new .json format

.gitattributes

@@ -1,2 +1 @@
-# Auto detect text files and perform LF normalization
 * text=auto

.github/workflows/docker.yml

@@ -2,16 +2,37 @@ name: create and publish docker image
 
 on:
   workflow_dispatch:
+    inputs:
+      release:
+        description: 'set WORKFLOW_GITHUB_RELEASE'
+        required: false
+        default: 'false'
+      image:
+        description: 'set IMAGE'
+        required: false
+      uid:
+        description: 'set IMAGE_UID'
+        required: false
+      gid:
+        description: 'set IMAGE_GID'
+        required: false
+      semverprefix:
+        description: 'prefix for semver tags'
+        required: false
+      semversuffix:
+        description: 'suffix for semver tags'
+        required: false
+      dispatch:
+        description: 'run dispatch at end'
+        required: false
+        default: 'false'
   push:
     tags:
       - 'v*'
 
-env:
-  DOCKER_USERNAME: 11notes
-
 jobs:
   build-and-push-image:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     permissions:
       contents: write
       packages: write
@@ -21,6 +42,14 @@ jobs:
       - name: init / checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
 
+      - name: init / inputs to env
+        if: github.event_name == 'workflow_dispatch'
+        run: |
+          cat << 'EOF' > .inputs
+          ${{ toJSON(github.event.inputs) }}
+          EOF
+          for KEY in $(cat .inputs | jq --raw-output 'keys[]' | tr '\n' ' '); do echo "input_$(echo ${KEY} | tr '[:upper:]' '[:lower:]')=$(cat .inputs | jq --raw-output '.'${KEY}'')" >> $GITHUB_ENV; done
+
       - name: init / .json to env
         uses: rgarcia-phi/json-to-variables@9835d537368468c4e4de5254dc3efeadda183793
         with:
@@ -28,31 +57,43 @@ jobs:
 
       - name: init / setup environment
         run: |
-          : # set default arch if not set
+          : # set image
+          LOCAL_IMAGE=${json_image}
+          if [ ! -z ${input_image} ]; then LOCAL_IMAGE=${input_image}; fi
+          echo "IMAGE=${LOCAL_IMAGE}" >> $GITHUB_ENV
+
+          : # set defaults
           echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
+          echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
+          echo "WORKFLOW_GITHUB_RELEASE=${input_release:-true}" >> $GITHUB_ENV;
+          echo "WORKFLOW_DISPATCH=${input_dispatch:-true}" >> $GITHUB_ENV;
 
           : # create tags for semver, stable and other shenanigans
-          export LOCAL_SHA=$(git rev-parse --short HEAD)
+          LOCAL_SHA=$(git rev-parse --short HEAD)
-          export LOCAL_SEMVER_MAJOR=$(awk -F. '{ print $1 }' <<< ${json_version})
+          LOCAL_SEMVER_MAJOR=$(awk -F. '{ print $1 }' <<< ${json_semver_version})
-          export LOCAL_SEMVER_MINOR=$(awk -F. '{ print $2 }' <<< ${json_version})
+          LOCAL_SEMVER_MINOR=$(awk -F. '{ print $2 }' <<< ${json_semver_version})
-          export LOCAL_SEMVER_PATCH=$(awk -F. '{ print $3 }' <<< ${json_version})
+          LOCAL_SEMVER_PATCH=$(awk -F. '{ print $3 }' <<< ${json_semver_version})
-          export LOCAL_TAGS="${json_image}:latest"
+          LOCAL_SEMVER_PREFIX=""
-          if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}"; fi
+          LOCAL_SEMVER_SUFFIX=""
-          if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}"; fi
+          LOCAL_TAGS="${LOCAL_IMAGE}:${LOCAL_SHA}"
-          if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}"; fi
+          if [ ! -z ${input_semverprefix} ]; then LOCAL_SEMVER_PREFIX="${input_semverprefix}-"; fi
-          if echo "${LOCAL_TAGS}" | grep -q "${json_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${json_image}:stable"; fi
+          if [ ! -z ${input_semversuffix} ]; then LOCAL_SEMVER_SUFFIX="-${input_semversuffix}"; fi
-          if [ ! -z ${json_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_TAG}"; done; fi
+          if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}${LOCAL_SEMVER_SUFFIX}"; fi
-          LOCAL_TAGS="${LOCAL_TAGS},${json_image}:${LOCAL_SHA}"
+          if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}${LOCAL_SEMVER_SUFFIX}"; fi
+          if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}${LOCAL_SEMVER_SUFFIX}"; fi
+          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:stable"; fi
+          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_latest}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:latest"; fi
+          if [ ! -z ${json_semver_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_semver_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_semver_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_TAG}"; done; fi
           echo "IMAGE_TAGS=${LOCAL_TAGS}" >> $GITHUB_ENV
 
           : # if for whatever reason UID/GID must be changed at build time
-          echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV
+          if [ ! -z ${input_uid} ]; then echo "IMAGE_UID=${input_uid}" >> $GITHUB_ENV; else echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV; fi
-          echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV
+          if [ ! -z ${input_gid} ]; then echo "IMAGE_GID=${input_gid}" >> $GITHUB_ENV; else echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV; fi
 
