paulmataruso/docker-kms-gui
1
0
Fork 0
mirror of https://github.com/11notes/docker-kms-gui.git synced 2025-11-05 05:23:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: paulmataruso:v1.1.6
Branches Tags
paulmataruso:master
paulmataruso:v1.3.0 paulmataruso:v1.2.0 paulmataruso:v1.1.8 paulmataruso:v1.1.7 paulmataruso:v1.1.6 paulmataruso:v1.1.5 paulmataruso:v1.1.4 paulmataruso:v1.1.3 paulmataruso:v1.1.2 paulmataruso:v1.1.1 paulmataruso:v1.1.0 paulmataruso:v1.0.7 paulmataruso:v1.0.6 paulmataruso:v1.0.5 paulmataruso:v1.0.4 paulmataruso:v1.0.3 paulmataruso:v1.0.2 paulmataruso:v1.0.1 paulmataruso:v1.0.0 paulmataruso:v0.0.1
..
compare: paulmataruso:v1.2.0
Branches Tags
paulmataruso:master
paulmataruso:v1.3.0 paulmataruso:v1.2.0 paulmataruso:v1.1.8 paulmataruso:v1.1.7 paulmataruso:v1.1.6 paulmataruso:v1.1.5 paulmataruso:v1.1.4 paulmataruso:v1.1.3 paulmataruso:v1.1.2 paulmataruso:v1.1.1 paulmataruso:v1.1.0 paulmataruso:v1.0.7 paulmataruso:v1.0.6 paulmataruso:v1.0.5 paulmataruso:v1.0.4 paulmataruso:v1.0.3 paulmataruso:v1.0.2 paulmataruso:v1.0.1 paulmataruso:v1.0.0 paulmataruso:v0.0.1

29 Commits
v1.1.6 ... v1.2.0

Author SHA1 Message Date
ElevenNotes
d094fe1357 Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-05-02 10:26:44 +02:00
ElevenNotes
ab655ef97c [fix] invalidate cache 2025-05-02 10:26:36 +02:00
github-actions[bot]
915cc5bcdc github-actions[bot]: update README.md 2025-05-02 08:23:31 +00:00
ElevenNotes
f90bd43a16 [fix] upgrade all BUT pip 2025-05-02 10:14:51 +02:00
ElevenNotes
3a98954378 [fix] upgrade all BUT pip 2025-05-02 10:14:05 +02:00
ElevenNotes
9a990477d8 [fix] UID/GID defaults 2025-05-02 09:57:23 +02:00
ElevenNotes
63b38064e4 [fix] system packages 2025-05-02 09:56:34 +02:00
ElevenNotes
b17c50ef99 [fix] no cache-dir 2025-05-02 09:49:52 +02:00
ElevenNotes
131f719f0d [fix] upgrade 2025-05-02 09:40:47 +02:00
ElevenNotes
7f1f8b4096 Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-05-02 09:04:02 +02:00
ElevenNotes
c16f825747 [feature] adjust to new workflow 2025-05-02 09:03:54 +02:00
ElevenNotes
6022fb0269 [feature] new workflow 2025-05-02 09:03:40 +02:00
ElevenNotes
73f27eb071 [upgrade] to latest workflow 2025-05-02 09:03:26 +02:00
ElevenNotes
dbcb40d456 [breaking] change port to 3000 to streamline app ports 2025-05-02 09:03:15 +02:00
ElevenNotes
02a2d538c8 [breaking] change port to 3000 to streamline app ports 2025-05-02 09:03:03 +02:00
ElevenNotes
779e562963 [cut] latest and stable (because there is none) 2025-05-02 09:02:48 +02:00
github-actions[bot]
543c345d80 auto update README.md 2025-03-10 11:02:37 +00:00
ElevenNotes
d1ac93f4b5 Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-03-10 11:59:20 +01:00
ElevenNotes
405a874533 [feature] add products page again after tailwind fix 2025-03-10 11:59:10 +01:00
github-actions[bot]
b45314d58f auto update README.md 2025-03-07 23:48:17 +00:00
ElevenNotes
2f59f8c6e2 Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-03-08 00:46:10 +01:00
ElevenNotes
03f63033c5 [fix] forgot APP_PREFIX & APP_SUFFIX in dynamic build args 2025-03-08 00:45:28 +01:00
github-actions[bot]
15d93c9643 auto update README.md 2025-03-07 11:14:14 +00:00
ElevenNotes
7637bf2c3d Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-03-07 12:09:25 +01:00
ElevenNotes
145c6a1d82 [fix] semver.length 2025-03-07 12:09:14 +01:00
github-actions[bot]
4221216db4 auto update README.md 2025-03-07 11:07:09 +00:00
github-actions[bot]
95fbe08011 auto update README.md 2025-03-07 10:58:09 +00:00
ElevenNotes
e34127b4c7 Merge branch 'master' of https://github.com/11notes/docker-kms-gui 2025-03-07 11:55:29 +01:00
github-actions[bot]
24a59b471e auto update README.md 2025-02-21 06:22:45 +00:00
8 changed files with 281 additions and 126 deletions
Expand all files Collapse all files

