[DEVOPS-1751] Pipeline for publishing java sdk to gradle (#740)

## Type of change

<!-- (mark with an `X`) -->

```
- [ ] Bug fix
- [ ] New feature development
- [ ] Tech debt (refactoring, code cleanup, dependency upgrades, etc)
- [x] Build/deploy pipeline (DevOps)
- [ ] Other
```

## Objective

<!--Describe what the purpose of this PR is. For example: what bug
you're fixing or what new feature you're adding-->

## Code changes

<!--Explain the changes you've made to each file or major component.
This should help the reviewer understand your changes-->
<!--Also refer to any related changes or PRs in other repositories-->

- **.github/workflows/build-java.yml:** Run build on `rc` and
`hotfix-rc` and on PR. Change Publish task to package.
- **.github/workflows/publish-java.yml** Add Publish workflow
- **.github/workflows/version-bump.yml** Add Java SDK to version bump
workflow
- **languages/java/build.gradle** Change name of the package to
`sdk-secrets`. Add
`https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/` as
repository to publish.

## Before you submit

- Please add **unit tests** where it makes sense to do so

.github/workflows/build-java.yml

@@ -4,6 +4,9 @@ on:
   push:
     branches:
       - main
+      - rc
+      - hotfix-rc
+  pull_request:
   workflow_dispatch:
 
 jobs:
@@ -60,10 +63,6 @@ jobs:
           name: libbitwarden_c_files-x86_64-pc-windows-msvc
           path: languages/java/src/main/resources/win32-x86-64
 
-      - name: Publish Maven
-        uses: gradle/actions/setup-gradle@db19848a5fa7950289d3668fb053140cf3028d43 # v3.3.2
-        with:
-          arguments: publish
-          build-root-directory: languages/java
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build Maven
+        run: ./gradlew build
+        working-directory: languages/java

.github/workflows/publish-java.yml

@@ -0,0 +1,81 @@
+name: Publish Java SDK
+run-name: Publish Java SDK ${{ inputs.release_type }}
+
+on:
+  workflow_dispatch:
+    inputs:
+      release_type:
+        description: "Release Options"
+        required: true
+        default: "Release"
+        type: choice
+        options:
+          - Release
+          - Dry Run
+
+env:
+  _KEY_VAULT: "bitwarden-ci"
+
+jobs:
+  validate:
+    name: Setup
+    runs-on: ubuntu-22.04
+    outputs:
+      version: ${{ steps.version.outputs.version }}
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Branch check
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        run: |
+          if [[ "$GITHUB_REF" != "refs/heads/rc" ]] && [[ "$GITHUB_REF" != "refs/heads/hotfix-rc" ]]; then
+            echo "==================================="
+            echo "[!] Can only release from the 'rc' or 'hotfix-rc' branches"
+            echo "==================================="
+            exit 1
+          fi
+
+      - name: Get version
+        id: version
+        run: |
+          VERSION=$(cat languages/java/build.gradle | grep -Eo 'version = "[0-9]+\.[0-9]+\.[0-9]+"' | grep -Eo '[0-9]+\.[0-9]+\.[0-9]+')
+          echo "version=$VERSION" >> $GITHUB_OUTPUT
+
+  publish:
+    name: Publish
+    runs-on: ubuntu-22.04
+    needs: validate
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Azure login
+        uses: Azure/login@e15b166166a8746d1a47596803bd8c1b595455cf # v1.6.0
+        with:
+          creds: ${{ secrets.AZURE_KV_CI_SERVICE_PRINCIPAL }}
+
+      - name: Retrieve secrets
+        id: retrieve-secrets
+        uses: bitwarden/gh-actions/get-keyvault-secrets@main
+        with:
+          keyvault: ${{ env._KEY_VAULT }}
+          secrets: "maven-sonartype-ssrh-username,
+            maven-sonartype-ossrh-password"
+
+      - name: Setup java
+        uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 # v4.0.0
+        with:
+          distribution: temurin
+          java-version: 17
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+
+      - name: Publish package to GitHub Packages
+        if: ${{ inputs.release_type != 'Dry Run' }}
+        run: ./gradlew publish
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          MAVEN_USERNAME: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ssrh-username }}
+          MAVEN_PASSWORD: ${{ steps.retrieve-secrets.outputs.maven-sonartype-ossrh-password }}

.github/workflows/version-bump.yml

@@ -18,6 +18,7 @@ on:
           - go-sdk
           - dotnet-sdk
           - php-sdk
+          - java-sdk
           - cpp-sdk
       version_number:
         description: "New version (example: '2024.1.0')"
@@ -141,6 +142,12 @@ jobs:
         run: |
           sed -i 's/"version": "[0-9]\.[0-9]\.[0-9]"/"version": "${{ inputs.version_number }}"/' ./languages/php/composer.json
 
+      ### java sdk
+      - name: Bump java-sdk Version
+        if: ${{ inputs.project == 'java-sdk' }}
+        run: |
+          sed -i 's/version = "[0-9]\.[0-9]\.[0-9]"/version = "${{ inputs.version_number }}"/' ./languages/java/build.gradle
+
       ### cpp sdk
       - name: Bump C++ SDK Version
         if: ${{ inputs.project == 'cpp-sdk' }}

languages/java/build.gradle

@@ -19,14 +19,14 @@ repositories {
         api 'net.java.dev.jna:jna-platform:5.12.1'
     }
 
-    description = 'BitwardenSDK'
+    description = 'Bitwarden Secrets Manager Java SDK'
     java.sourceCompatibility = JavaVersion.VERSION_1_8
 
     publishing {
         publications {
             maven(MavenPublication) {
                 groupId = 'com.bitwarden'
-                artifactId = 'sdk'
+                artifactId = 'sdk-secrets'
 
                 // Determine the version from the git history.
                 //
@@ -35,13 +35,8 @@ repositories {
 
                 def branchName = "git branch --show-current".execute().text.trim()
 
-                if (branchName == "main") {
-                    def content = ['grep', '-o', '^version = ".*"', '../../Cargo.toml'].execute().text.trim()
-                    def match = ~/version = "(.*)"/
-                    def matcher = match.matcher(content)
-                    matcher.find()
-
-                    version = "${matcher.group(1)}-SNAPSHOT"
+                if (branchName == "main" || branchName == "rc" || branchName == "hotfix-rc") {
+                    version = "0.1.0"
                 } else {
                     // branchName-SNAPSHOT
                     version = "${branchName.replaceAll('/', '-')}-SNAPSHOT"
@@ -61,6 +56,14 @@ repositories {
                     password = System.getenv("GITHUB_TOKEN")
                 }
             }
+            maven {
+                name = "OSSRH"
+                url = "https://s01.oss.sonatype.org/service/local/staging/deploy/maven2/"
+                credentials {
+                    username = System.getenv("MAVEN_USERNAME")
+                    password = System.getenv("MAVEN_PASSWORD")
+                }
+            }
         }
     }
 }
@@ -73,6 +76,11 @@ tasks.withType(Javadoc) {
     options.encoding = 'UTF-8'
 }
 
+java {
+    withJavadocJar()
+    withSourcesJar()
+}
+
 //  Gradle build requires GitHub workflow to copy native library to resources
 //  Uncomment copyNativeLib and jar tasks to use the local build (modify architecture if needed)
 //tasks.register('copyNativeLib', Copy) {