docker: user fgc instead of root, fixes #468 , how to deal with existing volumes?

fix 656f746626: yaml quotes...
docker: comment on ARG -> ENV
2025-05-25 22:13:55 +02:00 · 2025-05-25 22:11:32 +02:00 · 2025-05-25 20:38:19 +02:00 · 2025-05-25 20:02:26 +02:00 · 2025-05-25 19:37:00 +02:00 · 2025-05-25 17:13:30 +02:00
34 changed files with 1762 additions and 2214 deletions
--- a/.cspell.json
+++ b/.cspell.json
@ -0,0 +1,20 @@
 {
  "ignorePaths": [
    "**/data/**",
    "docker.yml",
    "Dockerfile",
    ".jscpd.json",
    "**/node_modules/**",
    "**/vscode-extension/**",
    "**/.git/**",
    "**/.pnpm-lock.json",
    ".vscode",
    "megalinter",
    "package-lock.json",
    "report"
  ],
  "language": "en",
  "noConfigSearch": true,
  "words": ["megalinter", "oxsecurity", "ralf", "vogler", "DOCKERHUB"],
  "version": "0.2"
 }
--- a/.dockerignore
+++ b/.dockerignore
@ -1,6 +1,12 @@
 node_modules/
 data/
 *.env
 megalinter-reports/
 # the above is just copied from .gitignore - violating DRY...
 # however, generally, we want .dockerignore to be a *strict* superset of .gitignore, so we can't just `ln -s .gitignore .dockerignore`
 # could generate this in CI and append the extra entries from below, but then it wouldn't work for local builds without running some script...
 # also, the rules are slightly different: https://zzz.buzz/2018/05/23/differences-of-rules-between-gitignore-and-dockerignore/
 .gitignore
 .github/
--- a/.forgejo/workflows/build.yml
+++ b/.forgejo/workflows/build.yml
@ -1,87 +0,0 @@
 name: build-and-push
 on:
  push:
    branches:
      - main
 jobs:
  lint:
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: Install dependencies
        run: npm ci
      - name: Run ESLint
        run: npm run lint
  sonar:
    needs: lint
    runs-on: self-hosted
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          fetch-depth: 0
      - name: Setup Node.js
        uses: actions/setup-node@v4
        with:
          node-version: 20
      - name: Install Sonar Scanner (npm)
        run: npm install -g sonarqube-scanner
      - name: SonarQube Scan
        env:
          SONAR_HOST_URL: ${{ secrets.SONAR_HOST_URL }}
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
          SONAR_PROJECT_KEY: ${{ secrets.SONAR_PROJECT_KEY }}
        run: |
          WORKDIR=${GITHUB_WORKSPACE:-$PWD}
          HOST_URL=${SONAR_HOST_URL:?SONAR_HOST_URL secret not set}
          PROJECT_KEY=${SONAR_PROJECT_KEY:-}
          if [ -z "$PROJECT_KEY" ] && [ -f sonar-project.properties ]; then
            PROJECT_KEY=$(grep -E '^sonar.projectKey=' sonar-project.properties | cut -d= -f2 | tr -d '\r')
          fi
          if [ -z "$PROJECT_KEY" ]; then
            echo "SONAR_PROJECT_KEY secret not set and no sonar-project.properties entry found" >&2
            exit 1
          fi
          echo "Sonar project key: $PROJECT_KEY"
          echo "Listing workspace:"
          ls -la
          echo "Sample files:"
          find . -maxdepth 2 -type f | head -n 20
          echo "Running local sonar-scanner..."
          sonar-scanner \
            -Dsonar.host.url="$HOST_URL" \
            -Dsonar.login="$SONAR_TOKEN" \
            -Dsonar.projectKey="$PROJECT_KEY" \
            -Dsonar.sources=. \
            -Dsonar.scm.disabled=true \
            -Dsonar.projectBaseDir="$WORKDIR"
  docker:
    needs: [lint, sonar]
    runs-on: self-hosted
    steps:
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Checkout
        uses: actions/checkout@v4
      - name: Login to registry
        run: echo "${{ secrets.REG_TOKEN }}" | docker login "${{ secrets.REGISTRY }}" -u "${{ secrets.REG_USER }}" --password-stdin
      - name: Build image
        run: |
          docker buildx build --load \
            -t "${{ secrets.REGISTRY_IMAGE }}:latest" .
      - name: Push image
        run: |
          docker push "${{ secrets.REGISTRY_IMAGE }}:latest"
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@ -0,0 +1,13 @@
 # These are supported funding model platforms
 github: vogler # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2]
 patreon: fgc # Replace with a single Patreon username
 open_collective: # Replace with a single Open Collective username
 ko_fi: vogler # Replace with a single Ko-fi username
 tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel
 community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry
 liberapay: vogler # Replace with a single Liberapay username
 issuehunt: # Replace with a single IssueHunt username
 otechie: # Replace with a single Otechie username
 lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry
 custom: ["https://www.buymeacoffee.com/vogler", "https://paypal.me/voglerr"] # Replace with up to 4 custom sponsorship URLs e.g., ['link1', 'link2']
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -0,0 +1,34 @@
 # To get started with Dependabot version updates, you'll need to specify which
 # package ecosystems to update and where the package manifests are located.
 # Please see the documentation for all configuration options:
 # https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
 version: 2
 updates:
  - package-ecosystem: "npm"
    directory: "/"
    schedule:
      interval: "weekly"
    ignore:
      - dependency-name: "*eslint*"
    #   - dependency-name: "@stylistic/eslint-plugin-js"
    groups:
      dev-dependencies:
        dependency-type: "development"
    # commit-message:
    #   prefix: "npm"
    #   include: "scope"
  - package-ecosystem: "docker"
    directory: "/"
    schedule:
      interval: "weekly"
    # commit-message:
    #   prefix: "docker"
    #   include: "scope"
  - package-ecosystem: "github-actions"
    directory: "/"
    schedule:
      interval: "weekly"
    # commit-message:
    #   prefix: "github-actions"
    #   include: "scope"
--- a/.github/renovate.json
+++ b/.github/renovate.json
@ -0,0 +1,5 @@
 {
  "$schema": "https://docs.renovatebot.com/renovate-schema.json",
  "enabled": false,
  "extends": ["config:recommended"]
 }
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@ -0,0 +1,119 @@
 name: Build and push Docker image (amd64, arm64 to hub.docker.com and ghcr.io)
 on:
  workflow_dispatch: # allows manual trigger
  push: # push on branch
    branches: [main, dev]
    paths: # ignore changes to .md files
      - "**"
      - "!*.md"
      # - '!.github/**'
  pull_request: # runs when opened/reopened or when the head branch is updated
 permissions:
  contents: read
  packages: write
 env:
  BRANCH: ${{ github.head_ref || github.ref_name }} # head_ref/base_ref are only set for PRs, for branches ref_name will be used
 jobs:
  docker:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Set environment variables
        run: |
          echo "NOW=$(date -R)" >> "$GITHUB_ENV" # date -Iseconds; date +'%Y-%m-%dT%H:%M:%S'
          if [[ "$BRANCH" == "main" ]]; then
            echo "IMAGE_TAG=latest" >> "$GITHUB_ENV"
          else
            echo "IMAGE_TAG=$BRANCH" >> "$GITHUB_ENV"
          fi
      - name: Extract metadata for Docker (tags, labels)
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer
            ghcr.io/${{ github.actor }}/free-games-claimer
          tags: |
            type=ref,event=branch
            type=ref,event=pr
            # use docker tag 'latest' for the default branch (default is to only use it for the latest git tag)
            type=raw,value=latest,enable={{is_default_branch}}
          labels: |
            org.opencontainers.image.created={{commit_date 'YYYY-MM-DDTHH:mm:ss.SSS[Z]'}}
        env:
          # otherwise labels are not shown on GitHub due to multi-arch image: https://docs.github.com/en/packages/working-with-a-github-packages-registry/working-with-the-container-registry#adding-a-description-to-multi-arch-images
          # https://github.com/docker/metadata-action#annotations
          DOCKER_METADATA_ANNOTATIONS_LEVELS: manifest,index
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        # if: ${{ secrets.DOCKERHUB_USERNAME != '' && secrets.DOCKERHUB_TOKEN != '' }} # does not work: Unrecognized named-value: 'secrets' - https://www.cloudtruth.com/blog/skipping-jobs-in-github-actions-when-secrets-are-unavailable-securely-inject-configuration-secrets-into-github
        if: github.event_name != 'pull_request' # don't try to login since PRs don't have access to secrets and need to set them in their fork
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.actor }} # actor is user that opened PR, was repository_owner before
          password: ${{ secrets.GITHUB_TOKEN }}
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
      - name: Build and push
        uses: docker/build-push-action@v6
        if: ${{ env.IMAGE_TAG != '' }}
        with:
          context: .
          push: ${{ github.event_name != 'pull_request' }}
          # push: ${{ secrets.DOCKERHUB_USERNAME != '' }} # here we can access secrets
          # TODO speed up by building in parallel? https://docs.docker.com/build/ci/github-actions/multi-platform/#distribute-build-across-multiple-runners
          platforms: linux/amd64,linux/arm64
          build-args: |
            COMMIT=${{ github.sha }}
            BRANCH=${{ env.BRANCH }}
            NOW=${{ env.NOW }}
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}
          annotations: ${{ steps.meta.outputs.annotations }}
          # tags: |
          #   ${{ secrets.DOCKERHUB_USERNAME }}/free-games-claimer:${{env.IMAGE_TAG}}
          #   ghcr.io/${{ github.actor }}/free-games-claimer:${{env.IMAGE_TAG}}
          cache-from: type=gha
          cache-to: type=gha,mode=max
      # https://gist.github.com/MichaelSimons/fb588539dcefd9b5fdf45ba04c302db6
      - name: Docker (un)compressed sizes
        run: |
          REP=ghcr.io/${{ github.actor }}/free-games-claimer
          IMG=$REP:${{env.IMAGE_TAG}}
          log() { echo -e "\n\$ $*"; "$@"; }
          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
          emd '```console'
          download-size() { docker manifest inspect -v "$1" | jq -c 'if type == "array" then .[] else . end' |  jq -r '[ ( .Descriptor.platform | [ .os, .architecture, .variant, ."os.version" ] | del(..|nulls) | join("/") ), ( [ ( .OCIManifest // .SchemaV2Manifest ).layers[].size ] | add ) ] | join(" ")' | numfmt --to iec --format '%.2f' --field 2 | sort | column -t ; }
          cmd download-size "$IMG"
          ## don't need the following in job summary, but nice to have in full log
          log docker buildx history inspect
          # log docker buildx du
          ## not needed locally, but in CI with buildx `docker image ls` just lists moby/buildkit and tonistiigi/binfmt since the multi-arch build is pushed to registry instead of loaded locally, so we need to pull it first (cached anyway)
          log docker pull "$IMG"
          # log docker image rm moby/buildkit # failed
          # log docker image rm tonistiigi/binfmt
          # emd '# Uncompressed size (max, not size on disk due to sharing):'
          # cmd docker image ls # below has more details
          emd '# uncompressed size = unique + shared:'
          local-size() { docker system df -v | grep "$1" -B1; }
          cmd local-size "$REP"
          emd '```'
        continue-on-error: true
--- a/.github/workflows/js.yml
+++ b/.github/workflows/js.yml
@ -0,0 +1,61 @@
 name: "JS: deps, lint, tests"
 # Run on push in any branch and changes in PRs.
 on:
  push:
    paths:
      - "**.js"
      - "**.ts"
      - "package.json"
  pull_request:
    types: [opened, synchronize, reopened]
 jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      security-events: write # required for sarif upload
    steps:
      - uses: actions/checkout@v4
      - uses: oven-sh/setup-bun@v2
      - name: bun install
        run: bun install
      # check size of dependencies
      # all tools gave different results locally
      - name: dep-size node_modules
        run: du -sh node_modules | tee -a "$GITHUB_STEP_SUMMARY"
      - name: dep-size howfat -d (inc. dev) - ignores size of transitive deps
        run: bunx howfat -d --reporter table --sort size-
      - name: dep-size howfat -d -p (inc. dev, peer) - includes size of transitive deps per dep
        run: bunx howfat -d -p --reporter table --sort size-
      - name: dep-size qnm (flat list as in node_modules)
        run: |
          emd() { echo "$*" | tee -a "$GITHUB_STEP_SUMMARY"; }
          cmd() { echo "\$ $*" | tee -a "$GITHUB_STEP_SUMMARY"; "$@" | tee -a "$GITHUB_STEP_SUMMARY"; }
          emd '```console'
          cmd bunx --yes qnm doctor
          emd '```'
      # - name: dep-size cost-of-modules # this says total 8.37MB while du says 75MB...
      #   run: npx --yes npx cost-of-modules --include-dev --no-install
      # https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool
      - name: eslint (sarif output)
        # https://github.com/microsoft/sarif-js-sdk/issues/91
        # @microsoft/eslint-formatter-sarif uses eslint@8.57.1 instead of my local eslint@9.27.0 despite it not needing it? -> just download the sarif.js file instead of having dep in package.json (only needed here anyway)
        run: |
          wget https://raw.githubusercontent.com/microsoft/sarif-js-sdk/refs/heads/main/packages/eslint-formatter-sarif/sarif.js -O node_modules/sarif.cjs
          bun i utf8 lodash jschardet
          bun eslint . --format node_modules/sarif.cjs -o results.sarif
        continue-on-error: true
      - name: upload eslint sarif output for Security tab and inline results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: results.sarif
