[feature] new release workflow (no more static RELEASE.md)

.github/workflows/docker.yml

@@ -1,13 +1,25 @@
 name: docker
+run-name: ${{ inputs.run-name }}
 
 on:
   workflow_dispatch:
     inputs:
+      run-name:
+        description: 'set run-name for workflow (multiple calls)'
+        type: string
+        required: false
+        default: 'docker'
+
       release:
         description: 'set WORKFLOW_GITHUB_RELEASE'
         required: false
         default: 'false'
 
+      readme:
+        description: 'set WORKFLOW_GITHUB_README'
+        required: false
+        default: 'false'
+
       image:
         description: 'set IMAGE'
         required: false
@@ -32,6 +44,7 @@ jobs:
   docker:
     runs-on: ubuntu-22.04
     permissions:
+      actions: read
       contents: write
       packages: write
       security-events: write
@@ -39,6 +52,8 @@ jobs:
     steps:   
       - name: init / checkout
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          fetch-depth: 0
 
       - name: init / inputs to env
         if: github.event_name == 'workflow_dispatch'
@@ -62,8 +77,10 @@ jobs:
 
           : # set defaults
           echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
-          echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
           echo "WORKFLOW_GITHUB_RELEASE=${input_release:-true}" >> $GITHUB_ENV;
+          echo "WORKFLOW_GITHUB_README=${input_readme:-true}" >> $GITHUB_ENV;
+          echo "WORKFLOW_GRYPE_SCAN=${json_grype_scan:-true}" >> $GITHUB_ENV;
+          echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
 
           : # create tags for semver, stable and other shenanigans
           LOCAL_SHA=$(git rev-parse --short HEAD)
@@ -76,7 +93,7 @@ jobs:
           LOCAL_TAGS="${LOCAL_IMAGE}:${LOCAL_SHA}"
           if [ ! -z ${input_semverprefix} ]; then LOCAL_SEMVER_PREFIX="${input_semverprefix}-"; fi
           if [ ! -z ${input_semversuffix} ]; then LOCAL_SEMVER_SUFFIX="-${input_semversuffix}"; fi
-          if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="-${json_semver_rc}"; fi
+          if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="${json_semver_rc}"; fi
           if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}${LOCAL_SEMVER_SUFFIX}"; fi
           if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}${LOCAL_SEMVER_SUFFIX}"; fi
           if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}${LOCAL_SEMVER_SUFFIX}"; fi
@@ -89,7 +106,7 @@ jobs:
           if [ ! -z ${input_uid} ]; then echo "IMAGE_UID=${input_uid}" >> $GITHUB_ENV; else echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV; fi
           if [ ! -z ${input_gid} ]; then echo "IMAGE_GID=${input_gid}" >> $GITHUB_ENV; else echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV; fi
 
-          : # set rc, prefix or suffix globally
+          : # set rc, prefix or suffix globally for semver and version
           echo "IMAGE_SEMVER_PREFIX=${LOCAL_SEMVER_PREFIX}" >> $GITHUB_ENV
           echo "IMAGE_SEMVER_SUFFIX=${LOCAL_SEMVER_SUFFIX}" >> $GITHUB_ENV
           echo "IMAGE_VERSION_RC=${LOCAL_SEMVER_RC}" >> $GITHUB_ENV
@@ -131,6 +148,7 @@ jobs:
             ${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}
 
       - name: grype / scan
+        if: env.WORKFLOW_GRYPE_SCAN == 'true'
         id: grype-scan
         uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
         with:
@@ -138,15 +156,6 @@ jobs:
           severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
           by-cve: true
           output-format: 'sarif'
-          output-file: ${{ runner.temp }}/_github_home/grype.sarif
-
-      - name: grype / report / sarif to markdown
-        id: sarif-to-md
-        if: success() || failure()
-        continue-on-error: true
-        uses: 11notes/action-sarif-to-markdown@bc689850bd33a1037ea1d0a609ab4ea14b3c4396
-        with:
-          sarif_file: grype.sarif
 
