fix SBOM

.gitea/workflows/docker-builder.yml

@@ -217,9 +217,21 @@ jobs:
 
 
 
+      - name: Install syft
+        run: |
+          curl -sSfL https://raw.githubusercontent.com/anchore/syft/main/install.sh \
+            | sh -s -- -b /usr/local/bin
+
       - name: Generate SBOM
         run: |
-          docker sbom ${IMAGE_NAME}:edge > sbom.spdx.json || true
+          syft ${IMAGE_NAME}:${VERSION} -o spdx-json > sbom.spdx.json
+      
+      - name: Upload SBOM
+        uses: actions/upload-artifact@v3
+        with:
+          name: sbom
+          path: sbom.spdx.json
+
       
       - name: Sign image
         run: cosign sign --key ${{ secrets.COSIGN_KEY }} ${IMAGE_NAME}:v${VERSION}