Add SBOM Generation in release.yml (#116)

* Update sbom

* Update license

.github/workflows/release.yml

@@ -45,7 +45,7 @@ jobs:
   tag-commit:
     if: ${{ ( github.event.inputs.delete_existing_tag_release == 'true' && success() )  || ( github.event.inputs.delete_existing_tag_release == 'false' && always() ) }}
     needs: clean-existing-tag-and-release
-    name: Tag commit
+    name: Generate SBOM and tag commit
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
@@ -54,7 +54,20 @@ jobs:
           ref: ${{ github.event.inputs.commit_id }}
       - name: Configure git identity
         run: |
-            git config --global user.name "Release Workflow"
+          git config --global user.name ${{ github.actor }}
+          git config --global user.email ${{ github.actor }}@users.noreply.github.com
+      - name: create a new branch that references commit id
+        run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }}
+      - name: Generate SBOM
+        uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
+        with:
+          repo_path: ./
+          source_path: ./source
+      - name: commit SBOM file
+        run: |
+          git add .
+          git commit -m 'Update SBOM'
+          git push -u origin ${{ github.event.inputs.version_number }}
       - name: Tag Commit and Push to remote
         run: |
           git tag ${{ github.event.inputs.version_number }} -a -m "coreMQTT-Agent Library ${{ github.event.inputs.version_number }}"

manifest.yml

@@ -6,13 +6,15 @@ license: "MIT"
 dependencies:
   - name : "coreMQTT"
     version: "v2.3.1"
+    license: "MIT"
     repository:
       type: "git"
       url: "https://github.com/FreeRTOS/coreMQTT/"
       path: source/dependency/coreMQTT
 
   - name: "CMock"
     version: "v2.5.3"
+    license: "MIT"
     repository:
       type: "git"
       url: " https://github.com/ThrowTheSwitch/CMock.git"