From 8cea07cdab3633655ee8b1f2169af4ec9c5285e6 Mon Sep 17 00:00:00 2001
From: jayudey <jay.udey@workiva.com>
Date: Thu, 4 Apr 2024 16:40:25 -0500
Subject: [PATCH 1/2] include sbom

---
 .github/workflows/ci.yaml      |  6 ++++++
 .github/workflows/publish.yaml | 15 ---------------
 2 files changed, 6 insertions(+), 15 deletions(-)
 delete mode 100644 .github/workflows/publish.yaml

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 5f5555d..8580a2f 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -37,3 +37,9 @@ jobs:
       - name: Check dependencies
         run: dart run dependency_validator
         if: always() && steps.install.outcome == 'success'
+
+      - uses: anchore/sbom-action@v0
+        if: ${{ matrix.sdk == '2.19.6' && matrix.os == 'ubuntu' }}
+        with:
+          path: ./
+          format: cyclonedx-json
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
deleted file mode 100644
index 8fb0469..0000000
--- a/.github/workflows/publish.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-name: Publish to pub.dev
-
-on:
-  push:
-    tags:
-      # Releases
-      - '[0-9]+.[0-9]+.[0-9]+'
-      # Release Candidates
-      - '[0-9]+.[0-9]+.[0-9]+-rc[0-9]+'
-
-jobs:
-  publish:
-    permissions:
-      id-token: write # Required for authentication using OIDC
-    uses: dart-lang/setup-dart/.github/workflows/publish.yml@v1

From ccb66d52197ea382e0e2ee6d82f4056400318b8a Mon Sep 17 00:00:00 2001
From: jayudey <jay.udey@workiva.com>
Date: Thu, 4 Apr 2024 16:42:10 -0500
Subject: [PATCH 2/2] run on tag as well

---
 .github/workflows/ci.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
index 8580a2f..236a0c5 100644
--- a/.github/workflows/ci.yaml
+++ b/.github/workflows/ci.yaml
@@ -5,6 +5,8 @@ on:
     branches:
       - 'master'
       - 'test_consume_*'
+    tags:
+      - "**"
   pull_request:
     branches:
       - '**'