auto update README.md

.github/workflows/docker.yml

@@ -43,6 +43,13 @@ on:
 jobs:
   docker:
     runs-on: ubuntu-22.04
+
+    services:
+      registry:
+        image: registry:2
+        ports:
+          - 5000:5000
+
     permissions:
       actions: read
       contents: write
@@ -56,62 +63,106 @@ jobs:
           ref: ${{ github.ref_name }}
           fetch-depth: 0
 
-      - name: init / inputs to env
-        if: github.event_name == 'workflow_dispatch'
-        run: |
-          cat << 'EOF' > .inputs
-          ${{ toJSON(github.event.inputs) }}
-          EOF
-          for KEY in $(cat .inputs | jq --raw-output 'keys[]' | tr '\n' ' '); do echo "input_$(echo ${KEY} | tr '[:upper:]' '[:lower:]')=$(cat .inputs | jq --raw-output '.'${KEY}'')" >> $GITHUB_ENV; done
-
-      - name: init / .json to env
-        uses: rgarcia-phi/json-to-variables@9835d537368468c4e4de5254dc3efeadda183793
-        with:
-          filename: '.json'
-
       - name: init / setup environment
-        run: |
-          : # set image
-          LOCAL_IMAGE=${json_image}
-          if [ ! -z ${input_image} ]; then LOCAL_IMAGE=${input_image}; fi
-          echo "IMAGE=${LOCAL_IMAGE}" >> $GITHUB_ENV
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { existsSync, readFileSync } = require('node:fs');
+            const { resolve } = require('node:path');
+            const inputs = `${{ toJSON(github.event.inputs) }}`;
+            const opt = {input:{}, dot:{}};            
 
-          : # set defaults
-          echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
-          echo "WORKFLOW_GITHUB_RELEASE=${input_release:-true}" >> $GITHUB_ENV;
-          echo "WORKFLOW_GITHUB_README=${input_readme:-true}" >> $GITHUB_ENV;
-          echo "WORKFLOW_GRYPE_SCAN=${json_grype_scan:-true}" >> $GITHUB_ENV;
-          echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
+            try{
+              if(inputs.length > 0){
+                opt.input = JSON.parse(inputs);
+              }
+            }catch(e){
+              core.warning('could not parse github.event.inputs');
+            }
 
-          : # create tags for semver, stable and other shenanigans
-          LOCAL_SHA=$(git rev-parse --short HEAD)
-          LOCAL_SEMVER_MAJOR=$(awk -F. '{ print $1 }' <<< ${json_semver_version})
-          LOCAL_SEMVER_MINOR=$(awk -F. '{ print $2 }' <<< ${json_semver_version})
-          LOCAL_SEMVER_PATCH=$(awk -F. '{ print $3 }' <<< ${json_semver_version})
-          LOCAL_SEMVER_PREFIX=""
-          LOCAL_SEMVER_SUFFIX=""
-          LOCAL_SEMVER_RC=""
-          LOCAL_TAGS="${LOCAL_IMAGE}:${LOCAL_SHA}"
-          if [ ! -z ${input_semverprefix} ]; then LOCAL_SEMVER_PREFIX="${input_semverprefix}-"; fi
-          if [ ! -z ${input_semversuffix} ]; then LOCAL_SEMVER_SUFFIX="-${input_semversuffix}"; fi
-          if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="${json_semver_rc}"; fi
-          if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}${LOCAL_SEMVER_SUFFIX}"; fi
-          if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}${LOCAL_SEMVER_SUFFIX}"; fi
-          if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}${LOCAL_SEMVER_SUFFIX}"; fi
-          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}stable${LOCAL_SEMVER_SUFFIX}"; fi
-          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_latest}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}latest${LOCAL_SEMVER_SUFFIX}"; fi
-          if [ ! -z ${json_semver_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_semver_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_semver_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_TAG}${LOCAL_SEMVER_SUFFIX}"; done; fi
-          echo "IMAGE_TAGS=${LOCAL_TAGS}" >> $GITHUB_ENV
+            try{
+              const path = resolve('.json');
+              if(existsSync(path)){
+                try{
+                  opt.dot = JSON.parse(readFileSync(path).toString());
+                }catch(e){
+                  throw new Error('could not parse .json');
+                }
+              }else{
+                throw new Error('.json does not exist');
+              }
+            }catch(e){
+              core.setFailed(e);
+            }
 
