Merge pull request #1 from smeyer198/master

Add components for deployment to Maven Central

.github/workflows/deploy.yml

@@ -0,0 +1,29 @@
+name: Deploy Sparse SPDS
+
+on: [workflow_dispatch]
+
+jobs:
+ deployment:
+ runs-on: ubuntu-latest
+ name: Sparse SPDS deployment 
+ steps:
+ - name: Checkout source code
+ uses: actions/checkout@v3
+ # Sets up Java version
+ - name: Set up Java
+ uses: actions/setup-java@v3
+ with:
+ distribution: 'adopt'
+ java-package: 'jdk'
+ java-version: '8'
+ server-id: 'ossrh' # must match the serverId configured for the nexus-staging-maven-plugin
+ server-username: OSSRH_USERNAME # Env var that holds your OSSRH user name
+ server-password: OSSRH_PASSWORD # Env var that holds your OSSRH user pw
+ gpg-private-key: ${{ secrets.GPG_PRIVATE_KEY }} # Substituted with the value stored in the referenced secret
+ gpg-passphrase: SIGN_KEY_PASS # Env var that holds the key's passphrase
+ - name: Deploy SPDS
+ run: mvn -B -U clean deploy -Pdeployment -DskipTests
+ env:
+ SIGN_KEY_PASS: ${{ secrets.GPG_PRIVATE_KEY_PASSPHRASE }}
+ OSSRH_USERNAME: ${{ secrets.SONATYPE_USER }}
+ OSSRH_PASSWORD: ${{ secrets.SONATYPE_PW }}

.github/workflows/maven.yml

@@ -15,38 +15,3 @@ jobs:
  java-version: 1.8
  - name: Build with Maven
  run: mvn -B verify --file pom.xml -P ci
-
-
- Release:
- name: Release
- if: github.ref == 'refs/heads/master'
- runs-on: ubuntu-latest
- needs: [BuildAndTest]
- steps:
- - name: Checkout
- uses: actions/checkout@v2
- - name: Set up JDK 1.8
- uses: actions/setup-java@v1
- with:
- java-version: 1.8
- - name: Release
- uses: qcastel/github-actions-maven-release@master
- env:
- GPG_TTY: "$(tty)"
- JAVA_HOME: /usr/lib/jvm/java-1.8-openjdk/
- with:
- release-branch-name: "master"
-
- gpg-enabled: "true"
- gpg-key-id: ${{ secrets.GPG_KEY_ID }}
- gpg-key: ${{ secrets.GPG_KEY }}
-
- maven-repo-server-id: github
- maven-repo-server-username: ${{ secrets.CI_USER }}
- maven-repo-server-password: ${{ secrets.CI_PACKAGES_TOKEN }}
-
- git-release-bot-name: ${{ secrets.CI_USER }}
- git-release-bot-email: "[email protected]"
-
- access-token: ${{ secrets.GITHUB_TOKEN }}
- maven-args: "-DskipTests -P ci"

README.md

@@ -25,7 +25,7 @@ Additionally, it contains an implementation of [Boomerang](boomerangPDS) and [ID
 
 ## Use as Maven dependency
 
-All projects inside this repository are pushed to GitHub's Maven repository for every release.
+The projects are released on [Maven Central](https://central.sonatype.com/artifact/de.fraunhofer.iem/SPDS) and can be included as a dependency in `.pom` files:
 
 To include a dependency from this repository to your poject, you first have to add the repository to your pom file:
 
@@ -34,22 +34,12 @@ To include a dependency from this repository to your poject, you first have to a
 <dependencies>
  <dependency>
  <groupId>de.fraunhofer.iem</groupId>
- <artifactId>WPDS</artifactId>
+ <artifactId>SPDS</artifactId>
  <version>3.1.2-Sparse</version>
  </dependency>
 </dependencies>
-<repositories>
- <repository>
- <id>github</id>
- <url>https://maven.pkg.github.com/CodeShield-Security/SPDS/</url>
- </repository>
-</repositories> 
 ```
 
-To access the GitHub packages repository, you also need to set up GitHub credentials in your Maven's `settings.xml` file. Therefore, you need to add a `server` block with the id `github`, your username and an access token that has `package:read` rights to your `setting.xml`.
-An in-depth documentation on how to do this can be found [here](https://docs.github.com/en/packages/using-github-packages-with-your-projects-ecosystem/configuring-apache-maven-for-use-with-github-packages#authenticating-to-github-packages). 
-
-
 ## Checkout, Build and Install
 
 To build and install SPDS into your local repository, run 

SynchronizedPDS/pom.xml

@@ -30,7 +30,7 @@
  </dependency>
  <dependency>
  <groupId>de.fraunhofer.iem</groupId>
- <artifactId>PathExpression</artifactId>
+ <artifactId>pathexpression</artifactId>
  </dependency>
  <dependency>
  <groupId>junit</groupId>

WPDS/pom.xml

@@ -18,7 +18,7 @@
  </dependency>
  <dependency>
  <groupId>de.fraunhofer.iem</groupId>
- <artifactId>PathExpression</artifactId>
+ <artifactId>pathexpression</artifactId>
  </dependency>
  <dependency>
  <groupId>org.slf4j</groupId>

boomerangScope-WALA/pom.xml

@@ -6,7 +6,6 @@
  <relativePath>../pom.xml</relativePath>
  </parent>
  <modelVersion>4.0.0</modelVersion>
- <groupId>de.codeshield</groupId>
  <artifactId>boomerangScope-WALA</artifactId>
 
  <properties>
@@ -56,4 +55,4 @@
  <version>${wala.version}</version>
  </dependency>
  </dependencies>
-</project>
+</project>

pom.xml

@@ -6,6 +6,8 @@
  <version>3.1.2-Sparse</version>
  <packaging>pom</packaging>
  <name>SPDS</name>
+ <description>Sparsified Synchronized Pushdown Systems for Pointer and Data-Flow Analysis</description>
+ <url>https://github.com/secure-software-engineering/SparseBoomerang</url>
 
  <licenses>
  <license>
@@ -166,8 +168,8 @@
  </dependency>
  <dependency>
  <groupId>de.fraunhofer.iem</groupId>
- <artifactId>PathExpression</artifactId>
- <version>1.0.0</version>
+ <artifactId>pathexpression</artifactId>
+ <version>1.0.2</version>
  </dependency>
  <dependency>
  <groupId>org.soot-oss</groupId>
@@ -208,27 +210,66 @@
  </dependencyManagement>
 
  <distributionManagement>
+ <snapshotRepository>
+ <id>ossrh</id>
+ <url>https://s01.oss.sonatype.org/content/repositories/snapshots/</url>
+ </snapshotRepository>
  <repository>
- <id>github</id>
- <name>GitHub CodeShield-Security Apache Maven Packages</name>
- <url>https://maven.pkg.github.com/CodeShield-Security/SPDS/</url>
+ <id>ossrh</id>
+ <url>https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/</url>
  </repository>
  </distributionManagement>
 
- <repositories>
- <repository>
- <id>sonatype-snapshots</id>
- <url>https://oss.sonatype.org/content/repositories/snapshots</url>
- <releases>
- <enabled>false</enabled>
- </releases>
- </repository>
- <repository>
- <id>swt</id>
- <url>https://soot-build.cs.uni-paderborn.de/nexus/repository/swt-upb/</url>
- </repository>
- </repositories>
  <profiles>
+ <!-- This profile is used to avoid running the deployment in non-deployment
+ contexts because they require specific keys from the Github remote. Include
+ this profile by setting the -Pdeployment flag. -->
+ <profile>
+ <id>deployment</id>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-gpg-plugin</artifactId>
+ <version>3.0.1</version>
+ <executions>
+ <execution>
+ <id>sign-artifacts</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>sign</goal>
+ </goals>
+ <configuration>
+ <gpgArguments>
+ <arg>--pinentry-mode</arg>
+ <arg>loopback</arg>
+ </gpgArguments>
+ </configuration>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <artifactId>maven-release-plugin</artifactId>
+ <version>3.0.1</version>
+ <configuration>
+ <tagNameFormat>@{project.version}</tagNameFormat>
+ </configuration>
+ </plugin>
+ <plugin>
+ <groupId>org.sonatype.plugins</groupId>
+ <artifactId>nexus-staging-maven-plugin</artifactId>
+ <version>1.6.13</version>
+ <extensions>true</extensions>
+ <configuration>
+ <serverId>ossrh</serverId>
+ <nexusUrl>https://s01.oss.sonatype.org</nexusUrl>
+ <autoReleaseAfterClose>true</autoReleaseAfterClose>
+ </configuration>
+ </plugin>
+ </plugins>
+ </build>
+ </profile>
+
  <profile>
  <id>ci</id>
  <build>