Publish packages to public feeds (#596)

* Add Dockerfile-based devcontainer
* Use revision and changelist properties instead of version
* Configure project for publication in Azure Artifacts and Maven Central

Update build workflow:
- Refactor version script into a step directly in the workflow
- Update version format to use a trunk or stable identifier
- Add new servers
- Use Maven profiles
- Separate build dispatch into a separate job
- Delete ProcessCommit workflow

Co-authored-by: Ana Berta <31777352+anaiberta@users.noreply.github.com>

Author: jechague

.devcontainer/Dockerfile

@@ -0,0 +1,51 @@
+ARG VARIANT=
+FROM openjdk:${VARIANT}
+
+LABEL vendor="GeneXus Labs"
+USER root
+
+# Set timezone
+ENV TZ=America/Montevideo
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# Install dependencies
+RUN apt-get update \
+    && apt-get install -y \
+        curl \
+        git \
+        git-lfs \
+        maven \
+        sudo \
+        tar \
+        zip \
+        gnupg2 \
+        -o APT::Immediate-Configure=0 \
+    && apt-get clean \
+    && rm -fr /var/lib/apt/lists/* /tmp/* /var/tmp/*
+
+#Set Github user
+RUN useradd -m github \
+    && usermod -aG sudo github \
+    && echo "%sudo ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers
+
+USER github
+WORKDIR /home/github
+
+# Enable Git LFS
+RUN git lfs install
+
+# Install updated cacerts
+# Build a new Java cacerts using CAs trusted by Mozilla
+RUN cd /tmp \
+    && curl -OL https://hg.mozilla.org/mozilla-central/raw-file/tip/security/nss/lib/ckfw/builtins/certdata.txt \
+    && curl -OL https://raw.githubusercontent.com/curl/curl/master/scripts/mk-ca-bundle.pl \
+    && curl -OL https://github.com/use-sparingly/keyutil/releases/download/0.4.0/keyutil-0.4.0.jar \
+    && perl mk-ca-bundle.pl -n > ca-bundle.crt \
+    && java -jar keyutil-0.4.0.jar --import --new-keystore cacerts-mozilla --password changeit --force-new-overwrite --import-pem-file ca-bundle.crt \
+    && sudo cp cacerts-mozilla ${JAVA_HOME}/lib/security/cacerts \
+    && rm -r /tmp/*
+
+# Copy Maven settings
+COPY --chown=github:github settings.xml /tmp/settings.xml
+RUN mkdir -p /home/github/.m2/  \
+    && mv /tmp/settings.xml /home/github/.m2/

.devcontainer/devcontainer.json

@@ -0,0 +1,34 @@
+{
+	"name": "OpenJDK for compiling GeneXus's Java Classes",
+    
+	"build": {
+		"dockerfile": "Dockerfile",
+		// Update 'VARIANT' to pick a different OpenJDK container
+		"args": { 
+			//"VARIANT": "9.0.4-12-jdk-slim"
+			//"VARIANT": "11.0.14-jdk-slim"
+			"VARIANT": "17.0-jdk-slim"
+		},
+	},
+
+    "runArgs": [
+        "--env-file", "${localWorkspaceFolder}/.devcontainer/.env"
+    ],
+
+	// Set *default* container specific settings.json values on container create.
+	"settings": { 
+		"terminal.integrated.shell.linux": "/bin/bash"
+	},
+
+	/*"mounts": [
+    	"source=<LOCAL_PATH>,target=${containerWorkspaceFolder}/<LOCAL_PATH>,type=volume"
+	],*/
+	
+	// Use 'postCreateCommand' to run commands after the container is created.
+	// "postCreateCommand": "",
+
+	// Comment out connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+	"remoteUser": "github",
+
+	"shutdownAction": "stopContainer",
+}

.devcontainer/settings.xml

@@ -0,0 +1,26 @@
+<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/SETTINGS/1.0.0 https://maven.apache.org/xsd/settings-1.0.0.xsd">
+    <profiles>
+        <profile>
+            <id>private-repo-github</id>
+            <repositories>
+               <repository>
+                  <id>private-maven-on-github</id>
+                  <url>https://maven.pkg.github.com/genexuslabs/*</url>
+	        </repository>
+	    </repositories>
+        </profile>
+    </profiles>
+
+    <servers>
+        <server>
+            <id>private-maven-on-github</id>
+            <username>${env.GITHUB_USERNAME}</username>
+            <password>${env.GITHUB_TOKEN}</password>
+        </server>
+    </servers>
+
+    <activeProfiles>
+        <activeProfile>private-repo-github</activeProfile>
+    </activeProfiles>
+</settings>

