paulmataruso/docker-kms
1
0
Fork 0
mirror of https://github.com/11notes/docker-kms.git synced 2025-10-23 04:52:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

[upgrade] to latest workflows

Browse Source
This commit is contained in:
ElevenNotes
2025-05-02 09:17:38 +02:00
parent f9031c3b01
commit 06b86cbc27
8 changed files with 235 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -1,2 +1,3 @@
# default
* text=auto * text=auto
*.sh eol=lf *.sh eol=lf

245
.github/workflows/docker.yml vendored
View File

@@ -10,6 +10,17 @@ on:
required: false required: false
default: 'docker' default: 'docker'
runs-on:
description: 'set runs-on for workflow (github or selfhosted)'
type: string
required: false
default: 'ubuntu-22.04'
build:
description: 'set WORKFLOW_BUILD'
required: false
default: 'true'
release: release:
description: 'set WORKFLOW_GITHUB_RELEASE' description: 'set WORKFLOW_GITHUB_RELEASE'
required: false required: false
@@ -19,30 +30,15 @@ on:
description: 'set WORKFLOW_GITHUB_README' description: 'set WORKFLOW_GITHUB_README'
required: false required: false
default: 'false' default: 'false'
image: etc:
description: 'set IMAGE' description: 'base64 encoded json string'
required: false
uid:
description: 'set IMAGE_UID'
required: false
gid:
description: 'set IMAGE_GID'
required: false
semverprefix:
description: 'prefix for semver tags'
required: false
semversuffix:
description: 'suffix for semver tags'
required: false required: false
jobs: jobs:
docker: docker:
runs-on: ubuntu-22.04 runs-on: ${{ inputs.runs-on }}
timeout-minutes: 1440
services: services:
registry: registry:
@@ -54,7 +50,6 @@ jobs:
actions: read actions: read
contents: write contents: write
packages: write packages: write
security-events: write
steps: steps:
- name: init / checkout - name: init / checkout
@@ -69,12 +64,17 @@ jobs:
script: | script: |
const { existsSync, readFileSync } = require('node:fs'); const { existsSync, readFileSync } = require('node:fs');
const { resolve } = require('node:path'); const { resolve } = require('node:path');
const { inspect } = require('node:util');
const { Buffer } = require('node:buffer');
const inputs = `${{ toJSON(github.event.inputs) }}`; const inputs = `${{ toJSON(github.event.inputs) }}`;
const opt = {input:{}, dot:{}}; const opt = {input:{}, dot:{}};
try{ try{
if(inputs.length > 0){ if(inputs.length > 0){
opt.input = JSON.parse(inputs); opt.input = JSON.parse(inputs);
if(opt.input?.etc){
opt.input.etc = JSON.parse(Buffer.from(opt.input.etc, 'base64').toString('ascii'));
}
} }
}catch(e){ }catch(e){
core.warning('could not parse github.event.inputs'); core.warning('could not parse github.event.inputs');
@@ -95,27 +95,30 @@ jobs:
core.setFailed(e); core.setFailed(e);
} }
core.info(inspect(opt, {showHidden:false, depth:null, colors:true}));
const docker = { const docker = {
image:{ image:{
name:(opt.input?.image || opt.dot.image), name:opt.dot.image,
arch:(opt.dot.arch || 'linux/amd64,linux/arm64'), arch:(opt.dot.arch || 'linux/amd64,linux/arm64'),
prefix:((opt.input?.semverprefix) ? `${opt.input?.semverprefix}-` : ''), prefix:((opt.input?.etc?.semverprefix) ? `${opt.input?.etc?.semverprefix}-` : ''),
suffix:((opt.input?.semversuffix) ? `-${opt.input?.semversuffix}` : ''), suffix:((opt.input?.etc?.semversuffix) ? `-${opt.input?.etc?.semversuffix}` : ''),
description:(opt.dot?.readme?.description || ''), description:(opt.dot?.readme?.description || ''),
tags:[], tags:[],
}, },
app:{ app:{
image:opt.dot.image, image:opt.dot.image,
name:opt.dot.name, name:opt.dot.name,
version:opt.dot.semver.version, version:(opt.input?.etc?.version || opt.dot.semver.version),
root:opt.dot.root, root:opt.dot.root,
UID:(opt.input?.uid || 1000), UID:(opt.input?.etc?.uid || 1000),
GID:(opt.input?.gid || 1000), GID:(opt.input?.etc?.gid || 1000),
no_cache:new Date().getTime(), no_cache:new Date().getTime(),
}, },
cache:{ cache:{
registry:'localhost:5000/', registry:'localhost:5000/',
} },
tags:[],
}; };
docker.cache.name = `${docker.image.name}:${docker.image.prefix}buildcache${docker.image.suffix}`; docker.cache.name = `${docker.image.name}:${docker.image.prefix}buildcache${docker.image.suffix}`;
