feat: upgrade to latest workflow

feat: add proper frontend network
github-actions[bot]: update README.md
2025-10-23 04:52:15 +00:00 · 2025-07-18 11:12:07 +02:00 · 2025-07-18 11:11:55 +02:00 · 2025-07-10 05:54:05 +00:00 · 2025-07-10 05:49:02 +00:00 · 2025-07-10 05:27:25 +00:00
9 changed files with 226 additions and 116 deletions
--- a/.github/workflows/cve.yml
+++ b/.github/workflows/cve.yml
@@ -0,0 +1,70 @@
+name: cve
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 15 */2 * *"
+
+jobs:
+  cve:
+    runs-on: ubuntu-latest
+    steps:
+      - name: init / checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+
+      - name: init / setup environment
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { existsSync, readFileSync } = require('node:fs');
+            const { resolve } = require('node:path');
+            const { inspect } = require('node:util');
+            const { Buffer } = require('node:buffer');
+            const inputs = `${{ toJSON(github.event.inputs) }}`;
+            const opt = {input:{}, dot:{}};            
+
+            try{
+              if(inputs.length > 0){
+                opt.input = JSON.parse(inputs);
+                if(opt.input?.etc){
+                  opt.input.etc = JSON.parse(Buffer.from(opt.input.etc, 'base64').toString('ascii'));
+                }
+              }
+            }catch(e){
+              core.warning('could not parse github.event.inputs');
+            }
+
+            try{
+              const path = resolve('.json');
+              if(existsSync(path)){
+                try{
+                  opt.dot = JSON.parse(readFileSync(path).toString());
+                }catch(e){
+                  throw new Error('could not parse .json');
+                }
+              }else{
+                throw new Error('.json does not exist');
+              }
+            }catch(e){
+              core.setFailed(e);
+            }
+
+            core.info(inspect(opt, {showHidden:false, depth:null, colors:true}));
+
+            core.exportVariable('WORKFLOW_IMAGE', `${opt.dot.image}:${(opt.dot?.semver?.version === undefined) ? 'rolling' : opt.dot.semver.version}`);
+            core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.dot?.grype?.severity || 'high'));
+
+
+      - name: grype / scan
+        id: grype
+        uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
+        with:
+          image: ${{ env.WORKFLOW_IMAGE }}
+          fail-build: true
+          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+          output-format: 'sarif'
+          by-cve: true
+          cache-db: true
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -16,6 +16,7 @@ on:
        required: false
        default: 'ubuntu-22.04'

+
      build:
        description: 'set WORKFLOW_BUILD'
        required: false
@@ -100,7 +101,7 @@ jobs:
            const docker = {
              image:{
                name:opt.dot.image,
-                arch:(opt.dot.arch || 'linux/amd64,linux/arm64'),
+                arch:(opt.input?.etc?.arch || opt.dot?.arch || 'linux/amd64,linux/arm64'),
                prefix:((opt.input?.etc?.semverprefix) ? `${opt.input?.etc?.semverprefix}-` : ''),
                suffix:((opt.input?.etc?.semversuffix) ? `-${opt.input?.etc?.semversuffix}` : ''),
                description:(opt.dot?.readme?.description || ''),
@@ -109,7 +110,7 @@ jobs:
              app:{
                image:opt.dot.image,
                name:opt.dot.name,
-                version:(opt.input?.etc?.version || opt.dot.semver.version),
+                version:(opt.input?.etc?.version || opt.dot?.semver?.version),
                root:opt.dot.root,
                UID:(opt.input?.etc?.uid || 1000),
                GID:(opt.input?.etc?.gid || 1000),
@@ -127,7 +128,7 @@ jobs:
            docker.app.suffix = docker.image.suffix;

