From 09d874a9d9415afca61a192467a59ba56e558c56 Mon Sep 17 00:00:00 2001
From: rolljee <n.riquelmebareiro@gmail.com>
Date: Tue, 16 Dec 2025 16:35:01 +0100
Subject: [PATCH 1/6] feat: publish sbom to dtrack

---
 .github/actions/install-packages/action.yml |  8 ++++
 .github/workflows/dtrack-sbom.workflow.yaml | 45 +++++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 .github/actions/install-packages/action.yml
 create mode 100644 .github/workflows/dtrack-sbom.workflow.yaml

diff --git a/.github/actions/install-packages/action.yml b/.github/actions/install-packages/action.yml
new file mode 100644
index 00000000..61b4ca0f
--- /dev/null
+++ b/.github/actions/install-packages/action.yml
@@ -0,0 +1,8 @@
+name: Install Packages
+description: Install necessary packages inside the CI
+
+runs:
+  using: "composite"
+  steps:
+    - run: sudo apt update && sudo apt install libunwind-dev libunwind8 -y
+      shell: bash
diff --git a/.github/workflows/dtrack-sbom.workflow.yaml b/.github/workflows/dtrack-sbom.workflow.yaml
new file mode 100644
index 00000000..b8fc4c59
--- /dev/null
+++ b/.github/workflows/dtrack-sbom.workflow.yaml
@@ -0,0 +1,45 @@
+name: Dtrack SBOM publish
+
+env:
+  NODE_VERSION: "24"
+
+on:
+  release:
+    types:
+      - released
+      - prereleased
+
+jobs:
+  publish-sbom-to-dtrack:
+    name: Publish SBOM to Dependency-Track
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout project
+        uses: actions/checkout@v4
+
+      - name: Install additional libraries
+        uses: ./.github/actions/install-packages
+
+      - name: Node version ${{ env.NODE_VERSION }}
+        uses: actions/setup-node@v4
+        with:
+          node-version: ${{ env.NODE_VERSION }}
+
+      - run: npm install
+      - name: Create SBOM with CycloneDX
+        run: npx @cyclonedx/cyclonedx-npm -o bom.xml --of=XML
+      
+      - name: Get the current project version from package.json
+        id: get-version
+        run: |
+          echo "version=$(jq -r .version package.json)" >> $GITHUB_OUTPUT
+
+      - name: Publish SBOM to Dependency-Track
+        uses: DependencyTrack/gh-upload-sbom@v3
+        with:
+          serverhostname: ${{ secrets.DEPENDENCYTRACK_HOSTNAME }}
+          apikey: ${{ secrets.DEPENDENCYTRACK_APIKEY }}
+          projectname: 'Kuzzle SDK JavaScript'
+          projectversion: '${{ steps.get-version.outputs.version }}'
+          bomfilename: "./bom.xml"
+          autocreate: true
\ No newline at end of file

From 5bcd8a5d3919000575fb7ae4c7d6aacde0e0629c Mon Sep 17 00:00:00 2001
From: Ricky <n.riquelmebareiro@gmail.com>
Date: Tue, 16 Dec 2025 16:47:56 +0100
Subject: [PATCH 2/6] Update .github/workflows/dtrack-sbom.workflow.yaml

Co-authored-by: Alexandre Bouthinon <bouthinon.alexandre@gmail.com>
---
 .github/workflows/dtrack-sbom.workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dtrack-sbom.workflow.yaml b/.github/workflows/dtrack-sbom.workflow.yaml
index b8fc4c59..7d220f00 100644
--- a/.github/workflows/dtrack-sbom.workflow.yaml
+++ b/.github/workflows/dtrack-sbom.workflow.yaml
@@ -21,7 +21,7 @@ jobs:
         uses: ./.github/actions/install-packages
 
       - name: Node version ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v4
+        uses: actions/setup-node@v6
         with:
           node-version: ${{ env.NODE_VERSION }}
 

From 76654ad6ac173b95029b729b0784d9c17887ed3f Mon Sep 17 00:00:00 2001
From: Ricky <n.riquelmebareiro@gmail.com>
Date: Tue, 16 Dec 2025 16:48:03 +0100
Subject: [PATCH 3/6] Update .github/workflows/dtrack-sbom.workflow.yaml

Co-authored-by: Alexandre Bouthinon <bouthinon.alexandre@gmail.com>
---
 .github/workflows/dtrack-sbom.workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/dtrack-sbom.workflow.yaml b/.github/workflows/dtrack-sbom.workflow.yaml
index 7d220f00..7a3e8f55 100644
--- a/.github/workflows/dtrack-sbom.workflow.yaml
+++ b/.github/workflows/dtrack-sbom.workflow.yaml
@@ -15,7 +15,7 @@ jobs:
     runs-on: ubuntu-24.04
     steps:
       - name: Checkout project
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
 
       - name: Install additional libraries
         uses: ./.github/actions/install-packages

From 743604960e160262a5052843f267dcdf50ce8a19 Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Tue, 16 Dec 2025 15:56:03 +0000
Subject: [PATCH 4/6] chore(release): 7.17.0-beta.1 [skip ci]

