From abed40f4a572b047c72577757f664169af0000cb Mon Sep 17 00:00:00 2001
From: Erich Smith <heartquest@gmail.com>
Date: Wed, 17 Dec 2025 13:05:32 -0500
Subject: [PATCH 1/2] Fix goreleaser step ordering

---
 .github/workflows/release.yml | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 30d2d67..88f90d6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -64,13 +64,6 @@ jobs:
       - name: Install Syft
         uses: anchore/sbom-action/download-syft@43a17d6e7add2b5535efe4dcae9952337c479a93 # v0.20.11
 
-      - name: Generate Source SBOM
-        run: |
-          VERSION_NUM=${{ needs.check-release.outputs.tag_name }}
-          VERSION_NUM=${VERSION_NUM#v}
-          # Generate SBOM from source (includes go.mod dependencies)
-          syft dir:. --output "cyclonedx-json=dashlights_${VERSION_NUM}_source.sbom.json"
-
       - name: Run GoReleaser
         uses: goreleaser/goreleaser-action@e435ccd777264be153ace6237001ef4d979d3a7a # v6
         with:
@@ -80,12 +73,14 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Upload Source SBOM
+      - name: Generate and Upload Source SBOM
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           VERSION=${{ needs.check-release.outputs.tag_name }}
           VERSION_NUM=${VERSION#v}
+          # Generate SBOM from source (includes go.mod dependencies)
+          syft dir:. --output "cyclonedx-json=dashlights_${VERSION_NUM}_source.sbom.json"
           gh release upload "$VERSION" "dashlights_${VERSION_NUM}_source.sbom.json" --clobber
 
   # Build, sign, and notarize macOS binaries separately

From d75257d0c88f2782047a8e6a4f132fc58a8bc51b Mon Sep 17 00:00:00 2001
From: Erich Smith <heartquest@gmail.com>
Date: Wed, 17 Dec 2025 13:13:20 -0500
Subject: [PATCH 2/2] Update CHANGELOG for v1.0.7-slsa-2

---
 CHANGELOG.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index e013e52..9f60854 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.0.7-slsa-2] - 2025-12-17
+
+### Fixed
+- Corrected the order of steps in the release process to ensure proper packaging and deployment
+
+
 ## [1.0.7-slsa] - 2025-12-17
 
 ### Changed