248
.github/workflows/docker.yml vendored
View File

@@ -10,6 +10,17 @@ on:
required: false required: false
default: 'docker' default: 'docker'
runs-on:
description: 'set runs-on for workflow (github or selfhosted)'
type: string
required: false
default: 'ubuntu-22.04'
build:
description: 'set WORKFLOW_BUILD'
required: false
default: 'true'
release: release:
description: 'set WORKFLOW_GITHUB_RELEASE' description: 'set WORKFLOW_GITHUB_RELEASE'
required: false required: false
@@ -19,30 +30,15 @@ on:
description: 'set WORKFLOW_GITHUB_README' description: 'set WORKFLOW_GITHUB_README'
required: false required: false
default: 'false' default: 'false'
image: etc:
description: 'set IMAGE' description: 'base64 encoded json string'
required: false
uid:
description: 'set IMAGE_UID'
required: false
gid:
description: 'set IMAGE_GID'
required: false
semverprefix:
description: 'prefix for semver tags'
required: false
semversuffix:
description: 'suffix for semver tags'
required: false required: false
jobs: jobs:
docker: docker:
runs-on: ubuntu-22.04 runs-on: ${{ inputs.runs-on }}
timeout-minutes: 1440
services: services:
registry: registry:
@@ -54,7 +50,6 @@ jobs:
actions: read actions: read
contents: write contents: write
packages: write packages: write
security-events: write
steps: steps:
- name: init / checkout - name: init / checkout
@@ -69,12 +64,17 @@ jobs:
script: | script: |
const { existsSync, readFileSync } = require('node:fs'); const { existsSync, readFileSync } = require('node:fs');
const { resolve } = require('node:path'); const { resolve } = require('node:path');
const { inspect } = require('node:util');
const { Buffer } = require('node:buffer');
const inputs = `${{ toJSON(github.event.inputs) }}`; const inputs = `${{ toJSON(github.event.inputs) }}`;
const opt = {input:{}, dot:{}}; const opt = {input:{}, dot:{}};
try{ try{
if(inputs.length > 0){ if(inputs.length > 0){
opt.input = JSON.parse(inputs); opt.input = JSON.parse(inputs);
if(opt.input?.etc){
opt.input.etc = JSON.parse(Buffer.from(opt.input.etc, 'base64').toString('ascii'));
}
} }
}catch(e){ }catch(e){
core.warning('could not parse github.event.inputs'); core.warning('could not parse github.event.inputs');
@@ -95,47 +95,74 @@ jobs:
core.setFailed(e); core.setFailed(e);
} }
core.info(inspect(opt, {showHidden:false, depth:null, colors:true}));
const docker = { const docker = {
image:{ image:{
name:(opt.input?.image || opt.dot.image), name:opt.dot.image,
arch:(opt.dot.arch || 'linux/amd64,linux/arm64'), arch:(opt.dot.arch || 'linux/amd64,linux/arm64'),
prefix:((opt.input?.semverprefix) ? `${opt.input?.semverprefix}-` : ''), prefix:((opt.input?.etc?.semverprefix) ? `${opt.input?.etc?.semverprefix}-` : ''),
suffix:((opt.input?.semversuffix) ? `-${opt.input?.semversuffix}` : ''), suffix:((opt.input?.etc?.semversuffix) ? `-${opt.input?.etc?.semversuffix}` : ''),
description:(opt.dot?.readme?.description || ''), description:(opt.dot?.readme?.description || ''),
tags:[], tags:[],
}, },
app:{ app:{
image:opt.dot.image,
name:opt.dot.name, name:opt.dot.name,
version:opt.dot.semver.version, version:(opt.input?.etc?.version || opt.dot.semver.version),
root:opt.dot.root, root:opt.dot.root,
UID:(opt.input?.uid || 1000), UID:(opt.input?.etc?.uid || 1000),
GID:(opt.input?.gid || 1000), GID:(opt.input?.etc?.gid || 1000),
no_cache:new Date().getTime(), no_cache:new Date().getTime(),
}, },
cache:{ cache:{
registry:'localhost:5000/', registry:'localhost:5000/',
} },
tags:[],
}; };
docker.cache.name = `${docker.image.name}:${docker.image.prefix}buildcache${docker.image.suffix}`; docker.cache.name = `${docker.image.name}:${docker.image.prefix}buildcache${docker.image.suffix}`;
docker.cache.grype = `${docker.cache.registry}${docker.image.name}:${docker.image.prefix}grype${docker.image.suffix}`; docker.cache.grype = `${docker.cache.registry}${docker.image.name}:${docker.image.prefix}grype${docker.image.suffix}`;
docker.app.prefix = docker.image.prefix;
