[DOP-25348] Generate SBOM during release

Author: dolfinus

.github/workflows/release.yaml

@@ -66,6 +66,11 @@ jobs:
       - name: Publish package
         uses: pypa/gh-action-pypi-publish@release/v1
 
+      - name: Generate SBOM
+        run: |
+          pip install cyclonedx-bom
+          cyclonedx-py poetry --extras server,scheduler,worker --without dev,test,docs > sbom.spdx.json
+
       - name: Get changelog
         run: |
           cat docs/changelog/$GITHUB_REF_NAME.rst > changelog.rst
@@ -124,3 +129,4 @@ jobs:
             dist/*.tar.gz
             dist/*.whl
             docs/_static/openapi.json
+            sbom.spdx.json

.github/workflows/scheduler_docker_image.yml

@@ -87,6 +87,7 @@ jobs:
           cache-from: mtsrus/syncmaster-scheduler:develop
           platforms: ${{ env.PLATFORMS }}
           provenance: mode=max
+          sbom: true
 
       - name: Convert README to Markdown
         uses: docker://pandoc/core:2.9

.github/workflows/server_docker_image.yml

@@ -87,6 +87,7 @@ jobs:
           cache-from: mtsrus/syncmaster-server:develop
           platforms: ${{ env.PLATFORMS }}
           provenance: mode=max
+          sbom: true
 
       - name: Convert README to Markdown
         uses: docker://pandoc/core:2.9

.github/workflows/worker_docker_image.yml

@@ -87,6 +87,7 @@ jobs:
           cache-from: mtsrus/syncmaster-worker:develop
           platforms: ${{ env.PLATFORMS }}
           provenance: mode=max
+          sbom: true
 
       - name: Convert README to Markdown
         uses: docker://pandoc/core:2.9