[TECHNICAL] SBOM changes to be pushed in an specific branch with signed commits

[jesmrec]

New logic of the workflow:

• After merging a PR into master, the workflow is triggered
• cycloneDx generates an SBOM over the new HEAD of master
• Fetch the existing sbom file in the chore/sbom-update branch, if the branch exists. If not, get the origin/master one. The idea is getting the newest version to compare with
• Both sbom files (the one generated in the workflow and the existing one to compare) are normalized and sorted to be compared using jq, in order to know if there are changes or not.
  • If there are changes -> create/update chore/sbom-update
  • If there are no changes -> stop

---

• Added a manual dispatch in case dependencies are updated inside of a release branch, with target branch as parameter and master as default
• Removed concurrency policy. Every PR must trigger the workflow to check dependencies.
• Added an step to the release template to merge the sbom branch before creating release branch

Related Issues

App:

• Add changelog files for the fixed issues in folder changelog/unreleased. More info here
• Add feature to Release Notes in ReleaseNotesViewModel.kt creating a new ReleaseNote() with String resources (if required)

---

QA

[jesmrec]

Moving to "In progress" again to inspect an issue before reviewing @joragua @DeepDiver1975

[jesmrec]

Ready for review again!