From 75080b9fe0105a08695bd294530647b9e4801b68 Mon Sep 17 00:00:00 2001
From: Amaury Chamayou <amchamay@microsoft.com>
Date: Wed, 3 Jul 2024 15:35:24 +0000
Subject: [PATCH] sbom

---
 .github/workflows/release.yml | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index a5710bb6cc65..32161cf3473c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -12,6 +12,32 @@ permissions:
   checks: write
 
 jobs:
+  make_sbom:
+    name: SBOM Generation
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: "Install SBOM tool"
+        run: |
+          set -ex
+          curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool
+          chmod +x sbom-tool
+        shell: bash
+      - name: "Produce SBOM"
+        run: |
+          set -ex
+          CCF_VERSION=${{ github.ref_name }}
+          CCF_VERSION=${CCF_VERSION#ccf-}
+          ./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION
+        shell: bash
+      - name: "Upload SBOM"
+        uses: actions/upload-artifact@v4
+        with:
+          name: manifest
+          path: _manifest/spdx_2.2/*
+
   release_notes:
     name: Release Notes
     runs-on: ubuntu-latest