Add SBOM generation in release.yml (#131)

* Add license information for dependencies in manifest.yml file

* Update release.yml

* Remove extra line

Author: xlin7799

.github/workflows/release.yml

@@ -11,7 +11,7 @@ on:
         required: true
 
 jobs:
-  tag-commit:
+  generate-sbom-and-tag-commit:
     name: Tag commit
     runs-on: ubuntu-latest
     steps:
@@ -21,7 +21,20 @@ jobs:
           ref: ${{ github.event.inputs.commit_id }}
       - name: Configure git identity
         run: |
-            git config --global user.name "Release Workflow"
+          git config --global user.name ${{ github.actor }}
+          git config --global user.email ${{ github.actor }}@users.noreply.github.com
+      - name: create a new branch that references commit id
+        run: git checkout -b ${{ github.event.inputs.version_number }} ${{ github.event.inputs.commit_id }}
+      - name: Generate SBOM
+        uses: FreeRTOS/CI-CD-Github-Actions/sbom-generator@main
+        with:
+          repo_path: ./
+          source_path: ./source
+      - name: commit SBOM file
+        run: |
+          git add .
+          git commit -m 'Update SBOM'
+          git push -u origin ${{ github.event.inputs.version_number }}
       - name: Tag Commit and Push to remote
         run: |
           git tag ${{ github.event.inputs.version_number }} -a -m "coreHTTP Library ${{ github.event.inputs.version_number }}"

manifest.yml

@@ -1,11 +1,11 @@
 name : "coreHTTP"
 version: "v2.1.0"
-description: |
-  "Client implementation of the HTTP/1.1 specification for embedded devices.\n"
+description: "Client implementation of the HTTP/1.1 specification for embedded devices."
+license: "MIT"
 dependencies:
   - name : "llhttp"
     version: "release/v6.0.5"
+    license: "MIT"
     repository:
       type: "git"
-      url: "https://github.com/nodejs/llhttp"
-license: "MIT"
+      url: "https://github.com/nodejs/llhttp.git"