address comments

Author: Siedlerchr

.github/workflows/sbom-pr.yml

@@ -13,16 +13,13 @@ permissions:
 
 jobs:
   generate-and-pr:
-    if: github.repository == 'JabRef/jabref'
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository
       # Full history is preferred so create-pull-request can diff and commit
         uses: actions/checkout@v5
-        with:
-          fetch-depth: 0
 
-      - name: Set up JDK 24 (Corretto)
+      - name: Set up JDK
         uses: actions/setup-java@v5
         with:
           distribution: 'corretto'
@@ -34,7 +31,7 @@ jobs:
         uses: gradle/actions/setup-gradle@v4
 
       - name: Generate aggregated CycloneDX SBOM
-        run: ./gradlew --no-daemon cyclonedxBom
+        run: ./gradlew cyclonedxBom
 
       - name: Copy SBOMs to repository root
         run: |
@@ -45,8 +42,10 @@ jobs:
             ls -la "$src_dir" || true
             exit 1
           fi
-          cp "$src_dir/bom.json" ./bom.json
-          cp "$src_dir/bom.xml" ./bom.xml
+          cp "$src_dir/bom.json" bom.json
+          cp "$src_dir/bom.xml"  bom.xml
+          echo "" >> bom.xml
+          echo "" >> bom.json
 
       - name: Create Pull Request
         uses: peter-evans/create-pull-request@v6
@@ -62,7 +61,7 @@ jobs:
             Generated via Gradle task `cyclonedxBom` using the org.cyclonedx.bom plugin configured in the build.
           branch: chore/update-sbom
           delete-branch: true
-          labels: sbom, dependencies
+          labels: "dev: dependencies""
           add-paths: |
             bom.json
             bom.xml

build-logic/build.gradle.kts

@@ -1,3 +1,4 @@
+import jdk.tools.jlink.resources.plugins
 
 plugins {
     `kotlin-dsl`

external-libraries.md

@@ -0,0 +1,29 @@
+# External libraries
+
+This document lists the fonts, icons, and libraries used by JabRef.
+
+One can generate a file with all library dependencies by using Gradle task `cyclonedxBom`.
+It generates the file `build/cyclonedx/bom.xml` and `build/cyclonedx/bom.json`.
+
+## bst files
+
+```yaml
+Project: IEEEtran
+Path:    src/main/resources/bst/IEEEtran.bst
+URL:     https://www.ctan.org/tex-archive/macros/latex/contrib/IEEEtran/bibtex
+License: LPPL-1.3
+```
+## Fonts and Icons
+The loading animation during loading of recommendations from Mr. DLib is created by <http://loading.io/> and is free of use under license CC0 1.0.
+```yaml
+Id:      material-design-icons.font
+Project: Material Design Icons
+Version: v1.5.54
+URL:     https://materialdesignicons.com/
+License: SIL Open Font License, Version 1.1
+Note:    It is important to include v1.5.54 or later as v1.5.54 is the first version offering fixed code points. Do not confuse with http://zavoloklom.github.io/material-design-iconic-font/
+```
+
+## Libraries
+
+[SBOM](bom.json)