From c219696a955f9960f60c2f6c891a73a10fc4fdaf Mon Sep 17 00:00:00 2001
From: Ahmed ElMallah <ahmed@bomly.dev>
Date: Wed, 17 Jun 2026 01:59:29 -0700
Subject: [PATCH 1/4] Use GoReleaser header for release notes

---
 .github/workflows/release.yml | 18 +-----------------
 .goreleaser.yaml              | 11 +++++++++--
 2 files changed, 10 insertions(+), 19 deletions(-)

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 5d6799f..4c2afb6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -48,22 +48,6 @@ jobs:
         with:
           fetch-depth: 0
 
-      - name: Write release notes
-        shell: bash
-        run: |
-          cat > "$RUNNER_TEMP/RELEASE_NOTES.md" <<'EOF'
-          Bomly release ${{ github.ref_name }}
-
-          Assets in this draft release include:
-          - Full builtin `bomly` archives for Linux, macOS, and Windows
-          - Alternate `bomly-lite` archives for users who prefer external Syft/Grype binaries
-          - `SHA256SUMS` for release verification
-
-          Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with the full license text for every bundled dependency.
-
-          GitHub-native artifact attestations are planned and will be added in a future release.
-          EOF
-
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
@@ -90,7 +74,7 @@ jobs:
         with:
           distribution: goreleaser
           version: v2.16.0
-          args: release --clean --release-notes=${{ runner.temp }}/RELEASE_NOTES.md
+          args: release --clean
         env:
           GITHUB_TOKEN: ${{ github.token }}
           TAP_GITHUB_TOKEN: ${{ steps.package-token.outputs.token }}
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 3da1869..d310848 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -107,9 +107,16 @@ release:
   header: |
     Bomly release {{ .Tag }}
 
-    Assets in this draft release include full `bomly` archives, `bomly-lite` archives, Linux packages, package-manager manifests, and `SHA256SUMS`.
+    This draft release was generated by GoReleaser from the tagged `bomly-cli` source tree.
 
-    Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with third-party license texts.
+    Included artifacts:
+    - Full builtin `bomly` archives for Linux, macOS, and Windows.
+    - Alternate `bomly-lite` archives for users who prefer external Syft and Grype binaries.
+    - Linux packages for Debian, RPM, Alpine, and Arch-compatible package managers.
+    - Homebrew, Scoop, and WinGet package-manager manifests or publishing pull requests.
+    - `SHA256SUMS` for release artifact verification.
+
+    Each archive includes `LICENSE`, `NOTICE`, and a `licenses/` directory with third-party license texts. GitHub-native artifact attestations are planned for a future release.
 
 nfpms:
   - id: bomly-linux-packages

From 8432773f6305b549de1392a68aa4332e3e4aea30 Mon Sep 17 00:00:00 2001
From: Ahmed ElMallah <ahmed@bomly.dev>
Date: Wed, 17 Jun 2026 01:54:18 -0700
Subject: [PATCH 2/4] Avoid fork sync for Bomly package repos

---
 .goreleaser.yaml | 8 --------
 1 file changed, 8 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index d310848..ee2b13c 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -164,10 +164,6 @@ homebrew_casks:
       pull_request:
         enabled: true
         draft: false
-        base:
-          owner: bomly-dev
-          name: homebrew-tap
-          branch: main
 
 scoops:
   - name: bomly
@@ -185,10 +181,6 @@ scoops:
       pull_request:
         enabled: true
         draft: false
-        base:
-          owner: bomly-dev
-          name: scoop-bucket
-          branch: main
 
 winget:
   - name: bomly

From 7a87c5e8c396423d9a981ea5ba91467907d6e3d5 Mon Sep 17 00:00:00 2001
From: Ahmed ElMallah <ahmed@bomly.dev>
Date: Wed, 17 Jun 2026 02:45:01 -0700
Subject: [PATCH 3/4] chore: update homepage and descriptions for Bomly CLI
 across multiple package formats

---
 .goreleaser.yaml | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index ee2b13c..91f7a07 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -125,9 +125,9 @@ nfpms:
     package_name: bomly
     file_name_template: "bomly_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     vendor: Bomly
-    homepage: https://github.com/bomly-dev/bomly-cli
-    maintainer: Bomly Maintainers <maintainers@bomly.dev>
-    description: Free, open-source CLI for dependency intelligence.
+    homepage: https://bomly.dev/cli
+    maintainer: Bomly Maintainers <contact@bomly.dev>
+    description: Free, open-source CLI for dependency intelligence and SBOM analysis.
     license: Apache-2.0
     bindir: /usr/bin
     section: utils
@@ -149,8 +149,8 @@ homebrew_casks:
       - bomly
     binaries:
       - bomly
-    homepage: https://github.com/bomly-dev/bomly-cli
-    description: Free, open-source CLI for dependency intelligence.
+    homepage: https://bomly.dev/cli
+    description: Free, open-source CLI for dependency intelligence and SBOM analysis.
     license: Apache-2.0
     directory: Casks
     commit_msg_template: "Update Bomly CLI to {{ .Tag }}"
@@ -169,8 +169,8 @@ scoops:
   - name: bomly
     ids:
       - bomly
-    homepage: https://github.com/bomly-dev/bomly-cli
-    description: Free, open-source CLI for dependency intelligence.
+    homepage: https://bomly.dev/cli
+    description: Free, open-source CLI for dependency intelligence and SBOM analysis.
     license: Apache-2.0
     commit_msg_template: "Update Bomly CLI to {{ .Tag }}"
     repository:
@@ -189,10 +189,10 @@ winget:
     publisher: Bomly
     package_identifier: Bomly.BomlyCLI
     package_name: Bomly CLI
-    short_description: Free, open-source CLI for dependency intelligence.
-    description: Bomly scans source trees, SBOMs, Git refs, and container images for dependency intelligence, vulnerability enrichment, policy evaluation, and automation-friendly reports.
+    short_description: Free, open-source CLI for dependency intelligence and SBOM analysis.
+    description: Bomly is a free, open-source CLI that scans your projects, SBOMs, and container images, explains where each dependency came from, and surfaces vulnerability and license data when you ask for it.
     license: Apache-2.0
-    homepage: https://github.com/bomly-dev/bomly-cli
+    homepage: https://bomly.dev/cli
     publisher_url: https://github.com/bomly-dev
     publisher_support_url: https://github.com/bomly-dev/bomly-cli/issues
     license_url: https://github.com/bomly-dev/bomly-cli/blob/main/LICENSE

From 857622aabd9412977d8f76d0e1483ad928a0ef3b Mon Sep 17 00:00:00 2001
From: Ahmed ElMallah <ahmed@bomly.dev>
Date: Wed, 17 Jun 2026 02:46:35 -0700
Subject: [PATCH 4/4] chore: update homepage and descriptions for Bomly CLI
 across multiple package formats

---
 .goreleaser.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 91f7a07..54a0f7b 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -126,7 +126,7 @@ nfpms:
     file_name_template: "bomly_{{ .Version }}_{{ .Os }}_{{ .Arch }}"
     vendor: Bomly
     homepage: https://bomly.dev/cli
-    maintainer: Bomly Maintainers <contact@bomly.dev>
+    maintainer: Ahmed ElMallah <ahmed@bomly.dev>
     description: Free, open-source CLI for dependency intelligence and SBOM analysis.
     license: Apache-2.0
     bindir: /usr/bin