          category: eslint
      - name: bun lint
        # eslint exits 1 if it finds anything to report
        run: bun lint
--- a/.github/workflows/mega-linter.yml
+++ b/.github/workflows/mega-linter.yml
@ -0,0 +1,208 @@
 # MegaLinter GitHub Action configuration file
 # More info at https://megalinter.io
 # See .mega-linter.yml for actual config and examples how to run this locally.
 ---
 name: MegaLinter
 # Run on push in any branch and changes in PRs.
 on:
  push:
  pull_request:
    types: [opened, synchronize, reopened]
 # Comment env block if you do not want to apply fixes
 env:
  # Apply linter fixes configuration
  #
  # When active, APPLY_FIXES must also be defined as environment variable
  # (in github/workflows/mega-linter.yml or other CI tool)
  APPLY_FIXES: all
  # Decide which event triggers application of fixes in a commit or a PR
  # (pull_request, push, all)
  APPLY_FIXES_EVENT: pull_request
  # If APPLY_FIXES is used, defines if the fixes are directly committed (commit)
  # or posted in a PR (pull_request)
  APPLY_FIXES_MODE: commit
 concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}
  cancel-in-progress: true
 jobs:
  megalinter:
    name: MegaLinter
    runs-on: ubuntu-latest
    # Give the default GITHUB_TOKEN write permission to commit and push, comment
    # issues, and post new Pull Requests; remove the ones you do not need
    permissions:
      contents: write
      issues: write
      pull-requests: write
      security-events: write # needed for SARIF upload
    steps:
      # Git Checkout
      - name: Checkout Code
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
          # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to
          # improve performance
          fetch-depth: 0
      # MegaLinter
      - name: MegaLinter
        # You can override MegaLinter flavor used to have faster performances
        # More info at https://megalinter.io/latest/flavors/
        # uses: oxsecurity/megalinter@v8 # default (127 linters)
        uses: oxsecurity/megalinter/flavors/cupcake@v8.7.0 # most common, was recommended in output (88 linters)
        id: ml
        # All available variables are described in documentation
        # https://megalinter.io/latest/config-file/
        env:
          # Validates all source when push on main, else just the git diff with
          # main. Override with true if you always want to lint all sources
          #
          # To validate the entire codebase, set to:
          # VALIDATE_ALL_CODEBASE: true
          #
          # To validate only diff with main, set to:
          # VALIDATE_ALL_CODEBASE: >-
          #   ${{
          #     github.event_name == 'push' &&
          #     github.ref == 'refs/heads/main'
          #   }}
          VALIDATE_ALL_CODEBASE: true
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # Uncomment to use ApiReporter (Grafana)
          # API_REPORTER: true
          # API_REPORTER_URL: ${{ secrets.API_REPORTER_URL }}
          # API_REPORTER_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_BASIC_AUTH_USERNAME }}
          # API_REPORTER_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_BASIC_AUTH_PASSWORD }}
          # API_REPORTER_METRICS_URL: ${{ secrets.API_REPORTER_METRICS_URL }}
          # API_REPORTER_METRICS_BASIC_AUTH_USERNAME: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_USERNAME }}
          # API_REPORTER_METRICS_BASIC_AUTH_PASSWORD: ${{ secrets.API_REPORTER_METRICS_BASIC_AUTH_PASSWORD }}
          # API_REPORTER_DEBUG: false
          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF
          # .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY
      # Upload MegaLinter artifacts
      - name: Archive production artifacts
        uses: actions/upload-artifact@v4
        if: success() || failure()
        with:
          name: MegaLinter reports
          include-hidden-files: "true"
          path: |
            megalinter-reports
            mega-linter.log
      # Create pull request if applicable
      # (for now works only on PR from same repository, not from forks)
      - name: Create Pull Request with applied fixes
        uses: peter-evans/create-pull-request@v6
        id: cpr
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        with:
          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
          commit-message: "[MegaLinter] Apply linters automatic fixes"
          title: "[MegaLinter] Apply linters automatic fixes"
          labels: bot
      - name: Create PR output
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'pull_request' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        run: |
          echo "PR Number - ${{ steps.cpr.outputs.pull-request-number }}"
          echo "PR URL - ${{ steps.cpr.outputs.pull-request-url }}"
      # Push new commit if applicable
      # (for now works only on PR from same repository, not from forks)
      - name: Prepare commit
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'commit' &&
          github.ref != 'refs/heads/main' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        run: sudo chown -Rc $UID .git/
      - name: Commit and push applied linter fixes
        uses: stefanzweifel/git-auto-commit-action@v5
        if: >-
          steps.ml.outputs.has_updated_sources == 1 &&
          (
            env.APPLY_FIXES_EVENT == 'all' ||
            env.APPLY_FIXES_EVENT == github.event_name
          ) &&
          env.APPLY_FIXES_MODE == 'commit' &&
          github.ref != 'refs/heads/main' &&
          (
            github.event_name == 'push' ||
            github.event.pull_request.head.repo.full_name == github.repository
          ) &&
          !contains(github.event.head_commit.message, 'skip fix')
        with:
          branch: >-
            ${{
              github.event.pull_request.head.ref ||
              github.head_ref ||
              github.ref
            }}
          commit_message: "[MegaLinter] Apply linters fixes"
          commit_user_name: megalinter-bot
          commit_user_email: 129584137+megalinter-bot@users.noreply.github.com
      # https://megalinter.io/latest/reporters/SarifReporter/
      - name: Upload MegaLinter scan results to GitHub Security tab
        if: success() || failure()
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: "megalinter-reports/megalinter-report.sarif"
          category: mega-linter
      # https://github.blog/news-insights/product-news/supercharging-github-actions-with-job-summaries/
      - name: Add job summary
        if: success() || failure()
        run: cat "megalinter-reports/megalinter-report.md" >> "$GITHUB_STEP_SUMMARY"
      # logs and artifacts are retained for 90 days, workflow run history is retained for 400 days... https://docs.github.com/en/actions/administering-github-actions/usage-limits-billing-and-administration#artifact-and-log-retention-policy
--- a/.github/workflows/sonarqube.yml
+++ b/.github/workflows/sonarqube.yml
@ -0,0 +1,38 @@
 name: SonarQube Scan
 # Run on push in any branch and changes in PRs.
 on:
  push:
    paths:
      - "**.js"
      - "**.ts"
      - "package.json"
  pull_request:
    types: [opened, synchronize, reopened]
 permissions:
  contents: read
 jobs:
  sonarqube:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          # Disabling shallow clone is recommended for improving relevancy of reporting. Otherwise sonarcloud will show a warning.
          fetch-depth: 0
      - uses: oven-sh/setup-bun@v2
      - name: bun install
        run: bun install
      - name: eslint (json output)
        continue-on-error: true
        run: bun eslint . -f json -o eslint_report.json
      - name: fix paths for SonarCloud
        run: sed -i 's+/home/runner/work/free-games-claimer/free-games-claimer+/github/workspace+g' eslint_report.json
      - name: SonarQube Scan
        uses: SonarSource/sonarqube-scan-action@v5.2.0
        env:
          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,4 @@
 node_modules/
 data/
 *.env
 megalinter-reports/
--- a/.jscpd.json
+++ b/.jscpd.json
@ -0,0 +1,15 @@
 {
  "threshold": 0,
  "reporters": ["html", "markdown"],
  "ignore": [
    "**/node_modules/**",
    "**/.git/**",
    "**/.rbenv/**",
    "**/.venv/**",
    "**/*cache*/**",
    "**/.github/**",
    "**/.idea/**",
    "**/report/**",
    "**/*.svg"
  ]
 }
--- a/.mega-linter.yml
+++ b/.mega-linter.yml
@ -0,0 +1,84 @@
 # Configuration file for MegaLinter
 #
 # See all available variables at https://megalinter.io/latest/config-file/ and in
 # linters documentation
 # See .github/workflows/mega-linter.yml for GitHub config.
 # Run this locally via Docker:
 # npx mega-linter-runner -r v8 -f cupcake # run as configured here
 # npx mega-linter-runner -r v8 -f cupcake -e "'ENABLE=MARKDOWN,YAML'" -e "APPLY_FIXES=none" # only enable certain groups and disable automatic fixes (note that the '' are required for multiple values)
 # npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter
 # https://github.com/oxsecurity/megalinter#cli-lint-mode most linters will respect .gitignore, but the ones running in 'project' mode will not and may take forever if not configured right
 # all, none, or list of linter keys
 APPLY_FIXES: all
 # If you use ENABLE variable, all other languages/formats/tooling-formats will
 # be disabled by default
 # ENABLE:
 # If you use ENABLE_LINTERS variable, all other linters will be disabled by
 # default
 # ENABLE_LINTERS:
 # DISABLE:
 #   - COPYPASTE # Uncomment to disable checks of excessive copy-pastes
 #   - SPELL # Uncomment to disable checks of spelling mistakes
 SHOW_ELAPSED_TIME: true
 # Uncomment if you want MegaLinter to detect errors but not block CI to pass
 # DISABLE_ERRORS: true
 # ---
 # Custom config:
 PRINT_ALPACA: false
 JAVASCRIPT_DEFAULT_STYLE: prettier # disables JAVASCRIPT_STANDARD in favor of JAVASCRIPT_PRETTIER - disabled below since I prefer my local eslint
 # DISABLE: # groups of linters/formatters
 #   - REPOSITORY # ignore this for now (at least locally) since all project-based and need extra config like .gitignore
 # npx mega-linter-runner -r v8 -f cupcake -e "ENABLE_LINTERS=MARKDOWN_MARKDOWN_LINK_CHECK" # run a specific linter locally
 DISABLE_LINTERS: # times are for running locally with 30GB swap, 65% pressure and several GB in data/ (relevant for project-mode linters that don't respect .gitignore)
  - MARKDOWN_MARKDOWN_LINK_CHECK # 30s, only reported 0 (e.g. for localhost) or 403 (forbidden) for working links to settings or due to DDoS/bot protections
  - JAVASCRIPT_STANDARD # don't like standard format
  - JAVASCRIPT_PRETTIER # prefer my local eslint config
  - REPOSITORY_TRIVY_SBOM # 11s, don't need SBOM
 DISABLE_ERRORS_LINTERS: # error -> warning
  - DOCKERFILE_HADOLINT # mostly wants to pin versions for apt and pip installs and merge consecutive RUN instructions
  - COPYPASTE_JSCPD # default threshold is 0% duplicates -> can make this error once sep. scripts are refactored
  - SPELL_CSPELL # needs config in .cspell.json, but looks annoying since it also flags apt packages
  - SPELL_LYCHEE # dead link checking, 9/332 errors all false positives (Forbidden etc.)
  - JAVASCRIPT_ES # this uses old eslint 8.57.1 instead of local 9.26.0 and complains about stuff that newer version has no problem with
  - REPOSITORY_CHECKOV # docker healthcheck not needed for CLI
  - REPOSITORY_KICS # wants to pin GitHub Actions to commit sha etc.
  - REPOSITORY_TRIVY # docker healthcheck not needed for CLI
 # Customizations via CLI arguments:
 # https://github.com/prantlf/jsonlint#command-line-interface
 JSON_JSONLINT_ARGUMENTS: --comments --trailing-commas --no-duplicate-keys
 # https://prettier.io/docs/options#trailing-commas
 # JSON_PRETTIER_ARGUMENTS: --trailing-comma all --parser jsonc # need to change parser too since the default json parser still strips trailing commas
 # -> let prettier remove trailing commas since e.g. npm will fail to JSON.parse package.json otherwise...
 # megalinter still expects the old .eslintrc file... https://github.com/oxsecurity/megalinter/issues/3570#issuecomment-2138193684
 JAVASCRIPT_ES_CONFIG_FILE: eslint.config.js
 JAVASCRIPT_ES_COMMAND_REMOVE_ARGUMENTS: ["--no-eslintrc"] # not a valid option for eslint with flat config
 # worked, but behaved differently than local `npm run lint` and complained about while(true) with break - probably due old version 8.57.1 (same with -r beta) instead of my local 9.26.0
 # https://github.com/oxsecurity/megalinter#cli-lint-mode
 REPOSITORY_SECRETLINT_ARGUMENTS: --secretlintignore .gitignore
 # https://www.checkov.io/2.Basics/CLI%20Command%20Reference.html
 REPOSITORY_CHECKOV_ARGUMENTS: --skip-path node_modules --skip-path data
 # CI will comment on PRs etc., but for running locally (or downloading the results), we want more than the default megalinter-reports/megalinter.log as an overview:
 JSON_REPORTER: true # mega-linter-report.json
 MARKDOWN_SUMMARY_REPORTER: true # megalinter-report.md
 SARIF_REPORTER: true # mega-linter-report.sarif - results for supported lintes should be shown in GitHub Security tab - https://megalinter.io/latest/reporters/SarifReporter/
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@ -6,5 +6,5 @@
    "source.fixAll.eslint": "explicit"
  },
  "eslint.experimental.useFlatConfig": true,
-  "eslint.codeActionsOnSave.rules": null,
+  "eslint.codeActionsOnSave.rules": null
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,6 +1,17 @@
 # Contribute
-## Building and publishing docker images
+## Code: how to create a pull request
 Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions to be able to run the docker.yml workflows.
-Check if under Workflow Permissions in https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions the radio button is set to "Read and write permissions". In case that's not set the push to ghcr.io will fail.
+1. Fork it ( <https://github.com/vogler/free-games-claimer/fork> ).
 1. Create your feature branch (`git checkout -b my-new-feature`).
 1. Stage your files (`git add .`).
 1. Commit your changes (`git commit -am 'Add some feature'`).
 1. Push to the branch (`git push origin my-new-feature`).
 1. Create a new pull request ( <https://github.com/vogler/free-games-claimer/compare> ).
 ## Building and publishing docker images
 Setup the secrets for DOCKERHUB_USERNAME and [DOCKERHUB_TOKEN](https://hub.docker.com/settings/security) in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/secrets/actions` to be able to run the docker.yml workflows.
 Check if under Workflow Permissions in `https://github.com/YOUR_USERNAME/free-games-claimer/settings/actions` the radio button is set to "Read and write permissions", otherwise the push to ghcr.io will fail.
--- a/67
+++ b/67
@ -23,6 +23,8 @@ RUN apt-get update \
      novnc websockify \
      dos2unix \
      python3-pip \
    # && npx playwright install-deps firefox \
    && apt-get install --no-install-recommends -y \
      libgtk-3-0 \
      libasound2 \
      libxcomposite1 \
@ -41,13 +43,24 @@ RUN apt-get update \
      /usr/share/doc/* \
      /var/cache/* \
      /var/lib/apt/lists/* \
-      /var/tmp/* \
+      /var/tmp/*
-    && useradd -ms /bin/bash fgc \
+
-    && ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html \
+# RUN node --version
-    && pip install apprise
+# RUN npm --version
 RUN ln -s /usr/share/novnc/vnc_auto.html /usr/share/novnc/index.html
 RUN pip install --no-cache-dir apprise
 WORKDIR /fgc
-COPY package*.json ./
+# add user fgc to not run the application as root in the end
 ARG USER=fgc
 RUN useradd -ms /bin/bash fgc
 # adjust permissions, otherwise can only read /fgc/data, but not write
 # normally this would be mounted, but since this only happens later we need to create /fgc/data first
 # also need to chown ., otherwise we can't create node_modules inside as fgc
 RUN mkdir data && chown -R fgc:fgc .
 USER fgc
 COPY --chown=fgc:fgc package*.json ./
 # Playwright installs patched firefox to ~/.cache/ms-playwright/firefox-*
 # Requires some system deps to run (see inlined install-deps above).
@ -56,50 +69,42 @@ RUN npm install
 # From 1.38 Playwright will no longer install browser automatically for playwright, but apparently still for playwright-firefox: https://github.com/microsoft/playwright/releases/tag/v1.38.0
 # RUN npx playwright install firefox
-# Only copy the files we actually need in the image to avoid accidentally adding secrets.
+COPY --chown=fgc:fgc . .
 COPY *.js ./
 COPY eslint.config.js jsconfig.json sonar-project.properties ./
 COPY src ./src
 COPY test ./test
 COPY docker-entrypoint.sh ./
 # Shell scripts need Linux line endings. On Windows, git might be configured to check out dos/CRLF line endings, so we convert them for those people in case they want to build the image. They could also use --config core.autocrlf=input
-RUN dos2unix ./*.sh && chmod +x ./*.sh && chown -R fgc:fgc /fgc
+RUN dos2unix ./*.sh && chmod +x ./*.sh
 COPY docker-entrypoint.sh /usr/local/bin/
 # set by .github/workflows/docker.yml
 ARG COMMIT=""
 ARG BRANCH=""
 ARG NOW=""
 # need as env vars to log in docker-entrypoint.sh
 ENV COMMIT=${COMMIT}
 ENV BRANCH=${BRANCH}
 ENV NOW=${NOW}
-LABEL org.opencontainers.image.title="free-games-claimer" \
+# added by docker/metadata-action using data from GitHub
-      org.opencontainers.image.name="free-games-claimer" \
+# LABEL org.opencontainers.image.title="free-games-claimer" \
-      org.opencontainers.image.description="Automatically claims free games on the Epic Games Store, Amazon Prime Gaming and GOG" \
+#       org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
-      org.opencontainers.image.url="https://github.com/vogler/free-games-claimer" \
+#       org.opencontainers.image.source="https://github.com/vogler/free-games-claimer"
      org.opencontainers.image.source="https://github.com/vogler/free-games-claimer" \
      org.opencontainers.image.revision=${COMMIT} \
      org.opencontainers.image.ref.name=${BRANCH} \
      org.opencontainers.image.base.name="ubuntu:jammy" \
      org.opencontainers.image.version="latest"
 # Configure VNC via environment variables:
-ENV VNC_PORT 5900
+ENV VNC_PORT=5900
-ENV NOVNC_PORT 6080
+ENV NOVNC_PORT=6080
-# Ports are not exposed by default; publish explicitly with -p when you really need GUI access.
+EXPOSE 5900
-# EXPOSE 5900
+EXPOSE 6080
 # EXPOSE 6080
 # Configure Xvfb via environment variables:
-ENV WIDTH 1920
+ENV WIDTH=1920
-ENV HEIGHT 1080
+ENV HEIGHT=1080
-ENV DEPTH 24
+ENV DEPTH=24
 # Show browser instead of running headless
-ENV SHOW 1
+ENV SHOW=1
-USER fgc
+# mega-linter (KICS, Trivy) complained about it missing - usually this checks some API endpoint, for a container that runs ~1min a healthcheck doesn't make that much sense since playwright has timeouts for everything. Could react to SIGUSR1 and check something in JS - for now we just check that node is running and noVNC is reachable...