@@ -124,21 +127,42 @@ jobs:
docker.app.suffix = docker.image.suffix; docker.app.suffix = docker.image.suffix;
// setup tags // setup tags
const semver = opt.dot.semver.version.split('.'); if(opt.input?.etc?.dockerfile !== 'arch.dockerfile' && opt.input?.etc?.tag){
docker.image.tags.push(`${context.sha.substring(0,7)}`); docker.image.tags.push(`${context.sha.substring(0,7)}`);
if(Array.isArray(semver)){ docker.image.tags.push(opt.input.etc.tag);
if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`); docker.image.tags.push(`${opt.input.etc.tag}-${docker.app.version}`);
if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`); docker.cache.name = `${docker.image.name}:buildcache-${opt.input.etc.tag}`;
if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`); }else if(opt.dot?.semver?.version){
const semver = opt.dot.semver.version.split('.');
docker.image.tags.push(`${context.sha.substring(0,7)}`);
if(Array.isArray(semver)){
if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`);
if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`);
if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`);
}
if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
}else if(opt.input?.etc?.version && opt.input.etc.version === 'latest'){
docker.image.tags.push('latest');
} }
if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
for(let i=0; i<docker.image.tags.length; i++){ for(const tag of docker.image.tags){
docker.image.tags[i] = `${docker.image.name}:${docker.image.prefix}${docker.image.tags[i]}${docker.image.suffix}`; docker.tags.push(`${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
docker.tags.push(`ghcr.io/${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
docker.tags.push(`quay.io/${docker.image.name}:${docker.image.prefix}${tag}${docker.image.suffix}`);
} }
// setup build arguments // setup build arguments
if(opt.input?.etc?.build?.args){
for(const arg in opt.input.etc.build.args){
docker.app[arg] = opt.input.etc.build.args[arg];
}
}
if(opt.dot?.build?.args){
for(const arg in opt.dot.build.args){
docker.app[arg] = opt.dot.build.args[arg];
}
}
const arguments = []; const arguments = [];
for(const argument in docker.app){ for(const argument in docker.app){
arguments.push(`APP_${argument.toUpperCase()}=${docker.app[argument]}`); arguments.push(`APP_${argument.toUpperCase()}=${docker.app[argument]}`);
@@ -151,38 +175,62 @@ jobs:
core.exportVariable('DOCKER_IMAGE_NAME', docker.image.name); core.exportVariable('DOCKER_IMAGE_NAME', docker.image.name);
core.exportVariable('DOCKER_IMAGE_ARCH', docker.image.arch); core.exportVariable('DOCKER_IMAGE_ARCH', docker.image.arch);
core.exportVariable('DOCKER_IMAGE_TAGS', docker.image.tags.join(',')); core.exportVariable('DOCKER_IMAGE_TAGS', docker.tags.join(','));
core.exportVariable('DOCKER_IMAGE_DESCRIPTION', docker.image.description); core.exportVariable('DOCKER_IMAGE_DESCRIPTION', docker.image.description);
core.exportVariable('DOCKER_IMAGE_ARGUMENTS', arguments.join("\r\n")); core.exportVariable('DOCKER_IMAGE_ARGUMENTS', arguments.join("\r\n"));
core.exportVariable('DOCKER_IMAGE_DOCKERFILE', opt.input?.etc?.dockerfile || 'arch.dockerfile');
core.exportVariable('WORKFLOW_CREATE_RELEASE', (opt.input?.release || true)); core.exportVariable('WORKFLOW_BUILD', (opt.input?.build === undefined) ? false : opt.input.build);
core.exportVariable('WORKFLOW_CREATE_README', (opt.input?.readme || true)); core.exportVariable('WORKFLOW_CREATE_RELEASE', (opt.input?.release === undefined) ? false : opt.input.release);
core.exportVariable('WORKFLOW_GRYPE_FAIL_ON_SEVERITY', (opt.json?.grpye?.fail || true)); core.exportVariable('WORKFLOW_CREATE_README', (opt.input?.readme === undefined) ? false : opt.input.readme);
core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.json?.grpye?.severity || 'high')); core.exportVariable('WORKFLOW_GRYPE_FAIL_ON_SEVERITY', (opt.dot?.grype?.fail === undefined) ? true : opt.dot.grype.fail);
