ci: add SBOM generation

[alegrey91]

PR Type:

Enhancement

---

PR Description:

This PR introduces the generation of Software Bill of Materials (SBOM) as part of the continuous integration (CI) process. The change is reflected in the 'pr-merged.yaml' workflow file, where the workflow now uses a new branch 'feat/add-sbom-creation' that presumably contains the necessary steps for SBOM creation.

---

PR Main Files Walkthrough:

files:

.github/workflows/pr-merged.yaml: The workflow file has been updated to use a new branch 'feat/add-sbom-creation' for the 'pr-merged' job. This suggests that the SBOM creation steps are included in this new branch.

---

User Description:

Overview

Closes: #165

[codiumai-pr-agent-free[bot]]

PR Analysis

• 🎯 Main theme: This PR introduces the generation of Software Bill of Materials (SBOM) as part of the continuous integration (CI) process.
• 📝 PR summary: The PR modifies the 'pr-merged.yaml' workflow file to use a new branch 'feat/add-sbom-creation' for the 'pr-merged' job. This suggests that the SBOM creation steps are included in this new branch.
• 📌 Type of PR: Enhancement
• 🧪 Relevant tests added: No
• ⏱️ Estimated effort to review [1-5]: 2, because the PR is straightforward and only changes the branch used in a workflow file.
• 🔒 Security concerns: No security concerns found

PR Feedback

• 💡 General suggestions: It would be beneficial to include a brief explanation or documentation about the SBOM generation process in the PR description. This would help reviewers understand the changes better.

• 🤖 Code feedback:
  • relevant file: .github/workflows/pr-merged.yaml suggestion: Consider using a tag or commit hash instead of a branch name to reference the workflow file. This would ensure that the workflow does not break if the branch is deleted or modified. [important] relevant line: uses: kubescape/workflows/.github/workflows/incluster-comp-pr-merged.yaml@feat/add-sbom-creation

How to use

To invoke the PR-Agent, add a comment using one of the following commands: /review [-i]: Request a review of your Pull Request. For an incremental review, which only considers changes since the last review, include the '-i' option. /describe: Modify the PR title and description based on the contents of the PR. /improve [--extended]: Suggest improvements to the code in the PR. Extended mode employs several calls, and provides a more thorough feedback. /ask <QUESTION>: Pose a question about the PR. /update_changelog: Update the changelog based on the PR's contents.

To edit any configuration parameter from configuration.toml, add --config_path=new_value For example: /review --pr_reviewer.extra_instructions="focus on the file: ..." To list the possible configuration parameters, use the /config command.