-          : # if for whatever reason UID/GID must be changed at build time
-          if [ ! -z ${input_uid} ]; then echo "IMAGE_UID=${input_uid}" >> $GITHUB_ENV; else echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV; fi
-          if [ ! -z ${input_gid} ]; then echo "IMAGE_GID=${input_gid}" >> $GITHUB_ENV; else echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV; fi
+            const docker = {
+              image:{
+                name:(opt.input?.image || opt.dot.image),
+                arch:(opt.dot.arch || 'linux/amd64,linux/arm64'),
+                prefix:((opt.input?.semverprefix) ? `${opt.input?.semverprefix}-` : ''),
+                suffix:((opt.input?.semversuffix) ? `-${opt.input?.semversuffix}` : ''),
+                description:(opt.dot?.readme?.description || ''),
+                tags:[],
+              },
+              app:{
+                image:opt.dot.image,
+                name:opt.dot.name,
+                version:opt.dot.semver.version,
+                root:opt.dot.root,
+                UID:(opt.input?.uid || 1000),
+                GID:(opt.input?.gid || 1000),
+                no_cache:new Date().getTime(),
+              },
+              cache:{
+                registry:'localhost:5000/',
+              }
+            };
 
-          : # set rc, prefix or suffix globally for semver and version
-          echo "IMAGE_SEMVER_PREFIX=${LOCAL_SEMVER_PREFIX}" >> $GITHUB_ENV
-          echo "IMAGE_SEMVER_SUFFIX=${LOCAL_SEMVER_SUFFIX}" >> $GITHUB_ENV
-          echo "IMAGE_VERSION_RC=${LOCAL_SEMVER_RC}" >> $GITHUB_ENV
+            docker.cache.name = `${docker.image.name}:${docker.image.prefix}buildcache${docker.image.suffix}`;
+            docker.cache.grype = `${docker.cache.registry}${docker.image.name}:${docker.image.prefix}grype${docker.image.suffix}`;
+            docker.app.prefix = docker.image.prefix;
+            docker.app.suffix = docker.image.suffix;
 
+            // setup tags
+              const semver = opt.dot.semver.version.split('.');
+              docker.image.tags.push(`${context.sha.substring(0,7)}`);
+              if(Array.isArray(semver)){
+                if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`);
+                if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`);
+                if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`);
+              }
+              if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
+              if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
+
+              for(let i=0; i<docker.image.tags.length; i++){
+                docker.image.tags[i] = `${docker.image.name}:${docker.image.prefix}${docker.image.tags[i]}${docker.image.suffix}`;
+              }
+
+            // setup build arguments
+              const arguments = [];
+              for(const argument in docker.app){
+                arguments.push(`APP_${argument.toUpperCase()}=${docker.app[argument]}`);
+              }
+
+            // export to environment
+              core.exportVariable('DOCKER_CACHE_REGISTRY', docker.cache.registry);
+              core.exportVariable('DOCKER_CACHE_NAME', docker.cache.name);
+              core.exportVariable('DOCKER_CACHE_GRYPE', docker.cache.grype);
+
+              core.exportVariable('DOCKER_IMAGE_NAME', docker.image.name);
+              core.exportVariable('DOCKER_IMAGE_ARCH', docker.image.arch);
+              core.exportVariable('DOCKER_IMAGE_TAGS', docker.image.tags.join(','));
+              core.exportVariable('DOCKER_IMAGE_DESCRIPTION', docker.image.description);
+              core.exportVariable('DOCKER_IMAGE_ARGUMENTS', arguments.join("\r\n"));
+
+              core.exportVariable('WORKFLOW_CREATE_RELEASE', (opt.input?.release || true));
+              core.exportVariable('WORKFLOW_CREATE_README', (opt.input?.readme || true));
+              core.exportVariable('WORKFLOW_GRYPE_FAIL_ON_SEVERITY', (opt.json?.grpye?.fail || true));
+              core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.json?.grpye?.severity || 'high'));
+
+
+
+      # DOCKER    
       - name: docker / login to hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
         with:
@@ -123,58 +174,45 @@ jobs:
 