core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.dot?.grype?.severity || 'high'));
if(opt.dot?.readme?.comparison){
core.exportVariable('WORKFLOW_CREATE_COMPARISON', true);
core.exportVariable('WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE', opt.dot.readme.comparison.image);
core.exportVariable('WORKFLOW_CREATE_COMPARISON_IMAGE', `${docker.image.name}:${docker.app.version}`);
}
# DOCKER # DOCKER
- name: docker / login to hub - name: docker / login to hub
uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with: with:
username: 11notes username: 11notes
password: ${{ secrets.DOCKER_TOKEN }} password: ${{ secrets.DOCKER_TOKEN }}
- name: github / login to ghcr
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: ghcr.io
username: 11notes
password: ${{ secrets.GITHUB_TOKEN }}
- name: quay / login to quay
uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772
with:
registry: quay.io
username: 11notes+github
password: ${{ secrets.QUAY_TOKEN }}
- name: docker / setup qemu - name: docker / setup qemu
if: env.WORKFLOW_BUILD == 'true'
uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a uses: docker/setup-qemu-action@53851d14592bedcffcf25ea515637cff71ef929a
- name: docker / setup buildx - name: docker / setup buildx
if: env.WORKFLOW_BUILD == 'true'
uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5
with: with:
driver-opts: network=host driver-opts: network=host
- name: docker / build & push & tag grype - name: docker / build & push & tag grype
if: env.WORKFLOW_BUILD == 'true'
id: docker-build id: docker-build
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
with: with:
context: . context: .
file: arch.dockerfile file: ${{ env.DOCKER_IMAGE_DOCKERFILE }}
push: true push: true
platforms: ${{ env.DOCKER_IMAGE_ARCH }} platforms: ${{ env.DOCKER_IMAGE_ARCH }}
cache-from: type=registry,ref=${{ env.DOCKER_CACHE_NAME }} cache-from: type=registry,ref=${{ env.DOCKER_CACHE_NAME }}
@@ -193,8 +241,9 @@ jobs:
${{ env.DOCKER_CACHE_GRYPE }} ${{ env.DOCKER_CACHE_GRYPE }}
- name: grype / scan - name: grype / scan
if: env.WORKFLOW_BUILD == 'true'
id: grype id: grype
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342 uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
with: with:
image: ${{ env.DOCKER_CACHE_GRYPE }} image: ${{ env.DOCKER_CACHE_GRYPE }}
fail-build: ${{ env.WORKFLOW_GRYPE_FAIL_ON_SEVERITY }} fail-build: ${{ env.WORKFLOW_GRYPE_FAIL_ON_SEVERITY }}
@@ -204,8 +253,8 @@ jobs:
cache-db: true cache-db: true
- name: grype / fail - name: grype / fail
if: failure() || steps.grype.outcome == 'failure' if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure')
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342 uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
with: with:
image: ${{ env.DOCKER_CACHE_GRYPE }} image: ${{ env.DOCKER_CACHE_GRYPE }}
fail-build: false fail-build: false
@@ -215,10 +264,11 @@ jobs:
cache-db: true cache-db: true
- name: docker / build & push - name: docker / build & push
if: env.WORKFLOW_BUILD == 'true'
uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
with: with:
context: . context: .
file: arch.dockerfile file: ${{ env.DOCKER_IMAGE_DOCKERFILE }}
push: true push: true
sbom: true sbom: true
provenance: mode=max provenance: mode=max
@@ -250,6 +300,12 @@ jobs:
if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-log.outcome == 'success' if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-log.outcome == 'success'
id: git-release id: git-release
uses: 11notes/action-docker-release@v1 uses: 11notes/action-docker-release@v1
# WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
# ---------------------------------------------------------------------------------
# the next step "github / release / create" creates a new release based on the code
# in the repo. This code is not modified and can't be modified by this action.
# It does create the markdown for the release, which could be abused, but to what
# extend? Adding a link to a malicious repo?
with: with:
git_log: ${{ steps.git-log.outputs.commits }} git_log: ${{ steps.git-log.outputs.commits }}
@@ -267,34 +323,72 @@ jobs:
