From 12fb858d56048052adb724cd606c1e7227f871ff Mon Sep 17 00:00:00 2001
From: Ray Walker <ray@27b.io>
Date: Sat, 6 Jun 2026 14:56:14 +1000
Subject: [PATCH] ci: gitignore generated sbom.cdx.json so cargo publish sees a
 clean tree

The release workflow's "Generate SBOM" step writes sbom.cdx.json into the
repo root before "Publish to crates.io". `cargo publish` refuses to publish
from a dirty working tree ("files in the working directory contain changes
not yet committed: sbom.cdx.json"). Earlier publish runs never reached this
step (they failed during Sigstore attestation), so it only surfaced once the
publish job moved to a hosted runner. Ignoring the generated artifact keeps
the tree clean while preserving the dirty-check for everything else.
---
 .gitignore | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.gitignore b/.gitignore
index 3c56b62..a191e5a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,6 +4,11 @@
 # Generated files (keep .gitkeep but ignore generated header)
 include/cachekit.h
 
+# CI release artifact: SBOM is generated in the release workflow before
+# `cargo publish`. Ignoring it keeps the working tree clean so cargo publish
+# (which refuses a dirty tree) doesn't fail on it.
+/sbom.cdx.json
+
 # Editor files
 *.swp
 *.swo