The generator mentions using requirements.txt. However, the Python community is moving away from using requirements.txt to integrating the build system and all requirements into a pyproject.toml file. Any chance this will be added to gh-python-generate-sbom?

When using either v1.0.0 or v1.0.1 of the action it fails when attempting to run the command to actually generate the bom. When running the 1.0.0 version of the action I get the log output:

Options:
  i: ./xxxxx/requirements.txt
  o: ./bom.xml
Running: cyclonedx-py -i ./xxxxx/requirements.txt -o ./pythonsbom.xml
usage: cyclonedx-py [-h] (-c | -cj | -e | -p | -pip | -r) [-i FILE_PATH]
                    [--format {xml,json}]
                    [--schema-version {1.4,1.3,1.2,1.1,1.0}] [-o FILE_PATH]
                    [-F] [-pb] [-X]
cyclonedx-py: error: one of the arguments -c/--conda -cj/--conda-json -e/--e/--environment -p/--p/--poetry -pip/--pip -r/--r/--requirements is required
Error: Command failed: cyclonedx-py -i ./xxxxx/requirements.txt -o ./bom.xml
usage: cyclonedx-py [-h] (-c | -cj | -e | -p | -pip | -r) [-i FILE_PATH]
                    [--format {xml,json}]
                    [--schema-version {1.4,1.3,1.2,1.1,1.0}] [-o FILE_PATH]
                    [-F] [-pb] [-X]
cyclonedx-py: error: one of the arguments -c/--conda -cj/--conda-json -e/--e/--environment -p/--p/--poetry -pip/--pip -r/--r/--requirements is required

That lead me to believe that since the -r flag wasn't set it was causing the command to fail. The 1.0.1 version doesn't actually give any output when it fails.

I was able to successfully generate a bom when I instead just ran the command to generate the bom in the workflow and provided it the -r flag.

If there's anything else that I can provide that would help just let me know.

see #5 (comment)

this GH action is compatible with current cyclonedx-py.
it is incompatible to theupcoming changes in version cyclonedx-py@4.

therefore, the version constaint needs to be done in pip install and current detection.

Hey @coderpatros,

first of all, thanks for providing this action!

I came across the problem that this action fails on ubuntu.
This repository executes the action for all available runners. As you can see it works on the other OS' perfectly.
Also when installing/running cyclonedx-bom on a local ubuntu it works fine for 18.04 and 20.04 (haven't tried 16.04).

I would be awesome if you could have a look at it :)

current implementation of this GitHub action uses an outdated and unmaintained version of cyclonedx-bom < 4.

should this GitHub action be migrated to cyclonedx-bom >= 4?
If you like the idea, give this issue thumbs up, or write a comment.