[upgrade] latest workflows

.github/workflows/cve.yml

@@ -0,0 +1,70 @@
+name: cve
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "30 15 */2 * *"
+
+jobs:
+  cve:
+    runs-on: ubuntu-latest
+    steps:
+      - name: init / checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
+        with:
+          ref: ${{ github.ref_name }}
+          fetch-depth: 0
+
+      - name: init / setup environment
+        uses: actions/github-script@62c3794a3eb6788d9a2a72b219504732c0c9a298
+        with:
+          script: |
+            const { existsSync, readFileSync } = require('node:fs');
+            const { resolve } = require('node:path');
+            const { inspect } = require('node:util');
+            const { Buffer } = require('node:buffer');
+            const inputs = `${{ toJSON(github.event.inputs) }}`;
+            const opt = {input:{}, dot:{}};            
+
+            try{
+              if(inputs.length > 0){
+                opt.input = JSON.parse(inputs);
+                if(opt.input?.etc){
+                  opt.input.etc = JSON.parse(Buffer.from(opt.input.etc, 'base64').toString('ascii'));
+                }
+              }
+            }catch(e){
+              core.warning('could not parse github.event.inputs');
+            }
+
+            try{
+              const path = resolve('.json');
+              if(existsSync(path)){
+                try{
+                  opt.dot = JSON.parse(readFileSync(path).toString());
+                }catch(e){
+                  throw new Error('could not parse .json');
+                }
+              }else{
+                throw new Error('.json does not exist');
+              }
+            }catch(e){
+              core.setFailed(e);
+            }
+
+            core.info(inspect(opt, {showHidden:false, depth:null, colors:true}));
+
+            core.exportVariable('WORKFLOW_IMAGE', `${opt.dot.image}:${(opt.dot?.semver?.version === undefined) ? 'rolling' : opt.dot.semver.version}`);
+            core.exportVariable('WORKFLOW_GRYPE_SEVERITY_CUTOFF', (opt.dot?.grype?.severity || 'high'));
+
+
+      - name: grype / scan
+        id: grype
+        uses: anchore/scan-action@dc6246fcaf83ae86fcc6010b9824c30d7320729e
+        with:
+          image: ${{ env.WORKFLOW_IMAGE }}
+          fail-build: true
+          severity-cutoff: ${{ env.WORKFLOW_GRYPE_SEVERITY_CUTOFF }}
+          output-format: 'sarif'
+          by-cve: true
+          cache-db: true

.github/workflows/docker.yml

@@ -16,6 +16,7 @@ on:
         required: false
         default: 'ubuntu-22.04'
 
+
       build:
         description: 'set WORKFLOW_BUILD'
         required: false
@@ -135,7 +136,7 @@ jobs:
                 docker.image.tags.push(opt.input.etc.tag);
                 docker.image.tags.push(`${opt.input.etc.tag}-${docker.app.version}`);
                 docker.cache.name = `${docker.image.name}:buildcache-${opt.input.etc.tag}`;
-              }else{
+              }else if(docker.app.version !== 'latest'){
                 const semver = docker.app.version.split('.');
                 docker.image.tags.push(`${context.sha.substring(0,7)}`);
                 if(Array.isArray(semver)){
@@ -145,6 +146,8 @@ jobs:
                 }
                 if(opt.dot?.semver?.stable && new RegExp(opt.dot?.semver.stable, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('stable');
                 if(opt.dot?.semver?.latest && new RegExp(opt.dot?.semver.latest, 'ig').test(docker.image.tags.join(','))) docker.image.tags.push('latest');
+              }else{
+                docker.image.tags.push('latest');
               }
 
               for(const tag of docker.image.tags){
@@ -410,6 +413,9 @@ jobs:
           if [ -f compose.yaml ]; then
             git add compose.yaml
           fi
+          if [ -f compose.yml ]; then
+            git add compose.yml
+          fi
           if [ -f LICENSE ]; then
             git add LICENSE
           fi

