From 166b7aea1c90345c58930b810a1d46e5bb631037 Mon Sep 17 00:00:00 2001
From: danjov <daniel.jovanovic@geowerkstatt.ch>
Date: Fri, 8 Nov 2024 17:29:20 +0100
Subject: [PATCH] Use separate action for creating the SBOM file

---
 .github/workflows/pre-release.yml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/pre-release.yml b/.github/workflows/pre-release.yml
index b77a686..24f2732 100644
--- a/.github/workflows/pre-release.yml
+++ b/.github/workflows/pre-release.yml
@@ -77,15 +77,19 @@ jobs:
           subject-digest: ${{ steps.push.outputs.digest }}
           push-to-registry: true
 
-      - name: Extract SBOM in SPDX format
-        run: docker buildx imagetools inspect ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} --format "{{ json .SBOM.SPDX }}" > sbom.spdx.json
+      - name: Generate SBOM file
+        uses: anchore/sbom-action@v0
+        with:
+          image: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:edge
+          format: 'cyclonedx-json'
+          output-file: 'sbom.cyclonedx.json'
 
       - name: Generate SBOM attestation
         uses: actions/attest-sbom@v1
         with:
           subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           subject-digest: ${{ steps.push.outputs.digest }}
-          sbom-path: 'sbom.spdx.json'
+          sbom-path: 'sbom.cyclonedx.json'
           push-to-registry: true
 
       - name: Create GitHub pre-release