docker.app.suffix = docker.image.suffix;
// setup tags // setup tags
const semver = opt.dot.semver.version.split('.'); if(opt.input?.etc?.dockerfile !== 'arch.dockerfile' && opt.input?.etc?.tag){
docker.image.tags.push(`${context.sha.substring(0,7)}`); docker.image.tags.push(`${context.sha.substring(0,7)}`);
if(Array.isArray(semver)){ docker.image.tags.push(opt.input.etc.tag);
if(semver.length >= 0) docker.image.tags.push(`${semver[0]}`); docker.image.tags.push(`${opt.input.etc.tag}-${docker.app.version}`);
if(semver.length >= 1) docker.image.tags.push(`${semver[0]}.${semver[1]}`); docker.cache.name = `${docker.image.name}:buildcache-${opt.input.etc.tag}`;
if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`); }else if(opt.dot?.semver?.version){
const semver = opt.dot.semver.version.split('.');
docker.image.tags.push(`${context.sha.substring(0,7)}`);
if(Array.isArray(semver)){
if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`);
if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`);
if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`);
}
if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
}else if(opt.input?.etc?.version && opt.input.etc.version === 'latest'){
docker.image.tags.push('latest');
} }
if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
for(let i=0; i<docker.image.tags.length; i++){ for(const tag of docker.image.tags){
docker.image.tags[i] = `${docker.image.name}:${docker.image.prefix}${docker.image.tags[i]}${docker.image.suffix}`; docker.tags.push(`${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
docker.tags.push(`ghcr.io/${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
docker.tags.push(`quay.io/${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
} }
// setup build arguments // setup build arguments
if(opt.input?.etc?.build?.args){
for(const arg in opt.input.etc.build.args){
docker.app[arg] = opt.input.etc.build.args[arg];
}
}
if(opt.dot?.build?.args){
for(const arg in opt.dot.build.args){
docker.app[arg] = opt.dot.build.args[arg];
}
}
const arguments = []; const arguments = [];
for(const argument in docker.app){ for(const argument in docker.app){
arguments.push(`APP_${argument.toUpperCase()}=${docker.app[argument]}`); arguments.push(`APP_${argument.toUpperCase()}=${docker.app[argument]}`);
@@ -148,38 +175,62 @@ jobs:
core.exportVariable('DOCKER_IMAGE_NAME', docker.image.name); core.exportVariable('DOCKER_IMAGE_NAME', docker.image.name);
core.exportVariable('DOCKER_IMAGE_ARCH', docker.image.arch); core.exportVariable('DOCKER_IMAGE_ARCH', docker.image.arch);
core.exportVariable('DOCKER_IMAGE_TAGS', docker.image.tags.join(',')); core.exportVariable('DOCKER_IMAGE_TAGS', docker.tags.join(','));
core.exportVariable('DOCKER_IMAGE_DESCRIPTION', docker.image.description); core.exportVariable('DOCKER_IMAGE_DESCRIPTION', docker.image.description);
core.exportVariable('DOCKER_IMAGE_ARGUMENTS', arguments.join("\r\n")); core.exportVariable('DOCKER_IMAGE_ARGUMENTS', arguments.join("\r\n"));
core.exportVariable('DOCKER_IMAGE_DOCKERFILE', opt.input?.etc?.dockerfile || 'arch.dockerfile');
core.exportVariable('WORKFLOW_CREATE_RELEASE', (opt.input?.release || true)); core.exportVariable('WORKFLOW_BUILD', (opt.input?.build === undefined) ? false : opt.input.build);
core.exportVariable('WORKFLOW_CREATE_README', (opt.input?.readme || true)); core.exportVariable('WORKFLOW_CREATE_RELEASE', (opt.input?.release === undefined) ? false : opt.input.release);
core.exportVariable('WORKFLOW_GRYPE_FAIL_ON_SEVERITY', (opt.json?.grpye?.fail || true)); core.exportVariable('WORKFLOW_CREATE_README', (opt.input?.readme === undefined) ? false : opt.input.readme);
core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.json?.grpye?.severity || 'high')); core.exportVariable('WORKFLOW_GRYPE_FAIL_ON_SEVERITY', (opt.dot?.grype?.fail === undefined) ? true : opt.dot.grype.fail);
core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.dot?.grype?.severity || 'high'));