       - name: docker / login to hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
-          username: ${{ env.DOCKER_USERNAME }}
+          username: 11notes
           password: ${{ secrets.DOCKER_TOKEN }}
 
       - name: docker / setup qemu
@@ -68,31 +109,41 @@ jobs:
           file: arch.dockerfile
           push: true
           platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.json_image }}:buildcache
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.json_image }}:buildcache,mode=max,compression=zstd,force-compression=true
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,compression=zstd,force-compression=true
           build-args: |
-            APP_IMAGE=${{ env.json_image }}
+            APP_IMAGE=${{ env.IMAGE }}
             APP_NAME=${{ env.json_name }}
-            APP_VERSION=${{ env.json_version }}
+            APP_VERSION=${{ env.json_semver_version }}
             APP_ROOT=${{ env.json_root }}
             APP_UID=${{ env.IMAGE_UID }}
             APP_GID=${{ env.IMAGE_GID }}
             NO_CACHE=$(date +%s)
           tags: |
-            ${{ env.json_image }}:grype
+            ${{ env.IMAGE }}:grype
 
       - name: grype / scan
         id: scan
         uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
         with:
-          image: ${{ env.json_image }}:grype
+          image: ${{ env.IMAGE }}:grype
-          severity-cutoff: high
+          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+
+      - name: grype / report / print
+        if: success() || failure()
+        run: cat ${{ steps.scan.outputs.sarif }}
+
+      - name: grype / report / annotation
+        if: success() || failure()
+        uses: Miragon/sarif-report-parse@f8bcc5ece9c2b9a786ff4e7392cca2bb72ae8b4b
+        with:
+          sarif-file: ${{ steps.scan.outputs.sarif }}
 
       - name: grype / delete tag
         if: success() || failure()
         run: |
           curl --request DELETE \
-            --url https://hub.docker.com/v2/repositories/${{ env.json_image }}/tags/grype/ \
+            --url https://hub.docker.com/v2/repositories/${{ env.IMAGE }}/tags/grype/ \
             --header 'authorization: jwt ${{ secrets.DOCKER_TOKEN }}' \
             --header 'content-type: application/json' \
             --fail
@@ -102,9 +153,6 @@ jobs:
         with:
           sarif_file: ${{ steps.scan.outputs.sarif }}
 
-      - name: grype / report / print
-        run: cat ${{ steps.scan.outputs.sarif }}
-
       - name: docker / build & push
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
         with:
@@ -114,12 +162,12 @@ jobs:
           sbom: true
           provenance: mode=max
           platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.json_image }}:buildcache
+          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.json_image }}:buildcache,mode=max,compression=zstd,force-compression=true
+          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,compression=zstd,force-compression=true
           build-args: |
-            APP_IMAGE=${{ env.json_image }}
+            APP_IMAGE=${{ env.IMAGE }}
             APP_NAME=${{ env.json_name }}
-            APP_VERSION=${{ env.json_version }}
+            APP_VERSION=${{ env.json_semver_version }}
             APP_ROOT=${{ env.json_root }}
             APP_UID=${{ env.IMAGE_UID }}
             APP_GID=${{ env.IMAGE_GID }}
@@ -128,9 +176,11 @@ jobs:
             ${{ env.IMAGE_TAGS }}
 
       - name: github / create release notes
+        if: env.WORKFLOW_GITHUB_RELEASE == 'true' && hashFiles('RELEASE.md') != ''
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        run: gh release create ${{ github.ref_name }} -F RELEASE.md
+        run: |
+          gh release create ${{ github.ref_name }} -F RELEASE.md
 
       - name: github / update description and set repo defaults
         run: |
@@ -139,7 +189,7 @@ jobs:
             --header 'authorization: Bearer ${{ secrets.REPOSITORY_TOKEN }}' \
             --header 'content-type: application/json' \
             --data '{
-              "description":"${{ env.json_description }}",
+              "description":"${{ env.json_readme_description }}",
               "homepage":"",
               "has_issues":true,
               "has_discussions":true,
@@ -149,12 +199,20 @@ jobs:
             --fail
 
       - name: docker / push README.md to docker hub
+        if: hashFiles('README.md') != ''
         uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
         env:
-          DOCKER_USER: ${{ env.DOCKER_USERNAME }}
+          DOCKER_USER: 11notes
           DOCKER_PASS: ${{ secrets.DOCKER_TOKEN }}
         with:
-          destination_container_repo: ${{ env.json_image }}
+          destination_container_repo: ${{ env.IMAGE }}
           provider: dockerhub
-          short_description: ${{ env.json_description }}
+          short_description: ${{ env.json_readme_description }}
           readme_file: 'README.md'
+
+      - name: github / dispatch workflow
+        if: env.WORKFLOW_DISPATCH == 'true' && env.json_dispatch_workflow != null
+        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc
+        with:
+          workflow: ${{ env.json_dispatch_workflow }}
+          token: "${{ secrets.REPOSITORY_TOKEN }}"