       - name: docker / setup buildx
         uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
+        with:
+          driver-opts: network=host
 
-      - name: grype / build & push & tag
-        id: grype-tag
+      - name: docker / build & push & tag grype
+        id: docker-build
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
         with:
           context: .
           file: arch.dockerfile
           push: true
-          platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }}
-          cache-to: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }},mode=max,compression=zstd,force-compression=true
+          platforms: ${{ env.DOCKER_IMAGE_ARCH }}
+          cache-from: type=registry,ref=${{ env.DOCKER_CACHE_NAME }}
+          cache-to: type=registry,ref=${{ env.DOCKER_CACHE_REGISTRY }}${{ env.DOCKER_CACHE_NAME }},mode=max,compression=zstd,force-compression=true
           build-args: |
-            APP_IMAGE=${{ env.IMAGE }}
-            APP_NAME=${{ env.json_name }}
-            APP_VERSION=${{ env.json_semver_version }}
-            APP_ROOT=${{ env.json_root }}
-            APP_UID=${{ env.IMAGE_UID }}
-            APP_GID=${{ env.IMAGE_GID }}
-            APP_VERSION_PREFIX=${{ env.IMAGE_SEMVER_PREFIX }}
-            APP_VERSION_SUFFIX=${{ env.IMAGE_SEMVER_SUFFIX }}
-            APP_VERSION_RC=${{ env.IMAGE_VERSION_RC }}
-            APP_NO_CACHE=$(date +%s)
+            ${{ env.DOCKER_IMAGE_ARGUMENTS }}
           tags: |
-            ${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}
+            ${{ env.DOCKER_CACHE_GRYPE }}
 
       - name: grype / scan
-        if: env.WORKFLOW_GRYPE_SCAN == 'true'
-        id: grype-scan
+        id: grype
         uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
         with:
-          image: ${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}
+          image: ${{ env.DOCKER_CACHE_GRYPE }}
+          fail-build: ${{ env.WORKFLOW_GRYPE_FAIL_ON_SEVERITY }}
           severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
-          by-cve: true
           output-format: 'sarif'
+          by-cve: true
+          cache-db: true
 
-      - name: grype / delete tag
-        if: steps.grype-tag.outcome == 'success'
-        run: |
-          curl --request DELETE \
-            --url https://hub.docker.com/v2/repositories/${{ env.IMAGE }}/tags/${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}/ \
-            --header 'authorization: jwt ${{ secrets.DOCKER_TOKEN }}' \
-            --header 'content-type: application/json' \
-            --fail
-
-      - name: codeql / upload
-        id: codeql-upload
-        if: steps.grype-scan.outcome == 'success'
-        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
+      - name: grype / fail
+        if: failure() || steps.grype.outcome == 'failure'
+        uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
         with:
-          sarif_file: ${{ steps.grype-scan.outputs.sarif }}
-          wait-for-processing: false
-          category: grype
+          image: ${{ env.DOCKER_CACHE_GRYPE }}
+          fail-build: false
+          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+          output-format: 'table'
+          by-cve: true
+          cache-db: true
 