            // setup tags
-              if(!opt.dot.semver?.disable?.rolling){
+              if(!opt.dot?.semver?.disable?.rolling){
                docker.image.tags.push('rolling');
              }
              if(opt.input?.etc?.dockerfile !== 'arch.dockerfile' && opt.input?.etc?.tag){
@@ -135,17 +136,17 @@ jobs:
                docker.image.tags.push(opt.input.etc.tag);
                docker.image.tags.push(`${opt.input.etc.tag}-${docker.app.version}`);
                docker.cache.name = `${docker.image.name}:buildcache-${opt.input.etc.tag}`;
-              }else if(opt.dot?.semver?.version){
-                const semver = opt.dot.semver.version.split('.');
+              }else if(docker.app.version !== 'latest'){
+                const semver = docker.app.version.split('.');
                docker.image.tags.push(`${context.sha.substring(0,7)}`);
                if(Array.isArray(semver)){
                  if(semver.length >= 1) docker.image.tags.push(`${semver[0]}`);
                  if(semver.length >= 2) docker.image.tags.push(`${semver[0]}.${semver[1]}`);
                  if(semver.length >= 3) docker.image.tags.push(`${semver[0]}.${semver[1]}.${semver[2]}`);
                }
-                if(opt.dot.semver?.stable && new RegExp(opt.dot.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
-                if(opt.dot.semver?.latest && new RegExp(opt.dot.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
-              }else if(opt.input?.etc?.version && opt.input.etc.version === 'latest'){
+                if(opt.dot?.semver?.stable && new RegExp(opt.dot?.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
+                if(opt.dot?.semver?.latest && new RegExp(opt.dot?.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
+              }else{
                docker.image.tags.push('latest');
              }

@@ -227,7 +228,7 @@ jobs:
        with:
          driver-opts: network=host

-      - name: docker / build & push & tag grype
+      - name: docker / build image locally
        if: env.WORKFLOW_BUILD == 'true'
        id: docker-build
        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
@@ -256,7 +257,7 @@ jobs:
          cache-db: true

      - name: grype / fail
-        if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure')
+        if: env.WORKFLOW_BUILD == 'true' && (failure() || steps.grype.outcome == 'failure') && steps.docker-build.outcome == 'success'
        uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
        with:
          image: ${{ env.DOCKER_CACHE_GRYPE }}
@@ -266,7 +267,7 @@ jobs:
          by-cve: true
          cache-db: true

-      - name: docker / build & push
+      - name: docker / build image from cache and push to registries
        if: env.WORKFLOW_BUILD == 'true'
        uses: docker/build-push-action@67a2d409c0a876cbe6b11854e3e25193efe4e62d
        with:
@@ -286,21 +287,8 @@ jobs:


      # RELEASE      
-      - name: github / release / log
-        continue-on-error: true
-        id: git-log
-        run: |
-          LOCAL_LAST_TAG=$(git describe --abbrev=0 --tags `git rev-list --tags --skip=1 --max-count=1`)
-          echo "using last tag: ${LOCAL_LAST_TAG}"
-          LOCAL_COMMITS=$(git log ${LOCAL_LAST_TAG}..HEAD --oneline)
-
-          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
-          echo "commits<<${EOF}" >> ${GITHUB_OUTPUT}
-          echo "${LOCAL_COMMITS}" >> ${GITHUB_OUTPUT}
-          echo "${EOF}" >> ${GITHUB_OUTPUT}
-
      - name: github / release / markdown
-        if: env.WORKFLOW_CREATE_RELEASE == 'true'  && steps.git-log.outcome == 'success'
+        if: env.WORKFLOW_CREATE_RELEASE == 'true'
        id: git-release
        uses: 11notes/action-docker-release@v1
        # WHY IS THIS ACTION NOT SHA256 PINNED? SECURITY MUCH?!?!?!
@@ -309,8 +297,6 @@ jobs:
        # in the repo. This code is not modified and can't be modified by this action.
        # It does create the markdown for the release, which could be abused, but to what
        # extend? Adding a link to a malicious repo?
-        with:
-          git_log: ${{ steps.git-log.outputs.commits }}