## [7.17.0-beta.1](https://github.com/kuzzleio/sdk-javascript/compare/v7.16.0...v7.17.0-beta.1) (2025-12-16)

### Features

* publish sbom to dtrack ([09d874a](https://github.com/kuzzleio/sdk-javascript/commit/09d874a9d9415afca61a192467a59ba56e558c56))
---
 CHANGELOG.md      | 6 ++++++
 package-lock.json | 4 ++--
 package.json      | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8fc9a0aa..583667f0 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## [7.17.0-beta.1](https://github.com/kuzzleio/sdk-javascript/compare/v7.16.0...v7.17.0-beta.1) (2025-12-16)
+
+### Features
+
+* publish sbom to dtrack ([09d874a](https://github.com/kuzzleio/sdk-javascript/commit/09d874a9d9415afca61a192467a59ba56e558c56))
+
 ## [7.16.0](https://github.com/kuzzleio/sdk-javascript/compare/v7.15.1...v7.16.0) (2025-12-16)
 
 ### Features
diff --git a/package-lock.json b/package-lock.json
index 7bc82f16..5c09cbbb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "kuzzle-sdk",
-  "version": "7.16.0",
+  "version": "7.17.0-beta.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "kuzzle-sdk",
-      "version": "7.16.0",
+      "version": "7.17.0-beta.1",
       "license": "Apache-2.0",
       "dependencies": {
         "ws": "8.18.3"
diff --git a/package.json b/package.json
index d4c89e61..a6ad1817 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "kuzzle-sdk",
-  "version": "7.16.0",
+  "version": "7.17.0-beta.1",
   "description": "Official Javascript SDK for Kuzzle",
   "author": "The Kuzzle Team <support@kuzzle.io>",
   "repository": {

From b3109fe04e9315535e990dbe4b89187a9ed0f867 Mon Sep 17 00:00:00 2001
From: rolljee <n.riquelmebareiro@gmail.com>
Date: Tue, 16 Dec 2025 17:55:19 +0100
Subject: [PATCH 5/6] fix: use custom github token to allow sequantial workflow
 creation

---
 .github/workflows/push_branches.workflow.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/push_branches.workflow.yaml b/.github/workflows/push_branches.workflow.yaml
index ca58f629..5c42302c 100644
--- a/.github/workflows/push_branches.workflow.yaml
+++ b/.github/workflows/push_branches.workflow.yaml
@@ -33,7 +33,7 @@ jobs:
 
       - name: Release
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.SEMANTIC_RELEASE_GHP }}
           SEMANTIC_RELEASE_NPM_PUBLISH: "true"
           SEMANTIC_RELEASE_SLACK_WEBHOOK: ${{ secrets.SEMANTIC_RELEASE_SLACK_WEBHOOK }}
         run: npx semantic-release

From eb634fe4a008ba1b3731c81bd53514ea999be55b Mon Sep 17 00:00:00 2001
From: semantic-release-bot <semantic-release-bot@martynus.net>
Date: Tue, 16 Dec 2025 16:55:52 +0000
Subject: [PATCH 6/6] chore(release): 7.17.0-beta.2 [skip ci]

## [7.17.0-beta.2](https://github.com/kuzzleio/sdk-javascript/compare/v7.17.0-beta.1...v7.17.0-beta.2) (2025-12-16)

### Bug Fixes

* use custom github token to allow sequantial workflow creation ([b3109fe](https://github.com/kuzzleio/sdk-javascript/commit/b3109fe04e9315535e990dbe4b89187a9ed0f867))
---
 CHANGELOG.md      | 6 ++++++
 package-lock.json | 4 ++--
 package.json      | 2 +-
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 583667f0..e2f09d1c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,9 @@
+## [7.17.0-beta.2](https://github.com/kuzzleio/sdk-javascript/compare/v7.17.0-beta.1...v7.17.0-beta.2) (2025-12-16)
+
+### Bug Fixes
+
+* use custom github token to allow sequantial workflow creation ([b3109fe](https://github.com/kuzzleio/sdk-javascript/commit/b3109fe04e9315535e990dbe4b89187a9ed0f867))
+
 ## [7.17.0-beta.1](https://github.com/kuzzleio/sdk-javascript/compare/v7.16.0...v7.17.0-beta.1) (2025-12-16)
 
 ### Features
diff --git a/package-lock.json b/package-lock.json
index 5c09cbbb..d0109cae 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "kuzzle-sdk",
-  "version": "7.17.0-beta.1",
+  "version": "7.17.0-beta.2",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "kuzzle-sdk",
-      "version": "7.17.0-beta.1",
+      "version": "7.17.0-beta.2",
       "license": "Apache-2.0",
       "dependencies": {
         "ws": "8.18.3"
diff --git a/package.json b/package.json
index a6ad1817..4305788f 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "kuzzle-sdk",
-  "version": "7.17.0-beta.1",
+  "version": "7.17.0-beta.2",
   "description": "Official Javascript SDK for Kuzzle",
   "author": "The Kuzzle Team <support@kuzzle.io>",
   "repository": {