[upgrade] 1.0.3

.github/workflows/cron.update.yml

@@ -0,0 +1,115 @@
+name: cron-update
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 5 * * *"
+
+jobs:
+  cron-update:
+    runs-on: ubuntu-latest
+
+    permissions:
+      actions: read
+      contents: write
+
+    steps:   
+      - name: init / checkout
+        uses: actions/checkout@85e6279cec87321a52edac9c87bce653a07cf6c2
+        with:
+          ref: 'master'
+          fetch-depth: 0
+
+      - name: cron-update / get latest version
+        run: |
+          echo "LATEST_VERSION=$(curl -s https://api.github.com/repos/11notes/fork-py-kms/releases/latest | jq -r '.tag_name' | sed 's/v//')" >> "${GITHUB_ENV}"
+          echo "LATEST_TAG=$(git describe --abbrev=0 --tags `git rev-list --tags --max-count=1` | sed 's/v//')" >> "${GITHUB_ENV}"
+
+      - name: cron-update / setup node
+        uses: actions/setup-node@49933ea5288caeca8642d1e84afbd3f7d6820020
+        with:
+          node-version: '20'
+      - run: npm i semver
+
+      - name: cron-update / compare latest with current version
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { existsSync, readFileSync, writeFileSync } = require('node:fs');
+            const { resolve } = require('node:path');
+            const { inspect } = require('node:util');
+            const semver = require('semver')
+            const repository = {dot:{}};
+
+            try{
+              const path = resolve('.json');
+              if(existsSync(path)){
+                try{
+                  repository.dot = JSON.parse(readFileSync(path).toString());
+                }catch(e){
+                  throw new Error('could not parse .json');
+                }
+              }else{
+                throw new Error('.json does not exist');
+              }
+            }catch(e){
+              core.setFailed(e);
+            }
+
+            const latest = semver.valid(semver.coerce('${{ env.LATEST_VERSION }}'));
+            const current = semver.valid(semver.coerce(repository.dot.semver.version));
+            const tag = semver.valid(semver.coerce('${{ env.LATEST_TAG }}'));
+
+            if(latest && latest !== current){
+              core.info(`new ${semver.diff(current, latest)} release found (${latest})!`)
+              repository.dot.semver.version = latest;
+              if(tag){
+                core.exportVariable('WORKFLOW_NEW_TAG', semver.inc(tag, semver.diff(current, latest)));
+              }
+
+              if(repository.dot.semver?.latest){
+                repository.dot.semver.latest = repository.dot.semver.version;
+              }
+
+              if(repository.dot?.readme?.comparison?.image){
+                repository.dot.readme.comparison.image = repository.dot.readme.comparison.image.replace(current, repository.dot.semver.version);
+              }
+
+              try{
+                writeFileSync(resolve('.json'), JSON.stringify(repository.dot, null, 2));
+                core.exportVariable('WORKFLOW_AUTO_UPDATE', true);
+              }catch(e){
+                core.setFailed(e);
+              }
+            }else{
+              core.info('no new release found');
+            }
+
+            core.info(inspect(repository.dot, {showHidden:false, depth:null, colors:true}));
+
+      - name: cron-update / checkout
+        id: checkout
+        if: env.WORKFLOW_AUTO_UPDATE == 'true'
+        run: |         
+          git config user.name "github-actions[bot]"
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git add .json
+          git commit -m "[upgrade] ${{ env.LATEST_VERSION }}"
+          git push origin HEAD:master
+
+      - name: cron-update / tag
+        if: env.WORKFLOW_AUTO_UPDATE == 'true' && steps.checkout.outcome == 'success'
+        run: |         
+          SHA256=$(git rev-list --branches --max-count=1)
+          git tag -a v${{ env.WORKFLOW_NEW_TAG }} -m "v${{ env.WORKFLOW_NEW_TAG }}" ${SHA256}
+          git push --follow-tags
+
+      - name: cron-update / build docker image
+        if: env.WORKFLOW_AUTO_UPDATE == 'true' && steps.checkout.outcome == 'success'
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          workflow: docker.yml
+          wait-for-completion: false
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          inputs: '{ "release":"true", "readme":"true" }'
+          ref: "v${{ env.WORKFLOW_NEW_TAG }}"

