feat(bom): import rebar_sbom for generating bom files

.gitignore

@@ -69,3 +69,4 @@ apps/emqx/test/emqx_static_checks_data/master.bpapi
 *.conf.rendered
 lux_logs/
 /.prepare
+bom.json

rebar.config

@@ -87,4 +87,9 @@
   emqx_exproto_pb % generated code for protobuf
 ]}.
 
-{project_plugins, [erlfmt, {rebar3_hex, "7.0.2"}]}.
+{project_plugins,
+  [ erlfmt,
+    {rebar3_hex, "7.0.2"},
+    {rebar3_sbom,
+      {git, "https://github.com/emqx/rebar3_sbom.git", {tag, "v0.6.1-1"}}}
+]}.

scripts/pre-compile.sh

@@ -21,3 +21,4 @@ cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")/.."
 ./scripts/get-dashboard.sh "$dashboard_version"
 ./scripts/merge-config.escript
 ./scripts/merge-i18n.escript
+./scripts/update-bom.sh "$PROFILE_STR" ./rel

scripts/update-bom.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+[[ -n "$WITHOUT_UPDATE_BOM" ]] && exit 0
+
+set -euo pipefail
+
+PROFILE="$1"
+REL_DIR="$2"
+
+./rebar3 as "$PROFILE" sbom -f -o "$REL_DIR/bom.json"
+