[FEATURE REQUEST] Modify sbom workflow to push to the repo

[jesmrec]

Changes:

• Replaced the read permission for write, since we have to push

• sbom.json to be created when pushing to master. Before: in every PR, does not matter the target branch.

• sbom.json file in root folder of the current repository

• Added a step that will compare the sbom.json in master with the generated one. If they match, no push (no changes since the latest time).

Related Issues

App:

• Add changelog files for the fixed issues in folder changelog/unreleased. More info here
• Add feature to Release Notes in ReleaseNotesViewModel.kt creating a new ReleaseNote() with String resources (if required)

---

QA

[Copilot]

Pull Request Overview

This PR updates the SBOM workflow to generate and push an sbom.json file only on pushes to the default branches, comparing it against the current master to avoid redundant commits.

• Switched from pull_request to push triggers on master and main, and updated permissions to write.
• Generates, cleans, and compares the SBOM JSON against the default branch, committing only if changes are detected.
• Moves the SBOM into the repo root and streamlines the workflow steps.

Comments suppressed due to low confidence (2)

.github/workflows/sbom.yml:20

• The comment states you need the full repository history, but the checkout step lacks fetch-depth: 0. Add fetch-depth: 0 under with: to ensure all commits are fetched for diff operations.

        uses: actions/checkout@v4

.github/workflows/sbom.yml:59

• This always fetches origin/master even when running on main. To handle both branches, dynamically fetch the current branch (e.g., using ${GITHUB_REF##*/}) or fetch both origin/master and origin/main before comparison.

        run: git fetch origin master

[joragua]

Some comments here @jesmrec!

[joragua]

LGTM! 💯 Let's see if it works in master branch