feat: add PyPI packaging that ships the native binary as a wheel (codajv)

Adds a hatchling-based Python distribution under pypi/ that wraps the
prebuilt, JVM-free GraalVM native binary so codeanalyzer is installable
with a plain `pip install codeanalyzer-java` (console command `codajv`),
no JDK/GraalVM or build step required.

- pyproject.toml: dist name codeanalyzer-java; version read from
  ../gradle.properties via a custom metadata hook so the wheel stays in
  lockstep with the binary.
- hatch_build.py: build hook force-includes the native binary plus the
  JDK jmods the binary needs at runtime (WALA primordial scope +
  JmodTypeSolver), marks the wheel non-purelib, and stamps a concrete
  py3-none-<platform> tag so pip resolves the right artifact per
  OS/arch instead of a universal wheel.
- codeanalyzer_java/__main__.py: locates the bundled binary, points
  CODEANALYZER_JMODS_DIR at the bundled jmods, and execs the binary
  (subprocess on Windows); falls back to the gradle output + JAVA_HOME
  in a source checkout.
- Bundle 79/83 jmods to fit under PyPI's 100 MB limit, dropping only
  jdk.localedata/compiler/internal.vm.compiler/hotspot.agent (locale
  data + javac/Graal/SA internals that static analysis never needs).
  CODEANALYZER_BUNDLE_ALL_JMODS=1 bundles all 83.

Verified: installed wheel runs JVM-free and is byte-identical to
`java -jar` (full jmods) across call-graph-test, record-class-test,
init-blocks-test, plantsbywebsphere (CRUD 38=38), and daytrader8.

Author: rahlk

pypi/.gitignore

@@ -0,0 +1,11 @@
+# Build outputs
+/dist/
+/build/
+*.egg-info/
+
+# Native binary + jmods are injected at build time, never committed.
+codeanalyzer_java/_vendor/
+
+# Python caches
+__pycache__/
+*.py[cod]

pypi/README.md

@@ -0,0 +1,66 @@
+![logo](https://raw.githubusercontent.com/codellm-devkit/codeanalyzer-java/main/docs/assets/logo.png)
+
+Native WALA implementation of source code analysis tool for Enterprise Java Applications.
+
+## 1. Installing `codeanalyzer`
+
+`codeanalyzer` ships as a self-contained, JVM-free native binary. No JDK, no
+GraalVM, and no build step are required — just install from PyPI:
+
+```bash
+pip install codeanalyzer-java
+```
+
+This installs the `codajv` command, which runs the bundled native binary
+(`pip install` automatically selects the wheel matching your OS/architecture).
+
+## 2. Using `codeanalyzer`
+
+```help
+Usage: codajv [-hvV] [--no-build] [-a=<analysisLevel>] [-b=<build>]
+              [-i=<input>] [-o=<output>] [-s=<sourceAnalysis>]
+Convert java binary into a comprehensive system dependency graph.
+  -i, --input=<input>       Path to the project root directory.
+  -s, --source-analysis=<sourceAnalysis>
+                            Analyze a single string of java source code instead
+                              the project.
+  -o, --output=<output>     Destination directory to save the output graphs. By
+                              default, the SDG formatted as a JSON will be
+                              printed to the console.
+  -b, --build-cmd=<build>   Custom build command. Defaults to auto build.
+      --no-build            Do not build your application. Use this option if
+                              you have already built your application.
+  -a, --analysis-level=<analysisLevel>
+                            Level of analysis to perform. Options: 1 (for just
+                              symbol table) or 2 (for call graph). Default: 1
+  -v, --verbose             Print logs to console.
+  -h, --help                Show this help message and exit.
+  -V, --version             Print version information and exit.
+  -t, --target-files        For each file user wants to perform source analysis on top of existing analysis.json
+
+```
+
+For example, to analyze a project and print the system dependency graph to the
+console:
+
+```sh
+codajv -i /path/to/java/project
+```
+
+Pass `-o <dir>` to save the output as JSON. Explore the other flags above to
+control the analysis level and build behavior.
+
+## LICENSE
+
+```LICENSE
+Copyright IBM Corporation 2023, 2024
+
+Licensed under the Apache Public License 2.0, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+```

