Add sbom file and remove external libraries (#13859)

Author: Siedlerchr

.github/workflows/sbom-pr.yml

@@ -0,0 +1,64 @@
+name: Update SBOM and open PR
+
+on:
+  workflow_dispatch:
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  generate-and-pr:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v5
+
+      - name: Set up JDK
+        uses: actions/setup-java@v5
+        with:
+          distribution: 'corretto'
+          java-version: '24'
+          check-latest: true
+          cache: 'gradle'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Generate aggregated CycloneDX SBOM
+        run: ./gradlew cyclonedxBom
+
+      - name: Copy SBOMs to repository root
+        run: |
+          set -euo pipefail
+          src_dir="build/reports/cyclonedx"
+          if [ ! -f "$src_dir/bom.json" ] || [ ! -f "$src_dir/bom.xml" ]; then
+            echo "SBOM files not found in $src_dir" 1>&2
+            ls -la "$src_dir" || true
+            exit 1
+          fi
+          cp "$src_dir/bom.json" bom.json
+          cp "$src_dir/bom.xml"  bom.xml
+          echo "" >> bom.xml
+          echo "" >> bom.json
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v7
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: "chore(sbom): update CycloneDX SBOM files"
+          title: "[Bot] Update SBOM files"
+          body: |
+            This automated PR updates the aggregated CycloneDX SBOM files (bom.json and bom.xml) in the repository root.
+
+            Generated via Gradle task `cyclonedxBom` using the org.cyclonedx.bom plugin configured in the build.
+          branch: chore/update-sbom
+          delete-branch: true
+          labels: "dev: dependencies""
+          add-paths: |
+            bom.json
+            bom.xml