if(opt.dot?.readme?.comparison){
core.exportVariable('WORKFLOW_CREATE_COMPARISON', true);
core.exportVariable('WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE', opt.dot.readme.comparison.image);
core.exportVariable('WORKFLOW_CREATE_COMPARISON_IMAGE', `${docker.image.name}:${docker.app.version}`);
}
# DOCKER # DOCKER
- name: docker / login to hub - name: docker / login to hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
username: 11notes username: 11notes
password: ${{ secrets.DOCKER_TOKEN }} password: ${{ secrets.DOCKER_TOKEN }}
- name: github / login to ghcr
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: ghcr.io
username: 11notes
password: ${{ secrets.GITHUB_TOKEN }}
- name: quay / login to quay
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: quay.io
username: 11notes+github
password: ${{ secrets.QUAY_TOKEN }}
- name: docker / setup qemu - name: docker / setup qemu
if: env.WORKFLOW_BUILD == 'true'
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a
- name: docker / setup buildx - name: docker / setup buildx
if: env.WORKFLOW_BUILD == 'true'
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
with: with:
driver-opts: network=host driver-opts: network=host
- name: docker / build & push & tag grype - name: docker / build & push & tag grype
if: env.WORKFLOW_BUILD == 'true'
id: docker-build id: docker-build
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
with: with:
context: . context: .
file: arch.dockerfile file: ${{ env.DOCKER_IMAGE_DOCKERFILE }}
push: true push: true
platforms: ${{ env.DOCKER_IMAGE_ARCH }} platforms: ${{ env.DOCKER_IMAGE_ARCH }}
cache-from: type=registry,ref=${{ env.DOCKER_CACHE_NAME }} cache-from: type=registry,ref=${{ env.DOCKER_CACHE_NAME }}
@@ -190,8 +241,9 @@ jobs:
${{ env.DOCKER_CACHE_GRYPE }} ${{ env.DOCKER_CACHE_GRYPE }}
- name: grype / scan - name: grype / scan
if: env.WORKFLOW_BUILD == 'true'
id: grype id: grype
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342 uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
with: with:
image: ${{ env.DOCKER_CACHE_GRYPE }} image: ${{ env.DOCKER_CACHE_GRYPE }}
fail-build: ${{ env.WORKFLOW_GRYPE_FAIL_ON_SEVERITY }} fail-build: ${{ env.WORKFLOW_GRYPE_FAIL_ON_SEVERITY }}
@@ -201,8 +253,8 @@ jobs:
cache-db: true cache-db: true
- name: grype / fail - name: grype / fail
if: failure() || steps.grype.outcome == 'failure' if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure')
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342 uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
with: with:
image: ${{ env.DOCKER_CACHE_GRYPE }} image: ${{ env.DOCKER_CACHE_GRYPE }}
fail-build: false fail-build: false
@@ -212,10 +264,11 @@ jobs:
cache-db: true cache-db: true
- name: docker / build & push - name: docker / build & push
if: env.WORKFLOW_BUILD == 'true'
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
with: with:
context: . context: .
file: arch.dockerfile file: ${{ env.DOCKER_IMAGE_DOCKERFILE }}
push: true push: true
sbom: true sbom: true
provenance: mode=max provenance: mode=max
@@ -247,6 +300,12 @@ jobs:
if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-log.outcome == 'success' if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-log.outcome == 'success'
id: git-release id: git-release
uses: 11notes/action-docker-release@v1 uses: 11notes/action-docker-release@v1
# WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
# ---------------------------------------------------------------------------------
# the next step "github / release / create" creates a new release based on the code
# in the repo. This code is not modified and can't be modified by this action.
# It does create the markdown for the release, which could be abused, but to what
# extend? Adding a link to a malicious repo?
with: with:
git_log: ${{ steps.git-log.outputs.commits }} git_log: ${{ steps.git-log.outputs.commits }}
@@ -264,34 +323,72 @@ jobs:
# README
- name: github / checkout master # LICENSE