 HEALTHCHECK --interval=5s --timeout=5s CMD pgrep node && curl --fail http://localhost:6080 || exit 1
 # Script to setup display server & VNC is always executed.
 ENTRYPOINT ["docker-entrypoint.sh"]
--- a/README.md
+++ b/README.md
@ -1,88 +1,229 @@
-Free Games Claimer (Fork)
+# free-games-claimer
-==========================
+[![Code Smells](https://sonarcloud.io/api/project_badges/measure?project=vogler_free-games-claimer&metric=code_smells)](https://sonarcloud.io/project/overview?id=vogler_free-games-claimer)
-[![Quality Gate Status](https://sonata.cyber77.de/api/project_badges/measure?project=free-games-claimer&metric=alert_status&token=sqb_99c83edf82a1331f0c649f8a5b698b4ec8f9a965)](https://sonata.cyber77.de/dashboard?id=free-games-claimer)
+<p align="center">
 <img alt="logo-free-games-claimer" src="https://user-images.githubusercontent.com/493741/214588518-a4c89998-127e-4a8c-9b1e-ee4a9d075715.png" />
 </p>
-Automates claiming of free games for:
+Claims free games periodically on
- Amazon Luna Gaming / Luna claims (including external stores like GOG, Epic Games, Legacy Games )
+- <img alt="logo epic-games" src="https://github.com/user-attachments/assets/82e9e9bf-b6ac-4f20-91db-36d2c8429cb6" width="32" align="middle" /> [Epic Games Store](https://www.epicgames.com/store/free-games)
- GOG giveaways
+- <img alt="logo prime-gaming" src="https://github.com/user-attachments/assets/7627a108-20c6-4525-a1d8-5d221ee89d6e" width="32" align="middle" /> [Amazon Prime Gaming](https://gaming.amazon.com)
- Optional extras: Steam stats, AliExpress dailies (not implemated yet)
+- <img alt="logo gog" src="https://github.com/user-attachments/assets/49040b50-ee14-4439-8e3c-e93cafd7c3a5" width="32" align="middle" /> [GOG](https://www.gog.com)
 - <img alt="logo unrealengine" src="https://github.com/user-attachments/assets/3582444b-f23b-448d-bf31-01668cd0313a" width="32" align="middle" /> [Unreal Engine (Assets)](https://www.unrealengine.com/marketplace/en-US/assets?count=20&sortBy=effectiveDate&sortDir=DESC&start=0&tag=4910) ([experimental](https://github.com/vogler/free-games-claimer/issues/44), same login as Epic Games)
 <!-- - <img src="https://www.freepnglogos.com/uploads/xbox-logo-picture-png-14.png" width="32"/> [Xbox Live Games with Gold](https://www.xbox.com/en-US/live/gold#gameswithgold) ([experimental](https://github.com/vogler/free-games-claimer/issues/19)) -->
-Requirements
+Pull requests welcome :)
 ------------
 - Docker or Podman (recommended), or Node.js ≥ 20 for local runs
 - Optional notifications: `pip install apprise`
 - Playwright dependencies are baked into the container; locally, `npm install` downloads Firefox.
-Quickstart (Docker Run)
+![Telegram Screenshot](https://user-images.githubusercontent.com/493741/214667078-eb5c1877-2bdd-40c1-b94e-4a50d6852c06.png)
 -----------------------
 ```
 docker run --rm -it \
  -p 6080:6080 \
  -v fgc:/fgc/data \
  -e SHOW=1 \
  git.sky-net.it/nocci/free-games-claimer:latest \
  node prime-gaming.js
 ```
 - Ports 6080/5900: noVNC/VNC (only needed with `SHOW=1`)
 - Data/configs are stored in volume `fgc` under `/fgc/data`
-Docker Compose Example
+_Works on Windows/macOS/Linux._
----------------------
+
-```yaml
+Raspberry Pi (3, 4, Zero 2): [requires 64-bit OS](https://github.com/vogler/free-games-claimer/issues/3) like Raspberry Pi OS or Ubuntu (Raspbian won't work since it's 32-bit).
-services:
+
-  fgc:
+## How to run
-    image: git.sky-net.it/nocci/free-games-claimer:latest
+Easy option: [install Docker](https://docs.docker.com/get-docker/) (or [podman](https://podman-desktop.io/)) and run this command in a terminal:
-    container_name: fgc
+```sh
-    environment:
+docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer
      - SHOW=1            # show browser via VNC/noVNC
      # - PG_EMAIL=...
      # - PG_PASSWORD=...
      # - PG_OTPKEY=...
    volumes:
      - fgc:/fgc/data
    ports:
      - "6080:6080"       # noVNC
      # - "5900:5900"     # VNC optional
    command: bash -c "node epic-games; node prime-gaming; node gog"
 volumes:
  fgc:
 ```
-Configuration (Environment Variables)
+_This currently gives you a captcha challenge for epic-games. Until [issue #183](https://github.com/vogler/free-games-claimer/issues/183) is fixed, it is recommended to just run `node epic-games` without docker (see below)._
 -------------------------------------
 Common options:
 - `SHOW=0/1` (0 = headless, 1 = UI)
 - `WIDTH`, `HEIGHT` (browser size)
 - `TIMEOUT`, `LOGIN_TIMEOUT` (seconds)
 - Login: `EMAIL`, `PASSWORD` global; per store `EG_EMAIL`, `EG_PASSWORD`, `EG_OTPKEY`, `PG_EMAIL`, `PG_PASSWORD`, `PG_OTPKEY`, `GOG_EMAIL`, `GOG_PASSWORD`
 - Prime Gaming: `PG_REDEEM=1` (auto-redeem keys, experimental), `PG_CLAIMDLC=1`, `PG_TIMELEFT=<days>` to skip long-remaining offers
 - Screenshots: `SCREENSHOTS_DIR` (default `data/screenshots`)
 - Notifications: `NOTIFY='...'` (Apprise URL), optional `NOTIFY_TITLE`
 - Browser profile: `BROWSER_DIR` (default `data/browser`)
 - Recording: `RECORD=1` to save videos/HAR to `data/record/`
 - Debugging: `DEBUG=1` (opens Playwright inspector), `DEBUG_NETWORK=1` (logs requests), `TIME=1` (prints timings)
 - Dry run / Interaction: `DRYRUN=1` (do not claim), `INTERACTIVE=1` (ask before claiming), `HEADLESS` is derived from `SHOW`/`DEBUG`
 - Directories: `SCREENSHOTS_DIR`, `BROWSER_DIR`, `DATA_DIR` (prefix for data; default under `data/`)
 - VNC/noVNC: `VNC_PASSWORD` (for Docker entrypoint), `NOVNC_PORT`/`VNC_PORT` (Docker)
 - General timeouts: `TIMEOUT` (per action), `LOGIN_TIMEOUT` (extra time for login)
-You can place a `data/config.env`; it is loaded via dotenv and is overridden by explicitly set environment variables.
+This will run `node epic-games; node prime-gaming; node gog` - if you only want to claim games for one of the stores, you can override the default command by appending e.g. `node epic-games` at the end of the `docker run` command, or if you want several `bash -c "node epic-games.js; node gog.js"`.
 Data (including json files with claimed games, codes to redeem, screenshots) is stored in the Docker volume `fgc`.
-Local Run Without Docker
+<details>
------------------------
+  <summary>I want to run without Docker or develop locally.</summary>
 ```
 npm install
 SHOW=0 PG_EMAIL=... PG_PASSWORD=... PG_OTPKEY=... node prime-gaming.js
 ```
 - Playwright downloads Firefox to `~/.cache/ms-playwright`.
 - Use `SHOW=1` for a visible browser (requires GUI/Xvfb).
-Persistence & Outputs
+1. [Install Node.js](https://nodejs.org/en/download)
---------------------
+2. Clone/download this repository and `cd` into it in a terminal
- Data/status: `data/*.json` (per store)
+3. Run `npm install`
- Browser profile: `data/browser`
+4. Run `pip install apprise` (or use [pipx](https://github.com/pypa/pipx) if you have [problems](https://stackoverflow.com/questions/75608323/how-do-i-solve-error-externally-managed-environment-every-time-i-use-pip-3)) to install [apprise](https://github.com/caronc/apprise) if you want notifications
- Screenshots: `data/screenshots/<store>/`
+5. To get updates: `git pull; npm install`
- Optional videos/HAR: `RECORD=1` → `data/record/`
+6. Run `node epic-games`, `node prime-gaming`, `node gog`...
-Tip: For captchas or first-time login, run with `SHOW=1` and log in once; cookies stay in the profile. Notifications via `NOTIFY` help surface errors (e.g., captcha, login).
+During `npm install` Playwright will download its Firefox to a cache in home ([doc](https://playwright.dev/docs/browsers#managing-browser-binaries)).
 If you are missing some dependencies for the browser on your system, you can use `sudo npx playwright install firefox --with-deps`.
 If you don't want to use Docker for quasi-headless mode, you could run inside a virtual machine, on a server, or you wake your PC at night to avoid being interrupted.
 </details>
 ## Usage
 All scripts start an automated Firefox instance, either with the browser GUI shown or hidden (_headless mode_). By default, you won't see any browser open on your host system.
 - When running inside Docker, the browser will be shown only inside the container. You can open <http://localhost:6080> to interact with the browser running inside the container via noVNC (or use other VNC clients on port 5900).
 - When running the scripts outside of Docker, the browser will be hidden by default; you can use `SHOW=1 ...` to show the UI (see options below).
 When running the first time, you have to login for each store you want to claim games on.
 You can login indirectly via the terminal or directly in the browser. The scripts will wait until you are successfully logged in.
 There will be prompts in the terminal asking you to enter email, password, and afterwards some OTP (one time password / security code) if you have 2FA/MFA (two-/multi-factor authentication) enabled. If you want to login yourself via the browser, you can press escape in the terminal to skip the prompts.
 After login, the script will continue claiming the current games. If it still waits after you are already logged in, you can restart it (and open an issue). If you run the scripts regularly, you should not have to login again.
 ### Configuration / Options
 Options are set via [environment variables](https://kinsta.com/knowledgebase/what-is-an-environment-variable/) which allow for flexible configuration.
 TODO: ~~On the first run, the script will guide you through configuration and save all settings to `data/config.env`. You can edit this file directly or run `node fgc config` to run the configuration assistant again.~~
 Available options/variables and their default values:
 | Option         | Default      | Description                                                                                                                  |
 |----------------|--------------|------------------------------------------------------------------------------------------------------------------------------|
 | SHOW           | 1            | Show browser if 1. Default for Docker, not shown when running outside.                                                       |
 | WIDTH          | 1280         | Width of the opened browser (and of screen for VNC in Docker).                                                               |
 | HEIGHT         | 1280         | Height of the opened browser (and of screen for VNC in Docker).                                                              |
 | VNC_PASSWORD   |              | VNC password for Docker. No password used by default!                                                                        |
 | NOTIFY         |              | Notification services to use (Pushover, Slack, Telegram...), see below.                                                      |
 | NOTIFY_TITLE   |              | Optional title for notifications, e.g. for Pushover.                                                                         |
 | BROWSER_DIR    | data/browser | Directory for browser profile, e.g. for multiple accounts.                                                                   |
 | TIMEOUT        | 60           | Timeout for any page action. Should be fine even on slow machines.                                                           |
 | LOGIN_TIMEOUT  | 180          | Timeout for login in seconds. Will wait twice (prompt + manual login).                                                       |
 | EMAIL          |              | Default email for any login.                                                                                                 |
 | PASSWORD       |              | Default password for any login.                                                                                              |
 | EG_EMAIL       |              | Epic Games email for login. Overrides EMAIL.                                                                                 |
 | EG_PASSWORD    |              | Epic Games password for login. Overrides PASSWORD.                                                                           |
 | EG_OTPKEY      |              | Epic Games MFA OTP key.                                                                                                      |
 | EG_PARENTALPIN |              | Epic Games Parental Controls PIN.                                                                                            |
 | PG_EMAIL       |              | Prime Gaming email for login. Overrides EMAIL.                                                                               |
 | PG_PASSWORD    |              | Prime Gaming password for login. Overrides PASSWORD.                                                                         |
 | PG_OTPKEY      |              | Prime Gaming MFA OTP key.                                                                                                    |
 | PG_REDEEM      | 0            | Prime Gaming: try to redeem keys on external stores ([experimental](https://github.com/vogler/free-games-claimer/issues/5)). |
 | PG_CLAIMDLC    | 0            | Prime Gaming: try to claim DLCs ([experimental](https://github.com/vogler/free-games-claimer/issues/55)).                    |
 | GOG_EMAIL      |              | GOG email for login. Overrides EMAIL.                                                                                        |
 | GOG_PASSWORD   |              | GOG password for login. Overrides PASSWORD.                                                                                  |
 | GOG_NEWSLETTER | 0            | Do not unsubscribe from newsletter after claiming a game if 1.                                                               |
 | LG_EMAIL       |              | Legacy Games: email to use for redeeming (if not set, defaults to PG_EMAIL).                                                 |
 See `src/config.js` for all options.
 #### How to set options
 You can add options directly in the command or put them in a file to load.
 ##### Docker
 You can pass variables using `-e VAR=VAL`.
 For example, `docker run -e EMAIL=foo@bar.baz -e NOTIFY='tgram://bottoken/ChatID' ...`.
 Alternatively, you can pass a file with `--env-file fgc.env` where `fgc.env` is a file on your host system (see [docs](https://docs.docker.com/engine/reference/commandline/run/#env)).
 You can also `docker cp` your configuration file to `/fgc/data/config.env` in the `fgc` volume to store it with the rest of the data instead of on the host ([example](https://github.com/moby/moby/issues/25245#issuecomment-365980572)).
 If you are using [docker compose](https://docs.docker.com/compose/environment-variables/) (or Portainer etc.), you can put options in the `environment:` section.
 ##### Without Docker
 On Linux/macOS you can prefix the variables you want to set, for example `EMAIL=foo@bar.baz SHOW=1 node epic-games` will show the browser and skip asking you for your login email. On Windows you have to use `set`, [example](https://github.com/vogler/free-games-claimer/issues/314).
 You can also put options in `data/config.env` which will be loaded by [dotenv](https://github.com/motdotla/dotenv).
 ### Notifications
 The scripts will try to send notifications for successfully claimed games and any errors like needing to log in or encountered captchas (should not happen).
 [apprise](https://github.com/caronc/apprise) is used for notifications and offers many services including Pushover, Slack, Telegram, SMS, Email, desktop and custom notifications.
 You just need to set `NOTIFY` to the notification services you want to use, e.g. `NOTIFY='mailto://myemail@gmail.com' 'pbul://o.gn5kj6nfhv736I7jC3cj3QLRiyhgl98b'` - refer to their list of services and [examples](https://github.com/caronc/apprise#command-line-usage).
 ### Automatic login, two-factor authentication
 If you set the options for email, password and OTP key, there will be no prompts and logins should happen automatically. This is optional since all stores should stay logged in since cookies are refreshed.
 To get the OTP key, it is easiest to follow the store's guide for adding an authenticator app. You should also scan the shown QR code with your favorite app to have an alternative method for 2FA.
 - **Epic Games**: visit [password & security](https://www.epicgames.com/account/password), enable 'third-party authenticator app', copy the 'Manual Entry Key' and use it to set `EG_OTPKEY`.
 - **Prime Gaming**: visit Amazon 'Your Account › Login & security', 2-step verification › Manage › Add new app › Can't scan the barcode, copy the bold key and use it to set `PG_OTPKEY`
 - **GOG**: only offers OTP via email
 <!-- - **Xbox**: visit [additional security](https://account.live.com/proofs/manage/additional) > Add a new way to sign in or verify > Use an app > Set up a different Authenticator app > I can't scan the bar code > copy the bold key and use it to set `XBOX_OTPKEY` -->
 Beware that storing passwords and OTP keys as clear text may be a security risk. Use a unique/generated password! TODO: maybe at least offer to base64 encode for storage.
 ### Epic Games Store
 Run `node epic-games` (locally or in Docker).
 ### Amazon Prime Gaming
 Run `node prime-gaming` (locally or in Docker).
 Claiming the Amazon Games works out-of-the-box, however, for games on external stores you need to either link your account or redeem a key.
 - Stores that require account linking: Epic Games, Battle.net, Origin.
 - Stores that require redeeming a key: GOG.com, Microsoft Games, Legacy Games.
