Simplify SBOM generation by removing redundant manual invocation

[Copilot]

Pull Request

Description

The project uses Microsoft.Sbom.Targets in the csproj, which automatically generates SBOMs during dotnet pack and embeds them in the NuGet package. The manual microsoft.sbom.dotnettool invocations and separate manifest archiving were redundant.

Changes:

• Removed microsoft.sbom.dotnettool from .config/dotnet-tools.json
• Removed "Generate SBOM" and "Generate Tests SBOM" steps from .github/workflows/build.yaml
• Removed manifest.spdx.json file archiving from artifacts upload

SBOM generation continues via Microsoft.Sbom.Targets with manifests embedded at _manifest/spdx_2.2/manifest.spdx.json in the .nupkg.

Type of Change

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• Documentation update
• Code quality improvement

Related Issues

Addresses feature request for simplifying SBOM generation.

Pre-Submission Checklist

Before submitting this pull request, ensure you have completed the following:

Build and Test

• Code builds successfully: dotnet build --configuration Release
• All tests pass: dotnet test --configuration Release
• Code produces zero warnings

Code Quality

• Code formatting is correct: dotnet format --verify-no-changes
• New code has appropriate XML documentation comments
• Static analyzer warnings have been addressed

Quality Checks

Please run the following checks before submitting:

• Spell checker passes: cspell "**/*.{md,cs}"
• Markdown linter passes: markdownlint "**/*.md"
• YAML linter passes: yamllint '**/*.{yml,yaml}'

Testing

• Added unit tests for new functionality
• Updated existing tests if behavior changed
• All tests follow the AAA (Arrange, Act, Assert) pattern
• Test coverage is maintained or improved

Documentation

• Updated README.md (if applicable)
• Updated ARCHITECTURE.md (if applicable)
• Added code examples for new features (if applicable)
• Updated requirements.yaml (if applicable)

Additional Notes

No code changes required - configuration-only simplification. Verified SBOM is correctly embedded in packed NuGet artifact.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>[Feature]: Simplify SBOM generation</issue_title>
<issue_description>### Problem Statement

Remove unnecessary microsoft.sbom.dotnettool use

Proposed Solution

The tools csproj file makes use of Microsoft.Sbom.Targets to make the SBOM. As such the microsoft.sbom.dotnettool isn't needed and shouldn't be invoked in the build job. Additionally there's no need to archive the manifest.spdx.json files because they're now compiled into the NuGet package.

Alternatives Considered

No response

Usage Examples

Benefits

Simplify build process with standard csproj integration.

Priority

Medium - Would improve my workflow

Willingness to Contribute

Yes, I can submit a pull request

Additional Context

No response

Checklist

• I have searched existing issues to ensure this is not a duplicate
• I have provided a clear description of the feature
• I have explained why this feature would be useful</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes [Feature]: Simplify SBOM generation #65

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.