- name: license / update year
continue-on-error: true continue-on-error: true
run: | uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
git checkout master with:
script: |
const { existsSync, readFileSync, writeFileSync } = require('node:fs');
const { resolve } = require('node:path');
const file = 'LICENSE';
const year = new Date().getFullYear();
try{
const path = resolve(file);
if(existsSync(path)){
let license = readFileSync(file).toString();
if(!new RegExp(`Copyright \\(c\\) ${year} 11notes`, 'i').test(license)){
license = license.replace(/Copyright \(c\) \d{4} /i, `Copyright (c) ${new Date().getFullYear()} `);
writeFileSync(path, license);
}
}else{
throw new Error(`file ${file} does not exist`);
}
}catch(e){
core.setFailed(e);
}
# README
- name: github / checkout HEAD
continue-on-error: true
run: |
git checkout HEAD
- name: docker / setup comparison images
if: env.WORKFLOW_CREATE_COMPARISON == 'true'
continue-on-error: true
run: |
docker image pull ${{ env.WORKFLOW_CREATE_COMPARISON_IMAGE }}
docker image ls --filter "reference=${{ env.WORKFLOW_CREATE_COMPARISON_IMAGE }}" --format json | jq --raw-output '.Size' &> ./comparison.size0.log
docker image pull ${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }}
docker image ls --filter "reference=${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }}" --format json | jq --raw-output '.Size' &> ./comparison.size1.log
docker run --entrypoint "/bin/sh" --rm ${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }} -c id &> ./comparison.id.log
- name: github / create README.md - name: github / create README.md
id: github-readme id: github-readme
continue-on-error: true continue-on-error: true
if: env.WORKFLOW_CREATE_README == 'true' && steps.docker-build.outcome == 'success' if: env.WORKFLOW_CREATE_README == 'true'
uses: 11notes/action-docker-readme@v1 uses: 11notes/action-docker-readme@v1
# WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
# ---------------------------------------------------------------------------------
# the next step "github / commit & push" only adds the README and LICENSE as well as
# compose.yaml to the repository. This does not pose a security risk if this action
# would be compromised. The code of the app can't be changed by this action. Since
# only the files mentioned are commited to the repo. Sure, someone could make a bad
# compose.yaml, but since this serves only as an example I see no harm in that.
with: with:
sarif_file: ${{ steps.grype.outputs.sarif }} sarif_file: ${{ steps.grype.outputs.sarif }}
build_output_metadata: ${{ steps.docker-build.outputs.metadata }} build_output_metadata: ${{ steps.docker-build.outputs.metadata }}
- name: github / commit & push
continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add README.md
git commit -m "auto update README.md"
git push
- name: docker / push README.md to docker hub - name: docker / push README.md to docker hub
continue-on-error: true continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != '' if: steps.github-readme.outcome == 'success' && hashFiles('README_NONGITHUB.md') != ''
uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8 uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
env: env:
DOCKER_USER: 11notes DOCKER_USER: 11notes
@@ -300,8 +397,25 @@ jobs:
destination_container_repo: ${{ env.DOCKER_IMAGE_NAME }} destination_container_repo: ${{ env.DOCKER_IMAGE_NAME }}
provider: dockerhub provider: dockerhub
short_description: ${{ env.DOCKER_IMAGE_DESCRIPTION }} short_description: ${{ env.DOCKER_IMAGE_DESCRIPTION }}
readme_file: 'README.md' readme_file: 'README_NONGITHUB.md'
- name: github / commit & push
continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add README.md
if [ -f compose.yaml ]; then
git add compose.yaml
fi
if [ -f LICENSE ]; then
git add LICENSE
fi
git commit -m "github-actions[bot]: update README.md"
git push origin HEAD:master
# REPOSITORY SETTINGS # REPOSITORY SETTINGS