  Keys and URLs are printed to the console, included in notifications and saved in `data/prime-gaming.json`. A screenshot of the page with the key is also saved to `data/screenshots`.
  [TODO](https://github.com/vogler/free-games-claimer/issues/5): ~~redeem keys on external stores.~~
 <!-- ### Xbox Games With Gold -->
 <!-- Run `node xbox` (locally or in docker). -->
 ### Run periodically
 #### How often?
 Epic Games usually has two free games _every week_, before Christmas every day.
 Prime Gaming has new games _every month_ or more often during Prime days.
 GOG usually has one new game every couples of weeks.
 Unreal Engine has new assets to claim _every first Tuesday of a month_.
 <!-- Xbox usually has two games *every month*. -->
 It is safe to run the scripts every day.
 #### How to schedule?
 The container/scripts will claim currently available games and then exit.
 If you want it to run regularly, you have to schedule the runs yourself:
 - Linux/macOS: `crontab -e` ([example](https://github.com/vogler/free-games-claimer/discussions/56))
 - macOS: [launchd](https://stackoverflow.com/questions/132955/how-do-i-set-a-task-to-run-every-so-often)
 <!-- markdownlint-disable-next-line line-length -->
 - Windows: [task scheduler](https://active-directory-wp.com/docs/Usage/How_to_add_a_cron_job_on_Windows/Scheduled_tasks_and_cron_jobs_on_Windows/index.html) ([example](https://github.com/vogler/free-games-claimer/wiki/%5BHowTo%5D-Schedule-runs-on-Windows)), [other options](https://stackoverflow.com/questions/132971/what-is-the-windows-version-of-cron), or just put the command in a `.bat` file in Autostart if you restart often...
 - any OS: use a process manager like [pm2](https://pm2.keymetrics.io/docs/usage/restart-strategies/)
 - Docker Compose `command: bash -c "node epic-games; node prime-gaming; node gog; echo sleeping; sleep 1d"` additionally add `restart: unless-stopped` to it.
 TODO: ~~add some server-mode where the script just keeps running and claims games e.g. every day.~~
 ### Problems?
 Check the open [issues](https://github.com/vogler/free-games-claimer/issues) and comment there or open a new issue.
 If you're a developer, you can use `PWDEBUG=1 ...` to [inspect](https://playwright.dev/docs/inspector) which opens a debugger where you can step through the script.
 ## History/DevLog
 <details>
  <summary>Click to expand</summary>
 Tried [epicgames-freebies-claimer](https://github.com/Revadike/epicgames-freebies-claimer), but had problems since epicgames introduced hcaptcha (see [issue](https://github.com/Revadike/epicgames-freebies-claimer/issues/172)).
 Played around with Puppeteer before, now trying newer [Playwright](https://playwright.dev) which is pretty similar.
 Playwright Inspector and `codegen` to generate scripts are nice, but failed to generate the right code for clicking a button in an iframe.
 <!-- markdownlint-disable-next-line line-length -->
 Added [main.spec.ts](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which was the test script generated by `npx playwright codegen` with manual fix for clicking buttons in the created iframe. Can be executed by `npx playwright test`. The test runner has options `--debug` and `--timeout` and can execute TypeScript which is nice. However, this only worked up to the button 'I Agree', and then showed an hcaptcha.
 Added [main.captcha.js](https://github.com/vogler/epicgames-claimer/commit/e5ce7916ab6329cfc7134677c4d89c2b3fa3ba97#diff-d18d03e9c407a20e05fbf03cbd6f9299857740544fb6b50d6a70b9c6fbc35831) which uses beta of `playwright-extra@next` and `@extra/recaptcha@next` (from [comment on puppeteer-extra](https://github.com/berstend/puppeteer-extra/pull/303#issuecomment-775277480)).
 However, `playwright-extra` seems to be old and missing `:has-text` selector (fixed [here](https://github.com/vogler/epicgames-claimer/commit/ba97a0e840b65f4476cca18e28d8461b0c703420)) and `page.frameLocator`, so the script did not run without adjustments.
 Also, solving via [2captcha](https://2captcha.com?from=13225256) is a paid service which takes time and may be unreliable.
 <!-- Alternative: https://anti-captcha.com -->
 Added [main.stealth.js](https://github.com/vogler/epicgames-claimer/commit/64d0ba8ce71baec3947d1b64acd567befcb39340#diff-f70d3bd29df4a343f11062a97063953173491ce30fe34f69a0fc52517adbf342) which uses the stealth plugin without `playwright-extra` wrapper but up-to-date `playwright` (from [comment](https://github.com/berstend/puppeteer-extra/issues/454#issuecomment-917437212)).
 The listed evasions are enough to not show an hcaptcha. Script claimed game successfully in non-headless mode.
 Removed `main.captcha.js`.
 Using Playwright Test (`main.spec.ts`) instead of Library (`main.stealth.js`) has the advantage of free CLI like `--debug` and `--timeout`.
 <!-- TODO: check if stealth plugin can be setup with `contextOptions` ([doc](https://playwright.dev/docs/test-configuration#more-browser-and-context-options)). -->
 Button selectors should preferably use text in order to be more stable against changes in the DOM.
 Renamed repository from epicgames-claimer to free-games-claimer since a script for Amazon Prime Gaming was also added. Removed all old scripts in favor of just `epic-games.js` and `prime-gaming.js`.
 epic games: `headless` mode gets hcaptcha challenge. More details/references in [issue](https://github.com/vogler/free-games-claimer/issues/2).
 [PR](https://github.com/vogler/free-games-claimer/pull/11) introduced a Dockerfile for running non-headless inside the container via xvfb which makes it headless for the host running the container.
 v1.0 Standalone scripts node epic-games and node prime-gaming using Chromium.
 Changed to Firefox for all scripts since Chromium led to captchas. Claiming then also worked in headless mode without Docker.
 Added options via env vars, configurable in `data/config.env`.
 Added OTP generation via otplib for automatic login, even with 2FA.
 Added notifications via [apprise](https://github.com/caronc/apprise).
 </details>
 [![Star History Chart](https://api.star-history.com/svg?repos=vogler/free-games-claimer&type=Date)](https://star-history.com/#vogler/free-games-claimer&Date)
 <!-- [![Stargazers over time](https://starchart.cc/vogler/free-games-claimer.svg?variant=adaptive)](https://starchart.cc/vogler/free-games-claimer) -->
 ![Alt](https://repobeats.axiom.co/api/embed/a1c5e6e420d90e0d6b34c1285e92a69a44138faa.svg "Repobeats analytics image")
 ---
 Logo with smaller aspect ratio (for Telegram bot etc.): 👾 - [emojipedia](https://emojipedia.org/alien-monster/)
 ![logo-fgc](https://user-images.githubusercontent.com/493741/214589922-093d6557-6393-421c-b577-da58ff3671bc.png)
--- a/aliexpress.js
+++ b/aliexpress.js
@ -14,6 +14,7 @@ const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
 const context = await firefox.launchPersistentContext(cfg.dir.browser, {
  headless: cfg.headless,
  // viewport: { width: cfg.width, height: cfg.height },
  locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
  recordVideo: cfg.record ? { dir: 'data/record/', size: { width: cfg.width, height: cfg.height } } : undefined, // will record a .webm video for each page navigated; without size, video would be scaled down to fit 800x800
  recordHar: cfg.record ? { path: `data/record/aliexpress-${filenamify(datetime())}.har` } : undefined, // will record a HAR file with network requests and responses; can be imported in Chrome devtools
@ -28,6 +29,7 @@ const context = await firefox.launchPersistentContext(cfg.dir.browser, {
  },
 });
 handleSIGINT(context);
 // await stealth(context);
 await new FingerprintInjector().attachFingerprintToPlaywright(context, { fingerprint, headers });
 context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
@ -38,9 +40,12 @@ const auth = async url => {
  console.log('auth', url);
  await page.goto(url, { waitUntil: 'domcontentloaded' });
  // redirects to https://login.aliexpress.com/?return_url=https%3A%2F%2Fwww.aliexpress.com%2Fp%2Fcoin-pc-index%2Findex.html
-  await Promise.any([page.waitForURL(url => url.includes('login.aliexpress.com')).then(async () => {
+  await Promise.any([page.waitForURL(/.*login\.aliexpress.com.*/).then(async () => {
    // manual login
    console.error('Not logged in! Will wait for 120s for you to login...');
-    page.locator('span:has-text("Switch account")').click().catch(() => {}); // sometimes no longer logged in, but previous user/email is pre-selected -> in this case we want to go back to the classic login
+    // await page.waitForTimeout(120*1000);
    // or try automated
    page.locator('span:has-text("Switch account")').click().catch(_ => {}); // sometimes no longer logged in, but previous user/email is pre-selected -> in this case we want to go back to the classic login
    const login = page.locator('.login-container');
    const email = cfg.ae_email || await prompt({ message: 'Enter email' });
    const emailInput = login.locator('input[label="Email or phone number"]');
@ -53,10 +58,14 @@ const auth = async url => {
    await login.locator('input[label="Password"]').fill(password);
    await login.locator('button:has-text("Sign in")').click();
    const error = login.locator('.error-text');
-    error.waitFor().then(async () => console.error('Login error:', await error.innerText()));
+    error.waitFor().then(async _ => console.error('Login error:', await error.innerText()));
    await page.waitForURL(url);
-    page.getByRole('button', { name: 'Accept cookies' }).click().then(() => console.log('Accepted cookies')).catch(() => { });
+    // await page.addLocatorHandler(page.getByRole('button', { name: 'Accept cookies' }), btn => btn.click());
-  }), page.locator('#nav-user-account').waitFor()]).catch(() => {});
+    page.getByRole('button', { name: 'Accept cookies' }).click().then(_ => console.log('Accepted cookies')).catch(_ => { });
  }), page.locator('#nav-user-account').waitFor()]).catch(_ => {});
  // await page.locator('#nav-user-account').hover();
  // console.log('Logged in as:', await page.locator('.welcome-name').innerText());
 };
 // copied URLs from AliExpress app on tablet which has menu for the used webview
@ -71,39 +80,45 @@ const urls = {
  merge: 'https://m.aliexpress.com/p/merge-market/index.html',
 };
 /* eslint-disable no-unused-vars */
 const coins = async () => {
  // await auth(urls.coins);
  await Promise.any([page.locator('.checkin-button').click(), page.locator('.addcoin').waitFor()]);
  console.log('Coins:', await page.locator('.mycoin-content-right-money').innerText());
  console.log('Streak:', await page.locator('.title-box').innerText());
  console.log('Tomorrow:', await page.locator('.addcoin').innerText());
 };
-const grow = async () => {
+// const grow = async () => {
-  await page.pause();
+//   await page.pause();
-};
+// };
-
+//
-const gogo = async () => {
+// const gogo = async () => {
-  await page.pause();
+//   await page.pause();
-};
+// };
-
+//
-const euro = async () => {
+// const euro = async () => {
-  await page.pause();
+//   await page.pause();
-};
+// };
-
+//
-const merge = async () => {
+// const merge = async () => {
-  await page.pause();
+//   await page.pause();
-};
+// };
 /* eslint-enable no-unused-vars */
 try {
  // await coins();
  await [
-    merge,
+    coins,
-  ].reduce((a, f) => a.then(async () => {
+    // grow,
    // gogo,
    // euro,
    // merge,
  ].reduce((a, f) => a.then(async _ => {
    await auth(urls[f.name]);
    await f();
    console.log();
  }), Promise.resolve());
  // await page.pause();
 } catch (error) {
  process.exitCode ||= 1;
  console.error('--- Exception:');
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -4,6 +4,10 @@ services:
    container_name: fgc # is printed in front of every output line
    image: ghcr.io/vogler/free-games-claimer # otherwise image name will be free-games-claimer-free-games-claimer
    build: .
    healthcheck: # see Dockerfile, check that node is running and noVNC is reachable
      test: pgrep node && curl --fail http://localhost:6080 || exit 1
      interval: 5s
      timeout: 5s
    ports:
      # - "5900:5900" # VNC server
      - "6080:6080" # noVNC (browser-based VNC client)
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@ -3,7 +3,7 @@
 set -eo pipefail # exit on error, error on any fail in pipe (not just last cmd); add -x to print each cmd; see gist bash_strict_mode.md
 echo "Version: https://github.com/vogler/free-games-claimer/tree/${COMMIT}"
-[ ! -z $BRANCH ] && [ $BRANCH != "main" ] && echo "Branch: ${BRANCH}"
+[ -n "$BRANCH" ] && [ "$BRANCH" != "main" ] && echo "Branch: ${BRANCH}"
 echo "Build: $NOW"
 # Remove chromium profile lock.
@ -17,7 +17,7 @@ rm -f /fgc/data/browser/SingletonLock
 mkdir -p /fgc/data/browser
 # fix for 'Incorrect response' after solving a captcha correctly - https://github.com/vogler/free-games-claimer/issues/261#issuecomment-1868385830
 # echo 'user_pref("privacy.resistFingerprinting", true);' > /fgc/data/browser/user.js
-cat << EOT > /fgc/data/browser/user.js
+cat <<EOT >/fgc/data/browser/user.js
 user_pref("privacy.resistFingerprinting", true);
 // user_pref("privacy.resistFingerprinting.letterboxing", true);
 // user_pref("browser.contentblocking.category", "strict");
@ -36,9 +36,10 @@ rm -f /tmp/.X1-lock
 # Options passed directly to the Xvfb server:
 # -ac disables host-based access control mechanisms
 # −screen NUM WxHxD creates the screen and sets its width, height, and depth
 # -nolisten unix tells the server not to use Unix domain sockets, thus avoiding the need to create /tmp/.X11-unix
 export DISPLAY=:1 # need to export this, otherwise playwright complains with 'Looks like you launched a headed browser without having a XServer running.'
-Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" &
+Xvfb $DISPLAY -ac -screen 0 "${WIDTH}x${HEIGHT}x${DEPTH}" -nolisten unix &
 echo "Xvfb display server created screen with resolution ${WIDTH}x${HEIGHT}"
 if [ -z "$VNC_PASSWORD" ]; then
 	pw="-nopw"
@ -47,9 +48,9 @@ else
 	pw="-passwd $VNC_PASSWORD"
 	pwt="with password"
 fi
-x11vnc -display $DISPLAY -forever -shared -rfbport $VNC_PORT -bg $pw 2>/dev/null 1>&2
+x11vnc -display $DISPLAY -forever -shared -rfbport "$VNC_PORT" -bg "$pw" 2>/dev/null 1>&2
 echo "VNC is running on port $VNC_PORT ($pwt)"
-websockify -D --web "/usr/share/novnc/" $NOVNC_PORT "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
+websockify -D --web "/usr/share/novnc/" "$NOVNC_PORT" "localhost:$VNC_PORT" 2>/dev/null 1>&2 &
 echo "noVNC (VNC via browser) is running on http://localhost:$NOVNC_PORT"
 echo
 exec tini -g -- "$@" # https://github.com/krallin/tini/issues/8 node/playwright respond to signals like ctrl-c, but unsure about zombie processes
--- a/epic-games.js
+++ b/epic-games.js
@ -1,9 +1,9 @@
 import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
 import { authenticator } from 'otplib';
 import chalk from 'chalk';
-import path from 'node:path';
+import path from 'path';
-import { existsSync, writeFileSync, appendFileSync } from 'node:fs';
+import { existsSync, writeFileSync, appendFileSync } from 'fs';
-import { resolve, jsonDb, datetime, stealth, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, stealth, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'epic-games', ...a);
@ -53,7 +53,6 @@ const page = context.pages().length ? context.pages()[0] : await context.newPage
 await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
 // some debug info about the page (screen dimensions, user agent, platform)
 // eslint-disable-next-line no-undef
 if (cfg.debug) console.debug(await page.evaluate(() => [(({ width, height, availWidth, availHeight }) => ({ width, height, availWidth, availHeight }))(window.screen), navigator.userAgent, navigator.platform, navigator.vendor])); // deconstruct screen needed since `window.screen` prints {}, `window.screen.toString()` '[object Screen]', and can't use some pick function without defining it on `page`
 if (cfg.debug_network) {
  // const filter = _ => true;
@ -80,6 +79,7 @@ try {
  while (await page.locator('egs-navigation').getAttribute('isloggedin') != 'true') {
    console.error('Not signed in anymore. Please login in the browser or here in the terminal.');
    if (cfg.nowait) process.exit(1);
    if (cfg.novnc_port) console.info(`Open http://localhost:${cfg.novnc_port} to login inside the docker container.`);
    if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
    console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@ -261,6 +261,7 @@ try {
        if (cfg.time) console.timeEnd('claim game');
        continue;
      }
      if (cfg.interactive && !await confirm()) continue;
      // Playwright clicked before button was ready to handle event, https://github.com/vogler/free-games-claimer/issues/84#issuecomment-1474346591
      await iframe.locator('button:has-text("Place Order"):not(:has(.payment-loading--loading))').click({ delay: 11 });
--- a/eslint.config.js
+++ b/eslint.config.js
@ -2,75 +2,78 @@
 // https://eslint.org/docs/latest/use/configure/migration-guide
 import js from '@eslint/js';
 import globals from 'globals';
-import stylistic from '@stylistic/eslint-plugin-js';
+import stylistic from '@stylistic/eslint-plugin';
 export default [
  // https://eslint.org/docs/latest/use/configure/configuration-files-new#globally-ignoring-files-with-ignores
  // object with just `ignores` applies to all configuration objects
  // had `ln -s .gitignore .eslintignore` before, but .eslintignore no longer supported
  {
-    ignores: ['data/**'],
+    ignores: ['data/**', 'megalinter-reports/**'],
  },
  js.configs.recommended, // TODO still needed?