pypi/codeanalyzer_java/__init__.py

@@ -0,0 +1,15 @@
+"""Python wrapper that ships and runs the codeanalyzer native binary."""
+
+from __future__ import annotations
+
+try:
+    from importlib.metadata import PackageNotFoundError, version
+
+    try:
+        __version__ = version("codeanalyzer-java")
+    except PackageNotFoundError:  # running from a source checkout
+        __version__ = "0.0.0"
+except Exception:  # pragma: no cover - importlib.metadata always present on 3.9+
+    __version__ = "0.0.0"
+
+__all__ = ["__version__"]

pypi/codeanalyzer_java/__main__.py

@@ -0,0 +1,86 @@
+"""Console entry point (``codajv``) for the bundled codeanalyzer native binary.
+
+The wheel ships a prebuilt, JVM-free GraalVM native image together with the JDK
+``.jmod`` files it needs at runtime: both WALA's primordial scope (analysis
+level 2) and the JavaParser bytecode symbol solver read the jmods straight off
+disk, so they cannot be baked into the image. This module locates those bundled
+assets, points ``CODEANALYZER_JMODS_DIR`` at the bundled jmods, and hands off to
+the native binary.
+"""
+
+from __future__ import annotations
+
+import os
+import sys
+from pathlib import Path
+
+_PKG_DIR = Path(__file__).resolve().parent
+_VENDOR = _PKG_DIR / "_vendor"
+# pypi/codeanalyzer_java/ -> pypi/ -> repo root (dev/source-checkout fallback).
+_REPO_ROOT = _PKG_DIR.parent.parent
+
+
+def _find_binary() -> Path | None:
+    candidates: list[Path] = []
+    override = os.environ.get("CODEANALYZER_NATIVE_BINARY")
+    if override:
+        candidates.append(Path(override))
+    candidates += [
+        _VENDOR / "bin" / "codeanalyzer",
+        _VENDOR / "bin" / "codeanalyzer.exe",
+        _REPO_ROOT / "build" / "native" / "nativeCompile" / "codeanalyzer",
+        _REPO_ROOT / "build" / "native" / "nativeCompile" / "codeanalyzer.exe",
+    ]
+    return next((c for c in candidates if c.is_file()), None)
+
+
+def _find_jmods() -> Path | None:
+    bundled = _VENDOR / "jmods"
+    if bundled.is_dir() and any(bundled.glob("*.jmod")):
+        return bundled
+    override = os.environ.get("CODEANALYZER_JMODS_DIR")
+    if override and Path(override).is_dir():
+        return Path(override)
+    java_home = os.environ.get("JAVA_HOME")
+    if java_home:
+        jmods = Path(java_home) / "jmods"
+        if jmods.is_dir():
+            return jmods
+    return None
+
+
+def main() -> int:
+    binary = _find_binary()
+    if binary is None:
+        sys.stderr.write(
+            "codajv: could not find a codeanalyzer native binary.\n"
+            "This usually means the installed wheel does not match your "
+            "platform/architecture, or you are running from a source checkout "
+            "without a built binary (run `./gradlew nativeCompile`).\n"
+        )
+        return 1
+
+    env = dict(os.environ)
+    jmods = _find_jmods()
+    if jmods is not None:
+        env["CODEANALYZER_JMODS_DIR"] = str(jmods)
+
+    # Wheel installation does not reliably preserve the executable bit.
+    try:
+        os.chmod(binary, binary.stat().st_mode | 0o111)
+    except OSError:
+        pass
+
+    argv = [str(binary), *sys.argv[1:]]
+    if os.name == "posix":
+        # Replace this process so signals and the exit code pass through cleanly.
+        os.execve(str(binary), argv, env)
+        return 127  # unreachable when execve succeeds
+
+    import subprocess
+
+    return subprocess.run(argv, env=env).returncode
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