# README
- name: github / checkout master # LICENSE
- name: license / update year
continue-on-error: true continue-on-error: true
run: | uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
git checkout master with:
script: |
const { existsSync, readFileSync, writeFileSync } = require('node:fs');
const { resolve } = require('node:path');
const file = 'LICENSE';
const year = new Date().getFullYear();
try{
const path = resolve(file);
if(existsSync(path)){
let license = readFileSync(file).toString();
if(!new RegExp(`Copyright \\(c\\) ${year} 11notes`, 'i').test(license)){
license = license.replace(/Copyright \(c\) \d{4} /i, `Copyright (c) ${new Date().getFullYear()} `);
writeFileSync(path, license);
}
}else{
throw new Error(`file ${file} does not exist`);
}
}catch(e){
core.setFailed(e);
}
# README
- name: github / checkout HEAD
continue-on-error: true
run: |
git checkout HEAD
- name: docker / setup comparison images
if: env.WORKFLOW_CREATE_COMPARISON == 'true'
continue-on-error: true
run: |
docker image pull ${{ env.WORKFLOW_CREATE_COMPARISON_IMAGE }}
docker image ls --filter "reference=${{ env.WORKFLOW_CREATE_COMPARISON_IMAGE }}" --format json | jq --raw-output '.Size' &> ./comparison.size0.log
docker image pull ${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }}
docker image ls --filter "reference=${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }}" --format json | jq --raw-output '.Size' &> ./comparison.size1.log
docker run --entrypoint "/bin/sh" --rm ${{ env.WORKFLOW_CREATE_COMPARISON_FOREIGN_IMAGE }} -c id &> ./comparison.id.log
- name: github / create README.md - name: github / create README.md
id: github-readme id: github-readme
continue-on-error: true continue-on-error: true
if: env.WORKFLOW_CREATE_README == 'true' && steps.docker-build.outcome == 'success' if: env.WORKFLOW_CREATE_README == 'true'
uses: 11notes/action-docker-readme@v1 uses: 11notes/action-docker-readme@v1
# WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
# ---------------------------------------------------------------------------------
# the next step "github / commit & push" only adds the README and LICENSE as well as
# compose.yaml to the repository. This does not pose a security risk if this action
# would be compromised. The code of the app can't be changed by this action. Since
# only the files mentioned are commited to the repo. Sure, someone could make a bad
# compose.yaml, but since this serves only as an example I see no harm in that.
with: with:
sarif_file: ${{ steps.grype.outputs.sarif }} sarif_file: ${{ steps.grype.outputs.sarif }}
build_output_metadata: ${{ steps.docker-build.outputs.metadata }} build_output_metadata: ${{ steps.docker-build.outputs.metadata }}
- name: github / commit & push
continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add README.md
git commit -m "auto update README.md"
git push
- name: docker / push README.md to docker hub - name: docker / push README.md to docker hub
continue-on-error: true continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != '' if: steps.github-readme.outcome == 'success' && hashFiles('README_NONGITHUB.md') != ''
uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8 uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
env: env:
DOCKER_USER: 11notes DOCKER_USER: 11notes
@@ -303,8 +397,25 @@ jobs:
destination_container_repo: ${{ env.DOCKER_IMAGE_NAME }} destination_container_repo: ${{ env.DOCKER_IMAGE_NAME }}
provider: dockerhub provider: dockerhub
short_description: ${{ env.DOCKER_IMAGE_DESCRIPTION }} short_description: ${{ env.DOCKER_IMAGE_DESCRIPTION }}
readme_file: 'README.md' readme_file: 'README_NONGITHUB.md'
- name: github / commit & push
continue-on-error: true
if: steps.github-readme.outcome == 'success' && hashFiles('README.md') != ''
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add README.md
if [ -f compose.yaml ]; then
git add compose.yaml
fi
if [ -f LICENSE ]; then
git add LICENSE
fi
git commit -m "github-actions[bot]: update README.md"
git push origin HEAD:master
# REPOSITORY SETTINGS # REPOSITORY SETTINGS

