title: Fixes
+    regexp: "^.*fix[(\\w)]*:+.*$"
+    order: 1
+  - title: Building and Packaging
+    regexp: "^.*build[(\\w)]*:+.*$"
+    order: 2
+  - title: Documentation
+    regexp: "^.*docs[(\\w)]*:+.*$"
+    order: 3
+  - title: Others
+    order: 999
   filters:
     exclude:
-      - '^test:'
-      - '^Merge '
\ No newline at end of file
+    - '^test:'
+    - '^Merge '
\ No newline at end of file