      - name: github / release / create
        if: env.WORKFLOW_CREATE_RELEASE == 'true' && steps.git-release.outcome == 'success'
@@ -412,10 +398,13 @@ jobs:
          if [ -f compose.yaml ]; then
            git add compose.yaml
          fi
+          if [ -f compose.yml ]; then
+            git add compose.yml
+          fi
          if [ -f LICENSE ]; then
            git add LICENSE
          fi
-          git commit -m "github-actions[bot]: update README.md"
+          git commit -m "auto update README.md"
          git push origin HEAD:master


--- a/.github/workflows/tags.yml
+++ b/.github/workflows/tags.yml
@@ -40,6 +40,24 @@ jobs:
    runs-on: ubuntu-latest
    needs: docker
    steps:   
+      - name: init / base64 nested json
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { Buffer } = require('node:buffer');
+            (async()=>{
+              try{
+                const master = await fetch('https://raw.githubusercontent.com/11notes/docker-kms/refs/heads/master/.json');
+                const dot = await master.json();
+                const etc = {
+                  version:dot.semver.version,
+                };
+                core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+              }catch(e){
+                core.setFailed(`workflow failed: ${e}`);
+              }
+            })();
+
      - name: build downstream kms gui
        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
        with:
@@ -47,7 +65,7 @@ jobs:
          token: "${{ secrets.REPOSITORY_TOKEN }}"
          repo: 11notes/docker-kms-gui
          ref: master
-          inputs: '{ "release":"false", "readme":"true" }'
+          inputs: '{ "release":"false", "readme":"true", "etc":"${{ env.WORKFLOW_BASE64JSON }}" }'

  kms-gui-unraid:
    runs-on: ubuntu-latest
@@ -58,12 +76,21 @@ jobs:
        with:
          script: |
            const { Buffer } = require('node:buffer');
-            const etc = {
-              semversuffix:"unraid",
-              uid:99,
-              gid:100,
-            };
-            core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+            (async()=>{
+              try{
+                const master = await fetch('https://raw.githubusercontent.com/11notes/docker-kms/refs/heads/master/.json');
+                const dot = await master.json();
+                const etc = {
+                  version:dot.semver.version,
+                  semversuffix:"unraid",
+                  uid:99,
+                  gid:100,
+                };
+                core.exportVariable('WORKFLOW_BASE64JSON', Buffer.from(JSON.stringify(etc)).toString('base64'));
+              }catch(e){
+                core.setFailed(`workflow failed: ${e}`);
+              }
+            })();

      - name: build downstream kms gui for unraid community
        uses: the-actions-org/workflow-dispatch@3133c5d135c7dbe4be4f9793872b6ef331b53bc7
--- a/.json
+++ b/.json
@@ -1,20 +1,18 @@
 {
-  "image":"11notes/kms",
-  "name":"kms",
-  "root":"/kms",
-  "arch":"linux/amd64,linux/arm64,linux/arm/v7",
-  
-  "semver":{
-    "version":"1.0.1"
+  "image": "11notes/kms",
+  "name": "kms",
+  "root": "/kms",
+  "arch": "linux/amd64,linux/arm64,linux/arm/v7",
+  "semver": {
+    "version": "1.0.3"
  },
-
-  "readme":{
-    "description":"Activate any version of Windows and Office, forever",
-    "parent":{
-      "image":"11notes/alpine:stable"
+  "readme": {
+    "description": "Activate any version of Windows and Office, forever",
+    "parent": {
+      "image": "11notes/python:3.13"
    },
-    "built":{
-      "11notes/py-kms":"https://github.com/11notes/fork-py-kms"
+    "built": {
+      "11notes/py-kms": "https://github.com/11notes/fork-py-kms"
    }
  }
 }
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
 ![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)

 # KMS
-[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-KMS)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.1?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.1?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Im0wIDBoMzJ2MzJoLTMyeiIgZmlsbD0iI2YwMCIvPjxwYXRoIGQ9Im0xMyA2aDZ2N2g3djZoLTd2N2gtNnYtN2gtN3YtNmg3eiIgZmlsbD0iI2ZmZiIvPjwvc3ZnPg==)
+![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.3?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.3?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxyZWN0IHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0idHJhbnNwYXJlbnQiLz4KICA8cGF0aCBkPSJtMTMgNmg2djdoN3Y2aC03djdoLTZ2LTdoLTd2LTZoN3oiIGZpbGw9IiNmZmYiLz4KPC9zdmc+)