16
.github/workflows/readme.yml vendored Normal file
View File

@@ -0,0 +1,16 @@
name: readme
on:
workflow_dispatch:
jobs:
readme:
runs-on: ubuntu-latest
steps:
- name: update README.md
uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
with:
wait-for-completion: false
workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}"
inputs: '{ "build":"false", "release":"false", "readme":"true" }'

31
.github/workflows/tags.yml vendored
View File

@@ -16,13 +16,26 @@ jobs:
docker-unraid: docker-unraid:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: init / base64 nested json
uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
with:
script: |
const { Buffer } = require('node:buffer');
const etc = {
semversuffix:"unraid",
uid:99,
gid:100,
};
core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
- name: build docker image for unraid community - name: build docker image for unraid community
uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
with: with:
wait-for-completion: false
workflow: docker.yml workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}" token: "${{ secrets.REPOSITORY_TOKEN }}"
inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid", "run-name":"docker-unraid" }' inputs: '{ "release":"false", "readme":"false", "run-name":"unraid", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'
kms-gui: kms-gui:
runs-on: ubuntu-latest runs-on: ubuntu-latest
@@ -41,6 +54,18 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
needs: docker-unraid needs: docker-unraid
steps: steps:
- name: init / base64 nested json
uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
with:
script: |
const { Buffer } = require('node:buffer');
const etc = {
semversuffix:"unraid",
uid:99,
gid:100,
};
core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
- name: build downstream kms gui for unraid community - name: build downstream kms gui for unraid community
uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7 uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
with: with:
@@ -48,4 +73,4 @@ jobs:
token: "${{ secrets.REPOSITORY_TOKEN }}" token: "${{ secrets.REPOSITORY_TOKEN }}"
repo: 11notes/docker-kms-gui repo: 11notes/docker-kms-gui
ref: master ref: master
inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid", "run-name":"docker-unraid" }' inputs: '{ "release":"false", "readme":"false", "run-name":"unraid", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'

4
.json
View File

@@ -4,9 +4,7 @@
"root":"/kms", "root":"/kms",
"semver":{ "semver":{
"version":"465f4d1", "version":"465f4d1"
"stable":"465f4d1",
"latest":"465f4d1"
}, },
"readme":{ "readme":{

2
README.md
View File

@@ -135,4 +135,4 @@ slmgr /ato
# ElevenNotes™ # ElevenNotes™
This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories). This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
*created 7.3.2025, 12:11:30 (CET)* *created 7.3.2025, 12:03:55 (CET)*

5
arch.dockerfile
View File

@@ -22,6 +22,7 @@
ARG APP_ROOT ARG APP_ROOT
ARG APP_UID ARG APP_UID
ARG APP_GID ARG APP_GID
ARG APP_NO_CACHE
# :: environment # :: environment
ENV APP_IMAGE=${APP_IMAGE} ENV APP_IMAGE=${APP_IMAGE}
@@ -36,8 +37,8 @@
ENV KMS_LOGLEVEL="INFO" ENV KMS_LOGLEVEL="INFO"
# :: multi-stage # :: multi-stage
COPY --from=util /usr/local/bin/ /usr/local/bin COPY --from=util /usr/local/bin /usr/local/bin
COPY --from=build /git/py-kms/py-kms/ /opt/py-kms COPY --from=build /git/py-kms/py-kms /opt/py-kms
# :: Run # :: Run
USER root USER root

14
compose.yaml
View File

@@ -1,8 +1,7 @@
name: "kms" name: "kms"
services: services:
kms: app:
image: "11notes/kms:465f4d1" image: "11notes/kms:465f4d1"
container_name: "kms"
environment: environment:
TZ: "Europe/Zurich" TZ: "Europe/Zurich"
volumes: volumes:
@@ -10,19 +9,20 @@ services:
ports: ports:
- "1688:1688/tcp" - "1688:1688/tcp"
restart: "always" restart: "always"
kms-gui:
image: "11notes/kms-gui:stable" gui:
image: "11notes/kms-gui:465f4d1"
depends_on: depends_on:
kms: app:
condition: "service_healthy" condition: "service_healthy"
restart: true restart: true
container_name: "kms-gui"
environment: environment:
TZ: "Europe/Zurich" TZ: "Europe/Zurich"
volumes: volumes:
- "var:/kms/var" - "var:/kms/var"
ports: ports:
- "8080:8080/tcp" - "3000:3000/tcp"
restart: "always" restart: "always"
volumes: volumes:
var: var: