Replace Sbom and bombon with tom-bombadil flake (#4448)

* Replace Sbom and bombon with tom-bombadil flake

Delete now unused files and expressions.

* Add changelog entry

Author: supersven

.gitignore

@@ -102,3 +102,6 @@ services/nginz/third_party/nginx-module-vts
 
 # dumped out by running tests in kind
 logs-integration
+
+# BOM file - https://github.com/wireapp/tom-bombadil
+sbom.json

Makefile

@@ -589,16 +589,18 @@ kind-restart-%: .local/kind-kubeconfig
 helm-template-%: clean-charts charts-integration
 	./hack/bin/helm-template.sh $(*)
 
+sbom.json:
+	nix -Lv build -f nix wireServer.bomDependencies && \
+	nix run 'github:wireapp/tom-bombadil#create-sbom' -- --root-package-name "wire-server"
+
 # Ask the security team for the `DEPENDENCY_TRACK_API_KEY` (if you need it)
-# changing the directory is necessary because of some quirkiness of how
-# runhaskell / ghci behaves (it doesn't find modules that aren't in the same
-# directory as the script that is being executed)
 .PHONY: upload-bombon
-upload-bombon:
-	cd ./hack/bin && ./bombon.hs -- \
+upload-bombon: sbom.json
+	nix run 'github:wireapp/tom-bombadil#upload-bom' -- \
+		--project-name "wire-server"  \
 		--project-version $(HELM_SEMVER) \
-		--api-key $(DEPENDENCY_TRACK_API_KEY) \
-		--auto-create
+		--auto-create \
+		--bom-file ./sbom.json
 
 .PHONY: openapi-validate
 openapi-validate:

changelog.d/5-internal/use-tom-bombadil

@@ -0,0 +1 @@
+Use Nix flake (tom-bombadil) to create and upload SBOM files in CI.