.json

@@ -3,17 +3,15 @@
   "name":"kms",
   "root":"/kms",
   "arch":"linux/amd64,linux/arm64,linux/arm/v7",
-  
-  "semver":{
-    "version":"1.0.1"
+  "semver": {
+    "version":"1.0.3"
   },
-
-  "readme":{
+  "readme": {
     "description":"Activate any version of Windows and Office, forever",
-    "parent":{
-      "image":"11notes/alpine:stable"
+    "parent": {
+      "image":"11notes/python:3.13"
     },
-    "built":{
+    "built": {
       "11notes/py-kms":"https://github.com/11notes/fork-py-kms"
     }
   }

README.md

@@ -1,7 +1,7 @@
 ![banner](https://github.com/11notes/defaults/blob/main/static/img/banner.png?raw=true)
 
 # KMS
-[<img src="https://img.shields.io/badge/github-source-blue?logo=github&color=040308">](https://github.com/11notes/docker-KMS)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.1?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.1?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjxwYXRoIGQ9Im0wIDBoMzJ2MzJoLTMyeiIgZmlsbD0iI2YwMCIvPjxwYXRoIGQ9Im0xMyA2aDZ2N2g3djZoLTd2N2gtNnYtN2gtN3YtNmg3eiIgZmlsbD0iI2ZmZiIvPjwvc3ZnPg==)
+![size](https://img.shields.io/docker/image-size/11notes/kms/1.0.1?color=0eb305)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![version](https://img.shields.io/docker/v/11notes/kms/1.0.1?color=eb7a09)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![pulls](https://img.shields.io/docker/pulls/11notes/kms?color=2b75d6)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)[<img src="https://img.shields.io/github/issues/11notes/docker-KMS?color=7842f5">](https://github.com/11notes/docker-KMS/issues)![5px](https://github.com/11notes/defaults/blob/main/static/img/transparent5x2px.png?raw=true)![swiss_made](https://img.shields.io/badge/Swiss_Made-FFFFFF?labelColor=FF0000&logo=data:image/svg%2bxml;base64,PHN2ZyB2ZXJzaW9uPSIxIiB3aWR0aD0iNTEyIiBoZWlnaHQ9IjUxMiIgdmlld0JveD0iMCAwIDMyIDMyIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogIDxyZWN0IHdpZHRoPSIzMiIgaGVpZ2h0PSIzMiIgZmlsbD0idHJhbnNwYXJlbnQiLz4KICA8cGF0aCBkPSJtMTMgNmg2djdoN3Y2aC03djdoLTZ2LTdoLTd2LTZoN3oiIGZpbGw9IiNmZmYiLz4KPC9zdmc+)
 
 Activate any version of Windows and Office, forever
 
@@ -104,7 +104,6 @@ slmgr /ato
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
 
 # MAIN TAGS 🏷️
 These are the main tags for the image. There is also a tag for each commit and its shorthand sha256 value.
@@ -148,4 +147,4 @@ This image supports unraid by default. Simply add **-unraid** to any tag and the
 # ElevenNotes™️
 This image is provided to you at your own risk. Always make backups before updating an image to a different version. Check the [releases](https://github.com/11notes/docker-kms/releases) for breaking changes. If you have any problems with using this image simply raise an [issue](https://github.com/11notes/docker-kms/issues), thanks. If you have a question or inputs please create a new [discussion](https://github.com/11notes/docker-kms/discussions) instead of an issue. You can find all my other repositories on [github](https://github.com/11notes?tab=repositories).
 
