From 7cf83d002b729d7b3e47c6f26fe5edfaf7fd3d23 Mon Sep 17 00:00:00 2001
From: Martin Ghazaryan <martin_ghazaryan@epam.com>
Date: Sun, 9 Jun 2024 13:01:23 +0400
Subject: [PATCH] artifact config changed

---
 .github/workflows/build.yml | 21 ++++++++++++---------
 1 file changed, 12 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
index 78f8f0c..c6d0f4a 100644
--- a/.github/workflows/build.yml
+++ b/.github/workflows/build.yml
@@ -27,18 +27,21 @@ jobs:
         with:
           go-version: '1.22'
 
-      - name: Generate CycloneDX SBOM artifacts 📃
-        if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
-        run: |
-          go install github.com/CycloneDX/cyclonedx-gomod/cmd/cyclonedx-gomod@latest
-          cyclonedx-gomod mod -json -licenses -output cyclonedx-xk6-mongo-${{ github.ref_name }}.json
-      - name: Upload CycloneDX SBOM artifact for go.mod 💾
+      - name: Generate dependencies list
+        run: go list -m all > go.list
+
+      - name: Install SPDX tool
+        run: go install github.com/spdx/tools-golang/v0/cmd/rdf2v1@latest
+
+      - name: Generate SBOM
+        run: rdf2v1 -format tagvalue go.list > sbom.spdx
+
+      - name: Upload SPDX SBOM artifact for go.mod 💾
         if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags')
         uses: actions/upload-artifact@v3
         with:
-          name: cyclonedx-xk6-mongo-${{ github.ref_name }}.json
-          path:
-            cyclonedx-xk6-mongo-${{ github.ref_name }}.json
+          name: sbom.spdx
+          path: sbom.spdx
 
       - name: Create Release 📦
         uses: softprops/action-gh-release@v1