adds CodeQL CWE analysis (#97)

.github/workflows/ci.yml

@@ -1,22 +1,21 @@
 name: CI
 on:
   push:
-    branches:
-      - main
+    branches: [ 'main' ]
   pull_request:
-    branches:
-      - main
+    branches: [ 'main' ]
 
 permissions:
   contents: read
 
 jobs:
-  build-test-install:
-    name: Build, Test, and Install
+  test:
+    name: Test
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, windows-latest, macos-latest]
+        os: [ ubuntu-latest, windows-latest, macos-latest ]
+      fail-fast: false
     steps:
       - name: Setup JDK 8
         uses: actions/setup-java@v4
@@ -31,7 +30,5 @@ jobs:
         run: ./mvnw test
       - name: Integration Test
         run: ./mvnw verify -DskipUTs=true
-      - name: License Check
-        run: ./mvnw license:check
       - name: Install
         run: ./mvnw install -DskipTests

.github/workflows/codeql.yml

@@ -0,0 +1,29 @@
+name: CodeQL
+on:
+  push:
+    branches: [ 'main' ]
+  pull_request:
+    branches: [ 'main' ]
+  schedule:
+    - cron: '0 0 * * *'
+
+permissions:
+  contents: read
+
+jobs:
+  cwe-check:
+    name: CWE Check
+    runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: CodeQL Init
+        uses: github/codeql-action/init@v3
+        with:
+          languages: 'java-kotlin'
+      - name: CodeQL Autobuild
+        uses: github/codeql-action/autobuild@v3
+      - name: CodeQL Analyze
+        uses: github/codeql-action/analyze@v3

.github/workflows/license.yml

@@ -0,0 +1,19 @@
+name: License
+on:
+  push:
+    branches: [ 'main' ]
+  pull_request:
+    branches: [ 'main' ]
+
+permissions:
+  contents: read
+
+jobs:
+  check:
+    name: Check
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: License Check
+        run: ./mvnw license:check

README.adoc

@@ -1,14 +1,11 @@
 = Xpdf API
-//TODO: look at other readme with .adoc structure, and see what other ways there are to format this. for example, spring boot has tabs for "Security" and "Code of Conduct" - pretty cool!
-//TODO: add badge for maven https://search.maven.org/artifact/org.apache.commons/commons-lang3/3.14.0/jar?eh=
-//TODO: add badge for javadocs https://javadoc.io/
-//TODO: add badge for code coverage?
-//TODO: add badge for codeQL?
 
 image:https://github.com/codyfrehr/xpdf-api/actions/workflows/ci.yml/badge.svg?event=push&branch=main[]
+image:https://github.com/codyfrehr/xpdf-api/actions/workflows/codeql.yml/badge.svg?event=schedule&branch=main[]
+
 {empty}
 
-Xpdf API is a collection of Java APIs for https://www.xpdfreader.com/about.html[Xpdf], the open source library for operating on PDF files written in C++.
+Xpdf API is a collection of Java APIs for https://www.xpdfreader.com/about.html[Xpdf], the open source library for operating on PDF files.
 Xpdf is an invaluable PDF toolkit, and this project aims to make it more accessible to the Java community.
 
 Our primary goals are:

TODO

@@ -2,15 +2,15 @@
 - test all code examples from readme and javadocs to ensure they are working!
 - figure out how to get github pipeline to run 32-bit architecture (might need to use docker containers...)
 - update github project "About" section, and other general settings for the repo
-- setup namecheap xpdf.io domain to automatically redirect to github repo, until website built https://www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-set-up-a-url-redirect-for-a-domain/
   but first, need to get hosting for site and install ssl cert
-- request derek to add link to your library on their webpage
 - reorganize SCRIBBLES into official supporting documents
   - write CONTRIBUTING (is this standard name for developer instructions to contribute? DEVELOPERS seems like a better name for file maybe?)
   - what other files?
-- setup coverage check in pipeline and codeQL check
-- add CVE check to pipeline
-- set up github issue management
+- setup coverage check in pipeline
+- setup cve check in pipeline with snyk + add badge to readme
+    https://github.com/snyk/actions
+    https://support.snyk.io/hc/en-us/articles/360003997277-Badge-Support-for-Repositories
+- set up github issue management and security management
 - fix broken github links on resume and website
 - figure out process to deploy to maven central repo
   - take into consideration repos which provide download statistics: https://blog.sonatype.com/2010/12/now-available-central-download-statistics-for-oss-projects/
@@ -19,4 +19,8 @@
       verify all key metadata has been added to poms (ie lombok has <issue management>, <developers>, etc)
   - figure out maven-release-plugin, to control versioning and release process to maven central
     a good starting point for this would be to find a popular/respected open-source repo using pom configs, and see if they have maven release plugin configured, and how they do it.
+- add badge to readme for maven artifact https://search.maven.org/artifact/org.apache.commons/commons-lang3/3.14.0/jar?eh=
+- add badge for javadocs https://javadoc.io/
+- setup namecheap xpdf.io domain to automatically redirect to github repo, until website built https://www.namecheap.com/support/knowledgebase/article.aspx/385/2237/how-to-set-up-a-url-redirect-for-a-domain/
+- request derek to add link to your library on their webpage
 - build really basic homepage for website, resembling layout of https://kotest.io/docs or even just the simpler https://mockk.io/, or like that license plugin page

pdf-text-api/src/main/java/io/xpdf/api/pdftext/util/PdfTextUtils.java

@@ -16,13 +16,13 @@
  */
 package io.xpdf.api.pdftext.util;
 
-import io.xpdf.api.common.XpdfTool;
 import io.xpdf.api.common.util.XpdfUtils;
+import io.xpdf.api.pdftext.PdfTextTool;
 
 import java.nio.file.Path;
 
 /**
- * Helpers for a {@link XpdfTool}.
+ * Helpers for a {@link PdfTextTool}.
  *
  * @since 1.0.0
  */