build: migration to java 11 runtime for better performance and memory usage

CONTRIBUTING.md

@@ -6,12 +6,14 @@ We like to stay up-to-date with the latest version of the Frank!Framework to get
 
 Execute the following steps when bumping the Frank!Framework version:
 1. Look up the latest framework snapshot build on [DockerHub - Frank!Framework](https://hub.docker.com/r/wearefrank/frank-framework/tags). The format of the tag should be: `<major>.<minor>-<date>.<build>`. For example: 7.9-20230907.223421.
-2. Replace the tag in the `Dockerfile` with the new tag.
-3. Replace the tag in `frank-runner.properties` with the new tag.
-4. Start ZaakBrug with the `Frank!Runner` to automatically replace the `./src/main/configuration/<configuration-name>/FrankConfig.xsd` and `./src/main/configuration/FrankConfig.xsd` with the newer version. You can stop the Frank!Runner once the files are replaced. Note that currently the Frank!Runner will also add `FrankConfig.xsd` to the `.gitignore` file. Make sure to revert the change to `.gitignore`.
-5. Check [GitHub - Frank!Framework - Parameter.java commit history](https://github.com/ibissource/iaf/commits/master/core/src/main/java/nl/nn/adapterframework/parameters/Parameter.java) for any changes to this class. If there are indeed changes, update the corresponding file under `./src/main/java/nl/nn/adapterframework/...`. The `.java-orig` file content should be 1 on 1 equal to the new version on GitHub. Take care to not accidentally remove the intended customization of the code in the `.java` file.
-6. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd).
-7. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to <new tag>`. Create a PR to have you changes merged to master.
+2. Replace the value of `FF_VERSION` in the `Dockerfile` with the new tag.
+3. Replace the value of `FF_VERSION` in the `Dockerfile.java8` with the new tag.
+4. Replace the default value for `FF_VERSION` under `services.zaakbrug.build.args` in `docker-compose.zaakbrug.dev.yml` with the new tag. NOTE: Watch out to not replace the '-' in front of the tag: ${FF_VERSION:-<new tag>}
+5. Replace the value of `ff.version` in `frank-runner.properties` with the new tag.
+6. Start ZaakBrug with the `Frank!Runner` to automatically replace the `./src/main/configuration/<configuration-name>/FrankConfig.xsd` and `./src/main/configuration/FrankConfig.xsd` with the newer version. You can stop the Frank!Runner once the files are replaced. Note that currently the Frank!Runner will also add `FrankConfig.xsd` to the `.gitignore` file. Make sure to revert the change to `.gitignore`.
+7. Check [GitHub - Frank!Framework - Parameter.java commit history](https://github.com/ibissource/iaf/commits/master/core/src/main/java/nl/nn/adapterframework/parameters/Parameter.java) for any changes to this class. If there are indeed changes, update the corresponding file under `./src/main/java/nl/nn/adapterframework/...`. The `.java-orig` file content should be 1 on 1 equal to the new version on GitHub. Take care to not accidentally remove the intended customization of the code in the `.java` file.
+8. Run the e2e testsuite by using the below Docker-Compose and configuration to validate the changes. You should only need `docker-compose -f ./docker-compose.zaakbrug.dev.yml -f ./docker-compose.openzaak.dev.yml up --build --force-recreate` for this. (TODO: Automate running of e2e tests in ci/cd).
+9. Commit you changes on a branch with as message: `build(dependencies): bump f!f version to <new tag>`. Create a PR to have you changes merged to master.
 
 # Docker-compose
 The docker-compose development environment is designed to be flexible and composable. This prevents the need for developers to run the entire stack eventhough their work requires only a small part of the stack. For this we make use of a docker-compose feature that merges a given array of docker-compose files together. Simply provide a `-f ./docker-compose.<application>.yml` argument for each docker-compose file you wish to include in the `docker-compose up`command.