       - name: docker / build & push
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
@@ -184,24 +222,19 @@ jobs:
           push: true
           sbom: true
           provenance: mode=max
-          platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }}
-          cache-to: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }},mode=max,compression=zstd,force-compression=true
+          platforms: ${{ env.DOCKER_IMAGE_ARCH }}
+          cache-from: type=registry,ref=${{ env.DOCKER_CACHE_REGISTRY }}${{ env.DOCKER_CACHE_NAME }}
+          cache-to: type=registry,ref=${{ env.DOCKER_CACHE_NAME }},mode=max,compression=zstd,force-compression=true
           build-args: |
-            APP_IMAGE=${{ env.IMAGE }}
-            APP_NAME=${{ env.json_name }}
-            APP_VERSION=${{ env.json_semver_version }}
-            APP_ROOT=${{ env.json_root }}
-            APP_UID=${{ env.IMAGE_UID }}
-            APP_GID=${{ env.IMAGE_GID }}
-            APP_VERSION_PREFIX=${{ env.IMAGE_SEMVER_PREFIX }}
-            APP_VERSION_SUFFIX=${{ env.IMAGE_SEMVER_SUFFIX }}
-            APP_VERSION_RC=${{ env.IMAGE_VERSION_RC }}
-            APP_NO_CACHE=$(date +%s)
+            ${{ env.DOCKER_IMAGE_ARGUMENTS }}
           tags: |
-            ${{ env.IMAGE_TAGS }}
+            ${{ env.DOCKER_IMAGE_TAGS }}
 
+
+
+      # RELEASE      
       - name: github / release / log
+        continue-on-error: true
         id: git-log
         run: |
           LOCAL_LAST_TAG=$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1 --max-count=1`)
@@ -214,14 +247,14 @@ jobs:
           echo "${EOF}" >> ${GITHUB_OUTPUT}
 
       - name: github / release / markdown
-        if: env.WORKFLOW_GITHUB_RELEASE == 'true'
+        if: env.WORKFLOW_CREATE_RELEASE == 'true'  && steps.git-log.outcome == 'success'
         id: git-release
         uses: 11notes/action-docker-release@v1
         with:
           git_log: ${{ steps.git-log.outputs.commits }}
 
       - name: github / release / create
-        if: env.WORKFLOW_GITHUB_RELEASE == 'true' && steps.git-release.outcome == 'success'
+        if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-release.outcome == 'success'
         uses: actions/create-release@4c11c9fe1dcd9636620a16455165783b20fc7ea0
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -232,6 +265,49 @@ jobs:
           draft: false
           prerelease: false
 
+
+
+      # README
+      - name: github / checkout master
+        continue-on-error: true
+        run: |         
+          git checkout master
+
+      - name: github / create README.md
+        id: github-readme
+        continue-on-error: true
+        if: env.WORKFLOW_CREATE_README == 'true' && steps.docker-build.outcome == 'success'
+        uses: 11notes/action-docker-readme@v1
+        with:
+          sarif_file: ${{ steps.grype.outputs.sarif }}
+          build_output_metadata: ${{ steps.docker-build.outputs.metadata }}
+
+      - name: github / commit & push
+        continue-on-error: true
+        if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
+        run: |         
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add README.md
+          git commit -m "auto update README.md"
+          git push
+
+      - name: docker / push README.md to docker hub
+        continue-on-error: true
+        if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
+        uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
+        env:
+          DOCKER_USER: 11notes
+          DOCKER_PASS: ${{ secrets.DOCKER_TOKEN }}
+        with:
+          destination_container_repo: ${{ env.DOCKER_IMAGE_NAME }}
+          provider: dockerhub
+          short_description: ${{ env.DOCKER_IMAGE_DESCRIPTION }}
+          readme_file: 'README.md'
+      
+
+
+      # REPOSITORY SETTINGS
       - name: github / update description and set repo defaults
         run: |
           curl --request PATCH \
@@ -239,46 +315,11 @@ jobs:
             --header 'authorization: Bearer ${{ secrets.REPOSITORY_TOKEN }}' \
             --header 'content-type: application/json' \
             --data '{
-              "description":"${{ env.json_readme_description }}",
+              "description":"${{ env.DOCKER_IMAGE_DESCRIPTION }}",
               "homepage":"",
               "has_issues":true,
               "has_discussions":true,
               "has_projects":false,
               "has_wiki":false
             }' \
-            --fail
-
-      - name: github / create README.md
-        continue-on-error: true
-        if: env.WORKFLOW_GITHUB_README == 'true'
-        id: github-readme
-        uses: 11notes/action-docker-readme@v1
-        with:
-          sarif_file: ${{ steps.grype-scan.outputs.sarif }}
-
-      - name: github / commit & push
-        continue-on-error: true
-        if: steps.github-readme.outcome == 'success'
-        run: |
-          echo "commit: $(git rev-parse --short HEAD)"
-          echo "ref_name: ${{ github.ref_name }}"
-          echo "base_ref: ${{ github.base_ref }}"
-          echo "head_ref: ${{ github.head_ref }}"
-          
-          git config user.name "github-actions[bot]"
-          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-          git add .
-          git commit -m "auto update README.md"
-          git push origin master
-
-      - name: docker / push README.md to docker hub
-        if: hashFiles('README.md') != ''
-        uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
-        env:
-          DOCKER_USER: 11notes
-          DOCKER_PASS: ${{ secrets.DOCKER_TOKEN }}
-        with:
-          destination_container_repo: ${{ env.IMAGE }}
-          provider: dockerhub
-          short_description: ${{ env.json_readme_description }}
-          readme_file: 'README.md'
+            --fail