16
.github/workflows/readme.yml vendored Normal file
View File

@@ -0,0 +1,16 @@
name: readme
on:
workflow_dispatch:
jobs:
readme:
runs-on: ubuntu-latest
steps:
- name: update README.md
uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
with:
wait-for-completion: false
workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}"
inputs: '{ "build":"false", "release":"false", "readme":"true" }'

17
.github/workflows/tags.yml vendored
View File

@@ -16,10 +16,23 @@ jobs:
docker-unraid: docker-unraid:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: init / base64 nested json
uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
with:
script: |
const { Buffer } = require('node:buffer');
const etc = {
semversuffix:"unraid",
uid:99,
gid:100,
};
core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
- name: build docker image for unraid community - name: build docker image for unraid community
uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
with: with:
wait-for-completion: false
workflow: docker.yml workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}" token: "${{ secrets.REPOSITORY_TOKEN }}"
inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid", "run-name":"docker-unraid" }' inputs: '{ "release":"false", "readme":"false", "run-name":"unraid", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'

4
.json
View File

@@ -4,9 +4,7 @@
"root":"/kms", "root":"/kms",
"semver":{ "semver":{
"version":"465f4d1", "version":"465f4d1"
"stable":"465f4d1",
"latest":"465f4d1"
}, },
"readme":{ "readme":{

2
LICENSE
View File

@@ -1,6 +1,6 @@
MIT License MIT License
Copyright (c) 2020 11notes Copyright (c) 2025 11notes
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