 Activate any version of Windows and Office, forever

@@ -42,7 +42,7 @@ Works with:
 name: "kms"
 services:
  app:
-    image: "11notes/kms:1.0.0"
+    image: "11notes/kms:1.0.3"
    environment:
      TZ: "Europe/Zurich"
    volumes:
@@ -52,7 +52,7 @@ services:
    restart: "always"

  gui:
-    image: "11notes/kms-gui:1.0.0"
+    image: "11notes/kms:1.0.3"
    depends_on:
      app:
        condition: "service_healthy"
@@ -102,27 +102,25 @@ slmgr /ato
 | `TZ` | [Time Zone](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones) | |
 | `DEBUG` | Will activate debug option for container image and app (if available) | |
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
-| `KMS_CLIENTCOUNT` | client count > 25 | 26 |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |

 # MAIN TAGS 🏷️
 These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.

-* [1.0.1](https://hub.docker.com/r/11notes/kms/tags?name=1.0.1)
-* [1.0.1-unraid](https://hub.docker.com/r/11notes/kms/tags?name=1.0.1-unraid)
+* [1.0.3](https://hub.docker.com/r/11notes/kms/tags?name=1.0.3)
+* [1.0.3-unraid](https://hub.docker.com/r/11notes/kms/tags?name=1.0.3-unraid)

 ### There is no latest tag, what am I supposed to do about updates?
-It is of my opinion that the ```:latest``` tag is super dangerous. Many times, I’ve introduced **breaking** changes to my images. This would have messed up everything for some people. If you don’t want to change the tag to the latest [semver](https://semver.org/), simply use the short versions of [semver](https://semver.org/). Instead of using ```:1.0.1``` you can use ```:1``` or ```:1.0```. Since on each new version these tags are updated to the latest version of the software, using them is identical to using ```:latest``` but at least fixed to a major or minor version.
+It is of my opinion that the ```:latest``` tag is dangerous. Many times, I’ve introduced **breaking** changes to my images. This would have messed up everything for some people. If you don’t want to change the tag to the latest [semver](https://semver.org/), simply use the short versions of [semver](https://semver.org/). Instead of using ```:1.0.3``` you can use ```:1``` or ```:1.0```. Since on each new version these tags are updated to the latest version of the software, using them is identical to using ```:latest``` but at least fixed to a major or minor version.

 If you still insist on having the bleeding edge release of this app, simply use the ```:rolling``` tag, but be warned! You will get the latest version of the app instantly, regardless of breaking changes or security issues or what so ever. You do this at your own risk!

 # REGISTRIES ☁️
 ```
-docker pull 11notes/kms:1.0.1
-docker pull ghcr.io/11notes/kms:1.0.1
-docker pull quay.io/11notes/kms:1.0.1
+docker pull 11notes/kms:1.0.3
+docker pull ghcr.io/11notes/kms:1.0.3
+docker pull quay.io/11notes/kms:1.0.3
 ```

 # UNRAID VERSION 🟠
@@ -132,7 +130,7 @@ This image supports unraid by default. Simply add **-unraid** to any tag and the
 * [11notes/kms](https://github.com/11notes/docker-KMS)

 # PARENT IMAGE 🏛️
-* [11notes/alpine:stable](https://hub.docker.com/r/11notes/alpine)
+* [11notes/python:3.13](${{ json_readme_parent_url }})

 # BUILT WITH 🧰
 * [11notes/py-kms](https://github.com/11notes/fork-py-kms)
@@ -149,4 +147,4 @@ This image supports unraid by default. Simply add **-unraid** to any tag and the
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).