Dockerfile

@@ -1,8 +1,41 @@
 # Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md.
 # Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly
+ARG FF_VERSION=7.9-20230905.223421
+ARG GID=1000
+ARG UID=1000
 
-# Before bumping make sure https://github.com/ibissource/iaf/issues/5356 is resolved or stuurgegevens-refactor PR is merged.
-FROM docker.io/wearefrank/frank-framework:7.9-20230905.223421
+FROM tomcat:8-jre11-temurin-jammy AS base
+
+ARG FF_VERSION
+ARG GID
+ARG UID
+
+# Secure files (CIS-DI-0008)
+RUN chmod -R 751 /usr/bin /usr/sbin
+
+# Create folder and user, and set file permissions
+RUN set -eux && \
+	# Create default directory for configurations, properties and credential filesystem
+	mkdir -p /opt/frank/secrets && \
+	# Create tomcat user for stepping down from root
+	groupadd -g ${GID} tomcat && \
+	useradd -u ${UID} -g tomcat -s /usr/sbin/nologin -l tomcat && \
+	# Change permissions and ownership of files
+	chown -hR tomcat:tomcat ${CATALINA_HOME} && \
+	chown -hR tomcat:tomcat /opt/frank
+
+# All previous actions are performed as root. Run following instructions and start container as tomcat.
+USER tomcat
+
+# Needed to created a valid "from" image when using ARG variable
+# COPY "--from=docker.io/wearefrank/frank-framework:${FF_VERSION}" doesn't work
+FROM docker.io/wearefrank/frank-framework:${FF_VERSION} AS ff-builder
+FROM base AS ff-base
+
+# Copy environment configuration
+COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/conf/catalina.properties /usr/local/tomcat/conf/catalina.properties
+COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/lib/ /usr/local/tomcat/lib/
+COPY --from=ff-builder --chown=tomcat /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT
 
 # TempFix TODO: Move this to the credentialprovider.properties
 ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory
@@ -21,14 +54,22 @@ COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/
 COPY --chown=tomcat src/main/resources/ /opt/frank/resources/
 COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/
 
-# Compile custom class, this should be changed to a buildstep in the future
-COPY --chown=tomcat src/main/java /tmp/java
-RUN javac \
+# Compile custom class
+FROM eclipse-temurin:8-jdk-jammy AS custom-code-builder
+
+COPY --from=ff-base /usr/local/tomcat/lib/ /usr/local/tomcat/lib/
+COPY --from=ff-base /usr/local/tomcat/webapps/ROOT /usr/local/tomcat/webapps/ROOT
+
+COPY src/main/java /tmp/java
+RUN mkdir /tmp/classes \
+      && javac \
       /tmp/java/nl/nn/adapterframework/parameters/Parameter.java \
       -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \
-      -verbose -d /usr/local/tomcat/webapps/ROOT/WEB-INF/classes
-RUN rm -rf /tmp/java
+      -verbose -d /tmp/classes 
+
+FROM ff-base AS final
+
+COPY --from=custom-code-builder --chown=tomcat /tmp/classes/ /usr/local/tomcat/webapps/ROOT/WEB-INF/classes
 
-# The part after "||" is to make sure the response of the health-endpoint call is included in the logs, for debugging purposes.
 HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \
   CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1)