.json

@@ -1,10 +1,18 @@
 {
   "image":"11notes/kms-gui",
-  "description":"Activate any version of Windows and Office, forever",
   "name":"kms-gui",
-  "version":"646f476",
   "root":"/kms",
   
-  "stable":"646f476",
+  "semver":{
-  "parent":"11notes/kms:646f476"
+    "version":"465f4d1",
+    "stable":"465f4d1",
+    "latest":"465f4d1"
+  },
+
+  "readme":{
+    "description":"Activate any version of Windows and Office, forever",
+    "parent":{
+      "image":"11notes/kms:465f4d1"
+    }
+  }
 }

README.md

@@ -1,11 +1,11 @@
 ![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
 
 # 🏔️ kms-gui on Alpine
-[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms-gui)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/646f476?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms-gui/646f476?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms-gui?color=7842f5">](https://github.com/11notes/docker-kms-gui/issues)
+[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms-gui)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/465f4d1?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms-gui/465f4d1?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms-gui?color=7842f5">](https://github.com/11notes/docker-kms-gui/issues)
 
 **Activate any version of Windows and Office, forever**
 
-![GUI](https://github.com/11notes/docker-kms-gui/blob/master/img/GUI.png "Web Interface")
+![GUI](https://github.com/11notes/docker-kms-gui/blob/master/img/GUI.png?raw=true)
 
 # SYNOPSIS 📖
 **What can I do with this?** This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server.
@@ -15,7 +15,7 @@
 name: "kms"
 services:
   kms:
-    image: "11notes/kms:latest"
+    image: "11notes/kms:stable"
     container_name: "kms"
     environment:
       TZ: Europe/Zurich
@@ -25,7 +25,7 @@ services:
       - "1688:1688/tcp"
     restart: always
   kms-gui:
-    image: "11notes/kms-gui:646f476"
+    image: "11notes/kms-gui:465f4d1"
     container_name: "kms-gui"
     environment:
       TZ: Europe/Zurich
@@ -42,21 +42,21 @@ volumes:
 | Parameter | Value | Default |
 | --- | --- | --- |
 | `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
-| `DEBUG` | Show debug messages from image **not** app | |
+| `DEBUG` | Will activate debug option for container image and app (if available) | |
 
 # SOURCE 💾
 * [11notes/kms-gui](https://github.com/11notes/docker-kms-gui)
 
 # PARENT IMAGE 🏛️
-* [11notes/kms:646f476](https://hub.docker.com/r/11notes/kms)
+* [11notes/kms:465f4d1](https://hub.docker.com/r/11notes/kms)
 
 # BUILT WITH 🧰
 * [py-kms](https://github.com/Py-KMS-Organization/py-kms)
 * [alpine](https://alpinelinux.org)
 
-# TIPS 📌
+# GENERAL TIPS 📌
-* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS with a valid certificate
+* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
-* Use Let’s Encrypt certificates to protect your SSL endpoints
+* Use Let’s Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
   
 # ElevenNotes™️
-This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks . You can find all my repositories on [github](https://github.com/11notes?tab=repositories).
+This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms-gui/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).

RELEASE.md

@@ -1,2 +1,2 @@
 ### 🪄 Features
-* remove truncation from clients.html
+* new .json format

arch.dockerfile

@@ -20,6 +20,7 @@ ARG APP_VERSION=stable
     ENV PYKMS_LICENSE_PATH=/opt/py-kms/LICENSE
     ENV PYKMS_VERSION_PATH=/opt/py-kms/VERSION
     ENV PORT=8080
+    ENV LOG_LEVEL=INFO
 
   # :: multi-stage
     COPY ./LICENSE /opt/py-kms
@@ -45,7 +46,8 @@ ARG APP_VERSION=stable
     RUN set -ex; \
       chmod +x -R /usr/local/bin; \
       chown -R 1000:1000 \
-        ${APP_ROOT};
+        ${APP_ROOT} \
+        /opt/py-kms;
 
 # :: Monitor
   HEALTHCHECK --interval=5s --timeout=2s CMD curl -X GET -kILs --fail http://localhost:${PORT}/livez || exit 1

compose.yaml

@@ -1,7 +1,7 @@
 name: "kms"
 services:
   kms:
-    image: "11notes/kms:latest"
+    image: "11notes/kms:stable"
     container_name: "kms"
     environment:
       TZ: Europe/Zurich
@@ -11,7 +11,7 @@ services:
       - "1688:1688/tcp"
     restart: always
   kms-gui:
-    image: "11notes/kms-gui:646f476"
+    image: "11notes/kms-gui:465f4d1"
     container_name: "kms-gui"
     environment:
       TZ: Europe/Zurich

rootfs/usr/local/bin/entrypoint.sh

@@ -1,8 +1,14 @@
 #!/bin/ash
   if [ -z "${1}" ]; then
+
+    if [ ! -z "${DEBUG}" ]; then
+      LOG_LEVEL="DEBUG"
+      eleven log debug "setting kms-gui log level to DEBUG"
+    fi
+
     cd /opt/py-kms
     set -- "gunicorn" \
-      --log-level INFO \
+      --log-level ${LOG_LEVEL} \
       pykms_WebUI:app
 
     eleven log start