       - name: grype / delete tag
         if: steps.grype-tag.outcome == 'success'
@@ -157,11 +166,13 @@ jobs:
             --header 'content-type: application/json' \
             --fail
 
-      - name: grype / report / upload
+      - name: codeql / upload
+        id: codeql-upload
         if: steps.grype-scan.outcome == 'success'
         uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
         with:
           sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+          wait-for-processing: false
           category: grype
 
       - name: docker / build & push
@@ -189,12 +200,36 @@ jobs:
           tags: |
             ${{ env.IMAGE_TAGS }}
 
-      - name: github / create release notes
-        if: env.WORKFLOW_GITHUB_RELEASE == 'true' && hashFiles('RELEASE.md') != ''
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: github / release / log
+        id: git-log
         run: |
-          gh release create ${{ github.ref_name }} -F RELEASE.md
+          LOCAL_LAST_TAG=$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1 --max-count=1`)
+          echo "using last tag: ${LOCAL_LAST_TAG}"
+          LOCAL_COMMITS=$(git log ${LOCAL_LAST_TAG}..HEAD --oneline)
+
+          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
+          echo "commits<<${EOF}" >> ${GITHUB_OUTPUT}
+          echo "${LOCAL_COMMITS}" >> ${GITHUB_OUTPUT}
+          echo "${EOF}" >> ${GITHUB_OUTPUT}
+
+      - name: github / release / markdown
+        if: env.WORKFLOW_GITHUB_RELEASE == 'true'
+        id: git-release
+        uses: 11notes/action-docker-release@v1
+        with:
+          git_log: ${{ steps.git-log.outputs.commits }}
+
+      - name: github / release / create
+        if: env.WORKFLOW_GITHUB_RELEASE == 'true' && steps.git-release.outcome == 'success'
+        uses: actions/create-release@4c11c9fe1dcd9636620a16455165783b20fc7ea0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref }}
+          release_name: ${{ github.ref }}
+          body: ${{ steps.git-release.outputs.release }}
+          draft: false
+          prerelease: false
 
       - name: github / update description and set repo defaults
         run: |
@@ -212,6 +247,24 @@ jobs:
             }' \
             --fail
 
+      - name: github / create README.md
+        continue-on-error: true
+        if: env.WORKFLOW_GITHUB_README == 'true'
+        id: github-readme
+        uses: 11notes/action-docker-readme@v1
+        with:
+          sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+
+      - name: github / commit & push
+        continue-on-error: true
+        if: steps.github-readme.outcome == 'success'
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add .
+          git commit -m "update README.md"
+          git push
+
       - name: docker / push README.md to docker hub
         if: hashFiles('README.md') != ''
         uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8

.github/workflows/tags.yml

@@ -12,7 +12,7 @@ jobs:
         with:
           workflow: docker.yml
           token: "${{ secrets.REPOSITORY_TOKEN }}"
-          inputs: '{ "release":"true" }'
+          inputs: '{ "release":"true", "readme":"true" }'
 
   docker-unraid:
     runs-on: ubuntu-latest
@@ -22,4 +22,4 @@ jobs:
         with:
           workflow: docker.yml
           token: "${{ secrets.REPOSITORY_TOKEN }}"
-          inputs: '{ "release":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
+          inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid", "run-name":"docker-unraid" }'

.gitignore

@@ -1,2 +1 @@
 maintain/
-project*

.inputs

@@ -0,0 +1,4 @@
+{
+  "readme": "true",
+  "release": "true"
+}

.json

@@ -13,6 +13,10 @@
     "description":"Activate any version of Windows and Office, forever",
     "parent":{
       "image":"11notes/kms:465f4d1"
+    },
+    "built":{
+      "py-kms":"https://github.com/Py-KMS-Organization/py-kms",
+      "CustomIcon/pykms-frontend":"https://github.com/CustomIcon/pykms-frontend"
     }
   }
 }

README.md

@@ -1,11 +1,9 @@
-![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
+![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
 
