diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 93bf636..28f668f 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -8,6 +8,11 @@ on:
required: false
default: 'false'
+ readme:
+ description: 'set WORKFLOW_GITHUB_README'
+ required: false
+ default: 'false'
+
image:
description: 'set IMAGE'
required: false
@@ -32,6 +37,7 @@ jobs:
docker:
runs-on: ubuntu-22.04
permissions:
+ actions: read
contents: write
packages: write
security-events: write
@@ -39,6 +45,8 @@ jobs:
steps:
- name: init / checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+ with:
+ ref: master
- name: init / inputs to env
if: github.event_name == 'workflow_dispatch'
@@ -62,8 +70,10 @@ jobs:
: # set defaults
echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
- echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
echo "WORKFLOW_GITHUB_RELEASE=${input_release:-true}" >> $GITHUB_ENV;
+ echo "WORKFLOW_GITHUB_README=${input_readme:-true}" >> $GITHUB_ENV;
+ echo "WORKFLOW_GRYPE_SCAN=${json_grype_scan:-true}" >> $GITHUB_ENV;
+ echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
: # create tags for semver, stable and other shenanigans
LOCAL_SHA=$(git rev-parse --short HEAD)
@@ -76,7 +86,7 @@ jobs:
LOCAL_TAGS="${LOCAL_IMAGE}:${LOCAL_SHA}"
if [ ! -z ${input_semverprefix} ]; then LOCAL_SEMVER_PREFIX="${input_semverprefix}-"; fi
if [ ! -z ${input_semversuffix} ]; then LOCAL_SEMVER_SUFFIX="-${input_semversuffix}"; fi
- if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="-${json_semver_rc}"; fi
+ if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="${json_semver_rc}"; fi
if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}${LOCAL_SEMVER_SUFFIX}"; fi
if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}${LOCAL_SEMVER_SUFFIX}"; fi
if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}${LOCAL_SEMVER_SUFFIX}"; fi
@@ -89,7 +99,7 @@ jobs:
if [ ! -z ${input_uid} ]; then echo "IMAGE_UID=${input_uid}" >> $GITHUB_ENV; else echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV; fi
if [ ! -z ${input_gid} ]; then echo "IMAGE_GID=${input_gid}" >> $GITHUB_ENV; else echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV; fi
- : # set rc, prefix or suffix globally
+ : # set rc, prefix or suffix globally for semver and version
echo "IMAGE_SEMVER_PREFIX=${LOCAL_SEMVER_PREFIX}" >> $GITHUB_ENV
echo "IMAGE_SEMVER_SUFFIX=${LOCAL_SEMVER_SUFFIX}" >> $GITHUB_ENV
echo "IMAGE_VERSION_RC=${LOCAL_SEMVER_RC}" >> $GITHUB_ENV
@@ -131,6 +141,7 @@ jobs:
${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}
- name: grype / scan
+ if: env.WORKFLOW_GRYPE_SCAN == 'true'
id: grype-scan
uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
with:
@@ -138,15 +149,6 @@ jobs:
severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
by-cve: true
output-format: 'sarif'
- output-file: ${{ runner.temp }}/_github_home/grype.sarif
-
- - name: grype / report / sarif to markdown
- id: sarif-to-md
- if: success() || failure()
- continue-on-error: true
- uses: 11notes/action-sarif-to-markdown@bc689850bd33a1037ea1d0a609ab4ea14b3c4396
- with:
- sarif_file: grype.sarif
- name: grype / delete tag
if: steps.grype-tag.outcome == 'success'
@@ -157,11 +159,13 @@ jobs:
--header 'content-type: application/json' \
--fail
- - name: grype / report / upload
+ - name: codeql / upload
+ id: codeql-upload
if: steps.grype-scan.outcome == 'success'
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+ wait-for-processing: false
category: grype
- name: docker / build & push
@@ -212,6 +216,22 @@ jobs:
}' \
--fail
+ - name: github / create README.md
+ if: env.WORKFLOW_GITHUB_README == 'true'
+ id: github-readme
+ uses: 11notes/action-docker-readme@v1.1.1
+ with:
+ sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+
+ - name: github / commit & push
+ if: steps.github-readme.outcome == 'success'
+ run: |
+ git config user.name "github-actions[bot]"
+ git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+ git add .
+ git commit -m "update README.md"
+ git push
+
- name: docker / push README.md to docker hub
if: hashFiles('README.md') != ''
uses: christian-korneck/update-container-description-action@d36005551adeaba9698d8d67a296bd16fa91f8e8
diff --git a/.github/workflows/tags.yml b/.github/workflows/tags.yml
index 4ee14ff..b823fab 100644
--- a/.github/workflows/tags.yml
+++ b/.github/workflows/tags.yml
@@ -12,7 +12,7 @@ jobs:
with:
workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}"
- inputs: '{ "release":"true" }'
+ inputs: '{ "release":"true", "readme":"true" }'
docker-unraid:
runs-on: ubuntu-latest
@@ -22,7 +22,7 @@ jobs:
with:
workflow: docker.yml
token: "${{ secrets.REPOSITORY_TOKEN }}"
- inputs: '{ "release":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
+ inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
kms-gui:
runs-on: ubuntu-latest
@@ -35,7 +35,7 @@ jobs:
token: "${{ secrets.REPOSITORY_TOKEN }}"
repo: 11notes/docker-kms-gui
ref: master
- inputs: '{ "release":"false" }'
+ inputs: '{ "release":"false", "readme":"true" }'
kms-gui-unraid:
runs-on: ubuntu-latest
@@ -48,4 +48,4 @@ jobs:
token: "${{ secrets.REPOSITORY_TOKEN }}"
repo: 11notes/docker-kms-gui
ref: master
- inputs: '{ "release":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
\ No newline at end of file
+ inputs: '{ "release":"false", "readme":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 4950fec..3cdab39 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1 @@
-maintain/
-project*
\ No newline at end of file
+maintain/
\ No newline at end of file
diff --git a/.json b/.json
index 58b928a..8a2ad56 100644
--- a/.json
+++ b/.json
@@ -13,6 +13,9 @@
"description":"Activate any version of Windows and Office, forever",
"parent":{
"image":"11notes/alpine:stable"
+ },
+ "built":{
+ "py-kms":"https://github.com/Py-KMS-Organization/py-kms"
}
}
}
\ No newline at end of file
diff --git a/README.md b/README.md
deleted file mode 100644
index ee521f1..0000000
--- a/README.md
+++ /dev/null
@@ -1,139 +0,0 @@
-
-
-# ๐๏ธ kms on Alpine
-[
](https://github.com/11notes/docker-kms)[
](https://github.com/11notes/docker-kms/issues)
-
-**Activate any version of Windows and Office, forever**
-
-
-
-
-
-# MAIN TAGS ๐ท๏ธ
-These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
-
-* [465f4d1](https://hub.docker.com/r/11notes/kms/tags?name=465f4d1)
-* [stable](https://hub.docker.com/r/11notes/kms/tags?name=stable)
-* [latest](https://hub.docker.com/r/11notes/kms/tags?name=latest)
-* [465f4d1-unraid](https://hub.docker.com/r/11notes/kms/tags?name=465f4d1-unraid)
-* [stable-unraid](https://hub.docker.com/r/11notes/kms/tags?name=stable-unraid)
-* [latest-unraid](https://hub.docker.com/r/11notes/kms/tags?name=latest-unraid)
-
-
-# SYNOPSIS ๐
-**What can I do with this?** This image will run a KMS server you can use to activate any version of Windows and Office, forever.
-
-Works with:
-- Windows Vista
-- Windows 7
-- Windows 8
-- Windows 8.1
-- Windows 10
-- Windows 11
-- Windows Server 2008
-- Windows Server 2008 R2
-- Windows Server 2012
-- Windows Server 2012 R2
-- Windows Server 2016
-- Windows Server 2019
-- Windows Server 2022
-- Windows Server 2025
-- Microsoft Office 2010 ( Volume License )
-- Microsoft Office 2013 ( Volume License )
-- Microsoft Office 2016 ( Volume License )
-- Microsoft Office 2019 ( Volume License )
-- Microsoft Office 2021 ( Volume License )
-- Microsoft Office 2024 ( Volume License )
-
-# VOLUMES ๐
-* **/var** - Directory of the activation database
-
-# COMPOSE โ๏ธ
-```yaml
-name: "kms"
-services:
- kms:
- image: "11notes/kms:465f4d1"
- container_name: "kms"
- environment:
- TZ: "Europe/Zurich"
- volumes:
- - "var:/kms/var"
- ports:
- - "1688:1688/tcp"
- restart: "always"
- kms-gui:
- image: "11notes/kms-gui:stable"
- container_name: "kms-gui"
- environment:
- TZ: "Europe/Zurich"
- volumes:
- - "var:/kms/var"
- ports:
- - "8080:8080/tcp"
- restart: "always"
-volumes:
- var:
-```
-
-
-## Windows Server 2025 Datacenter. List of [GVLK](https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys)
-```cmd
-slmgr /ipk D764K-2NDRG-47T6Q-P8T8W-YP6DF
-```
-Add your KMS server information to server via registry
-```powershell
-Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -Name "KeyManagementServiceName" -Value "KMS_IP"
-Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -Name "KeyManagementServicePort" -Value "KMS_PORT"
-Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform" -Name "KeyManagementServiceName" -Value "KMS_IP"
-Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform" -Name "KeyManagementServicePort" -Value "KMS_PORT"
-```
-Activate server
-```cmd
-slmgr /ato
-```
-
-# UNRAID VERSION ๐
-This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
-
-
-# DEFAULT SETTINGS ๐๏ธ
-| Parameter | Value | Description |
-| --- | --- | --- |
-| `user` | docker | user name |
-| `uid` | 1000 | [user identifier](https://en.wikipedia.org/wiki/User_identifier) |
-| `gid` | 1000 | [group identifier](https://en.wikipedia.org/wiki/Group_identifier) |
-| `home` | /kms | home directory of user docker |
-| `database` | /kms/var/kms.db | SQlite database holding all client data |
-
-# ENVIRONMENT ๐
-| Parameter | Value | Default |
-| --- | --- | --- |
-| `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
-| `DEBUG` | Will activate debug option for container image and app (if available) | |
-| `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
-| `KMS_CLIENTCOUNT` | client count > 25 | 26 |
-| `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
-| `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
-
-# SOURCE ๐พ
-* [11notes/kms](https://github.com/11notes/docker-kms)
-
-# PARENT IMAGE ๐๏ธ
-* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
-
-# BUILT WITH ๐งฐ
-* [py-kms](https://github.com/Py-KMS-Organization/py-kms)
-* [alpine](https://alpinelinux.org)
-
-# GENERAL TIPS ๐
-* Use a reverse proxy like Traefik, Nginx, HAproxy to terminate TLS and to protect your endpoints
-* Use Letโs Encrypt DNS-01 challenge to obtain valid SSL certificates for your services
-* Do not expose this image to WAN! You will get notified from Microsoft via your ISP to terminate the service if you do so
-* [Microsoft LICD](https://learn.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a)
-* Use [11notes/kms-gui](https://github.com/11notes/docker-kms-gui) if you want to see the clients you activated in a nice GUI
-
-
-# ElevenNotesโข๏ธ
-This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
\ No newline at end of file
diff --git a/img/GUI.png b/img/GUI.png
deleted file mode 100644
index b4dc911..0000000
Binary files a/img/GUI.png and /dev/null differ
diff --git a/img/Windows11ENTLTSC.png b/img/Windows11ENTLTSC.png
new file mode 100644
index 0000000..e33c0da
Binary files /dev/null and b/img/Windows11ENTLTSC.png differ
diff --git a/img/WindowsSRV2025.png b/img/WindowsSRV2025.png
new file mode 100644
index 0000000..712ddd8
Binary files /dev/null and b/img/WindowsSRV2025.png differ
diff --git a/img/activation.png b/img/activation.png
deleted file mode 100644
index 7c43233..0000000
Binary files a/img/activation.png and /dev/null differ
diff --git a/img/webGUICustomIcon.png b/img/webGUICustomIcon.png
new file mode 100644
index 0000000..0e5ca79
Binary files /dev/null and b/img/webGUICustomIcon.png differ
diff --git a/project.md b/project.md
new file mode 100644
index 0000000..22b5340
--- /dev/null
+++ b/project.md
@@ -0,0 +1,71 @@
+
+
+
+
+${{ content_synopsis }} This image will run a KMS server you can use to activate any version of Windows and Office, forever.
+
+Works with:
+- Windows Vista
+- Windows 7
+- Windows 8
+- Windows 8.1
+- Windows 10
+- Windows 11
+- Windows Server 2008
+- Windows Server 2008 R2
+- Windows Server 2012
+- Windows Server 2012 R2
+- Windows Server 2016
+- Windows Server 2019
+- Windows Server 2022
+- Windows Server 2025
+- Microsoft Office 2010 ( Volume License )
+- Microsoft Office 2013 ( Volume License )
+- Microsoft Office 2016 ( Volume License )
+- Microsoft Office 2019 ( Volume License )
+- Microsoft Office 2021 ( Volume License )
+- Microsoft Office 2024 ( Volume License )
+
+${{ title_volumes }}
+* **${{ json_root }}/var** - Directory of the activation database
+
+${{ content_compose }}
+
+# EXAMPLE
+## Windows Server 2025 Datacenter. List of [GVLK](https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys)
+```cmd
+slmgr /ipk D764K-2NDRG-47T6Q-P8T8W-YP6DF
+```
+Add your KMS server information to server via registry
+```powershell
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -Name "KeyManagementServiceName" -Value "KMS_IP"
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SoftwareProtectionPlatform" -Name "KeyManagementServicePort" -Value "KMS_PORT"
+
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform" -Name "KeyManagementServiceName" -Value "KMS_IP"
+Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\OfficeSoftwareProtectionPlatform" -Name "KeyManagementServicePort" -Value "KMS_PORT"
+```
+Activate server
+```cmd
+slmgr /ato
+```
+
+${{ content_defaults }}
+| `database` | /kms/var/kms.db | SQlite database holding all client data |
+
+${{ content_environment }}
+| `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
+| `KMS_CLIENTCOUNT` | client count > 25 | 26 |
+| `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
+| `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
+| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
+
+${{ content_source }}
+
+${{ content_parent }}
+
+${{ content_built }}
+
+${{ content_tips }}
+* Do not expose this image to WAN! You will get notified from Microsoft via your ISP to terminate the service if you do so
+* [Microsoft LICD](https://learn.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a)
+* Use [11notes/kms-gui](https://github.com/11notes/docker-kms-gui) if you want to see the clients you activated in a nice web GUI
\ No newline at end of file