From 5eb868259ce84fb5d40acdd0c50bbc8045d22dab Mon Sep 17 00:00:00 2001
From: Yakira <yakira@wellmaintained.dev>
Date: Tue, 17 Mar 2026 11:29:34 +0000
Subject: [PATCH 1/2] =?UTF-8?q?=F0=9F=A7=AA=20test:=20trigger=20SBOM=20qua?=
 =?UTF-8?q?lity=20gate=20with=20fixed=20scoring?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Empty commit to trigger the Generate SBOMs → quality gate pipeline
now that the sbomqs v2.0.4 field name fix is on main.

Co-Authored-By: Yakriel (Claude) <noreply@anthropic.com>

From 7fcc19e61b7a0e38ead41438da14e480598cc2ac Mon Sep 17 00:00:00 2001
From: Yakira <yakira@wellmaintained.dev>
Date: Tue, 17 Mar 2026 20:03:04 +0000
Subject: [PATCH 2/2] =?UTF-8?q?=F0=9F=A7=AA=20test:=20touch=20watched=20pa?=
 =?UTF-8?q?th=20to=20trigger=20SBOM=20quality=20gate=20pipeline?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add output documentation comment to patch-sbom-root.
This commit touches bin/patch-sbom-root — a path watched by sbom-generate.yml —
so the Generate SBOMs workflow triggers on PR #7 and we can verify
the full quality gate pipeline end-to-end with real numeric scores.

Co-Authored-By: Yakira (Claude) <noreply@anthropic.com>
---
 bin/patch-sbom-root | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bin/patch-sbom-root b/bin/patch-sbom-root
index 87725df..72dc54f 100755
--- a/bin/patch-sbom-root
+++ b/bin/patch-sbom-root
@@ -10,6 +10,7 @@ set -euo pipefail
 # wires up the dependency graph so the root depends on all closure components.
 #
 # Usage: patch-sbom-root --name NAME --version VER --purl PURL --license SPDX < in.cdx.json > out.cdx.json
+# Output: CycloneDX SBOM with patched root component written to stdout.
 
 name="" version="" purl="" license=""