-# 🏔️ kms-gui on Alpine
+# ⛰️ kms-gui
 [<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms-gui)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/465f4d1?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms-gui/465f4d1?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms-gui?color=7842f5">](https://github.com/11notes/docker-kms-gui/issues)
 
-**Activate any version of Windows and Office, forever**
-
-![GUI](https://github.com/11notes/docker-kms-gui/blob/master/img/GUI.png?raw=true)
+Activate any version of Windows and Office, forever
 
 # MAIN TAGS 🏷️
 These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
@@ -17,6 +15,10 @@ These are the main tags for the image. There is also a tag for each commit and i
 * [stable-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=stable-unraid)
 * [latest-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=latest-unraid)
 
+# UNRAID VERSION 🟠
+This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
+
+![Web GUI](https://github.com/11notes/docker-kms-gui/blob/master/img/webGUICustomIcon.png?raw=true)
 
 # SYNOPSIS 📖
 **What can I do with this?** This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server.
@@ -49,6 +51,14 @@ volumes:
   var:
 ```
 
+# DEFAULT SETTINGS 🗃️
+| Parameter | Value | Description |
+| --- | --- | --- |
+| `user` | docker | user name |
+| `uid` | 1000 | [user identifier](https://en.wikipedia.org/wiki/User_identifier) |
+| `gid` | 1000 | [group identifier](https://en.wikipedia.org/wiki/Group_identifier) |
+| `home` | /kms | home directory of user docker |
+
 # ENVIRONMENT 📝
 | Parameter | Value | Default |
 | --- | --- | --- |
@@ -65,12 +75,18 @@ volumes:
 # BUILT WITH 🧰
 * [py-kms](https://github.com/Py-KMS-Organization/py-kms)
 * [CustomIcon/pykms-frontend](https://github.com/CustomIcon/pykms-frontend)
-* [alpine](https://alpinelinux.org)
 
 # GENERAL TIPS 📌
 * Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
 * Use Let’s Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
 
+# SECURITY VULNERABILITIES REPORT ⚡
+| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |
+| --- | --- | --- | --- | --- | --- | --- | --- |
+| 4.7 (Medium) | linux-pam  | 1.6.1-r1  |   | apk  | /lib/apk/db/installed  | nvd:cpe  | [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041)  |
+
 
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms-gui/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
+
+*created Wed, 19 Feb 2025 10:19:23 GMT*

RELEASE.md

@@ -1,3 +0,0 @@
-### 🪄 Features
-* new KMS_GUI_STYLE variable to switch the style of the UI
-* added custom GUI of @CustomIcon as default (thanks!)

project.md

@@ -0,0 +1,18 @@
+![Web GUI](https://github.com/11notes/docker-${{ json_name }}/blob/master/img/webGUICustomIcon.png?raw=true)
+
+${{ content_synopsis }} This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server.
+
+${{ content_compose }}
+
+${{ content_defaults }}
+
+${{ content_environment }}
+| `KMS_GUI_STYLE` | switch the UI style of the webinterface (py-kms, custom-icon) | custom-icon |
+
+${{ content_source }}
+
+${{ content_parent }}
+
+${{ content_built }}
+
+${{ content_tips }}

rootfs/opt/py-kms/templates/clients.html

@@ -54,6 +54,7 @@ th {
         <tr>
             <th>Client ID</th>
             <th>Machine Name</th>
+            <th>Machine IP</th>
             <th>Application ID</th>
             <th><abbr title="Stock Keeping Unit">SKU</abbr> ID</th>
             <th>License Status</th>
@@ -67,6 +68,7 @@ th {
         <tr>
             <th><pre class="clientMachineId">{{ client.clientMachineId }}</pre></th>
             <td class="machineName">{{ client.machineName }}</td>
+            <td>{{ client.machineIp }}</td>
             <td>{{ client.applicationId }}</td>
             <td>{{ client.skuId }}</td>
             <td>{{ client.licenseStatus }}</td>