  {
    // files: ['*.js'],
    languageOptions: {
-      globals: globals.node,
+      globals: {
        ...globals.node,
        ...globals.browser,
      },
    },
    plugins: {
-      '@stylistic/js': stylistic,
+      '@stylistic': stylistic,
    },
    // https://eslint.org/docs/latest/rules/
    // https://eslint.style/packages/js
    rules: {
      'no-unused-vars': ['error', { argsIgnorePattern: '^_' }],
      'prefer-const': 'error',
-      '@stylistic/js/array-bracket-newline': ['error', 'consistent'],
+      '@stylistic/array-bracket-newline': ['error', 'consistent'],
-      '@stylistic/js/array-bracket-spacing': 'error',
+      '@stylistic/array-bracket-spacing': 'error',
-      '@stylistic/js/array-element-newline': ['error', 'consistent'],
+      '@stylistic/array-element-newline': ['error', 'consistent'],
-      '@stylistic/js/arrow-parens': ['error', 'as-needed'],
+      '@stylistic/arrow-parens': ['error', 'as-needed'],
-      '@stylistic/js/arrow-spacing': 'error',
+      '@stylistic/arrow-spacing': 'error',
-      '@stylistic/js/block-spacing': 'error',
+      '@stylistic/block-spacing': 'error',
-      '@stylistic/js/brace-style': 'error',
+      '@stylistic/brace-style': 'error',
-      '@stylistic/js/comma-dangle': ['error', 'always-multiline'],
+      '@stylistic/comma-dangle': ['error', 'always-multiline'],
-      '@stylistic/js/comma-spacing': 'error',
+      '@stylistic/comma-spacing': 'error',
-      '@stylistic/js/comma-style': 'error',
+      '@stylistic/comma-style': 'error',
-      '@stylistic/js/eol-last': 'error',
+      '@stylistic/eol-last': 'error',
-      '@stylistic/js/func-call-spacing': 'error',
+      '@stylistic/func-call-spacing': 'error',
-      '@stylistic/js/function-paren-newline': ['error', 'consistent'],
+      '@stylistic/function-paren-newline': ['error', 'consistent'],
-      '@stylistic/js/implicit-arrow-linebreak': 'error',
+      '@stylistic/implicit-arrow-linebreak': 'error',
-      '@stylistic/js/indent': ['error', 2],
+      '@stylistic/indent': ['error', 2],
-      '@stylistic/js/key-spacing': 'error',
+      '@stylistic/key-spacing': 'error',
-      '@stylistic/js/keyword-spacing': 'error',
+      '@stylistic/keyword-spacing': 'error',
-      '@stylistic/js/linebreak-style': 'error',
+      '@stylistic/linebreak-style': 'error',
-      '@stylistic/js/no-extra-parens': 'error',
+      '@stylistic/no-extra-parens': 'error',
-      '@stylistic/js/no-extra-semi': 'error',
+      '@stylistic/no-extra-semi': 'error',
-      '@stylistic/js/no-mixed-spaces-and-tabs': 'error',
+      '@stylistic/no-mixed-spaces-and-tabs': 'error',
-      '@stylistic/js/no-multi-spaces': 'error',
+      '@stylistic/no-multi-spaces': 'error',
-      '@stylistic/js/no-multiple-empty-lines': 'error',
+      '@stylistic/no-multiple-empty-lines': 'error',
-      '@stylistic/js/no-tabs': 'error',
+      '@stylistic/no-tabs': 'error',
-      '@stylistic/js/no-trailing-spaces': 'error',
+      '@stylistic/no-trailing-spaces': 'error',
-      '@stylistic/js/no-whitespace-before-property': 'error',
+      '@stylistic/no-whitespace-before-property': 'error',
-      '@stylistic/js/nonblock-statement-body-position': 'error',
+      '@stylistic/nonblock-statement-body-position': 'error',
-      '@stylistic/js/object-curly-newline': 'error',
+      '@stylistic/object-curly-newline': 'error',
-      '@stylistic/js/object-curly-spacing': ['error', 'always'],
+      '@stylistic/object-curly-spacing': ['error', 'always'],
-      '@stylistic/js/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
+      '@stylistic/object-property-newline': ['error', { allowAllPropertiesOnSameLine: true }],
-      '@stylistic/js/quote-props': ['error', 'as-needed'],
+      '@stylistic/quote-props': ['error', 'as-needed'],
-      '@stylistic/js/quotes': ['error', 'single'],
+      '@stylistic/quotes': ['error', 'single'],
-      '@stylistic/js/rest-spread-spacing': 'error',
+      '@stylistic/rest-spread-spacing': 'error',
-      '@stylistic/js/semi': 'error',
+      '@stylistic/semi': 'error',
-      '@stylistic/js/semi-spacing': 'error',
+      '@stylistic/semi-spacing': 'error',
-      '@stylistic/js/semi-style': 'error',
+      '@stylistic/semi-style': 'error',
-      '@stylistic/js/space-before-blocks': 'error',
+      '@stylistic/space-before-blocks': 'error',
-      '@stylistic/js/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
+      '@stylistic/space-before-function-paren': ['error', { anonymous: 'never', named: 'never', asyncArrow: 'always' }],
-      '@stylistic/js/space-in-parens': 'error',
+      '@stylistic/space-in-parens': 'error',
-      '@stylistic/js/space-infix-ops': 'error',
+      '@stylistic/space-infix-ops': 'error',
-      '@stylistic/js/space-unary-ops': 'error',
+      '@stylistic/space-unary-ops': 'error',
-      '@stylistic/js/spaced-comment': 'error',
+      '@stylistic/spaced-comment': 'error',
-      '@stylistic/js/switch-colon-spacing': 'error',
+      '@stylistic/switch-colon-spacing': 'error',
-      '@stylistic/js/template-curly-spacing': 'error',
+      '@stylistic/template-curly-spacing': 'error',
-      '@stylistic/js/template-tag-spacing': 'error',
+      '@stylistic/template-tag-spacing': 'error',
-      '@stylistic/js/wrap-regex': 'error',
+      '@stylistic/wrap-regex': 'error',
    },
  },
 ];
--- a/gog.js
+++ b/gog.js
@ -1,6 +1,6 @@
 import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
 import chalk from 'chalk';
-import { resolve, jsonDb, datetime, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
+import { resolve, jsonDb, datetime, filenamify, prompt, confirm, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'gog', ...a);
@ -32,6 +32,7 @@ if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
 const page = context.pages().length ? context.pages()[0] : await context.newPage(); // should always exist
 await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO workaround for https://github.com/vogler/free-games-claimer/issues/277 until Playwright fixes it
 // console.debug('userAgent:', await page.evaluate(() => navigator.userAgent));
 const notify_games = [];
 let user;
@ -41,10 +42,12 @@ try {
  await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' }); // default 'load' takes forever
  // page.click('#CybotCookiebotDialogBodyLevelButtonLevelOptinAllowAll').catch(_ => { }); // does not work reliably, solved by setting CookieConsent above
  const signIn = page.locator('a:has-text("Sign in")').first();
  await Promise.any([signIn.waitFor(), page.waitForSelector('#menuUsername')]);
  while (await signIn.isVisible()) {
    console.error('Not signed in anymore.');
    if (cfg.nowait) process.exit(1);
    await signIn.click();
    // it then creates an iframe for the login
    await page.waitForSelector('#GalaxyAccountsFrameContainer iframe'); // TODO needed?
@ -69,9 +72,12 @@ try {
        await iframe.locator('#second_step_authentication_send').click();
        await page.waitForTimeout(1000); // TODO still needed with wait for username below?
      }).catch(_ => { });
      // iframe.locator('iframe[title=reCAPTCHA]').waitFor().then(() => {
      // iframe.locator('.g-recaptcha').waitFor().then(() => {
      iframe.locator('text=Invalid captcha').waitFor().then(() => {
        console.error('Got a captcha during login (likely due to too many attempts)! You may solve it in the browser, get a new IP or try again in a few hours.');
        notify('gog: got captcha during login. Please check.');
        // TODO solve reCAPTCHA?
      }).catch(_ => { });
      await page.waitForSelector('#menuUsername');
    } else {
@ -101,6 +107,7 @@ try {
    console.log(`Current free game: ${chalk.blue(title)} - ${url}`);
    db.data[user][title] ||= { title, time: datetime(), url };
    if (cfg.dryrun) process.exit(1);
    if (cfg.interactive && !await confirm()) process.exit(0);
    // await page.locator('#giveaway:not(.is-loading)').waitFor(); // otherwise screenshot is sometimes with loading indicator instead of game title; #TODO fix, skipped due to timeout, see #240
    await banner.screenshot({ path: screenshot(`${filenamify(title)}.png`) }); // overwrites every time - only keep first?
--- a/jsconfig.json
+++ b/jsconfig.json
@ -3,7 +3,7 @@
    "checkJs": true,
    "target": "es2021",
    "module": "NodeNext",
-    "moduleResolution": "NodeNext", // https://github.com/typicode/lowdb/issues/554
+    "moduleResolution": "NodeNext" // https://github.com/typicode/lowdb/issues/554
  },
  "exclude": ["node_modules", "**/node_modules"]
 }
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@ -12,7 +12,7 @@
  "main": "index.js",
  "scripts": {
    "docker:build": "docker build . -t ghcr.io/vogler/free-games-claimer",
-    "docker": "cross-env-shell docker run --rm -it -p 5900:5900 -p 6080:6080 -v \\\"$INIT_CWD/data\\\":/fgc/data --name fgc ghcr.io/vogler/free-games-claimer",
+    "docker": "docker run --rm -it -p 6080:6080 -v fgc:/fgc/data --pull=always ghcr.io/vogler/free-games-claimer",
    "lint": "npx eslint ."
  },
  "type": "module",
@ -21,7 +21,6 @@
  },
  "dependencies": {
    "chalk": "^5.4.1",
    "cross-env": "^7.0.3",
    "dotenv": "^16.5.0",
    "enquirer": "^2.4.1",
    "fingerprint-injector": "^2.1.66",
@ -31,7 +30,7 @@
    "puppeteer-extra-plugin-stealth": "^2.11.2"
  },
  "devDependencies": {
-    "@stylistic/eslint-plugin-js": "^4.2.0",
+    "@stylistic/eslint-plugin": "^4.4.0",
-    "eslint": "^9.26.0"
+    "eslint": "^9.27.0"
  }
 }
--- a/prime-gaming.js
+++ b/prime-gaming.js
@ -7,7 +7,7 @@ import { cfg } from './src/config.js';
 const screenshot = (...a) => resolve(cfg.dir.screenshots, 'prime-gaming', ...a);
 // const URL_LOGIN = 'https://www.amazon.de/ap/signin'; // wrong. needs some session args to be valid?
-const URL_CLAIM = 'https://luna.amazon.com/claims/home';
+const URL_CLAIM = 'https://gaming.amazon.com/home';
 console.log(datetime(), 'started checking prime-gaming');
@ -37,63 +37,14 @@ await page.setViewportSize({ width: cfg.width, height: cfg.height }); // TODO wo
 const notify_games = [];
 let user;
 const handleMFA = async p => {
  const otpField = p.locator('#auth-mfa-otpcode, input[name=otpCode]');
  if (!await otpField.count()) return false;
  console.log('Two-Step Verification - enter the One Time Password (OTP), e.g. generated by your Authenticator App');
  await p.locator('#auth-mfa-remember-device, [name=rememberDevice]').check().catch(() => {});
  const otp = cfg.pg_otpkey && authenticator.generate(cfg.pg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
  await otpField.first().pressSequentially(otp.toString());
  await p.locator('input[type="submit"], button[type="submit"]').first().click();
  return true;
 };
 try {
  await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' }); // default 'load' takes forever
  const handleDirectLoginPage = async () => {
    if (!page.url().includes('/ap/signin')) return false;
    console.log('On Amazon login page (redirect). Trying to sign in automatically.');
    if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout);
    const email = cfg.pg_email || await prompt({ message: 'Enter email' });
    const password = email && (cfg.pg_password || await prompt({ type: 'password', message: 'Enter password' }));
    if (email && password) {
      await page.fill('[name=email]', email);
      await page.click('input[type="submit"]');
      await page.fill('[name=password]', password);
      await page.click('input[type="submit"]');
      await handleMFA(page).catch(() => {});
      page.waitForURL('**/ap/signin**').then(async () => { // check for wrong credentials
        const error = await page.locator('.a-alert-content').first().innerText();
        if (!error.trim.length) return;
        console.error('Login error:', error);
        await notify(`prime-gaming: login: ${error}`);
        await context.close(); // finishes potential recording
        process.exit(1);
      });
      await page.waitForURL(/luna\.amazon\.com\/claims\/.*signedIn=true/);
      if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
      return true;
    } else {
      console.log('Waiting for manual login on redirect page.');
      if (cfg.headless) {
        console.log('Run `SHOW=1 node prime-gaming` to login in the opened browser.');
        await context.close(); // finishes potential recording
        process.exit(1);
      }
      return true;
    }
  };
  await handleDirectLoginPage();
  // need to wait for some elements to exist before checking if signed in or accepting cookies:
-  await Promise.any([
+  await Promise.any(['button:has-text("Sign in")', '[data-a-target="user-dropdown-first-name-text"]'].map(s => page.waitForSelector(s)));
-    'button:has-text("Sign in")',
+  page.click('[aria-label="Cookies usage disclaimer banner"] button:has-text("Accept Cookies")').catch(_ => { }); // to not waste screen space when non-headless, TODO does not work reliably, need to wait for something else first?