.github/workflows/cve.yml

@@ -0,0 +1,70 @@
+name: cve
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 15 */2 * *"
+
+jobs:
+  cve:
+    runs-on: ubuntu-latest
+    steps:
+      - name: init / checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+
+      - name: init / setup environment
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { existsSync, readFileSync } = require('node:fs');
+            const { resolve } = require('node:path');
+            const { inspect } = require('node:util');
+            const { Buffer } = require('node:buffer');
+            const inputs = `${{ toJSON(github.event.inputs) }}`;
+            const opt = {input:{}, dot:{}};            
+
+            try{
+              if(inputs.length > 0){
+                opt.input = JSON.parse(inputs);
+                if(opt.input?.etc){
+                  opt.input.etc = JSON.parse(Buffer.from(opt.input.etc, 'base64').toString('ascii'));
+                }
+              }
+            }catch(e){
+              core.warning('could not parse github.event.inputs');
+            }
+
+            try{
+              const path = resolve('.json');
+              if(existsSync(path)){
+                try{
+                  opt.dot = JSON.parse(readFileSync(path).toString());
+                }catch(e){
+                  throw new Error('could not parse .json');
+                }
+              }else{
+                throw new Error('.json does not exist');
+              }
+            }catch(e){
+              core.setFailed(e);
+            }
+
+            core.info(inspect(opt, {showHidden:false, depth:null, colors:true}));
+
+            core.exportVariable('WORKFLOW_IMAGE', `${opt.dot.image}:${(opt.dot?.semver?.version === undefined) ? 'rolling' : opt.dot.semver.version}`);
+            core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.dot?.grype?.severity || 'high'));
+
+
+      - name: grype / scan
+        id: grype
+        uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
+        with:
+          image: ${{ env.WORKFLOW_IMAGE }}
+          fail-build: true
+          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+          output-format: 'sarif'
+          by-cve: true
+          cache-db: true

.github/workflows/docker.yml

@@ -16,6 +16,7 @@ on:
         required: false
         default: 'ubuntu-22.04'
 
+
       build:
         description: 'set WORKFLOW_BUILD'
         required: false
@@ -109,7 +110,7 @@ jobs:
               app:{
                 image:opt.dot.image,
                 name:opt.dot.name,
-                version:(opt.input?.etc?.version || opt.dot.semver.version),
+                version:(opt.input?.etc?.version || opt.dot?.semver?.version),
                 root:opt.dot.root,
                 UID:(opt.input?.etc?.uid || 1000),
                 GID:(opt.input?.etc?.gid || 1000),
@@ -127,22 +128,25 @@ jobs:
             docker.app.suffix = docker.image.suffix;
 
             // setup tags
+              if(!opt.dot?.semver?.disable?.rolling){
+                docker.image.tags.push('rolling');
+              }
               if(opt.input?.etc?.dockerfile !== 'arch.dockerfile' && opt.input?.etc?.tag){
                 docker.image.tags.push(`${context.sha.substring(0,7)}`);
                 docker.image.tags.push(opt.input.etc.tag);
                 docker.image.tags.push(`${opt.input.etc.tag}-${docker.app.version}`);
                 docker.cache.name = `${docker.image.name}:buildcache-${opt.input.etc.tag}`;
-              }else if(opt.dot?.semver?.version){
+              }else if(docker.app.version !== 'latest'){
-                const semver = opt.dot.semver.version.split('.');
+                const semver = docker.app.version.split('.');
                 docker.image.tags.push(`${context.sha.substring(0,7)}`);
                 if(Array.isArray(semver)){
                   if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`);
                   if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`);
                   if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`);
                 }
-                if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
+                if(opt.dot?.semver?.stable && new RegExp(opt.dot?.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
-                if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
+                if(opt.dot?.semver?.latest && new RegExp(opt.dot?.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
-              }else if(opt.input?.etc?.version && opt.input.etc.version === 'latest'){
+              }else{
                 docker.image.tags.push('latest');
               }
 
@@ -224,7 +228,7 @@ jobs:
         with:
           driver-opts: network=host
 
-      - name: docker / build & push & tag grype
+      - name: docker / build image locally
         if: env.WORKFLOW_BUILD == 'true'
         id: docker-build
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
@@ -253,7 +257,7 @@ jobs:
           cache-db: true
 
       - name: grype / fail
-        if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure')
+        if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure') && steps.docker-build.outcome == 'success'
         uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
         with:
           image: ${{ env.DOCKER_CACHE_GRYPE }}
@@ -263,7 +267,7 @@ jobs:
           by-cve: true
           cache-db: true
 
-      - name: docker / build & push
+      - name: docker / build image from cache and push to registries
         if: env.WORKFLOW_BUILD == 'true'
         uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
         with:
@@ -409,6 +413,9 @@ jobs:
           if [ -f compose.yaml ]; then
             git add compose.yaml
           fi
+          if [ -f compose.yml ]; then
+            git add compose.yml
+          fi
           if [ -f LICENSE ]; then
             git add LICENSE
           fi

.github/workflows/tags.yml

@@ -32,7 +32,6 @@ jobs:
       - name: build docker image for unraid community
         uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
         with:
-          wait-for-completion: false
           workflow: docker.yml
           token: "${{ secrets.REPOSITORY_TOKEN }}"
           inputs: '{ "release":"false", "readme":"false", "run-name":"unraid", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'
@@ -41,6 +40,24 @@ jobs:
     runs-on: ubuntu-latest
     needs: docker
     steps:   
+      - name: init / base64 nested json
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { Buffer } = require('node:buffer');
+            (async()=>{
+              try{
+                const master = await fetch('https://raw.githubusercontent.com/11notes/docker-kms/refs/heads/master/.json');
+                const dot = await master.json();
+                const etc = {
+                  version:dot.semver.version,
+                };
+                core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+              }catch(e){
+                core.setFailed(`workflow failed: ${e}`);
+              }
+            })();
+
       - name: build downstream kms gui
         uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
         with:
@@ -48,7 +65,7 @@ jobs:
           token: "${{ secrets.REPOSITORY_TOKEN }}"
           repo: 11notes/docker-kms-gui
           ref: master
-          inputs: '{ "release":"false", "readme":"true" }'
+          inputs: '{ "release":"false", "readme":"true", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'
 
   kms-gui-unraid:
     runs-on: ubuntu-latest
@@ -59,12 +76,21 @@ jobs:
         with:
           script: |
             const { Buffer } = require('node:buffer');
-            const etc = {
+            (async()=>{
-              semversuffix:"unraid",
+              try{
-              uid:99,
+                const master = await fetch('https://raw.githubusercontent.com/11notes/docker-kms/refs/heads/master/.json');
-              gid:100,
+                const dot = await master.json();
-            };
+                const etc = {
-            core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+                  version:dot.semver.version,
+                  semversuffix:"unraid",
+                  uid:99,
+                  gid:100,
+                };
+                core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+              }catch(e){
+                core.setFailed(`workflow failed: ${e}`);
+              }
+            })();
 
       - name: build downstream kms gui for unraid community
         uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7

.json

@@ -1,19 +1,18 @@
 {
-  "image":"11notes/kms",
+  "image": "11notes/kms",
-  "name":"kms",
+  "name": "kms",
-  "root":"/kms",
+  "root": "/kms",
-  
+  "arch": "linux/amd64,linux/arm64,linux/arm/v7",
-  "semver":{
+  "semver": {
-    "version":"1.0.0"
+    "version": "1.0.3"
   },
-
+  "readme": {
-  "readme":{
+    "description": "Activate any version of Windows and Office, forever",
-    "description":"Activate any version of Windows and Office, forever",
+    "parent": {
-    "parent":{
+      "image": "11notes/python:3.13"
-      "image":"11notes/alpine:stable"
     },
-    "built":{
+    "built": {
-      "11notes/py-kms":"https://github.com/11notes/fork-py-kms"
+      "11notes/py-kms": "https://github.com/11notes/fork-py-kms"
     }
   }
 }

README.md

@@ -1,7 +1,7 @@
 ![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
 
 # KMS
-[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-KMS)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.0?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.0?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Im0wIDBoMzJ2MzJoLTMyeiIgZmlsbD0iI2YwMCIvPjxwYXRoIGQ9Im0xMyA2aDZ2N2g3djZoLTd2N2gtNnYtN2gtN3YtNmg3eiIgZmlsbD0iI2ZmZiIvPjwvc3ZnPg==)
+![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.1?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.1?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxyZWN0IHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0idHJhbnNwYXJlbnQiLz4KICA8cGF0aCBkPSJtMTMgNmg2djdoN3Y2aC03djdoLTZ2LTdoLTd2LTZoN3oiIGZpbGw9IiNmZmYiLz4KPC9zdmc+)
 
 Activate any version of Windows and Office, forever
 
@@ -42,7 +42,7 @@ Works with:
 name: "kms"
 services:
   app:
-    image: "11notes/kms:1.0.0"
+    image: "11notes/kms:1.0.1"
     environment:
       TZ: "Europe/Zurich"
     volumes:
@@ -52,7 +52,7 @@ services:
     restart: "always"
 
   gui:
-    image: "11notes/kms-gui:1.0.0"
+    image: "11notes/kms:1.0.1"
     depends_on:
       app:
         condition: "service_healthy"
@@ -102,35 +102,35 @@ slmgr /ato
 | `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
 | `DEBUG` | Will activate debug option for container image and app (if available) | |
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
-| `KMS_CLIENTCOUNT` | client count > 25 | 26 |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
 
 # MAIN TAGS 🏷️
 These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
 
-* [1.0.0](https://hub.docker.com/r/11notes/kms/tags?name=1.0.0)
+* [1.0.1](https://hub.docker.com/r/11notes/kms/tags?name=1.0.1)
-* [1.0.0-unraid](https://hub.docker.com/r/11notes/kms/tags?name=1.0.0-unraid)
+* [1.0.1-unraid](https://hub.docker.com/r/11notes/kms/tags?name=1.0.1-unraid)
 
 ### There is no latest tag, what am I supposed to do about updates?
-It is of my opinion that the ```:latest``` tag is super dangerous. Many times, I’ve introduced **breaking** changes to my images. This would have messed up everything for some people. If you don’t want to change the tag to the latest [semver](https://semver.org/), simply use the short versions of [semver](https://semver.org/). Instead of using ```:1.0.0``` you can use ```:1``` or ```:1.0```. Since on each new version these tags are updated to the latest version of the software, using them is identical to using ```:latest``` but at least fixed to a major or minor version.
+It is of my opinion that the ```:latest``` tag is dangerous. Many times, I’ve introduced **breaking** changes to my images. This would have messed up everything for some people. If you don’t want to change the tag to the latest [semver](https://semver.org/), simply use the short versions of [semver](https://semver.org/). Instead of using ```:1.0.1``` you can use ```:1``` or ```:1.0```. Since on each new version these tags are updated to the latest version of the software, using them is identical to using ```:latest``` but at least fixed to a major or minor version.
+
+If you still insist on having the bleeding edge release of this app, simply use the ```:rolling``` tag, but be warned! You will get the latest version of the app instantly, regardless of breaking changes or security issues or what so ever. You do this at your own risk!
 
 # REGISTRIES ☁️
 ```
-docker pull 11notes/kms:1.0.0
+docker pull 11notes/kms:1.0.1
-docker pull ghcr.io/11notes/kms:1.0.0
+docker pull ghcr.io/11notes/kms:1.0.1
-docker pull quay.io/11notes/kms:1.0.0
+docker pull quay.io/11notes/kms:1.0.1
 ```
 
-${{ title_unraid }}
+# UNRAID VERSION 🟠
 This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
 
 # SOURCE 💾
 * [11notes/kms](https://github.com/11notes/docker-KMS)
 
 # PARENT IMAGE 🏛️
-* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
+* [11notes/python:3.13](${{ json_readme_parent_url }})
 
 # BUILT WITH 🧰
 * [11notes/py-kms](https://github.com/11notes/fork-py-kms)
@@ -147,4 +147,4 @@ This image supports unraid by default. Simply add **-unraid** to any tag and the
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
 
-*created 05.05.2025, 11:03:41 (CET)*
+*created 10.07.2025, 07:27:25 (CET)*

arch.dockerfile

@@ -1,77 +1,95 @@
-ARG APP_UID=1000
+# ╔═════════════════════════════════════════════════════╗
-ARG APP_GID=1000
+# ║                       SETUP                         ║
-ARG BUILD_ROOT=/git/fork-py-kms
+# ╚═════════════════════════════════════════════════════╝
+  # GLOBAL
+  ARG APP_UID=1000 \
+      APP_GID=1000 \
+      BUILD_SRC=https://github.com/11notes/fork-py-kms.git \
+      BUILD_ROOT=/git/fork-py-kms
 
-# :: Util
+  # :: FOREIGN IMAGES
   FROM 11notes/util AS util
 
-# :: Build / py-kms
+# ╔═════════════════════════════════════════════════════╗
+# ║                       BUILD                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: PY-KMS
   FROM alpine/git AS build
-  ARG APP_VERSION
+  ARG APP_VERSION \
-  ARG BUILD_ROOT
+      BUILD_SRC \
+      BUILD_ROOT
+
+  RUN set -ex; \
+    git clone ${BUILD_SRC} -b next; \
+    cd ${BUILD_ROOT}; \
+    git checkout v${APP_VERSION};
+
   RUN set -ex; \
-    git clone https://github.com/11notes/fork-py-kms -b next; \
     cd ${BUILD_ROOT}; \
-    git checkout v${APP_VERSION}; \
     cp -R ${BUILD_ROOT}/docker/docker-py3-kms-minimal/requirements.txt ${BUILD_ROOT}/py-kms/requirements.txt; \
     cp -R ${BUILD_ROOT}/docker/docker-py3-kms/requirements.txt ${BUILD_ROOT}/py-kms/requirements.gui.txt;
 
-# :: Header
+# ╔═════════════════════════════════════════════════════╗
-  FROM 11notes/alpine:stable
+# ║                       IMAGE                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: HEADER
+  FROM 11notes/python:3.13
 
-  # :: arguments
+  # :: default arguments
-    ARG TARGETARCH
+    ARG TARGETPLATFORM \
-    ARG APP_IMAGE
+        TARGETOS \
-    ARG APP_NAME
+        TARGETARCH \
-    ARG APP_VERSION
+        TARGETVARIANT \
-    ARG APP_ROOT
+        APP_IMAGE \
-    ARG APP_UID
+        APP_NAME \
-    ARG APP_GID
+        APP_VERSION \
-    ARG APP_NO_CACHE
+        APP_ROOT \
+        APP_UID \
+        APP_GID \
+        APP_NO_CACHE
+
+  # :: default python image
+    ARG PIP_ROOT_USER_ACTION=ignore \
+        PIP_BREAK_SYSTEM_PACKAGES=1 \
+        PIP_DISABLE_PIP_VERSION_CHECK=1 \
+        PIP_NO_CACHE_DIR=1
+
+  # :: image specific arguments
     ARG BUILD_ROOT
 
-    # :: python image
+  # :: default environment
-      ARG PIP_ROOT_USER_ACTION=ignore
+    ENV APP_IMAGE=${APP_IMAGE} \
-      ARG PIP_BREAK_SYSTEM_PACKAGES=1
+        APP_NAME=${APP_NAME} \
-      ARG PIP_DISABLE_PIP_VERSION_CHECK=1
+        APP_VERSION=${APP_VERSION} \
-      ARG PIP_NO_CACHE_DIR=1
+        APP_ROOT=${APP_ROOT}
 
-  # :: environment
+  # :: app specific variables
-    ENV APP_IMAGE=${APP_IMAGE}
+    ENV KMS_LOCALE=1033 \
-    ENV APP_NAME=${APP_NAME}
+        KMS_ACTIVATIONINTERVAL=120 \
-    ENV APP_VERSION=${APP_VERSION}
+        KMS_RENEWALINTERVAL=259200
-    ENV APP_ROOT=${APP_ROOT}
-
-    ENV KMS_LOCALE=1033
-    ENV KMS_CLIENTCOUNT=26
-    ENV KMS_ACTIVATIONINTERVAL=120
-    ENV KMS_RENEWALINTERVAL=259200
-    ENV KMS_LOGLEVEL="INFO"
 
   # :: multi-stage
     COPY --from=util /usr/local/bin /usr/local/bin
     COPY --from=build ${BUILD_ROOT}/py-kms /opt/py-kms
 
-# :: Run
+# :: RUN
   USER root
-  RUN eleven printenv;
 
-  # :: install application
+  # :: install dependencies
     RUN set -ex; \
-      apk --no-cache --update add \
-        python3; \
       apk --no-cache --update --virtual .build add \
         py3-pip;
 
+  # :: install and update application
     RUN set -ex; \
       mkdir -p ${APP_ROOT}/var; \
       pip3 install -r /opt/py-kms/requirements.txt; \
       pip3 install pytz; \
       pip3 list -o | sed 's/pip.*//' | grep . | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U; \
       apk del --no-network .build; \
-      rm -rf /usr/lib/python3.12/site-packages/pip;
+      rm -rf /usr/lib/python3.13/site-packages/pip;
 
-  # :: copy filesystem changes and set correct permissions
+  # :: copy root filesystem and set correct permissions
     COPY ./rootfs /
     RUN set -ex; \
       chmod +x -R /usr/local/bin; \
@@ -79,15 +97,17 @@ ARG BUILD_ROOT=/git/fork-py-kms
         ${APP_ROOT} \
         /opt/py-kms;
 
-  # :: support unraid
+  # :: enable unraid support
     RUN set -ex; \
       eleven unraid
 
-# :: Volumes
+# :: PERSISTENT DATA
   VOLUME ["${APP_ROOT}/var"]
 
-# :: Monitor
+# :: HEALTH
-  HEALTHCHECK --interval=5s --timeout=2s CMD netstat -an | grep -q 1688 || exit 1
+  HEALTHCHECK --interval=5s --timeout=2s --start-interval=5s \
+    CMD ["/usr/bin/nc", "-z", "localhost", "1688"]
 
-# :: Start
+# :: EXECUTE
-  USER ${APP_UID}:${APP_GID}
+  USER ${APP_UID}:${APP_GID}
+  ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]

compose.yaml

@@ -1,7 +1,7 @@
 name: "kms"
 services:
   app:
-    image: "11notes/kms:1.0.0"
+    image: "11notes/kms:1.0.1"
     environment:
       TZ: "Europe/Zurich"
     volumes:
@@ -11,7 +11,7 @@ services:
     restart: "always"
 
   gui:
-    image: "11notes/kms-gui:1.0.0"
+    image: "11notes/kms:1.0.1"
     depends_on:
       app:
         condition: "service_healthy"

project.md

@@ -54,10 +54,8 @@ ${{ content_defaults }}
 
 ${{ content_environment }}
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
-| `KMS_CLIENTCOUNT` | client count > 25 | 26 |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
 
 ${{ content_source }}
 

rootfs/usr/local/bin/entrypoint.sh

@@ -4,15 +4,16 @@
     if [ ! -z "${DEBUG}" ]; then
       KMS_LOGLEVEL="DEBUG"
       eleven log debug "setting kms log level to DEBUG"
+    else
+      KMS_LOGLEVEL="INFO"
     fi
 
     cd /opt/py-kms
     set -- "python3" \
       pykms_Server.py \
-      0.0.0.0 \
+      :: \
       1688 \
       -l ${KMS_LOCALE} \
-      -c ${KMS_CLIENTCOUNT} \
       -a ${KMS_ACTIVATIONINTERVAL} \
       -r ${KMS_RENEWALINTERVAL} \
       -s /kms/var/kms.db \