-*created 20.05.2025, 15:15:49 (CET)*
+*created 10.07.2025, 07:54:05 (CET)*
--- a/arch.dockerfile
+++ b/arch.dockerfile
@@ -1,77 +1,95 @@
-ARG APP_UID=1000
-ARG APP_GID=1000
-ARG BUILD_ROOT=/git/fork-py-kms
+# ╔═════════════════════════════════════════════════════╗
+# ║                       SETUP                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # GLOBAL
+  ARG APP_UID=1000 \
+      APP_GID=1000 \
+      BUILD_SRC=https://github.com/11notes/fork-py-kms.git \
+      BUILD_ROOT=/git/fork-py-kms

-# :: Util
+  # :: FOREIGN IMAGES
  FROM 11notes/util AS util

-# :: Build / py-kms
+# ╔═════════════════════════════════════════════════════╗
+# ║                       BUILD                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: PY-KMS
  FROM alpine/git AS build
-  ARG APP_VERSION
-  ARG BUILD_ROOT
+  ARG APP_VERSION \
+      BUILD_SRC \
+      BUILD_ROOT
+
+  RUN set -ex; \
+    git clone ${BUILD_SRC} -b next; \
+    cd ${BUILD_ROOT}; \
+    git checkout v${APP_VERSION};
+
  RUN set -ex; \
-    git clone https://github.com/11notes/fork-py-kms -b next; \
    cd ${BUILD_ROOT}; \
-    git checkout v${APP_VERSION}; \
    cp -R ${BUILD_ROOT}/docker/docker-py3-kms-minimal/requirements.txt ${BUILD_ROOT}/py-kms/requirements.txt; \
    cp -R ${BUILD_ROOT}/docker/docker-py3-kms/requirements.txt ${BUILD_ROOT}/py-kms/requirements.gui.txt;

-# :: Header
-  FROM 11notes/alpine:stable
+# ╔═════════════════════════════════════════════════════╗
+# ║                       IMAGE                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: HEADER
+  FROM 11notes/python:3.13

-  # :: arguments
-    ARG TARGETARCH
-    ARG APP_IMAGE
-    ARG APP_NAME
-    ARG APP_VERSION
-    ARG APP_ROOT
-    ARG APP_UID
-    ARG APP_GID
-    ARG APP_NO_CACHE
+  # :: default arguments
+    ARG TARGETPLATFORM \
+        TARGETOS \
+        TARGETARCH \
+        TARGETVARIANT \
+        APP_IMAGE \
+        APP_NAME \
+        APP_VERSION \
+        APP_ROOT \
+        APP_UID \
+        APP_GID \
+        APP_NO_CACHE
+
+  # :: default python image
+    ARG PIP_ROOT_USER_ACTION=ignore \
+        PIP_BREAK_SYSTEM_PACKAGES=1 \
+        PIP_DISABLE_PIP_VERSION_CHECK=1 \
+        PIP_NO_CACHE_DIR=1
+
+  # :: image specific arguments
    ARG BUILD_ROOT

-    # :: python image
-      ARG PIP_ROOT_USER_ACTION=ignore
-      ARG PIP_BREAK_SYSTEM_PACKAGES=1
-      ARG PIP_DISABLE_PIP_VERSION_CHECK=1
-      ARG PIP_NO_CACHE_DIR=1
+  # :: default environment
+    ENV APP_IMAGE=${APP_IMAGE} \
+        APP_NAME=${APP_NAME} \
+        APP_VERSION=${APP_VERSION} \
+        APP_ROOT=${APP_ROOT}

-  # :: environment
-    ENV APP_IMAGE=${APP_IMAGE}
-    ENV APP_NAME=${APP_NAME}
-    ENV APP_VERSION=${APP_VERSION}
-    ENV APP_ROOT=${APP_ROOT}
-
-    ENV KMS_LOCALE=1033
-    ENV KMS_CLIENTCOUNT=26
-    ENV KMS_ACTIVATIONINTERVAL=120
-    ENV KMS_RENEWALINTERVAL=259200
-    ENV KMS_LOGLEVEL="INFO"
+  # :: app specific variables
+    ENV KMS_LOCALE=1033 \
+        KMS_ACTIVATIONINTERVAL=120 \
+        KMS_RENEWALINTERVAL=259200

