Merge branch 'release/2.0.1'

valtech · Feb 16, 2023 · 73da81d · 73da81d
2 parents fbac488 + 178427a
commit 73da81d
Show file tree

Hide file tree

Showing 14 changed files with 139 additions and 36 deletions.
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -0,0 +1,66 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL"
+
+on:
+  push:
+    branches: [ develop, gh-pages, master ]
+  pull_request:
+    # The branches below must be a subset of the branches above
+    branches: [ develop ]
+  schedule:
+    - cron: '41 1 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+
+    strategy:
+      fail-fast: false
+      matrix:
+        language: [ 'java', 'javascript' ]
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+        # Learn more:
+        # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: ${{ matrix.language }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+        # queries: ./path/to/local/query, your-org/your-repo/queries@main
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+#    - name: Autobuild
+#      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    - run: |
+       mvn clean install
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
diff --git a/.github/workflows/maven.yml b/.github/workflows/maven.yml
@@ -0,0 +1,48 @@
+# This workflow will build a Java project with Maven, and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://help.github.com/actions/language-and-framework-guides/building-and-testing-java-with-maven
+
+name: Java CI with Maven
+
+on:
+  push:
+    branches: [ develop ]
+  pull_request:
+    branches: [ develop ]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v3
+
+    - name: Set up JDK 11
+      uses: actions/setup-java@v3
+      with:
+        java-version: '11'
+        distribution: 'temurin'
+        cache: maven
+
+    - name: Cache SonarCloud packages
+      uses: actions/cache@v1
+      with:
+        path: ~/.sonar/cache
+        key: ${{ runner.os }}-sonar
+        restore-keys: ${{ runner.os }}-sonar
+
+    - name: Cache Maven packages
+      uses: actions/cache@v1
+      with:
+        path: ~/.m2
+        key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
+        restore-keys: ${{ runner.os }}-m2
+
+    - name: Build with Maven
+      run: mvn clean install javadoc:javadoc
+
+    - name: Build and analyze
+      env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+      run: mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=avs
diff --git a/.travis.yml b/.travis.yml
diff --git a/README.md b/README.md
@@ -53,7 +53,7 @@ AVS requires Java 8 and AEM 6.5 or AEM Cloud. For older AEM versions see below.
 
 ### AEM 6.5
 
-You can download the package from [Maven Central](https://repo1.maven.org/maven2/de/valtech/avs/avs.complete/) or our [releases section](https://github.com/valtech/aem-easy-content-upgrade/releases). The avs.complete package will install the AVS software.
+You can download the package from [Maven Central](https://repo1.maven.org/maven2/de/valtech/avs/avs.complete/) or our [releases section](https://github.com/valtech/aem-virus-scan/releases). The avs.complete package will install the AVS software.
 
 ```xml
         <dependency>
@@ -66,7 +66,7 @@ You can download the package from [Maven Central](https://repo1.maven.org/maven2
 
 ### AEM Cloud
 
-You can download the package from [Maven Central](https://repo1.maven.org/maven2/de/valtech/avs/avs.complete.cloud/) or our [releases section](https://github.com/valtech/aem-easy-content-upgrade/releases). The avs.complete package will install the AVS software.
+You can download the package from [Maven Central](https://repo1.maven.org/maven2/de/valtech/avs/avs.complete.cloud/) or our [releases section](https://github.com/valtech/aem-virus-scan/releases). The avs.complete package will install the AVS software.
 
 ```xml
         <dependency>

diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,5 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please create an issue and provide details like the attack vector or examples for exploitation.
diff --git a/api/pom.xml b/api/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>de.valtech.avs</groupId>
 		<artifactId>avs</artifactId>
-		<version>2.0.0</version>
+		<version>2.0.1</version>
 	</parent>
 
 	<artifactId>avs.api</artifactId>
@@ -80,7 +80,6 @@
 		<dependency>
 			<groupId>com.adobe.aem</groupId>
 			<artifactId>uber-jar</artifactId>
-			<classifier>apis</classifier>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.sling</groupId>

diff --git a/complete.cloud/pom.xml b/complete.cloud/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>de.valtech.avs</groupId>
         <artifactId>avs</artifactId>
-        <version>2.0.0</version>
+        <version>2.0.1</version>
     </parent>
 
     <artifactId>avs.complete.cloud</artifactId>

diff --git a/complete/pom.xml b/complete/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>de.valtech.avs</groupId>
         <artifactId>avs</artifactId>
-        <version>2.0.0</version>
+        <version>2.0.1</version>
     </parent>
 
     <artifactId>avs.complete</artifactId>

diff --git a/core/pom.xml b/core/pom.xml
@@ -4,7 +4,7 @@
 	<parent>
 		<groupId>de.valtech.avs</groupId>
 		<artifactId>avs</artifactId>
-		<version>2.0.0</version>
+		<version>2.0.1</version>
 	</parent>
 
 	<artifactId>avs.core</artifactId>
@@ -120,7 +120,6 @@
 		<dependency>
 			<groupId>com.adobe.aem</groupId>
 			<artifactId>uber-jar</artifactId>
-			<classifier>apis</classifier>
 		</dependency>
 		<dependency>
 			<groupId>org.apache.sling</groupId>

diff --git a/examples/pom.xml b/examples/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>de.valtech.avs</groupId>
 		<artifactId>avs</artifactId>
-		<version>2.0.0</version>
+		<version>2.0.1</version>
 	</parent>
 
 	<artifactId>avs.examples</artifactId>

diff --git a/pom.xml b/pom.xml
@@ -4,7 +4,7 @@
 	<groupId>de.valtech.avs</groupId>
 	<artifactId>avs</artifactId>
 	<packaging>pom</packaging>
-	<version>2.0.0</version>
+	<version>2.0.1</version>
 	<name>AVS</name>
 	<description>AEM Virus Scan</description>
 	<url>https://github.com/valtech/aem-virus-scan</url>
@@ -31,6 +31,8 @@
 
 		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
+    <sonar.organization>valtech-avs</sonar.organization>
+    <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 	</properties>
 
 	<build>
@@ -105,7 +107,7 @@
 				<extensions>true</extensions>
 				<configuration>
 					<serverId>ossrh</serverId>
-					<nexusUrl>https://oss.sonatype.org/</nexusUrl>
+					<nexusUrl>https://s01.oss.sonatype.org/</nexusUrl>
 					<autoReleaseAfterClose>true</autoReleaseAfterClose>
 				</configuration>
 			</plugin>
@@ -375,7 +377,7 @@
 				<plugin>
 					<groupId>org.owasp</groupId>
 					<artifactId>dependency-check-maven</artifactId>
-					<version>6.3.2</version>
+					<version>8.0.2</version>
 					<configuration>
 						<failBuildOnCVSS>0</failBuildOnCVSS>
 						<failBuildOnAnyVulnerability>true</failBuildOnAnyVulnerability>
@@ -546,8 +548,7 @@
 			<dependency>
 				<groupId>com.adobe.aem</groupId>
 				<artifactId>uber-jar</artifactId>
-				<version>6.4.3</version>
-				<classifier>apis</classifier>
+				<version>6.5.13</version>
 				<scope>provided</scope>
 			</dependency>
 			<dependency>
@@ -614,7 +615,7 @@
 			<dependency>
 				<groupId>com.google.code.gson</groupId>
 				<artifactId>gson</artifactId>
-				<version>2.8.2</version>
+				<version>2.8.9</version>
 			</dependency>
 			<dependency>
 				<groupId>com.google.code.findbugs</groupId>
@@ -667,12 +668,12 @@
 		<repository>
 			<id>adobe</id>
 			<name>Adobe Public Repository</name>
-			<url>http://repo.adobe.com/nexus/content/groups/public/</url>
+			<url>https://repo.adobe.com/nexus/content/groups/public/</url>
 			<layout>default</layout>
 		</repository>
 		<repository>
 			<id>central</id>
-			<url>http://repo1.maven.org/maven2</url>
+			<url>https://repo1.maven.org/maven2</url>
 			<layout>default</layout>
 			<snapshots>
 				<enabled>false</enabled>
@@ -683,7 +684,7 @@
 		<pluginRepository>
 			<id>adobe</id>
 			<name>Adobe Public Repository</name>
-			<url>http://repo.adobe.com/nexus/content/groups/public/</url>
+			<url>https://repo.adobe.com/nexus/content/groups/public/</url>
 			<layout>default</layout>
 		</pluginRepository>
 	</pluginRepositories>

diff --git a/sonar-project.properties b/sonar-project.properties
@@ -1,6 +1,6 @@
 sonar.projectKey=avs
 sonar.projectName=AEM Virus Scan
-sonar.projectVersion=1.2.0-SNAPSHOT
+sonar.projectVersion=2.0.1-SNAPSHOT
 
 # Encoding of the source code. Default is default system encoding
 sonar.sourceEncoding=UTF-8

diff --git a/ui.apps/pom.xml b/ui.apps/pom.xml
@@ -5,7 +5,7 @@
 	<parent>
 		<groupId>de.valtech.avs</groupId>
 		<artifactId>avs</artifactId>
-		<version>2.0.0</version>
+		<version>2.0.1</version>
 	</parent>
 
 	<artifactId>avs.ui.apps</artifactId>

diff --git a/ui.content/pom.xml b/ui.content/pom.xml
@@ -5,7 +5,7 @@
     <parent>
         <groupId>de.valtech.avs</groupId>
         <artifactId>avs</artifactId>
-        <version>2.0.0</version>
+        <version>2.0.1</version>
     </parent>
 
     <artifactId>avs.ui.content</artifactId>