From a51459fd1bdab80cace3921a101fc0dab389b9b5 Mon Sep 17 00:00:00 2001
From: Gabor Koos <gabor.koos@gmail.com>
Date: Fri, 29 May 2026 16:22:03 +0100
Subject: [PATCH 1/2] fix(ci): upload SBOM as release asset via explicit
 softprops step

---
 .github/workflows/publish.yml | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
index eb57b4d..acd0b83 100644
--- a/.github/workflows/publish.yml
+++ b/.github/workflows/publish.yml
@@ -95,7 +95,14 @@ jobs:
         with:
           format: spdx-json
           output-file: sbom.spdx.json
-          upload-release-assets: true
+          upload-release-assets: false
+          upload-artifact: false
+
+      - name: Upload SBOM to release
+        uses: softprops/action-gh-release@b4309332981a82ec1c5618f44dd2e27cc8bfbfda # v3
+        with:
+          tag_name: v${{ steps.package.outputs.version }}
+          files: sbom.spdx.json
 
       - name: Announce release to Discord
         run: |

From c7f13b332854f7ca58687215cf47605c3b47a101 Mon Sep 17 00:00:00 2001
From: Gabor Koos <gabor.koos@gmail.com>
Date: Fri, 29 May 2026 16:25:01 +0100
Subject: [PATCH 2/2] chore: bump changeset

---
 .changeset/bold-falcons-sniff.md | 7 +++++++
 1 file changed, 7 insertions(+)
 create mode 100644 .changeset/bold-falcons-sniff.md

diff --git a/.changeset/bold-falcons-sniff.md b/.changeset/bold-falcons-sniff.md
new file mode 100644
index 0000000..ef70691
--- /dev/null
+++ b/.changeset/bold-falcons-sniff.md
@@ -0,0 +1,7 @@
+---
+'@fetchkit/ffetch': patch
+---
+
+Fixed
+
+- SBOM attachment to GitHub release assets