  # :: multi-stage
    COPY --from=util /usr/local/bin /usr/local/bin
    COPY --from=build ${BUILD_ROOT}/py-kms /opt/py-kms

-# :: Run
+# :: RUN
  USER root
-  RUN eleven printenv;

-  # :: install application
+  # :: install dependencies
    RUN set -ex; \
-      apk --no-cache --update add \
-        python3; \
      apk --no-cache --update --virtual .build add \
        py3-pip;

+  # :: install and update application
    RUN set -ex; \
      mkdir -p ${APP_ROOT}/var; \
      pip3 install -r /opt/py-kms/requirements.txt; \
      pip3 install pytz; \
      pip3 list -o | sed 's/pip.*//' | grep . | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U; \
      apk del --no-network .build; \
-      rm -rf /usr/lib/python3.12/site-packages/pip;
+      rm -rf /usr/lib/python3.13/site-packages/pip;

-  # :: copy filesystem changes and set correct permissions
+  # :: copy root filesystem and set correct permissions
    COPY ./rootfs /
    RUN set -ex; \
      chmod +x -R /usr/local/bin; \
@@ -79,15 +97,17 @@ ARG BUILD_ROOT=/git/fork-py-kms
        ${APP_ROOT} \
        /opt/py-kms;

-  # :: support unraid
+  # :: enable unraid support
    RUN set -ex; \
      eleven unraid

-# :: Volumes
+# :: PERSISTENT DATA
  VOLUME ["${APP_ROOT}/var"]

-# :: Monitor
-  HEALTHCHECK --interval=5s --timeout=2s CMD netstat -an | grep -q 1688 || exit 1
+# :: HEALTH
+  HEALTHCHECK --interval=5s --timeout=2s --start-interval=5s \
+    CMD ["/usr/bin/nc", "-z", "localhost", "1688"]

-# :: Start
-  USER ${APP_UID}:${APP_GID}
+# :: EXECUTE
+  USER ${APP_UID}:${APP_GID}
+  ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]
--- a/compose.yaml
+++ b/compose.yaml
@@ -1,17 +1,19 @@
 name: "kms"
 services:
  app:
-    image: "11notes/kms:1.0.1"
+    image: "11notes/kms:1.0.3"
    environment:
      TZ: "Europe/Zurich"
    volumes:
      - "var:/kms/var"
+    networks:
+      frontend:
    ports:
      - "1688:1688/tcp"
    restart: "always"

  gui:
-    image: "11notes/kms-gui:1.0.1"
+    image: "11notes/kms-gui:1.0.3"
    depends_on:
      app:
        condition: "service_healthy"
@@ -20,9 +22,14 @@ services:
      TZ: "Europe/Zurich"
    volumes:
      - "var:/kms/var"
+    networks:
+      frontend:
    ports:
      - "3000:3000/tcp"
    restart: "always"

 volumes:
-  var:
+  var:
+
+networks:
+  frontend:
--- a/project.md
+++ b/project.md
@@ -56,7 +56,6 @@ ${{ content_environment }}
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |

 ${{ content_source }}

--- a/rootfs/usr/local/bin/entrypoint.sh
+++ b/rootfs/usr/local/bin/entrypoint.sh
@@ -4,12 +4,14 @@
    if [ ! -z "${DEBUG}" ]; then
      KMS_LOGLEVEL="DEBUG"
      eleven log debug "setting kms log level to DEBUG"
+    else
+      KMS_LOGLEVEL="INFO"
    fi

