From 8a0081ad1e3daa2a0932797caca0635405b834e0 Mon Sep 17 00:00:00 2001
From: Simon Cornet <simon@simoncor.net>
Date: Thu, 24 Apr 2025 09:55:49 +0200
Subject: [PATCH] fix(ci): generate sbom after release

---
 .github/workflows/release.yml | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index c0100b9..90fe946 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -28,12 +28,6 @@ jobs:
       - name: "install syft"
         uses: "anchore/sbom-action/download-syft@v0"
 
-      # generate sbom
-      - name: "generate sbom"
-        run: |
-          syft . -o spdx-json=sbom.spdx.json
-          syft . -o cyclonedx-json=sbom.cyclonedx.json
-
       # run goreleaser
       - name: "run goreleaser"
         uses: "goreleaser/goreleaser-action@v6"
@@ -43,6 +37,12 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GORELEASER_GITHUB_TOKEN }}
 
+      # generate sbom
+      - name: "generate sbom"
+        run: |
+          syft go.mod -o spdx-json=sbom.spdx.json
+          syft go.mod -o cyclonedx-json=sbom.cyclonedx.json
+
       # upload sbom to release
       - name: "upload sbom to release"
         uses: "softprops/action-gh-release@v1"