From a08929d6f8c9fb4909e3cb6cd7d934f9cf405523 Mon Sep 17 00:00:00 2001
From: Luca Comellini <luca.com@gmail.com>
Date: Tue, 28 Jun 2022 20:57:52 -0700
Subject: [PATCH] Add SBOMs to release

---
 .github/workflows/ci.yml |  3 +++
 .goreleaser.yml          | 16 +++++++++++++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 82f0011236..3f4049e120 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -323,6 +323,9 @@ jobs:
               console.log(`Release notes: ${update.data.body}`)
         if: startsWith(github.ref, 'refs/tags/')
 
+      - name: Download Syft
+        uses: anchore/sbom-action/download-syft@v0.11.0
+
       - name: Build binaries
         uses: goreleaser/goreleaser-action@v3
         with:
diff --git a/.goreleaser.yml b/.goreleaser.yml
index b98f699c31..3b74cb119f 100644
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,5 +1,6 @@
 env:
   - CGO_ENABLED=0
+
 builds:
   - id: kubernetes-ingress
     goos:
@@ -40,14 +41,23 @@ builds:
     binary: nginx-ingress
     tags:
       - aws
+
 archives:
   - id: kubernetes-ingress
     format: binary
     builds: [kubernetes-ingress]
-  - id: aws
-    format: binary
-    builds: [aws]
+
 changelog:
   skip: true
+
+checksum:
+  name_template: 'checksums.txt'
+
+sboms:
+  - artifacts: binary
+    ids: [kubernetes-ingress]
+
 release:
   ids: [kubernetes-ingress]
+  extra_files:
+    - glob: ./dist/**.sbom