    cd /opt/py-kms
    set -- "python3" \
      pykms_Server.py \
-      0.0.0.0 \
+      :: \
      1688 \
      -l ${KMS_LOCALE} \
      -a ${KMS_ACTIVATIONINTERVAL} \
Author	SHA1	Message	Date
ElevenNotes	aced02117a	feat: upgrade to latest workflow	2025-07-18 11:12:07 +02:00
ElevenNotes	018a0c38d1	feat: add proper frontend network	2025-07-18 11:11:55 +02:00
github-actions[bot]	13638d92bc	github-actions[bot]: update README.md	2025-07-10 05:54:05 +00:00
github-actions[bot]	302e3765b7	[upgrade] 1.0.3	2025-07-10 05:49:02 +00:00
github-actions[bot]	16ec64e4ed	github-actions[bot]: update README.md	2025-07-10 05:27:25 +00:00
github-actions[bot]	b02cacc8cb	[upgrade] 1.0.1	2025-07-10 05:22:12 +00:00
ElevenNotes	efbc374fdf	Merge branch 'master' of https://github.com/11notes/docker-kms	2025-07-09 21:39:48 +02:00
ElevenNotes	2fe67967b0	[upgrade] to latest workflow	2025-07-09 21:39:39 +02:00
github-actions[bot]	7fe09c3a65	github-actions[bot]: update README.md	2025-07-09 19:38:36 +00:00
ElevenNotes	abf93ebf36	[upgrade] latest workflows	2025-07-09 21:32:31 +02:00
ElevenNotes	c7ceef1895	[upgrade] 1.0.3	2025-07-09 21:32:18 +02:00
ElevenNotes	79e9f980dd	[fix] refactor and better health check	2025-07-09 21:32:00 +02:00
ElevenNotes	75e540239a	[upgrade] 1.0.3	2025-07-09 21:31:45 +02:00
ElevenNotes	3b9fdb0518	Merge branch 'master' of https://github.com/11notes/docker-kms	2025-07-09 20:54:14 +02:00
ElevenNotes	8744c5a656	[feature] latest version	2025-07-09 20:53:37 +02:00
github-actions[bot]	d5643d374d	github-actions[bot]: update README.md	2025-06-12 05:23:08 +00:00
github-actions[bot]	febdc20df2	[upgrade] 1.0.1	2025-06-12 05:18:49 +00:00
github-actions[bot]	a3c4b0ccbf	github-actions[bot]: update README.md	2025-06-11 07:30:03 +00:00
ElevenNotes	f8ec600025	[feature] new style	2025-06-11 08:57:07 +02:00
ElevenNotes	24a9b2f00e	[upgrade] latest workflow	2025-06-11 08:56:06 +02:00
ElevenNotes	2e5987e07e	[upgrade] 1.0.2	2025-06-11 08:55:54 +02:00
ElevenNotes	6174e7f2e3	[fix] allow IPv6	2025-06-11 08:55:34 +02:00
ElevenNotes	bde8202670	Merge branch 'master' of https://github.com/11notes/docker-kms	2025-05-21 08:53:08 +02:00
ElevenNotes	0e8ba02ebc	[cut] KMS_LOGLEVEL and KMS_CLIENTCOUNT	2025-05-21 08:52:58 +02:00
github-actions[bot]	0a8b7acd55	github-actions[bot]: update README.md	2025-05-21 06:48:52 +00:00
ElevenNotes	f4f1ab656f	Merge branch 'master' of https://github.com/11notes/docker-kms	2025-05-21 08:44:57 +02:00
ElevenNotes	687d4eebdc	[fix] missing input version on downstream workflow for GUI	2025-05-21 08:44:45 +02:00
github-actions[bot]	a90ee477d1	github-actions[bot]: update README.md	2025-05-21 06:27:54 +00:00
ElevenNotes	274c6587ea	[upgrade] to latest workflow	2025-05-21 08:20:17 +02:00
ElevenNotes	be06157c03	Merge branch 'master' of https://github.com/11notes/docker-kms	2025-05-21 07:25:49 +02:00
ElevenNotes	468118bf97	[upgrade] to latest workflow	2025-05-21 07:25:40 +02:00
github-actions[bot]	485a5524eb	github-actions[bot]: update README.md	2025-05-20 13:48:05 +00:00