.inputs

@@ -1,5 +0,0 @@
-{
-  "readme": "true",
-  "release": "false",
-  "run-name": "docker"
-}

README.md

@@ -31,22 +31,26 @@ services:
     image: "11notes/kms:stable"
     container_name: "kms"
     environment:
-      TZ: Europe/Zurich
+      TZ: "Europe/Zurich"
     volumes:
       - "var:/kms/var"
     ports:
       - "1688:1688/tcp"
-    restart: always
+    restart: "always"
   kms-gui:
     image: "11notes/kms-gui:465f4d1"
+    depends_on:
+      kms:
+        condition: "service_healthy"
+        restart: true
     container_name: "kms-gui"
     environment:
-      TZ: Europe/Zurich
+      TZ: "Europe/Zurich"
     volumes:
       - "var:/kms/var"
     ports:
       - "8080:8080/tcp"
-    restart: always
+    restart: "always"
 volumes:
   var:
 ```
@@ -80,13 +84,7 @@ volumes:
 * Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
 * Use Let’s Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
 
-# SECURITY VULNERABILITIES REPORT ⚡
-| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |
-| --- | --- | --- | --- | --- | --- | --- | --- |
-| 4.7 (Medium) | linux-pam  | 1.6.1-r1  |   | apk  | /lib/apk/db/installed  | nvd:cpe  | [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041)  |
-
-
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms-gui/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
 
-*created Thu, 20 Feb 2025 05:57:37 GMT*
+*created 10.3.2025, 12:02:37 (CET)*

arch.dockerfile

@@ -1,16 +1,16 @@
 ARG APP_VERSION=stable
-ARG APP_VERSION_PREFIX=""
-ARG APP_VERSION_SUFFIX=""
+ARG APP_PREFIX=""
+ARG APP_SUFFIX=""
 
-# :: Build / templates
-  FROM alpine/git AS templates
+# :: Build / styles
+  FROM alpine/git AS styles
+  ARG APP_NO_CACHE
   RUN set -ex; \
     git clone https://github.com/11notes/pykms-frontend.git; \
-    cd /git/pykms-frontend; \
-    git reset --hard 33777b8;
+    cd /git/pykms-frontend;
 
 # :: Header
-  FROM 11notes/kms:${APP_VERSION_PREFIX}${APP_VERSION}${APP_VERSION_SUFFIX}
+  FROM 11notes/kms:${APP_PREFIX}${APP_VERSION}${APP_SUFFIX}
 
   # :: arguments
     ARG TARGETARCH
@@ -60,15 +60,15 @@ ARG APP_VERSION_SUFFIX=""
 
   # :: add multi template option
     RUN set -ex; \
-      mkdir -p ${APP_ROOT}/.default/styles/py-kms/templates; \
-      mkdir -p ${APP_ROOT}/.default/styles/custom-icon/templates; \
-      cp -R /opt/py-kms/templates/* ${APP_ROOT}/.default/styles/py-kms/templates; \
-      cp -R /opt/py-kms/static/* ${APP_ROOT}/.default/styles/py-kms/static; \
+      mkdir -p ${APP_ROOT}/styles/py-kms; \
+      mkdir -p ${APP_ROOT}/styles/custom-icon; \
+      cp -R /opt/py-kms/templates ${APP_ROOT}/styles/py-kms; \
+      cp -R /opt/py-kms/static ${APP_ROOT}/styles/py-kms; \
       rm -rf /opt/py-kms/templates; \
       rm -rf /opt/py-kms/static;
     
-    COPY --from=templates /git/pykms-frontend/templates ${APP_ROOT}/.default/styles/custom-icon/templates
-    COPY --from=templates /git/pykms-frontend/static ${APP_ROOT}/.default/styles/custom-icon/static
+    COPY --from=styles /git/pykms-frontend/templates ${APP_ROOT}/styles/custom-icon/templates