Dockerfile.java8

@@ -0,0 +1,34 @@
+# Keep in sync with version in frank-runner.properties. Detailed instructions can be found in CONTRIBUTING.md.
+# Check whether java-orig files have changed in F!F and update custom code (java and java-orig files) accordingly
+ARG FF_VERSION=7.9-20230905.223421
+
+FROM docker.io/wearefrank/frank-framework:${FF_VERSION}
+
+# TempFix TODO: Move this to the credentialprovider.properties
+ENV credentialFactory.class=nl.nn.credentialprovider.PropertyFileCredentialFactory
+ENV credentialFactory.map.properties=/opt/frank/resources/credentials.properties
+ENV zaakbrug.zds.timezone=UTC
+
+# Copy dependencies
+COPY --chown=tomcat lib/server/ /usr/local/tomcat/lib/
+COPY --chown=tomcat lib/webapp/ /usr/local/tomcat/webapps/ROOT/WEB-INF/lib/
+
+# When deploying the "context.xml" should be copied to /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml
+COPY --chown=tomcat src/main/webapp/META-INF/context.xml /usr/local/tomcat/conf/Catalina/localhost/ROOT.xml
+
+# Copy Frank!
+COPY --chown=tomcat src/main/configurations/ /opt/frank/configurations/
+COPY --chown=tomcat src/main/resources/ /opt/frank/resources/
+COPY --chown=tomcat src/test/testtool/ /opt/frank/testtool/
+
+# Compile custom class, this should be changed to a buildstep in the future
+COPY --chown=tomcat src/main/java /tmp/java
+RUN javac \
+      /tmp/java/nl/nn/adapterframework/parameters/Parameter.java \
+      -classpath "/usr/local/tomcat/webapps/ROOT/WEB-INF/lib/*:/usr/local/tomcat/lib/*" \
+      -verbose -d /usr/local/tomcat/webapps/ROOT/WEB-INF/classes
+RUN rm -rf /tmp/java
+
+# The part after "||" is to make sure the response of the health-endpoint call is included in the logs, for debugging purposes.
+HEALTHCHECK --interval=15s --timeout=5s --start-period=30s --retries=60 \
+  CMD curl --fail --silent http://localhost:8080/iaf/api/server/health || (curl --silent http://localhost:8080/iaf/api/server/health && exit 1)

docker-compose.zaakbrug.dev.perf-tests.yml

@@ -2,9 +2,7 @@ version: '3.8'
 
 services:
   zaakbrug:
-    build:
-      context: .
-      dockerfile: ./Dockerfile.java11
+    build: .
     environment:
       - zaakbrug.zgw.zaken-api.timeout=120000
       - zaakbrug.zgw.catalogi-api.timeout=120000

docker-compose.zaakbrug.dev.yml

@@ -14,7 +14,10 @@ services:
       - zaakbrug
 
   zaakbrug:
-    build: .
+    build:
+      context: .
+      args:
+        FF_VERSION: ${FF_VERSION:-7.9-20230905.223421}
     image: wearefrank/zaakbrug:latest
     container_name: zaakbrug.dev
     environment:

src/main/resources/DeploymentSpecifics.properties

@@ -18,22 +18,25 @@ configurations.names=Translate
 classloader.type=DirectoryClassLoader
 ibistesttool.custom=Custom
 
+#large files
+soap.bus.org.apache.cxf.stax.maxTextLength=1000000000
+
 zaakbrug.zgw.zaken-api.root-url=http://localhost:8000/zaken/api/v1/
-zaakbrug.zgw.zaken-api.timeout=20000
+zaakbrug.zgw.zaken-api.timeout=60000
 # Options: 'jwt', 'basic', 'value'. 'value' uses the password field of the given authAlias as Authorization header
 zaakbrug.zgw.zaken-api.auth-type=jwt
 # reference to an auth alias configured in credentials.properties
 zaakbrug.zgw.zaken-api.auth-alias=zaken-api.jwt
 zaakbrug.zgw.catalogi-api.root-url=http://localhost:8000/catalogi/api/v1/
-zaakbrug.zgw.catalogi-api.timeout=20000
+zaakbrug.zgw.catalogi-api.timeout=60000
 zaakbrug.zgw.catalogi-api.auth-type=jwt
 zaakbrug.zgw.catalogi-api.auth-alias=zaken-api.jwt
 zaakbrug.zgw.documenten-api.root-url=http://localhost:8000/documenten/api/v1/
-zaakbrug.zgw.documenten-api.timeout=20000
+zaakbrug.zgw.documenten-api.timeout=60000
 zaakbrug.zgw.documenten-api.auth-type=jwt
 zaakbrug.zgw.documenten-api.auth-alias=zaken-api.jwt
 zaakbrug.zgw.besluiten-api.root-url=http://localhost:8000/besluiten/api/v1/
-zaakbrug.zgw.besluiten-api.timeout=20000
+zaakbrug.zgw.besluiten-api.timeout=60000
 zaakbrug.zgw.besluiten-api.auth-type=jwt
 zaakbrug.zgw.besluiten-api.auth-alias=zaken-api.jwt