pypi/hatch_build.py

@@ -0,0 +1,158 @@
+"""Local hatchling plugins for the codeanalyzer-java wheel.
+
+Two concerns live here:
+
+1. **Version lockstep.** The wheel version is read from the Java project's
+   ``gradle.properties`` so the Python package and the native binary it ships
+   can never drift apart.
+
+2. **Impure, platform-tagged wheels.** The wheel carries a prebuilt native
+   binary plus the JDK ``.jmod`` files it needs at runtime. The build hook
+   force-includes those assets, marks the wheel non-purelib, and stamps a
+   concrete ``py3-none-<platform>`` tag so pip resolves the correct artifact
+   per OS/arch instead of a universal ``py3-none-any`` wheel.
+"""
+
+from __future__ import annotations
+
+import os
+import sysconfig
+from pathlib import Path
+
+from hatchling.builders.hooks.plugin.interface import BuildHookInterface
+from hatchling.metadata.plugin.interface import MetadataHookInterface
+
+_BINARY_NAMES = ("codeanalyzer", "codeanalyzer.exe")
+
+# Bundling every JDK jmod (~104 MB) pushes the wheel over PyPI's default 100 MB
+# per-file limit, and the native binary does not compress further (~23.5 MB),
+# leaving room for ~80 MB of jmods. We therefore drop only the largest modules
+# that static type resolution never needs, keeping 79 of 83 (~90 MB wheel):
+#   - jdk.localedata          locale resource *data*, not API types
+#   - jdk.compiler            com.sun.tools.javac.* internals (annotation-
+#                             processor sources are the only mild compromise)
+#   - jdk.internal.vm.compiler  Graal compiler internals, never referenced
+#   - jdk.hotspot.agent       Serviceability Agent internals, never referenced
+# Set CODEANALYZER_BUNDLE_ALL_JMODS=1 to bundle all 83 (needs a PyPI size bump).
+_EXCLUDED_JMODS = frozenset(
+    {
+        "jdk.localedata.jmod",
+        "jdk.compiler.jmod",
+        "jdk.internal.vm.compiler.jmod",
+        "jdk.hotspot.agent.jmod",
+    }
+)
+
+
+def _bundle_all_jmods() -> bool:
+    return os.environ.get("CODEANALYZER_BUNDLE_ALL_JMODS", "").lower() in {"1", "true", "yes"}
+
+
+def _select_jmods(jmod_files: list[Path]) -> list[Path]:
+    if _bundle_all_jmods():
+        return jmod_files
+    return [jmod for jmod in jmod_files if jmod.name not in _EXCLUDED_JMODS]
+
+
+def read_gradle_version(repo_root: Path) -> str:
+    """Return the ``version=`` value from ``<repo_root>/gradle.properties``."""
+    gradle_properties = repo_root / "gradle.properties"
+    for line in gradle_properties.read_text(encoding="utf-8").splitlines():
+        line = line.strip()
+        if line.startswith("version="):
+            return line.split("=", 1)[1].strip()
+    raise RuntimeError(f"no 'version=' entry found in {gradle_properties}")
+
+
+def _wheel_platform_tag() -> str:
+    """Concrete wheel tag for the current platform, e.g. ``py3-none-linux_x86_64``.
+
+    Linux wheels are emitted with the plain ``linux_*`` platform; CI runs
+    ``auditwheel repair`` to relabel them to a manylinux/musllinux policy.
+    """
+    platform = sysconfig.get_platform().replace("-", "_").replace(".", "_")
+    return f"py3-none-{platform}"
+
+
+def _resolve_binary(repo_root: Path) -> Path:
+    override = os.environ.get("CODEANALYZER_NATIVE_BINARY")
+    if override:
+        candidate = Path(override)
+        if candidate.is_file():
+            return candidate
+        raise RuntimeError(
+            f"CODEANALYZER_NATIVE_BINARY is set to '{override}' but no file exists there."
+        )
+    native_dir = repo_root / "build" / "native" / "nativeCompile"
+    for name in _BINARY_NAMES:
+        candidate = native_dir / name
+        if candidate.is_file():
+            return candidate
+    raise RuntimeError(
+        "no prebuilt codeanalyzer native binary found for this platform/arch.\n"
+        f"Looked for {_BINARY_NAMES} under {native_dir}.\n"
+        "Build it first with `./gradlew nativeCompile`, or point "
+        "CODEANALYZER_NATIVE_BINARY at an existing binary. "
+        "codeanalyzer-java ships only prebuilt wheels; there is no from-source "
+        "build path for unsupported platforms."
+    )
+
+
+def _resolve_jmods() -> Path:
+    override = os.environ.get("CODEANALYZER_JMODS_DIR")
+    if override:
+        candidate = Path(override)
+        if candidate.is_dir():
+            return candidate
+        raise RuntimeError(
+            f"CODEANALYZER_JMODS_DIR is set to '{override}' but it is not a directory."
+        )
+    java_home = os.environ.get("JAVA_HOME")
+    if java_home:
+        candidate = Path(java_home) / "jmods"
+        if candidate.is_dir():
+            return candidate
+    raise RuntimeError(
+        "could not locate JDK .jmod files to bundle. Set CODEANALYZER_JMODS_DIR "
+        "to a directory of .jmod files, or JAVA_HOME to a JDK that has a jmods/ "
+        "directory (a JDK 9+ image, not a JRE)."
+    )
+
+
+class CustomMetadataHook(MetadataHookInterface):
+    """Inject the version read from gradle.properties."""
+
+    def update(self, metadata: dict) -> None:
+        metadata["version"] = read_gradle_version(Path(self.root).parent)
+
+
+class CustomBuildHook(BuildHookInterface):
+    """Bundle the native binary + jmods and force an impure platform wheel."""
+
+    def initialize(self, version: str, build_data: dict) -> None:
+        if self.target_name != "wheel":
+            return
+
+        repo_root = Path(self.root).parent
+        binary = _resolve_binary(repo_root)
+        jmods_dir = _resolve_jmods()
+        jmod_files = sorted(jmods_dir.glob("*.jmod"))
+        if not jmod_files:
+            raise RuntimeError(f"no .jmod files found in {jmods_dir}")
+        selected = _select_jmods(jmod_files)
+        if not selected:
+            raise RuntimeError(f"jmod selection is empty (from {jmods_dir})")
+
+        force_include = build_data["force_include"]
+        force_include[str(binary)] = f"codeanalyzer_java/_vendor/bin/{binary.name}"
+        for jmod in selected:
+            force_include[str(jmod)] = f"codeanalyzer_java/_vendor/jmods/{jmod.name}"
+
+        build_data["pure_python"] = False
+        build_data["infer_tag"] = False
+        build_data["tag"] = _wheel_platform_tag()
+
+        self.app.display_info(
+            f"codeanalyzer-java: bundling {binary.name} + {len(selected)}/"
+            f"{len(jmod_files)} jmods as {build_data['tag']}"
+        )