.github/updatePOMVersion.sh

@@ -20,10 +20,15 @@ jobs:
       GIT_REF: ${{ github.ref }}
       GIT_SHA: ${{ github.sha }}
       POM_PATH: ./pom.xml
-      VERSION_SCRIPT: ./github/updatePOMVersion.sh
 
     runs-on: ubuntu-latest
 
+    outputs:
+      MAVEN_VERSION: ${{ steps.buildVariables.outputs.MAVEN_VERSION }}
+      LAST_COMMITTER: ${{ steps.buildVariables.outputs.LAST_COMMITTER }}
+      COMMIT_MESSAGE: ${{ steps.buildVariables.outputs.COMMIT_MESSAGE }}
+      SHOULD_DEPLOY: ${{ steps.buildVariables.outputs.SHOULD_DEPLOY }}
+
     steps:
     - name: Checkout
       uses: actions/checkout@v2
@@ -34,52 +39,161 @@ jobs:
       uses: actions/setup-java@v1.4.3
       with:
         java-version: 1.9
+        gpg-private-key: ${{ secrets.MAVEN_GPG_BUILDER_PRIVATE_KEY }}
+        gpg-passphrase: MAVEN_GPG_PASSPHRASE
 
     - name: Setup Maven settings
       uses: whelk-io/maven-settings-xml-action@v14
       with:
-        repositories: '[{ "id": "github-genexuslabs", "url": "https://maven.pkg.github.com/genexuslabs/Private-Maven-for-GX",  "releases": { "enabled": "true" }, "snapshots": { "enabled": "true" } }]'
-        servers: '[{ "id": "github-genexuslabs", "username": "genexusbot", "password": "${{ secrets.SECURE_TOKEN }}" }]'
+        repositories: '[{ "id": "github-genexuslabs", "url": "https://maven.pkg.github.com/genexuslabs/*",  "releases": { "enabled": "true" }, "snapshots": { "enabled": "true" } }]'
+        servers: '[
+          { "id": "github-genexuslabs", "username": "genexusbot", "password": "${{ secrets.SECURE_TOKEN }}" },
+          { "id": "azure-devops", "username": "genexuslabs", "password": "${env.AZURE_ARTIFACTS_TOKEN}" },
+          { "id": "ossrh", "username": "${env.MAVEN_USERNAME}", "password": "${env.MAVEN_PASSWORD}" },
+          { "id": "gpg.passphrase", "passphrase": "${env.MAVEN_GPG_PASSPHRASE}" }
+        ]'
 
     - name: Calculate build variables
       id: buildVariables
       run: |
-        if ! [[ "$GIT_REF" =~ 'release-.+$' ]]; then
-          CommitNumber=$(git rev-list --count HEAD)
-        else
-          CommitNumber=$(git rev-list --count origin/master..)
-        fi
-
         LastCommitter=$(git log -1 --pretty=format:%an)
         CommitMessage=$(git log -1 --pretty=%B)
 
-        echo "::set-output name=CommitNumber::$CommitNumber"
-        echo "::set-output name=LastCommitter::$LastCommitter"
-        echo "::set-output name=CommitMessage::$CommitMessage"
+        echo "::set-output name=LAST_COMMITTER::$LastCommitter"
+        echo "::set-output name=COMMIT_MESSAGE::$CommitMessage"
 
-    - name: Update POM version
-      id: POMVersion
-      run: |
-        script="$VERSION_SCRIPT"
-        if [ -f "$script" ]; then
-          echo "Executing version script at: $script"
-          sh "$script"
+        currentVersion="$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)"
+        semVerComponents=( ${currentVersion//-/ } )
+        semVerComponents=${semVerComponents[0]}
+        semVerComponents=( ${semVerComponents//./ } )
+            
+        pomMajorNumber=${semVerComponents[0]}
+        pomMinorNumber=${semVerComponents[1]}
+
+        [[ $(git branch --show-current) ]] && branch="$(git symbolic-ref --short HEAD)" || branch=“DETACHED_HEAD“
+        timestamp=$(date --utc +%Y%m%d%H%M%S)
+
+        SHOULD_DEPLOY='false'
+        SHOULD_DEPLOY_MAVEN_CENTRAL='false'
+        
+        case "$branch" in
+          master)
+            echo "## Is MASTER branch"
+
+            versionChangelist="-stable.$timestamp-SNAPSHOT"
+            SHOULD_DEPLOY='true'
+            ;;
+
+          beta)
+            echo "## Is BETA branch, add +100 to major number"
+
+            pomMajorNumber=$(expr $pomMajorNumber + 100)
+            
+            versionChangelist="-trunk.$timestamp-SNAPSHOT"
+            SHOULD_DEPLOY='true'
+            ;;
+
+          beta-corona)
+            echo "## Is BETA-CORONA branch, use fixed version"
+                
+            pomMajorNumber="116"
+            pomMinorNumber="0"
+            pomPatchNumber="$(git rev-list --count origin/master..)"
+            
+            SHOULD_DEPLOY='true'
+            ;;
+
+          release-*)
+            echo "## Is RELEASE/UPGRADE branch, use pom.xml version modifing patch number"
+
+            pomPatchNumber="$(git rev-list --count origin/master..)"
+
+            SHOULD_DEPLOY='true'
+            SHOULD_DEPLOY_MAVEN_CENTRAL='true'
+            ;;
+
+          *)
+            echo "## Is a feature branch, use pom.xml version as is"
+            ;;
+        esac
+
+        if [ -z "$pomPatchNumber" ]; then
+          newVersion="$pomMajorNumber.$pomMinorNumber"
         else
-          echo 'No version script specified. Will generate packages with the version on the POM file'
+          newVersion="$pomMajorNumber.$pomMinorNumber.$pomPatchNumber"
         fi
 
