init

.dockerignore

@@ -0,0 +1,5 @@
+.git*
+*.md
+LICENSE
+maintain/
+project*

.github/workflows/docker.yml

@@ -0,0 +1,158 @@
+name: create and publish docker image
+
+on:
+  workflow_dispatch:
+  push:
+    tags:
+      - 'v*'
+
+env:
+  DOCKER_USERNAME: 11notes
+
+jobs:
+  build-and-push-image:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      packages: write
+      security-events: write
+
+    steps:   
+      - name: init / checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+
+      - name: init / .json to env
+        uses: rgarcia-phi/json-to-variables@9835d537368468c4e4de5254dc3efeadda183793
+        with:
+          filename: '.json'
+
+      - name: init / setup environment
+        run: |
+          : # set default arch if not set
+          echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
+
+          : # create tags for semver, stable and other shenanigans
+          export LOCAL_SHA=$(git rev-parse --short HEAD)
+          export LOCAL_SEMVER_MAJOR=$(awk -F. '{ print $1 }' <<< ${json_version})
+          export LOCAL_SEMVER_MINOR=$(awk -F. '{ print $2 }' <<< ${json_version})
+          export LOCAL_SEMVER_PATCH=$(awk -F. '{ print $3 }' <<< ${json_version})
+          export LOCAL_TAGS="${json_image}:latest"
+          if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}"; fi
+          if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}"; fi
+          if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}"; fi
+          if echo "${LOCAL_TAGS}" | grep -q "${json_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:stable"; fi
+          if [ ! -z ${json_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_TAG}"; done; fi
+          LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SHA}"
+          echo "IMAGE_TAGS=${LOCAL_TAGS}" >> $GITHUB_ENV
+
+          : # if for whatever reason UID/GID must be changed at build time
+          echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV
+          echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV
+
+      - name: docker / login to hub
+        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
+        with:
+          username: ${{ env.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+
+      - name: docker / setup qemu
+        uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a
+
+      - name: docker / setup buildx
+        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
+
+      - name: grype / build & push
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
+        with:
+          context: .
+          file: arch.dockerfile
+          push: true
+          platforms: ${{ env.IMAGE_ARCH }}
+          cache-from: type=registry,ref=${{ env.json_image }}:buildcache
+          cache-to: type=registry,ref=${{ env.json_image }}:buildcache,mode=max,compression=zstd,force-compression=true
+          build-args: |
+            APP_IMAGE=${{ env.json_image }}
+            APP_NAME=${{ env.json_name }}
+            APP_VERSION=${{ env.json_version }}
+            APP_ROOT=${{ env.json_root }}
+            APP_UID=${{ env.IMAGE_UID }}
+            APP_GID=${{ env.IMAGE_GID }}
+          tags: |
+            ${{ env.json_image }}:grype
+
+      - name: grype / scan
+        id: scan
+        uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
+        with:
+          image: ${{ env.json_image }}:grype
+          severity-cutoff: high
+
+      - name: grype / delete tag
+        if: success() || failure()
+        run: |
+          curl --request DELETE \
+            --url https://hub.docker.com/v2/repositories/${{ env.json_image }}/tags/grype/ \
+            --header 'authorization: jwt ${{ secrets.DOCKER_TOKEN }}' \
+            --header 'content-type: application/json' \
+            --fail
+
+      - name: grype / report / upload
+        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
+        with:
+          sarif_file: ${{ steps.scan.outputs.sarif }}
+
+      - name: grype / report / print
+        run: cat ${{ steps.scan.outputs.sarif }}
+
+      - name: docker / build & push
+        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
+        with:
+          context: .
+          file: arch.dockerfile
+          push: true
+          sbom: true
+          provenance: mode=max
+          platforms: ${{ env.IMAGE_ARCH }}
+          cache-from: type=registry,ref=${{ env.json_image }}:buildcache
+          cache-to: type=registry,ref=${{ env.json_image }}:buildcache,mode=max,compression=zstd,force-compression=true
+          build-args: |
+            APP_IMAGE=${{ env.json_image }}
+            APP_NAME=${{ env.json_name }}
+            APP_VERSION=${{ env.json_version }}
+            APP_ROOT=${{ env.json_root }}
+            APP_UID=${{ env.IMAGE_UID }}
+            APP_GID=${{ env.IMAGE_GID }}
+          tags: |
+            ${{ env.IMAGE_TAGS }}
+
+      - name: github / create release notes
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: gh release create ${{ github.ref_name }} -F RELEASE.md
+
+      - name: github / update description and set repo defaults
+        run: |
+          curl --request PATCH \
+            --url https://api.github.com/repos/${{ github.repository }} \
+            --header 'authorization: Bearer ${{ secrets.REPOSITORY_TOKEN }}' \
+            --header 'content-type: application/json' \
+            --data '{
+              "description":"${{ env.json_description }}",
+              "homepage":"",
+              "has_issues":true,
+              "has_discussions":true,
+              "has_projects":false,
+              "has_wiki":false
+            }' \
+            --fail
+
+      - name: docker / push README.md to docker hub
+        uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
+        env:
+          DOCKER_USER: ${{ env.DOCKER_USERNAME }}
+          DOCKER_PASS: ${{ secrets.DOCKER_TOKEN }}
+        with:
+          destination_container_repo: ${{ env.json_image }}
+          provider: dockerhub
+          short_description: ${{ env.json_description }}
+          readme_file: 'README.md'

