From 6f2f2b6f389882274b05e3774dea5577fc334878 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Thu, 24 Apr 2025 10:05:55 +0200
Subject: [PATCH] feat(ci): include project name and version in sbom filename

---
 .github/workflows/release.yml | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 90fe946..7e84448 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -40,15 +40,17 @@ jobs:
       # generate sbom
       - name: "generate sbom"
         run: |
-          syft go.mod -o spdx-json=sbom.spdx.json
-          syft go.mod -o cyclonedx-json=sbom.cyclonedx.json
+          APP_NAME="gogitlabber"
+          VERSION=${GITHUB_REF#refs/tags/}
+          syft go.mod -o spdx-json=${APP_NAME}_${VERSION}_sbom.spdx.json
+          syft go.mod -o cyclonedx-json=${APP_NAME}_${VERSION}_sbom.cyclonedx.json
 
       # upload sbom to release
       - name: "upload sbom to release"
         uses: "softprops/action-gh-release@v1"
         with:
           files: |
-            sbom.spdx.json
-            sbom.cyclonedx.json
+            gogitlabber_*_sbom.spdx.json
+            gogitlabber_*_sbom.cyclonedx.json
         env:
           GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}