-        finalPOMVersion=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout --file $POM_PATH)
-        echo "Project version: $finalPOMVersion"
-        echo "::set-output name=finalPOMVersion::$finalPOMVersion"
+        # Add current commit's SHA to pom.xml
+        GIT_HASH=$(git rev-parse HEAD)
+        scmversion="<vcm_hash>$GIT_HASH</vcm_hash>"
+        scmv=$(echo $scmversion | sed 's/\//\\\//g')
+        sed -i "/<\/properties>/ s/.*/        ${scmv}\n&/" pom.xml
+
+        echo "Project version: $newVersion"
+        echo "Version changelist: $versionChangelist"
+
+        MAVEN_VERSION="$newVersion$versionChangelist"
+        echo "Full project version: $MAVEN_VERSION"
+        
+        echo "::set-output name=newVersion::$newVersion"
+        echo "::set-output name=versionChangelist::$versionChangelist"
+        echo "::set-output name=MAVEN_VERSION::$MAVEN_VERSION"
+        echo "::set-output name=SHOULD_DEPLOY::$SHOULD_DEPLOY"
+        echo "::set-output name=SHOULD_DEPLOY_MAVEN_CENTRAL::$SHOULD_DEPLOY_MAVEN_CENTRAL"
 
     - name: Validate build
-      run: mvn -B validate --file $POM_PATH
+      run: mvn -B validate -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} --file $POM_PATH -P ci-cd
 
     - name: Build
-      run: mvn -B compile --file $POM_PATH
+      run: mvn -B compile -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} --file $POM_PATH -P ci-cd
 
     - name: Test
-      run: mvn -B test --file $POM_PATH
+      run: mvn -B test -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} --file $POM_PATH -P ci-cd
 
     - name: Package
-      run: mvn -B package --file $POM_PATH
+      run: mvn -B -DskipTests package -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} --file $POM_PATH -P ci-cd
+
+    - name: Deploy to Azure Artifacts
+      if: steps.buildVariables.outputs.SHOULD_DEPLOY == 'true'
+      run: mvn -B -DskipTests deploy -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} -DdeployAtEnd=true --file "$POM_PATH" -P ci-cd -P deploy-to-azure
+      env:
+        AZURE_ARTIFACTS_TOKEN: ${{ secrets.AZURE_ARTIFACTS_TOKEN }}
+        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_BUILDER_PASSPHRASE }}
+
+    - name: Deploy to Maven Central
+      if: steps.buildVariables.outputs.SHOULD_DEPLOY_MAVEN_CENTRAL == 'true'
+      run: mvn -B -DskipTests deploy -Drevision=${{ steps.buildVariables.outputs.newVersion }} -Dchangelist=${{ steps.buildVariables.outputs.versionChangelist }} -Dsha1=${{ github.sha }} -DdeployAtEnd=true --file "$POM_PATH" -P ci-cd -P deploy-to-maven-central
+      env:
+        MAVEN_USERNAME: ${{ secrets.MAVEN_OSSRH_USERNAME }}
+        MAVEN_PASSWORD: ${{ secrets.MAVEN_OSSRH_TOKEN }}
+        MAVEN_GPG_PASSPHRASE: ${{ secrets.MAVEN_GPG_BUILDER_PASSPHRASE }}
+
+  dispatch-build:
+    name: Dispatch build result
+    needs: build
+    if: github.repository_owner == 'GeneXusLabs' && needs.build.outputs.SHOULD_DEPLOY == 'true'
+    
+    runs-on: ubuntu-latest
+
+    concurrency: 
+      group: build-${{ github.ref }}
+      cancel-in-progress: true
+
+    steps:
+      - name: Checkout action
+        uses: actions/checkout@v2
+        with:
+            repository: genexuslabs/dispatch-build-result
+            ref: releases/v2
+            token: ${{ secrets.SECURE_TOKEN }}
+            path: ./tmp/.github/actions/dispatch-build-result
+
+      - name: Dispatch build result
+        uses: ./tmp/.github/actions/dispatch-build-result
+        with:
+          component-name: ${{ github.event.inputs.repository }}
+          branch-ref: ${{ env.GIT_REF }}
+          new-version: ${{ needs.build.outputs.MAVEN_VERSION }}
+          committer: ${{ needs.build.outputs.LAST_COMMITTER }}
+          commit-message: ${{ needs.build.outputs.COMMIT_MESSAGE }}
+          token: ${{ secrets.SECURE_TOKEN }}