From 8a9b575fd83d8d9c1e42c12a107e61b09fb89496 Mon Sep 17 00:00:00 2001
From: "Luis Gustavo S. Barreto" <gustavo@ossystems.com.br>
Date: Wed, 8 Apr 2026 16:31:13 -0300
Subject: [PATCH] fix(ci): prevent SBOM artifact name collision in releases

The sbom-action was configured with artifact-name: "" which
does not disable artifact upload but instead generates an
auto-incremented name. When matrix jobs run in parallel,
these names collide causing a 409 Conflict error.

Replace with upload-artifact: false since a dedicated
upload-artifact step with unique per-project names already
handles the upload.
---
 .github/workflows/build-agent.yml    | 4 ++--
 .github/workflows/docker-publish.yml | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/build-agent.yml b/.github/workflows/build-agent.yml
index 8f522ac8ae3..b69bb13f9a8 100644
--- a/.github/workflows/build-agent.yml
+++ b/.github/workflows/build-agent.yml
@@ -123,7 +123,7 @@ jobs:
           image: shellhubio/agent:${{ env.RELEASE_VERSION }}
           format: cyclonedx-json
           output-file: sbom-agent-${{ env.RELEASE_VERSION }}.cdx.json
-          artifact-name: ""
+          upload-artifact: false
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v7
@@ -220,7 +220,7 @@ jobs:
           path: ./agent
           format: cyclonedx-json
           output-file: sbom-agent-source-${{ env.RELEASE_VERSION }}.cdx.json
-          artifact-name: ""
+          upload-artifact: false
 
       - name: Upload source SBOM artifact
         uses: actions/upload-artifact@v7
diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml
index 693ed14b5de..39d645ecef6 100644
--- a/.github/workflows/docker-publish.yml
+++ b/.github/workflows/docker-publish.yml
@@ -48,7 +48,7 @@ jobs:
           image: shellhubio/${{ matrix.project }}:${{ env.RELEASE_VERSION }}
           format: cyclonedx-json
           output-file: sbom-${{ matrix.project }}-${{ env.RELEASE_VERSION }}.cdx.json
-          artifact-name: ""
+          upload-artifact: false
 
       - name: Generate SBOM for '${{ matrix.project }}' source
         uses: anchore/sbom-action@v0
@@ -56,7 +56,7 @@ jobs:
           path: ${{ matrix.project }}
           format: cyclonedx-json
           output-file: sbom-${{ matrix.project }}-source-${{ env.RELEASE_VERSION }}.cdx.json
-          artifact-name: ""
+          upload-artifact: false
 
       - name: Upload SBOM artifacts
         uses: actions/upload-artifact@v7
@@ -128,7 +128,7 @@ jobs:
           image: registry.infra.ossystems.io/shellhub/api-enterprise:${{ env.RELEASE_VERSION }}
           format: cyclonedx-json
           output-file: sbom-api-enterprise-${{ env.RELEASE_VERSION }}.cdx.json
-          artifact-name: ""
+          upload-artifact: false
 
       - name: Upload SBOM artifact
         uses: actions/upload-artifact@v7