-    'button:has-text("Anmelden")',
+  while (await page.locator('button:has-text("Sign in")').count() > 0) {
    '[data-a-target="user-dropdown-first-name-text"]',
    '[data-testid="user-dropdown-first-name-text"]',
  ].map(s => page.waitForSelector(s)));
  page.click('[aria-label="Cookies usage disclaimer banner"] button:has-text("Accept Cookies")').catch(() => { }); // to not waste screen space when non-headless, TODO does not work reliably, need to wait for something else first?
  while (await page.locator('button:has-text("Sign in"), button:has-text("Anmelden")').count() > 0) {
    console.error('Not signed in anymore.');
    if (cfg.nowait) process.exit(1);
    await page.click('button:has-text("Sign in")');
    if (!cfg.debug) context.setDefaultTimeout(cfg.login_timeout); // give user some extra time to log in
    console.info(`Login timeout is ${cfg.login_timeout / 1000} seconds!`);
@ -115,7 +66,14 @@ try {
        await context.close(); // finishes potential recording
        process.exit(1);
      });
-      handleMFA(page).catch(() => {});
+      // handle MFA, but don't await it
      page.waitForURL('**/ap/mfa**').then(async () => {
        console.log('Two-Step Verification - enter the One Time Password (OTP), e.g. generated by your Authenticator App');
        await page.check('[name=rememberDevice]');
        const otp = cfg.pg_otpkey && authenticator.generate(cfg.pg_otpkey) || await prompt({ type: 'text', message: 'Enter two-factor sign in code', validate: n => n.toString().length == 6 || 'The code must be 6 digits!' }); // can't use type: 'number' since it strips away leading zeros and codes sometimes have them
        await page.locator('input[name=otpCode]').pressSequentially(otp.toString());
        await page.click('input[type="submit"]');
      }).catch(_ => { });
    } else {
      console.log('Waiting for you to login in the browser.');
      await notify('prime-gaming: no longer signed in and not enough options set for automatic login.');
@ -128,7 +86,7 @@ try {
    await page.waitForURL('https://gaming.amazon.com/home?signedIn=true');
    if (!cfg.debug) context.setDefaultTimeout(cfg.timeout);
  }
-  user = await page.locator('[data-a-target="user-dropdown-first-name-text"], [data-testid="user-dropdown-first-name-text"]').first().innerText();
+  user = await page.locator('[data-a-target="user-dropdown-first-name-text"]').first().innerText();
  console.log(`Signed in as ${user}`);
  // await page.click('button[aria-label="User dropdown and more options"]');
  // const twitch = await page.locator('[data-a-target="TwitchDisplayName"]').first().innerText();
@ -162,127 +120,15 @@ try {
    await page.waitForTimeout(3000);
  });
-  const openGamesTab = async () => {
+  await page.click('button[data-type="Game"]');
-    const selectors = [
+  const games = page.locator('div[data-a-target="offer-list-FGWP_FULL"]');
-      'button[data-type="Game"]', // old layout
+  await games.waitFor();
-      'button:has-text("Games")',
+  // await scrollUntilStable(() => games.locator('.item-card__action').count()); // number of games
-      'button:has-text("Games einlösen")',
+  await scrollUntilStable(() => page.evaluate(() => document.querySelector('.tw-full-width').scrollHeight)); // height may change during loading while number of games is still the same?
-      '[data-test-selector="category-picker"] button:has-text("Games")',
+  console.log('Number of already claimed games (total):', await games.locator('p:has-text("Collected")').count());
-      '[data-testid="category-picker"] button:has-text("Games")',
+  // can't use .all() since the list of elements via locator will change after click while we iterate over it
-    ];
+  const internal = await games.locator('.item-card__action:has(button[data-a-target="FGWPOffer"])').elementHandles();
-    for (const sel of selectors) {
+  const external = await games.locator('.item-card__action:has(a[data-a-target="FGWPOffer"])').all();
      const btn = page.locator(sel).first();
      if (await btn.count()) {
        await btn.click();
        return;
      }
    }
    // New Luna claims home: try the filter/CTA button with embedded <p title="Games einlösen">
    const gamesTitle = page.locator('p.offer-filters__button__title:has-text("Games"), p.offer-filters__button__title:has-text("einlösen")');
    if (await gamesTitle.count()) {
      const btn = gamesTitle.first().locator('xpath=ancestor::button[1]');
      if (await btn.count()) {
        await btn.click();
        return;
      }
    }
    // New Luna claims home already shows games list
  };
  await openGamesTab();
  const locateGamesList = async () => {
    const selectors = [
      'div[data-a-target="offer-list-FGWP_FULL"]', // old layout
      '[data-testid="offer-list"]',
      '[data-test-selector="offer-list"]',
      'section:has(h2:has-text("Games with Prime"))',
      'section:has(h2:has-text("Games"))',
    ];
    for (const sel of selectors) {
      const loc = page.locator(sel).first();
      if (await loc.count()) return loc;
    }
    return null;
  };
  const games = await locateGamesList();
  // Load all cards (old and new layout) by scrolling the container or the page
  if (games) await scrollUntilStable(() => games.evaluate(el => el.scrollHeight).catch(() => 0));
  await scrollUntilStable(() => page.evaluate(() => globalThis.document?.scrollingElement?.scrollHeight ?? 0));
  const normalizeClaimUrl = url => {
    if (!url) return { url, key: null };
    const m = url.match(/(https?:\/\/[^/]+)?(\/claims\/[^?#]+)/);
    if (!m) return { url, key: url };
    const path = m[2];
    const slug = path.split('/')[2];
    return { url: 'https://luna.amazon.com' + path, key: slug || path };
  };
  const cards = [];
  // New layout: direct claim buttons on cards (FGWPOffer) with "Spiel aktivieren"/"Claim"
  const fgwps = page.locator('[data-a-target="FGWPOffer"]');
  if (await fgwps.count()) {
    for (const handle of await fgwps.elementHandles()) {
      const href = await handle.getAttribute('href');
      const { url, key } = normalizeClaimUrl(href?.startsWith('/') ? href : href || '');
      const title =
        await handle.$eval('p[title], span[title]', el => el.getAttribute('title')).catch(() => null) ||
        await handle.$eval('p, span', el => el.textContent).catch(() => null) ||
        key ||
        'Unknown title';
      cards.push({ kind: 'external', title, url, key });
    }
  }
  const anchorClaims = page.locator('a[href*="/claims/"][href*="amzn1.pg.item"]');
  if (await anchorClaims.count()) {
    const hrefs = [...new Set(await anchorClaims.evaluateAll(anchors => anchors.map(a => a.getAttribute('href')).filter(Boolean)))];
    for (const href of hrefs) {
      const { url, key } = normalizeClaimUrl(href);
      const title = key || await anchorClaims.first().innerText() || 'Unknown title';
      cards.push({ kind: 'external', title, url, key });
    }
  }
  if (!cards.length && games) {
    const cardLocator = games.locator([
      '[data-testid="offer-card"]',
      '[data-test-selector="offer-card"]',
      '.item-card__action',
    ].join(','));
    if (await cardLocator.count() === 0) {
      console.log('No games found in list.');
    } else {
      for (const handle of await cardLocator.elementHandles()) {
        const text = (await handle.textContent() || '').toLowerCase();
        if (text.includes('collected')) continue; // skip already claimed
        const title = await (await handle.$('h3, h4, [data-testid="item-card-title"], [data-test-selector="item-card-title"], .item-card-details__body__primary'))?.innerText() || 'Unknown title';
        const linkEl = await handle.$('a[href]');
        let url = linkEl && await linkEl.getAttribute('href');
        if (url?.startsWith('/')) url = 'https://luna.amazon.com' + url;
        const { url: normUrl, key } = normalizeClaimUrl(url);
        const hasLinkClaim = await handle.$('a:has-text("Claim"), a:has-text("Get"), a:has-text("Details")');
        const hasButtonClaim = await handle.$('button:has-text("Claim"), button:has-text("Get"), button:has-text("Get game"), button:has-text("Play")');
        const hasGermanCTA = await handle.$(':is(button,p,a):has-text("Spiel aktivieren"), :is(button,p,a):has-text("Spiel holen")');
        if (hasLinkClaim || hasGermanCTA) cards.push({ kind: 'external', title, url: normUrl, key });
        else if (hasButtonClaim) cards.push({ kind: 'internal', title, url: normUrl, key, handle });
      }
    }
  }
  // dedup by URL to avoid duplicates from multiple selectors
  const seenUrl = new Set();
  const uniq = cards.filter(c => {
    const key = c.key || c.url || c.title;
    if (seenUrl.has(key)) return false;
    seenUrl.add(key);
    return true;
  });
  const internal = uniq.filter(c => c.kind == 'internal');
  const external = uniq.filter(c => c.kind == 'external');
  // bottom to top: oldest to newest games
  internal.reverse();
  external.reverse();
@ -293,161 +139,61 @@ try {
      p = await context.newPage();
      await p.goto(url, { waitUntil: 'domcontentloaded' });
    }
-    return [p, isNew];
+    return { p, isNew };
  };
  const skipBasedOnTime = async url => {
    // console.log('  Checking time left for game:', url);
-    const [p, isNew] = await sameOrNewPage(url);
+    const { p, isNew } = await sameOrNewPage(url);
-    const dueDateLoc = p.locator('.availability-date .tw-bold, [data-testid="availability-end-date"], [data-test-selector="availability-end-date"]');
+    const dueDateOrg = await p.locator('.availability-date .tw-bold').innerText();
    if (!await dueDateLoc.count()) {
      if (isNew) await p.close();
      return false;
    }
    const dueDateOrg = await dueDateLoc.first().innerText();
    const dueDate = new Date(Date.parse(dueDateOrg + ' 17:00'));
    const daysLeft = (dueDate.getTime() - Date.now()) / 1000 / 60 / 60 / 24;
-    const availabilityText = await p.locator('.availability-date, [data-testid="availability-end-date"], [data-test-selector="availability-end-date"]').first().innerText().catch(() => dueDateOrg);
+    console.log(' ', await p.locator('.availability-date').innerText(), '->', daysLeft.toFixed(2));
    console.log(' ', availabilityText, '->', daysLeft.toFixed(2));
    if (isNew) await p.close();
    return daysLeft > cfg.pg_timeLeft;
  };
  console.log('\nNumber of free unclaimed games (Prime Gaming):', internal.length);
  // claim games in internal store
  for (const card of internal) {
-    await card.handle.scrollIntoViewIfNeeded();
+    await card.scrollIntoViewIfNeeded();
-    const title = card.title;
+    const title = await (await card.$('.item-card-details__body__primary')).innerText();
-    const url = card.url;
+    const slug = await (await card.$('a')).getAttribute('href');
    const url = 'https://gaming.amazon.com' + slug.split('?')[0];
    console.log('Current free game:', chalk.blue(title));
-    if (cfg.pg_timeLeft && url && await skipBasedOnTime(url)) continue;
+    if (cfg.pg_timeLeft && await skipBasedOnTime(url)) continue;
    if (cfg.dryrun) continue;
    if (cfg.interactive && !await confirm()) continue;
-    await card.handle.locator('.tw-button:has-text("Claim"), .tw-button:has-text("Get"), button:has-text("Claim"), button:has-text("Get")').first().click();
+    await (await card.$('.tw-button:has-text("Claim")')).click();
    db.data[user][title] ||= { title, time: datetime(), url, store: 'internal' };
    notify_games.push({ title, status: 'claimed', url });
-    await card.handle.screenshot({ path: screenshot('internal', `${filenamify(title)}.png`) });
+    // const img = await (await card.$('img.tw-image')).getAttribute('src');
    // console.log('Image:', img);
    await card.screenshot({ path: screenshot('internal', `${filenamify(title)}.png`) });
  }
  console.log('\nNumber of free unclaimed games (external stores):', external.length);
  // claim games in external/linked stores. Linked: origin.com, epicgames.com; Redeem-key: gog.com, legacygames.com, microsoft
  const external_info = [];
  for (const card of external) { // need to get data incl. URLs in this loop and then navigate in another, otherwise .all() would update after coming back and .elementHandles() like above would lead to error due to page navigation: elementHandle.$: Protocol error (Page.adoptNode)
-    const title = card.title;
+    const title = await card.locator('.item-card-details__body__primary').innerText();
-    const url = card.url ? card.url.split('?')[0] : undefined;
+    const slug = await card.locator('a:has-text("Claim")').first().getAttribute('href');
-    if (!url) continue;
+    const url = 'https://gaming.amazon.com' + slug.split('?')[0];
    // await (await card.$('text=Claim')).click(); // goes to URL of game, no need to wait
    external_info.push({ title, url });
  }
  // external_info = [ { title: 'Fallout 76 (XBOX)', url: 'https://gaming.amazon.com/fallout-76-xbox-fgwp/dp/amzn1.pg.item.9fe17d7b-b6c2-4f58-b494-cc4e79528d0b?ingress=amzn&ref_=SM_Fallout76XBOX_S01_FGWP_CRWN' } ];
  const clickCTA = async p => {
    const candidates = [
      p.locator('button[data-a-target="buy-box_call-to-action"]').first(),
      p.locator('[data-a-target="buy-box_call-to-action"]').first(),
      p.locator('[data-a-target="buy-box"] .tw-button:has-text("Get game")').first(),
      p.locator('[data-a-target="buy-box"] .tw-button:has-text("Claim")').first(),
      p.locator('.tw-button:has-text("Complete Claim")').first(),
      p.locator('[data-a-target="buy-box_call-to-action-text"]').first().locator('xpath=ancestor::button[1]'),
      p.locator('.tw-button:has-text("Spiel holen"), .tw-button:has-text("Spiel aktivieren")').first(),
      p.locator('p:has-text("Spiel holen"), p:has-text("Spiel aktivieren")').first().locator('xpath=ancestor::button[1]'),
    ];
    for (const c of candidates) {
      if (await c.count()) {
        try {
          await c.waitFor({ state: 'visible', timeout: 5000 });
          if (!await c.isEnabled()) {
            await c.evaluate(el => {
              el.disabled = false;
              el.removeAttribute('disabled');
              el.click();
            });
          } else {
            await c.click();
          }
          return true;
        } catch {
          // try next candidate
        }
      }
    }
    return false;
  };
  for (const { title, url } of external_info) {
    console.log('Current free game:', chalk.blue(title)); // , url);
    const existing = db.data[user]?.[title];
    if (existing && existing.status && !existing.status.startsWith('failed')) {
      console.log(`  Already recorded as ${existing.status}, skipping.`);
      notify_games.push({ title, url, status: 'existed' });
      continue;
    }
    await page.goto(url, { waitUntil: 'domcontentloaded' });
    await page.waitForSelector('[data-a-target="buy-box"]', { timeout: 10000 }).catch(() => {});
    if (cfg.debug) await page.pause();
-    let store = 'unknown';
+    const item_text = await page.innerText('[data-a-target="DescriptionItemDetails"]');
-    const detailLoc = page.locator('[data-a-target="DescriptionItemDetails"], [data-testid="DescriptionItemDetails"]');
+    const store = item_text.toLowerCase().replace(/.* on /, '').slice(0, -1);
    if (await detailLoc.count()) {
      const item_text = await detailLoc.first().innerText();
      const lower = item_text.toLowerCase();
      const onPos = lower.lastIndexOf(' on ');
      if (onPos >= 0) store = lower.slice(onPos + 4).replace(/[.!]$/, '');
    } else if (url.includes('/claims/')) {
      const slug = url.split('/claims/')[1]?.split('/')[0] || '';
      if (slug.includes('gog')) store = 'gog.com';
      else if (slug.includes('epic')) store = 'epic-games';
      else if (slug.includes('origin')) store = 'origin';
      else if (slug.includes('xbox') || slug.includes('microsoft')) store = 'microsoft store';
      else if (slug.includes('legacy')) store = 'legacy games';
      const lunaPlay = await page.locator('[data-a-target="LunaOffer"], button[data-a-target="LunaOffer"], button:has-text("Spielen")').count();
      if (store == 'unknown' && lunaPlay) store = 'luna';
    }
    console.log('  External store:', store);
    const notify_game = { title, url };
    notify_games.push(notify_game); // status is updated below
    // Already collected? skip
    const collectedLoc = page.locator('[data-a-target="ClaimStateQuantityAndDateContent"], [data-a-target="ClaimStateClaimCodeContent"]:has-text("Collected"), [data-a-target="ClaimStateVendorContent"], [data-a-target="ClaimStateViewDetailsAndInstructions"]');
    const collectedText = page.getByText(/You collected this on/i);
    const collectedEpic = page.getByText(/Sent to your Epic Games Store library/i);
    const collectedBanner = page.locator('p.tw-c-text-alert-success:has-text("Collected"), p.tw-c-text-alert-success:has-text("Collected this")');
    const collectedSuccessIcon = page.locator('[data-a-target="ItemCardDetailSuccessStatus"], .claim-state__success-icon');
    const disabledCTA = page.locator('[data-a-target="buy-box_call-to-action"][disabled], button[disabled]:has-text("Get game")');
    const collectedAny = await Promise.all([
      collectedLoc.count(),
      collectedBanner.count(),
      collectedText.count(),
      collectedEpic.count(),
      collectedSuccessIcon.count(),
      disabledCTA.count(),
    ]).then(([a, b, c, d, e, f]) => a + b + c + d + e + f > 0);
    if (collectedAny) {
      console.log('  Already collected, skipping.');
      notify_game.status = 'existed';
      db.data[user][title] ||= { title, time: datetime(), url, store, status: 'existed' };
      continue;
    }
    // Disabled CTA (e.g., needs linking or not available)
    if (await disabledCTA.count()) {
      if (store !== 'epic-games') {
        console.log('  CTA is disabled, skipping (likely needs linking/not available).');
        notify_game.status = 'disabled';
        db.data[user][title] ||= { title, time: datetime(), url, store, status: 'disabled' };
        continue;
      } else {
        console.log('  CTA disabled for epic-games, will still try to link/claim.');
      }
    }
    if (store == 'luna') {
      console.log('  Luna cloud title detected, skipping code redemption.');
      notify_game.status = 'luna (play)';
      db.data[user][title] ||= { title, time: datetime(), url, store: 'luna', status: 'luna (play)' };
      continue;
    }
    if (cfg.pg_timeLeft && await skipBasedOnTime(url)) continue;
    if (cfg.dryrun) continue;
    if (cfg.interactive && !await confirm()) continue;
-    await clickCTA(page);
+    await Promise.any([page.click('[data-a-target="buy-box"] .tw-button:has-text("Get game")'), page.click('[data-a-target="buy-box"] .tw-button:has-text("Claim")'), page.click('.tw-button:has-text("Complete Claim")'), page.waitForSelector('div:has-text("Link game account")'), page.waitForSelector('.thank-you-title:has-text("Success")')]); // waits for navigation
    await Promise.any([
      page.waitForSelector('.thank-you-title:has-text("Success")', { timeout: cfg.timeout }).catch(() => {}),
      page.waitForSelector('div:has-text("Link game account")', { timeout: cfg.timeout }).catch(() => {}),
    ]).catch(() => {});
    db.data[user][title] ||= { title, time: datetime(), url, store };
    const notify_game = { title, url };
    notify_games.push(notify_game); // status is updated below
    if (await page.locator('div:has-text("Link game account")').count() // TODO still needed? epic games store just has 'Link account' as the button text now.
