Fix publish pipeline (#5613)

* wip

* wip

* Swap to corretto

* Try alpine

* create as root

* create as root

* Swap to root

* Hack around non-root

* revert unjammying

* revert

* now use dockerhub

* now use dockerhub

* New file

* remove comment

.github/docker/Dockerfile

@@ -0,0 +1,6 @@
+# Note that this image is used only to publish HAPI-FHIR. this is published at `smilecdr/hapi-build`
+# Start from the maven image
+FROM maven:3.9-eclipse-temurin-21-jammy
+
+# Install gpg
+RUN apt-get update && apt-get install -y gpg

snapshot-pipeline.yml

@@ -12,7 +12,7 @@ schedules:
 pr: none
 trigger: none
 
-# We'll run the process on the latest version of unbuntu because they tend to be the fastest
+# We'll run the process on the latest version of ubuntu because they tend to be the fastest
 pool:
   vmImage: 'ubuntu-latest'
 
@@ -24,7 +24,9 @@ variables:
 - group: GPG_VARIABLE_GROUP
 - group: SONATYPE_VARIABLE_GROUP
 
-container: maven:3.9-eclipse-temurin-21-jammy
+container:
+    image: smilecdr/hapi-build:latest
+
 steps:
 
   # We need a valid signing key to sign our builds for deployment to sonatype. We have uploaded
@@ -44,11 +46,8 @@ steps:
 
   # Although we have imported the key files into our workspace, GPG has no knowledge that these keys exist.
   # We use a bash script to import both the private and puablic keys into gpg for future signing.
-
   # 3. Import keys into gpg
   - bash: |
-      sudo apt update
-      sudo apt install -y gpg
       gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/public.key
       gpg --import --no-tty --batch --yes $(Agent.TempDirectory)/private.key
       gpg --list-keys --keyid-format LONG