.gitignore

@@ -0,0 +1,2 @@
+maintain/
+project*

.json

@@ -0,0 +1,10 @@
+{
+  "image":"11notes/kms-gui",
+  "description":"Activate any version of Windows and Office, forever",
+  "name":"kms-gui",
+  "version":"646f476",
+  "root":"/kms",
+  
+  "stable":"646f476",
+  "parent":"11notes/alpine:stable"
+}

README.md

@@ -0,0 +1,34 @@
+![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
+
+# 🏔️ kms-gui on Alpine
+[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms-gui)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/646f476?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms-gui/646f476?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms-gui?color=7842f5">](https://github.com/11notes/docker-kms-gui/issues)
+
+**Activate any version of Windows and Office, forever**
+
+![slmgr](https://github.com/11notes/docker-kms/blob/main/slmgr.png?raw=true)
+
+# SYNOPSIS 📖
+**What can I do with this?** This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server.
+
+# ENVIRONMENT 📝
+| Parameter | Value | Default |
+| --- | --- | --- |
+| `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
+| `DEBUG` | Show debug messages from image **not** app | |
+
+# SOURCE 💾
+* [11notes/kms-gui](https://github.com/11notes/docker-kms-gui)
+
+# PARENT IMAGE 🏛️
+* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
+
+# BUILT WITH 🧰
+* [py-kms](https://github.com/Py-KMS-Organization/py-kms)
+* [alpine](https://alpinelinux.org)
+
+# TIPS 📌
+* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS with a valid certificate
+* Use Let’s Encrypt certificates to protect your SSL endpoints
+  
+# ElevenNotes™️
+This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks . You can find all my repositories on [github](https://github.com/11notes?tab=repositories).

RELEASE.md

@@ -0,0 +1,2 @@
+### 🪄 Features
+* switch to new github workflow and build process

arch.dockerfile

@@ -0,0 +1,79 @@
+# :: Util
+  FROM alpine AS util
+
+  RUN set -ex; \
+    apk --no-cache --update add \
+      git; \
+    git clone https://github.com/11notes/docker-util.git;
+
+# :: Build / redis
+  FROM python:3.12-alpine AS build
+
+  ARG TARGETARCH
+  ARG APP_VERSION
+
+  USER root
+
+  RUN set -ex; \
+    apk --update --no-cache add \
+      git; \
+    mkdir -p /opt/py-kms-gui; \
+    git clone https://github.com/Py-KMS-Organization/py-kms.git; \
+    cd /py-kms/py-kms; \
+    git checkout ${APP_VERSION}; \
+    cp -R /py-kms/py-kms/* /opt/py-kms-gui; \
+    cp -R /py-kms/docker/docker-py3-kms/requirements.txt /opt/py-kms-gui;
+
+# :: Header
+  FROM 11notes/alpine:stable
+
+  # :: arguments
+    ARG TARGETARCH
+    ARG APP_IMAGE
+    ARG APP_NAME
+    ARG APP_VERSION
+    ARG APP_ROOT
+
+  # :: environment
+    ENV APP_IMAGE=${APP_IMAGE}
+    ENV APP_NAME=${APP_NAME}
+    ENV APP_VERSION=${APP_VERSION}
+    ENV APP_ROOT=${APP_ROOT}
+
+    ENV PYKMS_SQLITE_DB_PATH=/kms/var/kms.db
+    ENV PORT=8080
+
+  # :: multi-stage
+    COPY --from=util /docker-util/src/ /usr/local/bin
+    COPY --from=build /opt/py-kms-gui/ /opt/py-kms-gui
+
+  # :: Run
+  USER root
+
+  # :: install application
+    RUN set -ex; \
+      apk --no-cache --update add \
+        python3=3.12.8-r1 \
+        py3-pip ; \
+      pip3 install --upgrade pip --break-system-packages;
+
+    RUN set -ex; \
+      mkdir -p ${APP_ROOT}/var; \
+      cd /opt/py-kms-gui; \
+      pip3 install --no-cache-dir -r /opt/py-kms-gui/requirements.txt --break-system-packages;
+
+  # :: copy filesystem changes and set correct permissions
+    COPY ./rootfs /
+    RUN set -ex; \
+      chmod +x -R /usr/local/bin; \
+      chown -R 1000:1000 \
+        ${APP_ROOT};
+
+# :: Volumes
+  VOLUME ["${APP_ROOT}/var"]
+
+# :: Monitor
+  HEALTHCHECK --interval=5s --timeout=2s CMD /usr/local/bin/healthcheck.sh || exit 1
+
+# :: Start
+  USER docker

compose.yaml

@@ -0,0 +1,24 @@
+name: "kms"
+services:
+  kms:
+    image: "11notes/kms:latest"
+    container_name: "kms"
+    environment:
+      TZ: Europe/Zurich
+    volumes:
+      - "var:/kms/var"
+    ports:
+      - "1688:1688/tcp"
+    restart: always
+  kms-gui:
+    image: "11notes/kms-gui:646f476"
+    container_name: "kms-gui"
+    environment:
+      TZ: Europe/Zurich
+    volumes:
+      - "var:/kms/var"
+    ports:
+      - "8080:8080/tcp"
+    restart: always
+volumes:
+  var:

rootfs/usr/local/bin/entrypoint.sh

@@ -0,0 +1,11 @@
+#!/bin/ash
+  if [ -z "${1}" ]; then
+    cd /opt/py-kms-gui
+    ls -lah
+    set -- "gunicorn" \
+      --log-level INFO \
+      pykms_WebUI:app
+    eleven log start
+  fi
+
+  exec "$@"

rootfs/usr/local/bin/healthcheck.sh

@@ -0,0 +1,2 @@
+#!/bin/ash
+  netstat -an | grep -q ${KMS_PORT}