75
README.md
View File

@@ -1,24 +1,11 @@
![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true) ![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
# ⛰️ kms-gui # KMS-GUI
[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms-gui)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/465f4d1?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms-gui/465f4d1?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms-gui?color=7842f5">](https://github.com/11notes/docker-kms-gui/issues) [<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-KMS-GUI)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![size](https://img.shields.io/docker/image-size/11notes/kms-gui/465f4d1?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms-gui/465f4d1?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms-gui?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS-GUI?color=7842f5">](https://github.com/11notes/docker-KMS-GUI/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Im0wIDBoMzJ2MzJoLTMyeiIgZmlsbD0iI2YwMCIvPjxwYXRoIGQ9Im0xMyA2aDZ2N2g3djZoLTd2N2gtNnYtN2gtN3YtNmg3eiIgZmlsbD0iI2ZmZiIvPjwvc3ZnPg==)
Activate any version of Windows and Office, forever Activate any version of Windows and Office, forever
# MAIN TAGS 🏷️ ![Web GUI](https://github.com/11notes/docker-KMS-GUI/blob/master/img/webGUICustomIcon.png?raw=true)
These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
* [465f4d1](https://hub.docker.com/r/11notes/kms-gui/tags?name=465f4d1)
* [stable](https://hub.docker.com/r/11notes/kms-gui/tags?name=stable)
* [latest](https://hub.docker.com/r/11notes/kms-gui/tags?name=latest)
* [465f4d1-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=465f4d1-unraid)
* [stable-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=stable-unraid)
* [latest-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=latest-unraid)
# UNRAID VERSION 🟠
This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
![Web GUI](https://github.com/11notes/docker-kms-gui/blob/master/img/webGUICustomIcon.png?raw=true)
# SYNOPSIS 📖 # SYNOPSIS 📖
**What can I do with this?** This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server. **What can I do with this?** This image will run a web GUI for your [11notes/kms](https://hub.docker.com/r/11notes/kms) server.
@@ -27,26 +14,30 @@ This image supports unraid by default. Simply add **-unraid** to any tag and the
```yaml ```yaml
name: "kms" name: "kms"
services: services:
kms: app:
image: "11notes/kms:stable" image: "11notes/kms:465f4d1"
container_name: "kms"
environment: environment:
TZ: Europe/Zurich TZ: "Europe/Zurich"
volumes: volumes:
- "var:/kms/var" - "var:/kms/var"
ports: ports:
- "1688:1688/tcp" - "1688:1688/tcp"
restart: always restart: "always"
kms-gui:
gui:
image: "11notes/kms-gui:465f4d1" image: "11notes/kms-gui:465f4d1"
container_name: "kms-gui" depends_on:
app:
condition: "service_healthy"
restart: true
environment: environment:
TZ: Europe/Zurich TZ: "Europe/Zurich"
volumes: volumes:
- "var:/kms/var" - "var:/kms/var"
ports: ports:
- "8080:8080/tcp" - "3000:3000/tcp"
restart: always restart: "always"
volumes: volumes:
var: var:
``` ```
@@ -66,8 +57,24 @@ volumes:
| `DEBUG` | Will activate debug option for container image and app (if available) | | | `DEBUG` | Will activate debug option for container image and app (if available) | |
| `KMS_GUI_STYLE` | switch the UI style of the webinterface (py-kms, custom-icon) | custom-icon | | `KMS_GUI_STYLE` | switch the UI style of the webinterface (py-kms, custom-icon) | custom-icon |
# MAIN TAGS 🏷️
These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
* [465f4d1](https://hub.docker.com/r/11notes/kms-gui/tags?name=465f4d1)
* [465f4d1-unraid](https://hub.docker.com/r/11notes/kms-gui/tags?name=465f4d1-unraid)
# REGISTRIES ☁️
```
docker pull 11notes/kms-gui:465f4d1
docker pull ghcr.io/11notes/kms-gui:465f4d1
docker pull quay.io/11notes/kms-gui:465f4d1
```
${{ title_unraid }}
This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
# SOURCE 💾 # SOURCE 💾
* [11notes/kms-gui](https://github.com/11notes/docker-kms-gui) * [11notes/kms-gui](https://github.com/11notes/docker-KMS-GUI)
# PARENT IMAGE 🏛️ # PARENT IMAGE 🏛️
* [11notes/kms:465f4d1](https://hub.docker.com/r/11notes/kms) * [11notes/kms:465f4d1](https://hub.docker.com/r/11notes/kms)
@@ -75,18 +82,14 @@ volumes:
# BUILT WITH 🧰 # BUILT WITH 🧰
* [py-kms](https://github.com/Py-KMS-Organization/py-kms) * [py-kms](https://github.com/Py-KMS-Organization/py-kms)
* [CustomIcon/pykms-frontend](https://github.com/CustomIcon/pykms-frontend) * [CustomIcon/pykms-frontend](https://github.com/CustomIcon/pykms-frontend)
* [11notes/util](https://github.com/11notes/docker-util)
# GENERAL TIPS 📌 # GENERAL TIPS 📌
* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints > [!TIP]
* Use Lets Encrypt DNS-01 challenge to obtain valid SSL certificates for your services >* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
>* Use Lets Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
# SECURITY VULNERABILITIES REPORT ⚡
| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |
| --- | --- | --- | --- | --- | --- | --- | --- |
| 4.7 (Medium) | linux-pam | 1.6.1-r1 | | apk | /lib/apk/db/installed | nvd:cpe | [CVE-2024-10041](https://nvd.nist.gov/vuln/detail/CVE-2024-10041) |
# ElevenNotes™ # ElevenNotes™
This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms-gui/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories). This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms-gui/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms-gui/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms-gui/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
*created Fri, 21 Feb 2025 06:05:47 GMT* *created 02.05.2025, 10:23:31 (CET)*