       || await page.locator('div:has-text("Link account")').count()) {
      console.error('  Account linking is required to claim this offer!');
@ -469,21 +215,7 @@ try {
        'legacy games': 'https://www.legacygames.com/primedeal',
      };
      if (store in redeem) { // did not work for linked origin: && !await page.locator('div:has-text("Successfully Claimed")').count()
-        let code;
+        const code = await Promise.any([page.inputValue('input[type="text"]'), page.textContent('[data-a-target="ClaimStateClaimCodeContent"]').then(s => s.replace('Your code: ', ''))]); // input: Legacy Games; text: gog.com
        try {
          // ensure CTA was clicked in case code is behind it
          await clickCTA(page).catch(() => {});
          code = await Promise.any([
            page.inputValue('input[type="text"]'),
            page.textContent('[data-a-target="ClaimStateClaimCodeContent"]').then(s => s.replace('Your code: ', '')),
          ]);
        } catch {
          console.error('  Could not find claim code on page (timeout). Please check manually.');
          db.data[user][title].status = 'claimed (code not found)';
          notify_game.status = 'claimed (code not found)';
          await page.screenshot({ path: screenshot('external', `${filenamify(title)}_nocode.png`), fullPage: true }).catch(() => {});
          continue;
        }
        console.log('  Code to redeem game:', chalk.blue(code));
        if (store == 'legacy games') { // may be different URL like https://legacygames.com/primeday/puzzleoftheyear/
          redeem[store] = await (await page.$('li:has-text("Click here") a')).getAttribute('href'); // full text: Click here to enter your redemption code.
@ -616,10 +348,11 @@ try {
    // await page.pause();
  }
  await page.goto(URL_CLAIM, { waitUntil: 'domcontentloaded' });
-  page.click('button[data-type="Game"]').catch(() => {});
+  await page.click('button[data-type="Game"]');
-  if (notify_games.length && games) { // make screenshot of all games if something was claimed and list exists
+  if (notify_games.length) { // make screenshot of all games if something was claimed
    const p = screenshot(`${filenamify(datetime())}.png`);
    // await page.screenshot({ path: p, fullPage: true }); // fullPage does not make a difference since scroll not on body but on some element
    await scrollUntilStable(() => games.locator('.item-card__action').count());
    const viewportSize = page.viewportSize(); // current viewport size
    await page.setViewportSize({ ...viewportSize, height: 3000 }); // increase height, otherwise element screenshot is cut off at the top and bottom
@ -663,7 +396,7 @@ try {
        // most games have a button 'Get in-game content'
        // epic-games: Fall Guys: Claim -> Continue -> Go to Epic Games (despite account linked and logged into epic-games) -> not tied to account but via some cookie?
        await Promise.any([page.click('.tw-button:has-text("Get in-game content")'), page.click('.tw-button:has-text("Claim your gift")'), page.click('.tw-button:has-text("Claim")').then(() => page.click('button:has-text("Continue")'))]);
-        page.click('button:has-text("Continue")').catch(() => { });
+        page.click('button:has-text("Continue")').catch(_ => { });
        const linkAccountButton = page.locator('[data-a-target="LinkAccountButton"]');
        let unlinked_store;
        if (await linkAccountButton.count()) {
@ -680,7 +413,7 @@ try {
          dlc_unlinked[unlinked_store] ??= [];
          dlc_unlinked[unlinked_store].push(title);
        } else {
-          const code = await page.inputValue('input[type="text"]').catch(() => undefined);
+          const code = await page.inputValue('input[type="text"]').catch(_ => undefined);
          console.log('  Code to redeem game:', chalk.blue(code));
          db.data[user][title].code = code;
          db.data[user][title].status = 'claimed';
--- a/src/config.js
+++ b/src/config.js
@ -9,8 +9,9 @@ export const cfg = {
  debug_network: process.env.DEBUG_NETWORK == '1', // log network requests and responses
  record: process.env.RECORD == '1', // `recordHar` (network) + `recordVideo`
  time: process.env.TIME == '1', // log duration of each step
  interactive: process.env.INTERACTIVE == '1', // confirm to claim, enter to skip
  dryrun: process.env.DRYRUN == '1', // don't claim anything
-  interactive: process.env.INTERACTIVE == '1', // confirm to claim, default skip
+  nowait: process.env.NOWAIT == '1', // fail fast instead of waiting for user input
  show: process.env.SHOW == '1', // run non-headless
  get headless() {
    return !this.debug && !this.show;
--- a/src/migrate.js
+++ b/src/migrate.js
@ -1,4 +1,4 @@
-import { existsSync } from 'node:fs';
+import { existsSync } from 'fs';
 import { Low } from 'lowdb';
 import { JSONFile } from 'lowdb/node';
 import { datetime } from './util.js';
--- a/src/util.js
+++ b/src/util.js
@ -19,9 +19,7 @@ export const delay = ms => new Promise(resolve => setTimeout(resolve, ms));
 export const datetimeUTC = (d = new Date()) => d.toISOString().replace('T', ' ').replace('Z', '');
 // same as datetimeUTC() but for local timezone, e.g., UTC + 2h for the above in DE
 export const datetime = (d = new Date()) => datetimeUTC(new Date(d.getTime() - d.getTimezoneOffset() * 60000));
-export const filenamify = s => s
+export const filenamify = s => s.replaceAll(':', '.').replace(/[^a-z0-9 _\-.]/gi, '_'); // alternative: https://www.npmjs.com/package/filenamify - On Unix-like systems, / is reserved. On Windows, <>:"/\|?* along with trailing periods are reserved.
  .replaceAll(':', '.')
  .replaceAll(/[^a-z0-9 _\-.]/gi, '_'); // alternative: https://www.npmjs.com/package/filenamify - On Unix-like systems, / is reserved. On Windows, <>:"/\|?* along with trailing periods are reserved.
 export const handleSIGINT = (context = null) => process.on('SIGINT', async () => { // e.g. when killed by Ctrl-C
  console.error('\nInterrupted by SIGINT. Exit!'); // Exception shows where the script was:\n'); // killed before catch in docker...
@ -92,50 +90,42 @@ export const stealth = async context => {
 // alternative inquirer is big (node_modules 29MB, enquirer 9.7MB, prompts 9.8MB, none 9.4MB) and slower
 // open issue: prevents handleSIGINT() to work if prompt is cancelled with Ctrl-C instead of Escape: https://github.com/enquirer/enquirer/issues/372
 import Enquirer from 'enquirer'; const enquirer = new Enquirer();
-const timeoutHint = () => 'timeout';
+const timeoutPlugin = timeout => enquirer => { // cancel prompt after timeout ms
-const cancelPromptWithHint = prompt => {
+  enquirer.on('prompt', prompt => {
-  prompt.hint = timeoutHint;
+    const t = setTimeout(() => {
      prompt.hint = () => 'timeout';
      prompt.cancel();
    }, timeout);
    prompt.on('submit', _ => clearTimeout(t));
    prompt.on('cancel', _ => clearTimeout(t));
  });
 };
-const applyPromptTimeout = (prompt, timeout) => {
+enquirer.use(timeoutPlugin(cfg.login_timeout)); // TODO may not want to have this timeout for all prompts; better extend Prompt and add a timeout prompt option
  if (!timeout) return;
  const timer = setTimeout(cancelPromptWithHint, timeout, prompt);
  const clearTimer = () => clearTimeout(timer);
  prompt.on('submit', clearTimer);
  prompt.on('cancel', clearTimer);
 };
 // cancel prompt after timeout ms; can be disabled per prompt via options.timeout = 0
 const timeoutPlugin = defaultTimeout => enquirerInstance => {
  const onPrompt = prompt => applyPromptTimeout(prompt, prompt.options?.timeout ?? defaultTimeout);
  enquirerInstance.on('prompt', onPrompt);
 };
 enquirer.use(timeoutPlugin(cfg.login_timeout));
 // single prompt that just returns the non-empty value instead of an object
 // @ts-ignore
-export const prompt = o => enquirer.prompt({ name: 'name', type: 'input', message: 'Enter value', ...o }).then(r => r.name).catch(() => {});
+export const prompt = o => enquirer.prompt({ name: 'name', type: 'input', message: 'Enter value', ...o }).then(r => r.name).catch(_ => {});
 export const confirm = o => prompt({ type: 'confirm', message: 'Continue?', ...o });
 // notifications via apprise CLI
-import { execFile } from 'node:child_process';
+import { execFile } from 'child_process';
 import { cfg } from './config.js';
-export const notify = html => new Promise(resolve => {
+export const notify = html => new Promise((resolve, reject) => {
  if (!cfg.notify) {
    if (cfg.debug) console.debug('notify: NOTIFY is not set!');
    return resolve();
  }
-  const appriseBin = process.env.APPRISE_BIN || '/usr/local/bin/apprise';
+  // const cmd = `apprise '${cfg.notify}' ${title} -i html -b '${html}'`; // this had problems if e.g. ' was used in arg; could have `npm i shell-escape`, but instead using safer execFile which takes args as array instead of exec which spawned a shell to execute the command
  const args = [cfg.notify, '-i', 'html', '-b', `'${html}'`];
-  if (cfg.notify_title) args.push('-t', cfg.notify_title);
+  if (cfg.notify_title) args.push(...['-t', cfg.notify_title]);
-  if (cfg.debug) console.debug(`${appriseBin} ${args.join(' ')}`); // this also doesn't escape, but it's just for info
+  if (cfg.debug) console.debug(`apprise ${args.map(a => `'${a}'`).join(' ')}`); // this also doesn't escape, but it's just for info
-  execFile(appriseBin, args, (error, stdout, stderr) => {
+  execFile('apprise', args, (error, stdout, stderr) => {
    if (error) {
      console.log(`error: ${error.message}`);
      if (error.message.includes('command not found')) {
        console.info('Run `pip install apprise`. See https://github.com/vogler/free-games-claimer#notifications');
      }
-      // don't fail the whole run on notification errors
+      return reject(error);
      return resolve();
    }
    if (stderr) console.error(`stderr: ${stderr}`);
    if (stdout) console.log(`stdout: ${stdout}`);
--- a/src/version.js
+++ b/src/version.js
@ -1,14 +1,15 @@
-import { log } from 'node:console';
+// check if running the latest version
 import { execFile } from 'node:child_process';
-const gitBin = process.env.GIT_BIN || '/usr/bin/git';
+import { log } from 'console';
 import { exec } from 'child_process';
-const runGit = (...args) => new Promise((resolve, reject) => {
+const execp = cmd => new Promise((resolve, reject) => {
-  execFile(gitBin, args, { cwd: process.cwd() }, (error, stdout, stderr) => {
+  exec(cmd, (error, stdout, stderr) => {
    if (stderr) console.error(`stderr: ${stderr}`);
    // if (stdout) console.log(`stdout: ${stdout}`);
    if (error) {
      console.log(`error: ${error.message}`);
-      if (error.code === 'ENOENT' || error.message.includes('command not found')) {
+      if (error.message.includes('command not found')) {
        console.info('Install git to check for updates!');
      }
      return reject(error);
@ -17,7 +18,10 @@ const runGit = (...args) => new Promise((resolve, reject) => {
  });
 });
 // const git_main = () => readFileSync('.git/refs/heads/main').toString().trim();
 let sha, date;
 // if (existsSync('/.dockerenv')) { // did not work
 if (process.env.NOVNC_PORT) {
  log('Running inside Docker.');
  ['COMMIT', 'BRANCH', 'NOW'].forEach(v => log(`  ${v}:`, process.env[v]));
@ -25,15 +29,24 @@ if (process.env.NOVNC_PORT) {
  date = process.env.NOW;
 } else {
  log('Not running inside Docker.');
-  sha = await runGit('rev-parse', 'HEAD');
+  sha = await execp('git rev-parse HEAD');
-  date = await runGit('show', '-s', '--format=%cD'); // same as format as `date -R` (RFC2822)
+  date = await execp('git show -s --format=%cD'); // same as format as `date -R` (RFC2822)
  // date = await execp('git show -s --format=%ch'); // %ch is same as --date=human (short/relative)
 }
-const gh = await (await fetch('https://api.github.com/repos/vogler/free-games-claimer/commits/main')).json();
+const gh = await (await fetch('https://api.github.com/repos/vogler/free-games-claimer/commits/main', {
  // headers: { accept: 'application/vnd.github.VERSION.sha' }
 })).json();
 // log(gh);
 log('Local commit:', sha, new Date(date));
 log('Online commit:', gh.sha, new Date(gh.commit.committer.date));
 // git describe --all --long --dirty
 // --> heads/main-0-gdee47d2-dirty
 // git describe --tags --long --dirty
 // --> v1.7-35-gdee47d2-dirty
 if (sha == gh.sha) {
  log('Running the latest version!');
 } else {
--- a/steam-games.js
+++ b/steam-games.js
@ -18,6 +18,7 @@ const { fingerprint, headers } = new FingerprintGenerator().getFingerprint({
 const context = await firefox.launchPersistentContext(cfg.dir.browser, {
  headless: cfg.headless,
  // viewport: { width: cfg.width, height: cfg.height },
  locale: 'en-US', // ignore OS locale to be sure to have english text for locators -> done via /en in URL
  userAgent: fingerprint.navigator.userAgent,
  viewport: {
@ -28,6 +29,7 @@ const context = await firefox.launchPersistentContext(cfg.dir.browser, {
    'accept-language': headers['accept-language'],
  },
 });
 // await stealth(context);
 await new FingerprintInjector().attachFingerprintToPlaywright(context, { fingerprint, headers });
 context.setDefaultTimeout(cfg.debug ? 0 : cfg.timeout);
@ -59,6 +61,7 @@ try {
    db.data[title] = stat;
  }
  // await page.pause();
 } catch (error) {
  process.exitCode ||= 1;
  console.error('--- Exception:');
--- a/test/notify.js
+++ b/test/notify.js
@ -6,19 +6,18 @@ const URL_CLAIM = 'https://gaming.amazon.com/home'; // dummy URL
 console.debug('NOTIFY:', cfg.notify);
-const scenarios = [
+if (true) {
-  {
+  const notify_games = [
-    enabled: process.env.TEST_NOTIFY_EPIC === '1',
+    // { title: 'Kerbal Space Program', status: 'claimed', url: URL_CLAIM },
-    title: 'epic-games',
+    // { title: "Shadow Tactics - Aiko's Choice", status: 'claimed', url: URL_CLAIM },
    games: [
    { title: 'Epistory - Typing Chronicles', status: 'claimed', url: URL_CLAIM },
-    ],
+  ];
-  },
+  await notify(`epic-games:<br>${html_game_list(notify_games)}`);
-  {
+}
-    enabled: process.env.TEST_NOTIFY_PG === '1',
+
-    delayMs: 1000,
+if (false) {
-    title: 'prime-gaming',
+  await delay(1000);
-    games: [
+  const notify_games = [
    { title: 'Faraway 2: Jungle Escape', status: 'claimed', url: URL_CLAIM },
    { title: 'Chicken Police - Paint it RED!', status: 'claimed', url: URL_CLAIM },
    { title: 'Lawn Mowing Simulator', status: 'claimed', url: URL_CLAIM },
@ -26,18 +25,14 @@ const scenarios = [
    { title: 'The Evil Within 2', status: `<a href="${URL_CLAIM}">redeem</a> H97S6FB38FA6D09DEA on gog.com`, url: URL_CLAIM },
    { title: 'Beat Cop', status: `<a href="${URL_CLAIM}">redeem</a> BMKM8558EC55F7B38F on gog.com`, url: URL_CLAIM },
    { title: 'Dishonored 2', status: `<a href="${URL_CLAIM}">redeem</a> NNEK0987AB20DFBF8F on gog.com`, url: URL_CLAIM },
-    ],
+  ];
-  },
+  notify(`prime-gaming:<br>${html_game_list(notify_games)}`);
-  {
+}
-    enabled: process.env.TEST_NOTIFY_GOG === '1',
+
-    delayMs: 1000,
+if (false) {
-    title: 'gog',
+  await delay(1000);
-    games: [{ title: 'Haven Park', status: 'claimed', url: URL_CLAIM }],
+  const notify_games = [
-  },
+    { title: 'Haven Park', status: 'claimed', url: URL_CLAIM },
-];
+  ];
-
+  notify(`gog:<br>${html_game_list(notify_games)}`);
 for (const scenario of scenarios) {
  if (!scenario.enabled) continue;
  if (scenario.delayMs) await delay(scenario.delayMs);
  await notify(`${scenario.title}:<br>${html_game_list(scenario.games)}`);
 }
--- a/unrealengine.js
+++ b/unrealengine.js
@ -3,8 +3,8 @@
 import { firefox } from 'playwright-firefox'; // stealth plugin needs no outdated playwright-extra
 import { authenticator } from 'otplib';
-import path from 'node:path';
+import path from 'path';
-import { writeFileSync } from 'node:fs';
+import { writeFileSync } from 'fs';
 import { resolve, jsonDb, datetime, stealth, filenamify, prompt, notify, html_game_list, handleSIGINT } from './src/util.js';
 import { cfg } from './src/config.js';
Author	SHA1	Message	Date
Ralf Vogler	fdbd71ef0d	docker: user fgc instead of root, fixes #468 , how to deal with existing volumes?	2025-05-25 22:13:55 +02:00
Ralf Vogler	a2e1ef60e6	fix `656f746626`: yaml quotes...	2025-05-25 22:11:32 +02:00
Ralf Vogler	90cdf04b8a	docker: comment on ARG -> ENV	2025-05-25 20:38:19 +02:00
Ralf Vogler	3e3baa0d3e	docker healthcheck: check that noVNC is reachable (and node running)	2025-05-25 20:02:26 +02:00
Ralf Vogler	3329d597b9	add healthcheck (just checks for node) to Dockerfile and docker-compose.yml	2025-05-25 19:37:00 +02:00
Ralf Vogler	656f746626	only run js/sonarqube for changes to .js, .ts, package.json	2025-05-25 17:13:30 +02:00
Ralf Vogler	68d6122e8c	fix `b4dcd0b`: $@ needed to run command... https://github.com/vogler/free-games-claimer/actions/runs/15238732349/job/42856083012	2025-05-25 17:01:46 +02:00
Ralf Vogler	82d39d30b6	NOWAIT=1 to fail fast instead of waiting for user input hitting ctrl-c 3x to abort is annoying...	2025-05-25 16:40:09 +02:00
Ralf Vogler	9285b52017	respect INTERACTIVE=1 in gog and eg, not just pg	2025-05-25 16:38:56 +02:00
Ralf Vogler	f7a584c415	fix SonarQube Scan version https://github.com/marketplace/actions/official-sonarqube-scan	2025-05-25 16:19:33 +02:00
Ralf Vogler	3b321a28d6	js.yml forgot one npx -> bunx	2025-05-25 16:16:17 +02:00
Ralf Vogler	b4dcd0b8af	fix actionlint/shellcheck: $@ -> $* https://www.shellcheck.net/wiki/SC2145	2025-05-25 16:12:03 +02:00
Ralf Vogler	33227081f6	fix js.yml https://github.com/vogler/free-games-claimer/actions/runs/15238258120/job/42855019873	2025-05-25 15:27:32 +02:00
Ralf Vogler	25078694cd	upgrade deprecated sonarcloud-github-action -> sonarqube-scan-action SonarScanner This action is deprecated and will be removed in a future release. Please use the sonarqube-scan-action action instead. The sonarqube-scan-action is a drop-in replacement for this action.	2025-05-25 15:24:46 +02:00
Ralf Vogler	4288bf1d39	same triggers (push, PRs) for js, mega-linter, sonar	2025-05-25 15:14:14 +02:00
Ralf Vogler	0158bd64a6	use emd/cmd for js.yml	2025-05-25 15:05:04 +02:00
Ralf Vogler	f06bcccce0	echo -e for \n	2025-05-25 12:03:03 +02:00
Ralf Vogler	713600d4e0	grep size for image from df output	2025-05-25 11:59:04 +02:00
Ralf Vogler	590a78f7df	can't remove buildkit images?	2025-05-25 11:41:27 +02:00
Ralf Vogler	b8fbc0a95d	docker image rm buildkit stuff?	2025-05-25 11:35:44 +02:00
Ralf Vogler	07a2c81f05	uncompressed docker size with buildx	2025-05-25 11:23:32 +02:00
Ralf Vogler	3065ad1c5e	.dockerignore = strict superset of .gitignore, not DRY, but ok...	2025-05-25 11:09:10 +02:00
Ralf Vogler	6f3dbdbe14	need other commands to get sizes for docker buildx?	2025-05-25 02:00:41 +02:00
Ralf Vogler	d508675d0b	log (un)compressed docker image size = shared + unique	2025-05-25 01:41:07 +02:00
Ralf Vogler	d2e8f000b5	rm cross-env for `npm run docker` since it wasn't working right - readme as single source of truth for `docker run` cmd	2025-05-25 01:10:16 +02:00
Ralf Vogler	d05837b6b8	rm @microsoft/eslint-formatter-sarif (uses its own old eslint) and wget sarif.js	2025-05-25 00:34:10 +02:00
Ralf Vogler	a110b237d5	bun install almost twice as fast	2025-05-25 00:14:49 +02:00
Ralf Vogler	3d2df7654c	switch ci from npm to bun https://bun.sh/guides/runtime/cicd	2025-05-25 00:12:54 +02:00
Ralf Vogler	ef94943ee8	nicer md for job summary	2025-05-25 00:08:28 +02:00
Ralf Vogler	2380d24e60	howfat tables don't work as md	2025-05-25 00:06:02 +02:00
Ralf Vogler	305effe7f1	dep size in job summary?	2025-05-24 23:56:46 +02:00
Ralf Vogler	fee46d38e0	ci/js: check size of dependencies https://stackoverflow.com/questions/40642008/how-do-i-view-the-size-of-npm-packages	2025-05-24 23:40:48 +02:00
Ralf Vogler	c0abc6ee45	run eslint with sarif and then normally?	2025-05-24 23:23:37 +02:00
Ralf Vogler	603224c13e	eslint.yml -> js.yml	2025-05-24 23:12:02 +02:00
Ralf Vogler	8ba46c52ec	eslint with sarif upload example from https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#example-workflow-that-runs-the-eslint-analysis-tool	2025-05-24 23:11:19 +02:00
Ralf Vogler	a242b2d5c4	ncu -u; migrate @stylistic/eslint-plugin{-js,} https://eslint.style/guide/migration	2025-05-24 22:47:08 +02:00
Ralf Vogler	02005b6fee	skip docker push for PRs	2025-05-24 22:40:22 +02:00
Ralf Vogler	c5f061c7d5	Merge pull request #476 from vogler/mega-linter	2025-05-24 22:36:32 +02:00
vogler	5f1458413d	[MegaLinter] Apply linters fixes	2025-05-24 20:25:18 +00:00
Ralf Vogler	a7b882f3a1	added PAT for megalinter with workflows permission https://github.com/orgs/community/discussions/35410	2025-05-24 22:22:36 +02:00
Ralf Vogler	e7a00d7d18	megalinter apparently can't push commit fixing workflows without a sep. PAT See https://github.com/orgs/community/discussions/26711	2025-05-24 21:51:53 +02:00
Ralf Vogler	b4123e5e1d	remove super-linter in favor of mega-linter	2025-05-24 21:21:23 +02:00
Ralf Vogler	9fa9325566	megalinter: job summary from markdown file	2025-05-24 21:03:23 +02:00
Ralf Vogler	1ed84a0a60	megalinter: upload-sarif category	2025-05-24 20:51:50 +02:00
Ralf Vogler	6309fc5a37	megalinter: upload-sarif needs more permissons? https://github.com/github/codeql-action/issues/1806	2025-05-24 19:55:10 +02:00
Ralf Vogler	056494c9dc	megalinter customize config; local run ~7min... ```console $ npx mega-linter-runner -r v8 -f cupcake +----SUMMARY----+--------------------------+---------------+-------+-------+--------+----------+--------------+ \| Descriptor \| Linter \| Mode \| Files \| Fixed \| Errors \| Warnings \| Elapsed time \| +---------------+--------------------------+---------------+-------+-------+--------+----------+--------------+ \| ✅ ACTION \| actionlint \| list_of_files \| 4 \| \| 0 \| 0 \| 3.25s \| \| ✅ BASH \| bash-exec \| file \| 1 \| \| 0 \| 0 \| 2.77s \| \| ✅ BASH \| shellcheck \| list_of_files \| 1 \| \| 0 \| 0 \| 1.16s \| \| ✅ BASH \| shfmt \| list_of_files \| 1 \| 0 \| 0 \| 0 \| 0.6s \| \| ⚠️ COPYPASTE \| jscpd \| project \| n/a \| \| 8 \| 0 \| 24.82s \| \| ⚠️ DOCKERFILE \| hadolint \| list_of_files \| 1 \| \| 4 \| 0 \| 6.74s \| \| ⚠️ JAVASCRIPT \| eslint \| list_of_files \| 15 \| 0 \| 1 \| 0 \| 11.04s \| \| ✅ JSON \| jsonlint \| list_of_files \| 7 \| \| 0 \| 0 \| 4.76s \| \| ✅ JSON \| npm-package-json-lint \| project \| n/a \| \| 0 \| 0 \| 3.26s \| \| ✅ JSON \| prettier \| list_of_files \| 7 \| 0 \| 0 \| 0 \| 5.08s \| \| ✅ JSON \| v8r \| list_of_files \| 7 \| \| 0 \| 0 \| 47.96s \| \| ✅ MARKDOWN \| markdownlint \| list_of_files \| 2 \| 0 \| 0 \| 0 \| 12.16s \| \| ✅ MARKDOWN \| markdown-table-formatter \| list_of_files \| 2 \| 0 \| 0 \| 0 \| 4.15s \| \| ⚠️ REPOSITORY \| checkov \| project \| n/a \| \| 3 \| 0 \| 112.11s \| \| ✅ REPOSITORY \| gitleaks \| project \| n/a \| \| 0 \| 0 \| 3.09s \| \| ✅ REPOSITORY \| git_diff \| project \| n/a \| \| 0 \| 0 \| 1.22s \| \| ✅ REPOSITORY \| grype \| project \| n/a \| \| 0 \| 0 \| 159.7s \| \| ⚠️ REPOSITORY \| kics \| project \| n/a \| \| 24 \| 0 \| 14.82s \| \| ✅ REPOSITORY \| secretlint \| project \| n/a \| \| 0 \| 0 \| 7.24s \| \| ✅ REPOSITORY \| syft \| project \| n/a \| \| 0 \| 0 \| 7.83s \| \| ⚠️ REPOSITORY \| trivy \| project \| n/a \| \| 2 \| 0 \| 28.16s \| \| ✅ REPOSITORY \| trufflehog \| project \| n/a \| \| 0 \| 0 \| 26.51s \| \| ⚠️ SPELL \| cspell \| list_of_files \| 40 \| \| 224 \| 0 \| 82.25s \| \| ⚠️ SPELL \| lychee \| list_of_files \| 17 \| \| 9 \| 0 \| 10.28s \| \| ✅ YAML \| prettier \| list_of_files \| 8 \| 1 \| 0 \| 0 \| 9.12s \| \| ✅ YAML \| v8r \| list_of_files \| 8 \| \| 0 \| 0 \| 39.07s \| \| ✅ YAML \| yamllint \| list_of_files \| 8 \| \| 0 \| 0 \| 5.39s \| +---------------+--------------------------+---------------+-------+-------+--------+----------+--------------+ ```	2025-05-24 19:41:33 +02:00
Ralf Vogler	76af81de56	megalinter reports also in json and md instead of just log	2025-05-24 16:02:36 +02:00
Ralf Vogler	a65a0b80a6	disable markdownlint line-length	2025-05-24 15:50:25 +02:00
Ralf Vogler	a040108e92	megalinter "''" needed for lists in env var	2025-05-24 15:50:08 +02:00
Ralf Vogler	af406b3b50	megalinter yaml: fix wrong auto-fix	2025-05-24 15:39:59 +02:00
Ralf Vogler	ec3db19fb5	megalinter yaml (funny that this complains about their own generated config...)	2025-05-24 15:38:27 +02:00
Ralf Vogler	6bd742351f	megalinter markdown	2025-05-24 15:34:00 +02:00
Ralf Vogler	0c5387729d	markdown config	2025-05-24 15:33:41 +02:00
Ralf Vogler	0495486cde	comment how to run locally	2025-05-24 15:33:19 +02:00
Ralf Vogler	91fe3aee80	run for PRs against main or dev	2025-05-24 15:33:05 +02:00
Ralf Vogler	847c921bca	use megalinter cupcake flavor (88 vs 127 linter, 5 vs 10GB image)	2025-05-24 15:32:45 +02:00
Ralf Vogler	5a9cc0cb3a	npx mega-linter-runner --install # all defaults	2025-05-23 00:54:32 +02:00
Ralf Vogler	0b27cf0a44	lint.yml -> super-linter.yml	2025-05-23 00:54:04 +02:00
Ralf Vogler	0b586c5d0c	docker: rm old labels	2025-05-23 00:52:22 +02:00
Ralf Vogler	98b001c204	docker: comment out all labels since they're added?	2025-05-23 00:04:20 +02:00
Ralf Vogler	5d48716ef1	docker: GitHub doesn't show labels due to multi-arch image -> add annotation level index	2025-05-22 23:52:23 +02:00
Ralf Vogler	ada40d05ec	docker: use metadata-action for tags and labels https://github.com/docker/metadata-action Packages on GitHub lack description since labels from Dockerfile are not used: https://github.com/vogler/free-games-claimer/pkgs/container/free-games-claimer/421753259	2025-05-22 23:26:11 +02:00
Ralf Vogler	2bd12a986e	pg: fix eslint no-async-promise-executor	2025-05-22 22:40:08 +02:00
Ralf Vogler	0e00cfd7fb	dependabot: ignore eslint and group devDependencies into one PR	2025-05-22 22:33:42 +02:00
Ralf Vogler	78621f38a4	Contributing: how to create a pull request	2025-05-22 16:53:22 +02:00
Ralf Vogler	6d9a3ad140	fix eslint errors	2025-05-22 16:48:32 +02:00
Ralf Vogler	1dbbfaf3ad	lint: fix most super-linter errors	2025-05-16 02:07:40 +02:00