+    COPY --from=styles /git/pykms-frontend/static ${APP_ROOT}/styles/custom-icon/static
 
   # :: set correct permissions
     RUN set -ex; \

compose.yaml

@@ -4,21 +4,25 @@ services:
     image: "11notes/kms:stable"
     container_name: "kms"
     environment:
-      TZ: Europe/Zurich
+      TZ: "Europe/Zurich"
     volumes:
       - "var:/kms/var"
     ports:
       - "1688:1688/tcp"
-    restart: always
+    restart: "always"
   kms-gui:
     image: "11notes/kms-gui:465f4d1"
+    depends_on:
+      kms:
+        condition: "service_healthy"
+        restart: true
     container_name: "kms-gui"
     environment:
-      TZ: Europe/Zurich
+      TZ: "Europe/Zurich"
     volumes:
       - "var:/kms/var"
     ports:
       - "8080:8080/tcp"
-    restart: always
+    restart: "always"
 volumes:
   var:

rootfs/opt/py-kms/templates/base.html

@@ -0,0 +1,45 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>py-kms {% block title %}{% endblock %}</title>
+    <link rel="icon" type="image/x-icon" href="{{ url_for('static', filename= 'favicon.ico') }}">
+    <link rel="stylesheet" href="{{ url_for('static', filename= 'css/bulma.min.css') }}">
+    <style>
+        #content {
+            margin: 1em;
+            overflow-x: auto;
+        }
+        pre {
+            overflow-x: auto;
+            padding: 0.5em;
+        }
+        {% if path != '/' %}
+        div.backtohome {
+            display: flex;
+            justify-content: center;
+        }
+        {% endif %}
+        {% block style %}{% endblock %}
+    </style>
+</head>
+<body>
+    <div id="content">
+        {% block content %}{% endblock %}
+
+        {% if path != '/' %}
+        <div class="block backtohome">
+            <a class="button is-normal is-responsive" href="/">
+                Back to home
+            </a>
+        </div>
+        {% endif %}
+    </div>
+
+    <script>
+        for(let element of document.getElementsByClassName('convert_timestamp')) {
+            element.innerText = new Date(element.innerText).toLocaleString();
+        }
+    </script>
+</body>
+</html>

rootfs/opt/py-kms/templates/clients.html

@@ -38,12 +38,6 @@ th {
             <p class="title">{{ count_clients_office }}</p>
         </div>
     </div>
-    <div class="level-item has-text-centered">
-        <div>
-            <p class="heading">Products</p>
-            <p class="title"><a href="/products">{{ count_projects }}</a></p>
-        </div>
-    </div>
 </nav>
 
 <hr>

rootfs/usr/local/bin/entrypoint.sh

@@ -9,7 +9,7 @@
     # apply correct style
     rm -rf /opt/py-kms/templates
     rm -rf /opt/py-kms/static
-    TEMPLATE_DIR=${APP_ROOT}/.default/styles
+    TEMPLATE_DIR=${APP_ROOT}/styles
     case ${KMS_GUI_STYLE} in
       py-kms)
         ln -s ${TEMPLATE_DIR}/py-kms/templates /opt/py-kms/templates
@@ -19,7 +19,7 @@
       *)
         ln -s ${TEMPLATE_DIR}/custom-icon/templates /opt/py-kms/templates
         ln -s ${TEMPLATE_DIR}/custom-icon/static /opt/py-kms/static
-        eleven log info "using default GUI style"
+        eleven log info "using custom-icon (default) GUI style"
       ;;
     esac