-*created 21.05.2025, 08:27:53 (CET)*
+*created 12.06.2025, 07:23:07 (CET)*

arch.dockerfile

@@ -1,77 +1,95 @@
-ARG APP_UID=1000
-ARG APP_GID=1000
-ARG BUILD_ROOT=/git/fork-py-kms
+# ╔═════════════════════════════════════════════════════╗
+# ║                       SETUP                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # GLOBAL
+  ARG APP_UID=1000 \
+      APP_GID=1000 \
+      BUILD_SRC=https://github.com/11notes/fork-py-kms.git \
+      BUILD_ROOT=/git/fork-py-kms
 
-# :: Util
+  # :: FOREIGN IMAGES
   FROM 11notes/util AS util
 
-# :: Build / py-kms
+# ╔═════════════════════════════════════════════════════╗
+# ║                       BUILD                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: PY-KMS
   FROM alpine/git AS build
-  ARG APP_VERSION
-  ARG BUILD_ROOT
+  ARG APP_VERSION \
+      BUILD_SRC \
+      BUILD_ROOT
+
+  RUN set -ex; \
+    git clone ${BUILD_SRC} -b next; \
+    cd ${BUILD_ROOT}; \
+    git checkout v${APP_VERSION};
+
   RUN set -ex; \
-    git clone https://github.com/11notes/fork-py-kms -b next; \
     cd ${BUILD_ROOT}; \
-    git checkout v${APP_VERSION}; \
     cp -R ${BUILD_ROOT}/docker/docker-py3-kms-minimal/requirements.txt ${BUILD_ROOT}/py-kms/requirements.txt; \
     cp -R ${BUILD_ROOT}/docker/docker-py3-kms/requirements.txt ${BUILD_ROOT}/py-kms/requirements.gui.txt;
 
-# :: Header
-  FROM 11notes/alpine:stable
+# ╔═════════════════════════════════════════════════════╗
+# ║                       IMAGE                         ║
+# ╚═════════════════════════════════════════════════════╝
+  # :: HEADER
+  FROM 11notes/python:3.13
 
-  # :: arguments
-    ARG TARGETARCH
-    ARG APP_IMAGE
-    ARG APP_NAME
-    ARG APP_VERSION
-    ARG APP_ROOT
-    ARG APP_UID
-    ARG APP_GID
-    ARG APP_NO_CACHE
+  # :: default arguments
+    ARG TARGETPLATFORM \
+        TARGETOS \
+        TARGETARCH \
+        TARGETVARIANT \
+        APP_IMAGE \
+        APP_NAME \
+        APP_VERSION \
+        APP_ROOT \
+        APP_UID \
+        APP_GID \
+        APP_NO_CACHE
+
+  # :: default python image
+    ARG PIP_ROOT_USER_ACTION=ignore \
+        PIP_BREAK_SYSTEM_PACKAGES=1 \
+        PIP_DISABLE_PIP_VERSION_CHECK=1 \
+        PIP_NO_CACHE_DIR=1
+
+  # :: image specific arguments
     ARG BUILD_ROOT
 
-    # :: python image
-      ARG PIP_ROOT_USER_ACTION=ignore
-      ARG PIP_BREAK_SYSTEM_PACKAGES=1
-      ARG PIP_DISABLE_PIP_VERSION_CHECK=1
-      ARG PIP_NO_CACHE_DIR=1
+  # :: default environment
+    ENV APP_IMAGE=${APP_IMAGE} \
+        APP_NAME=${APP_NAME} \
+        APP_VERSION=${APP_VERSION} \
+        APP_ROOT=${APP_ROOT}
 
-  # :: environment
-    ENV APP_IMAGE=${APP_IMAGE}
-    ENV APP_NAME=${APP_NAME}
-    ENV APP_VERSION=${APP_VERSION}
-    ENV APP_ROOT=${APP_ROOT}
-
-    ENV KMS_LOCALE=1033
-    ENV KMS_CLIENTCOUNT=26
-    ENV KMS_ACTIVATIONINTERVAL=120
-    ENV KMS_RENEWALINTERVAL=259200
-    ENV KMS_LOGLEVEL="INFO"
+  # :: app specific variables
+    ENV KMS_LOCALE=1033 \
+        KMS_ACTIVATIONINTERVAL=120 \
+        KMS_RENEWALINTERVAL=259200
 
