From 43302fff1d2f4332ff9d53f993032fecb0fbca5c Mon Sep 17 00:00:00 2001
From: Pi-Farm <info@pi-farm.de>
Date: Mon, 9 Feb 2026 17:56:09 +0100
Subject: [PATCH] fix SBOM

---
 .gitea/workflows/docker-builder.yml | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/.gitea/workflows/docker-builder.yml b/.gitea/workflows/docker-builder.yml
index 9989486..3539613 100644
--- a/.gitea/workflows/docker-builder.yml
+++ b/.gitea/workflows/docker-builder.yml
@@ -217,9 +217,21 @@ jobs:
 
 
 
+      - name: Install syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \
+            | sh -s -- -b /usr/local/bin
+
       - name: Generate SBOM
         run: |
-          docker sbom ${IMAGE_NAME}:edge > sbom.spdx.json || true
+          syft ${IMAGE_NAME}:${VERSION} -o spdx-json > sbom.spdx.json
+      
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v3
+        with:
+          name: sbom
+          path: sbom.spdx.json
+
       
       - name: Sign image
         run: cosign sign --key ${{ secrets.COSIGN_KEY }} ${IMAGE_NAME}:v${VERSION}