Merge branch 'fix/sbom-output-name' into 'master'

It is bound to the `test` stage, and uses the following variables:

| Input / Variable | Description                            | Default value     |

|--------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------|

| --------------------- | -------------------------------------- | ----------------- |

| `sbom-disabled` / `GRADLE_SBOM_DISABLED` | Set to `true` to disable this job | _none_ |

| `TBC_SBOM_MODE`                          | Controls when SBOM reports are generated (`onrelease`: only on `$INTEG_REF`, `$PROD_REF` and `$RELEASE_REF` pipelines; `always`: any pipeline).<br/>:warning: `sbom-disabled` / `GRADLE_SBOM_DISABLED` takes precedence | `onrelease` |

| `sbom-version` / `GRADLE_SBOM_VERSION` | Version of the `cyclonedx-gradle-plugin` used for SBOM analysis<br/>_When unset, the latest version will be used_ | _none_ |

| `maven-plugin-url` / `GRADLE_MAVEN_PLUGIN_URL` | Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash. | https://plugins.gradle.org/m2 |

| `sbom-output-filename` / `GRADLE_SBOM_OUTPUT_FILENAME` | Name of the file produced by the `cyclonedxBom` tasks<br/> :warning: SpringBoot 3.3+ notably overrides the default value to `application.dx.json`                                                                       | `bom.json`                    |

This job injects cyclonedx plugin in your project. This can be disabled by defining the plugin in your `build.gradle` and setting  `$GRADLE_SBOM_VERSION` variable to `disabled`.

          "name": "GRADLE_MAVEN_PLUGIN_URL",

          "description": "Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash.",

          "default": "https://plugins.gradle.org/m2"

        },

        {

          "name": "GRADLE_SBOM_OUTPUT_FILENAME",

          "description": "Name of the output file produced by the `cyclonedx-gradle-plugin`, defaults to `bom.json`",

          "default": "bom.json"

        }

      ]

    },

      description: |-

        Maven Repository that is used to download the `cyclonedx-gradle-plugin`. No trailing slash.

      default: 'https://plugins.gradle.org/m2'

    sbom-output-filename:

      description: Name of the output file produced by the `cyclonedx-gradle-plugin`, defaults to `bom.json`

      default: 'bom.json'

    no-publish:

      description: Disable Publish (snapshot & release)

      type: boolean

  GRADLE_SBOM_DISABLED: $[[ inputs.sbom-disabled ]]

  GRADLE_SBOM_VERSION: $[[ inputs.sbom-version ]]

  GRADLE_MAVEN_PLUGIN_URL: $[[ inputs.maven-plugin-url ]]

  GRADLE_SBOM_OUTPUT_FILENAME: $[[ inputs.sbom-output-filename ]]

  GRADLE_NO_PUBLISH: $[[ inputs.no-publish ]]

  GRADLE_PUBLISH_VERSION: $[[ inputs.publish-version ]]

        afterEvaluate { project ->

            project.apply plugin: 'org.cyclonedx.bom'

            project.cyclonedxBom {

                outputName = "bom.json"

            }

        }

      }

      EOF

      fi

    - $GRADLE_CLI_BIN $GRADLE_CLI_OPTS $GRADLE_SBOM_OPTS cyclonedxBom

    - mv build/reports/$GRADLE_SBOM_OUTPUT_FILENAME reports/gradle-sbom.cyclonedx.json

    - mv build/reports/bom.json reports/gradle-sbom.cyclonedx.json

    - chmod a+r reports/gradle-sbom.cyclonedx.json

  artifacts:

    name: "SBOM for Gradle from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"