   # :: multi-stage
     COPY --from=util /usr/local/bin /usr/local/bin
     COPY --from=build ${BUILD_ROOT}/py-kms /opt/py-kms
 
-# :: Run
+# :: RUN
   USER root
-  RUN eleven printenv;
 
-  # :: install application
+  # :: install dependencies
     RUN set -ex; \
-      apk --no-cache --update add \
-        python3; \
       apk --no-cache --update --virtual .build add \
         py3-pip;
 
+  # :: install and update application
     RUN set -ex; \
       mkdir -p ${APP_ROOT}/var; \
       pip3 install -r /opt/py-kms/requirements.txt; \
       pip3 install pytz; \
       pip3 list -o | sed 's/pip.*//' | grep . | cut -f1 -d' ' | tr " " "\n" | awk '{if(NR>=3)print}' | cut -d' ' -f1 | xargs -n1 pip3 install -U; \
       apk del --no-network .build; \
-      rm -rf /usr/lib/python3.12/site-packages/pip;
+      rm -rf /usr/lib/python3.13/site-packages/pip;
 
-  # :: copy filesystem changes and set correct permissions
+  # :: copy root filesystem and set correct permissions
     COPY ./rootfs /
     RUN set -ex; \
       chmod +x -R /usr/local/bin; \
@@ -79,15 +97,17 @@ ARG BUILD_ROOT=/git/fork-py-kms
         ${APP_ROOT} \
         /opt/py-kms;
 
-  # :: support unraid
+  # :: enable unraid support
     RUN set -ex; \
       eleven unraid
 
-# :: Volumes
+# :: PERSISTENT DATA
   VOLUME ["${APP_ROOT}/var"]
 
-# :: Monitor
-  HEALTHCHECK --interval=5s --timeout=2s CMD netstat -an | grep -q 1688 || exit 1
+# :: HEALTH
+  HEALTHCHECK --interval=5s --timeout=2s --start-interval=5s \
+    CMD ["/usr/bin/nc", "-z", "localhost", "1688"]
 
-# :: Start
-  USER ${APP_UID}:${APP_GID}
+# :: EXECUTE
+  USER ${APP_UID}:${APP_GID}
+  ENTRYPOINT ["/sbin/tini", "--", "/usr/local/bin/entrypoint.sh"]

compose.yaml

@@ -1,7 +1,7 @@
 name: "kms"
 services:
   app:
-    image: "11notes/kms:1.0.1"
+    image: "11notes/kms:1.0.3"
     environment:
       TZ: "Europe/Zurich"
     volumes:
@@ -11,7 +11,7 @@ services:
     restart: "always"
 
   gui:
-    image: "11notes/kms-gui:1.0.1"
+    image: "11notes/kms-gui:1.0.3"
     depends_on:
       app:
         condition: "service_healthy"

project.md

@@ -56,7 +56,6 @@ ${{ content_environment }}
 | `KMS_LOCALE` | see Microsoft LICD specification | 1033 (en-US) |
 | `KMS_ACTIVATIONINTERVAL` | Retry unsuccessful after N minutes | 120 (2 hours) |
 | `KMS_RENEWALINTERVAL` | re-activation after N minutes | 259200 (180 days) |
-| `KMS_LOGLEVEL` | CRITICAL, ERROR, WARNING, INFO, DEBUG, MININFO | INFO |
 
 ${{ content_source }}
 

rootfs/usr/local/bin/entrypoint.sh

@@ -4,12 +4,14 @@
     if [ ! -z "${DEBUG}" ]; then
       KMS_LOGLEVEL="DEBUG"
       eleven log debug "setting kms log level to DEBUG"
+    else
+      KMS_LOGLEVEL="INFO"
     fi
 
     cd /opt/py-kms
     set -- "python3" \
       pykms_Server.py \
-      0.0.0.0 \
+      :: \
       1688 \
       -l ${KMS_LOCALE} \
       -a ${KMS_ACTIVATIONINTERVAL} \