From 334d1e855f1f0be68babba937b29a6edd643fbfa Mon Sep 17 00:00:00 2001
From: Scott Leggett <scott@sl.id.au>
Date: Wed, 14 May 2025 10:52:21 +0800
Subject: [PATCH] fix: authenticate the SBOM step

---
 .github/workflows/release.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
index 2d452c6..72f070f 100644
--- a/.github/workflows/release.yaml
+++ b/.github/workflows/release.yaml
@@ -51,6 +51,8 @@ jobs:
           -H "Accept: application/vnd.github+json" \
           -H "X-GitHub-Api-Version: 2022-11-28" \
           /repos/${{ github.repository }}/dependency-graph/sbom > sbom.spdx.json
+      env:
+        GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     - uses: goreleaser/goreleaser-action@9c156ee8a17a598857849441385a2041ef570552 # v6.3.0
       id: goreleaser
       with: