fix markdown issue

fix healthcheck
update readme
2025-10-24 16:43:42 +00:00 · 2025-02-14 11:30:36 +01:00 · 2025-02-14 11:22:33 +01:00 · 2025-02-12 22:46:00 +01:00 · 2025-02-12 22:13:27 +01:00 · 2025-02-12 22:00:47 +01:00
9 changed files with 133 additions and 72 deletions
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,4 +1,4 @@
-name: create and publish docker image
+name: docker

 on:
  workflow_dispatch:
@@ -7,31 +7,29 @@ on:
        description: 'set WORKFLOW_GITHUB_RELEASE'
        required: false
        default: 'false'
+
      image:
        description: 'set IMAGE'
        required: false
+
      uid:
        description: 'set IMAGE_UID'
        required: false
+
      gid:
        description: 'set IMAGE_GID'
        required: false
+
      semverprefix:
        description: 'prefix for semver tags'
        required: false
+
      semversuffix:
        description: 'suffix for semver tags'
        required: false
-      dispatch:
-        description: 'run dispatch at end'
-        required: false
-        default: 'false'
-  push:
-    tags:
-      - 'v*'

 jobs:
-  build-and-push-image:
+  docker:
    runs-on: ubuntu-22.04
    permissions:
      contents: write
@@ -66,7 +64,6 @@ jobs:
          echo "IMAGE_ARCH=${json_arch:-linux/amd64,linux/arm64}" >> $GITHUB_ENV
          echo "WORKFLOW_GRYPE_SEVERITY_CUTOFF=${json_grype_severity:-high}" >> $GITHUB_ENV;
          echo "WORKFLOW_GITHUB_RELEASE=${input_release:-true}" >> $GITHUB_ENV;
-          echo "WORKFLOW_DISPATCH=${input_dispatch:-true}" >> $GITHUB_ENV;

          : # create tags for semver, stable and other shenanigans
          LOCAL_SHA=$(git rev-parse --short HEAD)
@@ -75,21 +72,28 @@ jobs:
          LOCAL_SEMVER_PATCH=$(awk -F. '{ print $3 }' <<< ${json_semver_version})
          LOCAL_SEMVER_PREFIX=""
          LOCAL_SEMVER_SUFFIX=""
+          LOCAL_SEMVER_RC=""
          LOCAL_TAGS="${LOCAL_IMAGE}:${LOCAL_SHA}"
          if [ ! -z ${input_semverprefix} ]; then LOCAL_SEMVER_PREFIX="${input_semverprefix}-"; fi
          if [ ! -z ${input_semversuffix} ]; then LOCAL_SEMVER_SUFFIX="-${input_semversuffix}"; fi
+          if [ ! -z ${json_semver_rc} ]; then LOCAL_SEMVER_RC="-${json_semver_rc}"; fi
          if [ ! -z ${LOCAL_SEMVER_MAJOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}${LOCAL_SEMVER_SUFFIX}"; fi
          if [ ! -z ${LOCAL_SEMVER_MINOR} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}${LOCAL_SEMVER_SUFFIX}"; fi
          if [ ! -z ${LOCAL_SEMVER_PATCH} ]; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_SEMVER_MAJOR}.${LOCAL_SEMVER_MINOR}.${LOCAL_SEMVER_PATCH}${LOCAL_SEMVER_SUFFIX}"; fi
-          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:stable"; fi
-          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_latest}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:latest"; fi
-          if [ ! -z ${json_semver_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_semver_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_semver_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_TAG}"; done; fi
+          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_stable}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}stable${LOCAL_SEMVER_SUFFIX}"; fi
+          if echo "${LOCAL_TAGS}" | grep -q "${json_semver_latest}" ; then LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}latest${LOCAL_SEMVER_SUFFIX}"; fi
+          if [ ! -z ${json_semver_tags} ]; then SPECIAL_LOCAL_TAGS=$(echo ${json_semver_tags} | sed 's/,/ /g'); for LOCAL_TAG in ${json_semver_tags}; do LOCAL_TAGS="${LOCAL_TAGS},${LOCAL_IMAGE}:${LOCAL_SEMVER_PREFIX}${LOCAL_TAG}${LOCAL_SEMVER_SUFFIX}"; done; fi
          echo "IMAGE_TAGS=${LOCAL_TAGS}" >> $GITHUB_ENV

          : # if for whatever reason UID/GID must be changed at build time
          if [ ! -z ${input_uid} ]; then echo "IMAGE_UID=${input_uid}" >> $GITHUB_ENV; else echo "IMAGE_UID=${json_uid:-1000}" >> $GITHUB_ENV; fi
          if [ ! -z ${input_gid} ]; then echo "IMAGE_GID=${input_gid}" >> $GITHUB_ENV; else echo "IMAGE_GID=${json_gid:-1000}" >> $GITHUB_ENV; fi

+          : # set rc, prefix or suffix globally
+          echo "IMAGE_SEMVER_PREFIX=${LOCAL_SEMVER_PREFIX}" >> $GITHUB_ENV
+          echo "IMAGE_SEMVER_SUFFIX=${LOCAL_SEMVER_SUFFIX}" >> $GITHUB_ENV
+          echo "IMAGE_VERSION_RC=${LOCAL_SEMVER_RC}" >> $GITHUB_ENV
+
      - name: docker / login to hub
        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567
        with:
@@ -102,15 +106,16 @@ jobs:
      - name: docker / setup buildx
        uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5

-      - name: grype / build & push
+      - name: grype / build & push & tag
+        id: grype-tag
        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
        with:
          context: .
          file: arch.dockerfile
          push: true
          platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,compression=zstd,force-compression=true
+          cache-from: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }}
+          cache-to: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }},mode=max,compression=zstd,force-compression=true
          build-args: |
            APP_IMAGE=${{ env.IMAGE }}
            APP_NAME=${{ env.json_name }}
@@ -118,40 +123,46 @@ jobs:
            APP_ROOT=${{ env.json_root }}
            APP_UID=${{ env.IMAGE_UID }}
            APP_GID=${{ env.IMAGE_GID }}
-            NO_CACHE=$(date +%s)
+            APP_VERSION_PREFIX=${{ env.IMAGE_SEMVER_PREFIX }}
+            APP_VERSION_SUFFIX=${{ env.IMAGE_SEMVER_SUFFIX }}
+            APP_VERSION_RC=${{ env.IMAGE_VERSION_RC }}
+            APP_NO_CACHE=$(date +%s)
          tags: |
-            ${{ env.IMAGE }}:grype
+            ${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}

      - name: grype / scan
-        id: scan
+        id: grype-scan
        uses: anchore/scan-action@abae793926ec39a78ab18002bc7fc45bbbd94342
        with:
-          image: ${{ env.IMAGE }}:grype
+          image: ${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}
          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+          by-cve: true
+          output-format: 'sarif'
+          output-file: ${{ runner.temp }}/_github_home/grype.sarif

-      - name: grype / report / print
+      - name: grype / report / sarif to markdown
+        id: sarif-to-md
        if: success() || failure()
-        run: cat ${{ steps.scan.outputs.sarif }}
-
-      - name: grype / report / annotation
-        if: success() || failure()
-        uses: Miragon/sarif-report-parse@f8bcc5ece9c2b9a786ff4e7392cca2bb72ae8b4b
+        continue-on-error: true
+        uses: 11notes/action-sarif-to-markdown@bc689850bd33a1037ea1d0a609ab4ea14b3c4396
        with:
-          sarif-file: ${{ steps.scan.outputs.sarif }}
+          sarif_file: grype.sarif

      - name: grype / delete tag
-        if: success() || failure()
+        if: steps.grype-tag.outcome == 'success'
        run: |
          curl --request DELETE \
-            --url https://hub.docker.com/v2/repositories/${{ env.IMAGE }}/tags/grype/ \
+            --url https://hub.docker.com/v2/repositories/${{ env.IMAGE }}/tags/${{ env.IMAGE_SEMVER_PREFIX }}grype${{ env.IMAGE_SEMVER_SUFFIX }}/ \
            --header 'authorization: jwt ${{ secrets.DOCKER_TOKEN }}' \
            --header 'content-type: application/json' \
            --fail

      - name: grype / report / upload
+        if: steps.grype-scan.outcome == 'success'
        uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
        with:
-          sarif_file: ${{ steps.scan.outputs.sarif }}
+          sarif_file: ${{ steps.grype-scan.outputs.sarif }}
+          category: grype

      - name: docker / build & push
        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
@@ -162,8 +173,8 @@ jobs:
          sbom: true
          provenance: mode=max
          platforms: ${{ env.IMAGE_ARCH }}
-          cache-from: type=registry,ref=${{ env.IMAGE }}:buildcache
-          cache-to: type=registry,ref=${{ env.IMAGE }}:buildcache,mode=max,compression=zstd,force-compression=true
+          cache-from: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }}
+          cache-to: type=registry,ref=${{ env.IMAGE }}:${{ env.IMAGE_SEMVER_PREFIX }}buildcache${{ env.IMAGE_SEMVER_SUFFIX }},mode=max,compression=zstd,force-compression=true
          build-args: |
            APP_IMAGE=${{ env.IMAGE }}
            APP_NAME=${{ env.json_name }}
@@ -171,7 +182,10 @@ jobs:
            APP_ROOT=${{ env.json_root }}
            APP_UID=${{ env.IMAGE_UID }}
            APP_GID=${{ env.IMAGE_GID }}
-            NO_CACHE=$(date +%s)
+            APP_VERSION_PREFIX=${{ env.IMAGE_SEMVER_PREFIX }}
+            APP_VERSION_SUFFIX=${{ env.IMAGE_SEMVER_SUFFIX }}
+            APP_VERSION_RC=${{ env.IMAGE_VERSION_RC }}
+            APP_NO_CACHE=$(date +%s)
          tags: |
            ${{ env.IMAGE_TAGS }}

@@ -208,11 +222,4 @@ jobs:
          destination_container_repo: ${{ env.IMAGE }}
          provider: dockerhub
          short_description: ${{ env.json_readme_description }}
-          readme_file: 'README.md'
-
-      - name: github / dispatch workflow
-        if: env.WORKFLOW_DISPATCH == 'true' && env.json_dispatch_workflow != null
-        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc
-        with:
-          workflow: ${{ env.json_dispatch_workflow }}
-          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          readme_file: 'README.md'
--- a/.github/workflows/gui.yml
+++ b/.github/workflows/gui.yml
@@ -1,17 +0,0 @@
-name: kms-gui
-
-on:
-  workflow_dispatch:
-
-jobs:
-  kms-gui:
-    runs-on: ubuntu-latest
-    steps:   
-      - name: auto build and update downstream image
-        uses: benc-uk/workflow-dispatch@e2e5e9a103e331dad343f381a29e654aea3cf8fc
-        with:
-          workflow: docker.yml
-          repo: 11notes/docker-kms-gui
-          ref: master
-          token: "${{ secrets.REPOSITORY_TOKEN }}"
-          inputs: '{ "release": "false" }'
--- a/.github/workflows/tags.yml
+++ b/.github/workflows/tags.yml
@@ -0,0 +1,51 @@
+name: tags
+on:
+  push:
+    tags:
+      - 'v*'
+jobs:
+  docker:
+    runs-on: ubuntu-latest
+    steps:   
+      - name: build docker image
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          workflow: docker.yml
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          inputs: '{ "release":"true" }'
+
+  docker-unraid:
+    runs-on: ubuntu-latest
+    steps:   
+      - name: build docker image for unraid community
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          workflow: docker.yml
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          inputs: '{ "release":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
+
+  kms-gui:
+    runs-on: ubuntu-latest
+    needs: docker
+    steps:   
+      - name: build downstream kms gui
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          workflow: docker.yml
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          repo: 11notes/docker-kms-gui
+          ref: master
+          inputs: '{ "release":"false" }'
+
+  kms-gui-unraid:
+    runs-on: ubuntu-latest
+    needs: docker-unraid
+    steps:   
+      - name: build downstream kms gui for unraid community
+        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
+        with:
+          workflow: docker.yml
+          token: "${{ secrets.REPOSITORY_TOKEN }}"
+          repo: 11notes/docker-kms-gui
+          ref: master
+          inputs: '{ "release":"false", "uid":"99", "gid":"100", "semversuffix":"unraid" }'
--- a/.json
+++ b/.json
@@ -14,9 +14,5 @@
    "parent":{
      "image":"11notes/alpine:stable"
    }
-  },
-
-  "dispatch":{
-    "workflow":"gui.yml"
  }
 }
--- a/README.md
+++ b/README.md
@@ -1,12 +1,24 @@
 ![Banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)

-# 🏔️  on Alpine
+# 🏔️ kms on Alpine
 [<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-kms)![size](https://img.shields.io/docker/image-size/11notes/kms/465f4d1?color=0eb305)![version](https://img.shields.io/docker/v/11notes/kms/465f4d1?color=eb7a09)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)[<img src="https://img.shields.io/github/issues/11notes/docker-kms?color=7842f5">](https://github.com/11notes/docker-kms/issues)

 **Activate any version of Windows and Office, forever**

-![activation](https://github.com/11notes/docker-/blob/master/img/activation.png?raw=true)
-![GUI](https://github.com/11notes/docker-/blob/master/img/GUI.png?raw=true)
+![activation](https://github.com/11notes/docker-kms/blob/master/img/activation.png?raw=true)
+![Office](https://github.com/11notes/docker-kms/blob/master/img/Office.png?raw=true)
+![GUI](https://github.com/11notes/docker-kms/blob/master/img/GUI.png?raw=true)
+
+# MAIN TAGS 🏷️
+These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
+
+* [465f4d1](https://hub.docker.com/r/11notes/kms/tags?name=465f4d1)
+* [stable](https://hub.docker.com/r/11notes/kms/tags?name=stable)
+* [latest](https://hub.docker.com/r/11notes/kms/tags?name=latest)
+* [465f4d1-unraid](https://hub.docker.com/r/11notes/kms/tags?name=465f4d1-unraid)
+* [stable-unraid](https://hub.docker.com/r/11notes/kms/tags?name=stable-unraid)
+* [latest-unraid](https://hub.docker.com/r/11notes/kms/tags?name=latest-unraid)
+

 # SYNOPSIS 📖
 **What can I do with this?** This image will run a KMS server you can use to activate any version of Windows and Office, forever.
@@ -81,6 +93,10 @@ Activate server
 slmgr /ato
 ```

+# UNRAID VERSION 🟠
+This image supports unraid by default. Simply add **-unraid** to any tag and the image will run as 99:100 instead of 1000:1000 causing no issues on unraid. Enjoy.
+
+
 # DEFAULT SETTINGS 🗃️
 | Parameter | Value | Description |
 | --- | --- | --- |
@@ -117,6 +133,7 @@ slmgr /ato
 * Do not expose this image to WAN! You will get notified from Microsoft via your ISP to terminate the service if you do so
 * [Microsoft LICD](https://learn.microsoft.com/en-us/openspecs/office_standards/ms-oe376/6c085406-a698-4e12-9d4d-c3b0ee3dbc4a)
 * Use [11notes/kms-gui](https://github.com/11notes/docker-kms-gui) if you want to see the clients you activated in a nice GUI
-  
+
+    
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
--- a/RELEASE.md
+++ b/RELEASE.md
@@ -1,2 +1,4 @@
-### 📣 Breaking
-* Removed KMS_IP and KMS_PORT since this is done by the container networking anyway
+### 🪄 Features
+* add healthcheck directly to build (no script)
+* add Office activation screenshot
+* add custom 11notes/action-sarif-to-markdown@v1.1.0 for sarif to markdown (future use) to workflow
--- a/arch.dockerfile
+++ b/arch.dockerfile
@@ -20,6 +20,8 @@
    ARG APP_NAME
    ARG APP_VERSION
    ARG APP_ROOT
+    ARG APP_UID
+    ARG APP_GID

  # :: environment
    ENV APP_IMAGE=${APP_IMAGE}
@@ -37,8 +39,9 @@
    COPY --from=util /usr/local/bin/ /usr/local/bin
    COPY --from=build /git/py-kms/py-kms/ /opt/py-kms

-  # :: Run
+# :: Run
  USER root
+  RUN eleven printenv;

  # :: install application
    RUN set -ex; \
@@ -61,11 +64,15 @@
        ${APP_ROOT} \
        /opt/py-kms;

+  # :: support unraid
+    RUN set -ex; \
+      eleven unraid
+
 # :: Volumes
  VOLUME ["${APP_ROOT}/var"]

 # :: Monitor
-  HEALTHCHECK --interval=5s --timeout=2s CMD /usr/local/bin/healthcheck.sh || exit 1
+  HEALTHCHECK --interval=5s --timeout=2s CMD netstat -an | grep -q 1688 || exit 1

 # :: Start
  USER docker
--- a/img/Office.png
+++ b/img/Office.png
--- a/rootfs/usr/local/bin/healthcheck.sh
+++ b/rootfs/usr/local/bin/healthcheck.sh
@@ -1,2 +0,0 @@
-#!/bin/ash
-  netstat -an | grep -q ${KMS_PORT}
Author	SHA1	Message	Date
ElevenNotes	b154c116cc	fix markdown issue	2025-02-14 11:30:36 +01:00
ElevenNotes	66090fdadb	fix healthcheck	2025-02-14 11:22:33 +01:00
ElevenNotes	58910eb75d	update readme	2025-02-12 22:46:00 +01:00
ElevenNotes	06e8f2a63e	typos everywhere ...	2025-02-12 22:13:27 +01:00
ElevenNotes	6ec2821901	try parallel build for normal and unraid image including GUI	2025-02-12 22:00:47 +01:00
ElevenNotes	a3a755b54e	switch to the-actions-org/workflow-dispatch to chain builds	2025-02-12 21:35:53 +01:00
ElevenNotes	dd0025df2d	wrong suffix	2025-02-12 11:57:46 +01:00
ElevenNotes	23231c4cbb	needs: docker	2025-02-12 11:52:02 +01:00
ElevenNotes	28586cccec	add unraid version	2025-02-12 11:44:28 +01:00
ElevenNotes	ce51cbe448	missing image link	2025-02-12 08:35:33 +01:00