From 4b03d83858ce092eb533b249b326bc010e6fd81b Mon Sep 17 00:00:00 2001
From: "maximilian.schubert@telekom.de" <maximilian.schubert@telekom.de>
Date: Fri, 3 Jan 2025 12:29:35 +0100
Subject: [PATCH] ci: install syft bin & add source sbom gen

---
 .github/workflows/ci.yml | 3 +++
 .goreleaser.yaml         | 5 ++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 740a5b56..9ac9eee1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -20,6 +20,9 @@ jobs:
         uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
+      
+      - name: install syft
+        uses: anchore/sbom-action/download-syft@v0.17.9
 
       - name: Build snapshot artifacts
         uses: goreleaser/goreleaser-action@v6
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 8caed6de..da489e03 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -41,4 +41,7 @@ nfpms:
       - rpm
       - apk
 sboms:
-  - artifacts: archive
+  - id: archive
+    artifacts: archive
+  - id: source
+    artifacts: source