From c78ee0fb3e90f68e0c015d28047064da35bf9e48 Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Sun, 9 Jun 2024 09:28:13 -0500
Subject: [PATCH] Generate an SBOM signature

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 .github/workflows/release.yml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 110ed78..c69b4a2 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,7 +48,20 @@ jobs:
           set -euo pipefail
           echo "hashes=$(sha256sum ./rsd | base64 -w0)" >> "$GITHUB_OUTPUT"
       - name: Generate SBOM via Syft
+        id: sbom
         uses: anchore/sbom-action@e8d2a6937ecead383dfe75190d104edd1f9c5751
+        with:
+          output-file: ${{ github.workspace }}/rsd-sbom.spdx
+      - name: Generate SBOM signature
+        id: sbom_signature
+        run: |
+          set -euo pipefail
+          echo "sbom_signature=$(sha256sum ${{ github.workspace }}/rsd-sbom.spdx | base64 -w0)" >> "$GITHUB_OUTPUT"
+      - name: Upload SBOM signature to release
+        run: |
+          set -euo pipefail
+          echo ${{ steps.sbom_signature.outputs.sbom_signature }} > rsd-sbom.sig
+          gh release upload ${{ github.ref_name }} rsd-sbom.sig
   provenance:
     needs:
       - build