From 47827f52c9285901cecb3c71255d5688cfb79f03 Mon Sep 17 00:00:00 2001
From: Sami Alajrami <sami@kosli.com>
Date: Mon, 13 May 2024 14:11:49 +0200
Subject: [PATCH] disable uploading sbom to release (#223)

* disable uploading sbom to release

* disable uploading sbom as an artifact in ci
---
 .github/workflows/binary_provenance.yml | 2 ++
 .github/workflows/docker.yml            | 1 +
 2 files changed, 3 insertions(+)

diff --git a/.github/workflows/binary_provenance.yml b/.github/workflows/binary_provenance.yml
index e5d099a12..a297ad177 100644
--- a/.github/workflows/binary_provenance.yml
+++ b/.github/workflows/binary_provenance.yml
@@ -67,6 +67,8 @@ jobs:
             file: ${{matrix.artifact.path}}
             format: 'spdx-json'
             output-file: '${{matrix.artifact.template_name}}-sbom.spdx.json'
+            upload-artifact: false
+            upload-release-assets: false
         
         - name: Publish SBOM
           uses: anchore/sbom-action/publish-sbom@v0
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 787540bea..6ce9c3609 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -111,6 +111,7 @@ jobs:
         image: ${{ env.IMAGE }}:${{ inputs.tag }}
         format: 'spdx-json'
         output-file: 'sbom.spdx.json'
+        upload-artifact: false
 
 
     - name: Attest SBOM to Github