pypi/pyproject.toml

@@ -0,0 +1,56 @@
+[build-system]
+requires = ["hatchling"]
+build-backend = "hatchling.build"
+
+[project]
+name = "codeanalyzer-java"
+dynamic = ["version"]
+description = "Static analysis for Java, shipped as a self-contained native binary (no JVM required)."
+readme = "README.md"
+requires-python = ">=3.9"
+license = "Apache-2.0"
+authors = [{ name = "Rahul Krishna", email = "i.m.ralk@gmail.com" }]
+keywords = ["java", "static-analysis", "wala", "javaparser", "call-graph", "codeanalyzer"]
+classifiers = [
+    "Development Status :: 4 - Beta",
+    "Intended Audience :: Developers",
+    "Programming Language :: Java",
+    "Programming Language :: Python :: 3",
+    "Topic :: Software Development :: Libraries",
+    "Topic :: Software Development :: Quality Assurance",
+]
+
+[project.urls]
+Homepage = "https://github.com/codellm-devkit/codeanalyzer-java"
+Issues = "https://github.com/codellm-devkit/codeanalyzer-java/issues"
+Source = "https://github.com/codellm-devkit/codeanalyzer-java"
+
+[project.scripts]
+codajv = "codeanalyzer_java.__main__:main"
+
+# Version is read from ../gradle.properties by CustomMetadataHook so the wheel
+# stays in lockstep with the native binary.
+[tool.hatch.metadata.hooks.custom]
+path = "hatch_build.py"
+
+# Bundles the native binary + jmods and forces an impure, platform-tagged wheel.
+[tool.hatch.build.targets.wheel.hooks.custom]
+path = "hatch_build.py"
+
+[tool.hatch.build.targets.wheel]
+packages = ["codeanalyzer_java"]
+# The native binary and jmods are injected at build time via force_include in
+# hatch_build.py; nothing under _vendor/ is tracked in source control.
+exclude = ["codeanalyzer_java/_vendor"]
+
+[tool.hatch.build.targets.sdist]
+# The sdist carries only the wrapper sources. Building a wheel from it requires
+# a prebuilt native binary (CODEANALYZER_NATIVE_BINARY) and jmods; without them
+# the build hook fails with a clear message rather than silently shipping a
+# binary-less, non-functional wheel.
+include = [
+    "codeanalyzer_java",
+    "hatch_build.py",
+    "pyproject.toml",
+    "README.md",
+]