21
arch.dockerfile
View File

@@ -1,6 +1,8 @@
ARG APP_VERSION=stable ARG APP_VERSION=stable
ARG APP_VERSION_PREFIX="" ARG APP_PREFIX=""
ARG APP_VERSION_SUFFIX="" ARG APP_SUFFIX=""
ARG APP_UID=1000
ARG APP_GID=1000
# :: Build / styles # :: Build / styles
FROM alpine/git AS styles FROM alpine/git AS styles
@@ -10,7 +12,7 @@ ARG APP_VERSION_SUFFIX=""
cd /git/pykms-frontend; cd /git/pykms-frontend;
# :: Header # :: Header
FROM 11notes/kms:${APP_VERSION_PREFIX}${APP_VERSION}${APP_VERSION_SUFFIX} FROM 11notes/kms:${APP_PREFIX}${APP_VERSION}${APP_SUFFIX}
# :: arguments # :: arguments
ARG TARGETARCH ARG TARGETARCH
@@ -20,6 +22,7 @@ ARG APP_VERSION_SUFFIX=""
ARG APP_ROOT ARG APP_ROOT
ARG APP_UID ARG APP_UID
ARG APP_GID ARG APP_GID
ARG APP_NO_CACHE
# :: environment # :: environment
ENV APP_IMAGE=${APP_IMAGE} ENV APP_IMAGE=${APP_IMAGE}
@@ -32,9 +35,11 @@ ARG APP_VERSION_SUFFIX=""
ENV PYKMS_SQLITE_DB_PATH=/kms/var/kms.db ENV PYKMS_SQLITE_DB_PATH=/kms/var/kms.db
ENV PYKMS_LICENSE_PATH=/opt/py-kms/LICENSE ENV PYKMS_LICENSE_PATH=/opt/py-kms/LICENSE
ENV PYKMS_VERSION_PATH=/opt/py-kms/VERSION ENV PYKMS_VERSION_PATH=/opt/py-kms/VERSION
ENV PORT=8080 ENV PORT=3000
ENV LOG_LEVEL=INFO ENV LOG_LEVEL=INFO
ENV PIP_ROOT_USER_ACTION=ignore
# :: multi-stage # :: multi-stage
COPY ./LICENSE /opt/py-kms COPY ./LICENSE /opt/py-kms
@@ -52,8 +57,10 @@ ARG APP_VERSION_SUFFIX=""
cd /opt/py-kms; \ cd /opt/py-kms; \
echo "${APP_VERSION}" > VERSION; \ echo "${APP_VERSION}" > VERSION; \
echo "master" >> VERSION; \ echo "master" >> VERSION; \
pip3 install --no-cache-dir -r /opt/py-kms/requirements.gui.txt --break-system-packages; \ pip3 install --no-cache-dir --break-system-packages -r /opt/py-kms/requirements.gui.txt; \
apk del --no-network .build; pip3 list -o | sed 's/pip.*//' | grep . | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install --no-cache-dir --break-system-packages -U; \
apk del --no-network .build; \
rm -rf /usr/lib/python3.12/site-packages/pip;
# :: copy filesystem changes # :: copy filesystem changes
COPY ./rootfs / COPY ./rootfs /
@@ -81,4 +88,4 @@ ARG APP_VERSION_SUFFIX=""
HEALTHCHECK --interval=5s --timeout=2s CMD curl -X GET -kILs --fail http://localhost:${PORT}/livez || exit 1 HEALTHCHECK --interval=5s --timeout=2s CMD curl -X GET -kILs --fail http://localhost:${PORT}/livez || exit 1
# :: Start # :: Start
USER docker USER ${APP_UID}:${APP_GID}

24
compose.yaml
View File

@@ -1,24 +1,28 @@
name: "kms" name: "kms"
services: services:
kms: app:
image: "11notes/kms:stable" image: "11notes/kms:465f4d1"
container_name: "kms"
environment: environment:
TZ: Europe/Zurich TZ: "Europe/Zurich"
volumes: volumes:
- "var:/kms/var" - "var:/kms/var"
ports: ports:
- "1688:1688/tcp" - "1688:1688/tcp"
restart: always restart: "always"
kms-gui:
gui:
image: "11notes/kms-gui:465f4d1" image: "11notes/kms-gui:465f4d1"
container_name: "kms-gui" depends_on:
app:
condition: "service_healthy"
restart: true
environment: environment:
TZ: Europe/Zurich TZ: "Europe/Zurich"
volumes: volumes:
- "var:/kms/var" - "var:/kms/var"
ports: ports:
- "8080:8080/tcp" - "3000:3000/tcp"
restart: always restart: "always"
volumes: volumes:
var: var: