**feat(compose):** add separate deploy and dev Docker Compose files

- Introduced `compose.yml` for deployment, pulling the image from the registry
- Added `compose.dev.yml` for local development, building the image from source
- Updated `README.md` and `.claude/CLAUDE.md` with instructions for both configurations
- Introduced `DB_PATH` environment variable to customize SQLite database file location
- Updated `main.go` to use `DB_PATH` with a default fallback (`./diun.db`)

.claude/CLAUDE.md

@@ -17,9 +17,12 @@ go run ./cmd/diunwebhook/
 # Build Docker image
 docker build -t diun-webhook-dashboard .
 
-# Run with Docker Compose
+# Run with Docker Compose (deploy — pulls from registry)
 docker compose up -d
 
+# Run with Docker Compose (dev — builds locally)
+docker compose -f compose.dev.yml up -d
+
 # Frontend (from frontend/ directory)
 bun install          # install deps
 bun run dev          # dev server on :5173 (proxies /api and /webhook to :8080)
@@ -56,6 +59,7 @@ The app is a Go HTTP server that receives [DIUN](https://crazymax.dev/diun/) web
 
 **Environment variables:**
 - `PORT` — listen port (default `8080`)
+- `DB_PATH` — path to SQLite database file (default `./diun.db`); set to e.g. `/data/diun.db` in Docker to use a separate mountable directory
 - `WEBHOOK_SECRET` — when set, every `POST /webhook` must include a matching `Authorization` header; when unset, the webhook is open (a warning is logged at startup)
 
 **Key data flow:**

README.md

@@ -28,12 +28,20 @@ docker run --rm -p 8080:8080 diun-webhook-dashboard
 # open http://localhost:8080
 ```
 
-### Docker Compose
+### Docker Compose (deploy)
 ```bash
+# Pulls from Gitea registry, persists DB to a named volume
 docker compose up -d
 # open http://localhost:8080
 ```
 
+### Docker Compose (dev)
+```bash
+# Builds the image locally from source
+docker compose -f compose.dev.yml up -d
+# open http://localhost:8080
+```
+
 ## Webhook authentication
 
 Set `WEBHOOK_SECRET` to protect the webhook endpoint with token authentication. When set, every `POST /webhook` must include a matching `Authorization` header. When unset, the webhook is open (a warning is logged at startup).
@@ -44,6 +52,9 @@ WEBHOOK_SECRET=your-secret-token-here go run ./cmd/diunwebhook/
 
 # Or via Docker Compose (.env file or inline)
 WEBHOOK_SECRET=your-secret-token-here docker compose up -d
+
+# Custom database path (useful for Docker volume mounts)
+DB_PATH=/data/diun.db go run ./cmd/diunwebhook/
 ```
 
 ## DIUN configuration example
@@ -93,7 +104,8 @@ pkg/diunwebhook/       — core library (handlers, DB, models)
 frontend/              — React SPA (Bun + Vite + React 19 + Tailwind + shadcn/ui)
 .gitea/workflows/      — CI/CD workflows (Gitea Actions)
 Dockerfile             — 3-stage multi-stage build
-docker-compose.yml     — single-service compose file
+compose.yml            — deploy compose (pulls from Gitea registry)
+compose.dev.yml        — dev compose (builds locally)
 ```
 
 ## Development
@@ -127,7 +139,7 @@ Aim for 80-90% coverage. Coverage below 80% will emit a warning in CI but will n
 
 ## Production notes
 - Behind a reverse proxy, ensure the app is reachable at `/webhook` from DIUN.
-- Data is persisted to `diun.db` in the working directory. Mount a volume to preserve data across container recreations.
+- Data is persisted to `diun.db` in the working directory by default. Set `DB_PATH` to change the location (e.g. `DB_PATH=/data/diun.db`). The deploy compose file uses a named volume at `/data`.
 - Set `WEBHOOK_SECRET` to protect the webhook endpoint if exposed publicly.
 
 ## License

cmd/diunwebhook/main.go

@@ -14,7 +14,11 @@ import (
 )
 
 func main() {
-	if err := diun.InitDB("./diun.db"); err != nil {
+	dbPath := os.Getenv("DB_PATH")
+	if dbPath == "" {
+		dbPath = "./diun.db"
+	}
+	if err := diun.InitDB(dbPath); err != nil {
 		log.Fatalf("InitDB: %v", err)
 	}
 

compose.dev.yml

@@ -1,4 +1,3 @@
-version: "3.9"
 services:
   app:
     build: .

compose.yml

@@ -0,0 +1,15 @@
+services:
+  app:
+    image: gitea.jeanlucmakiola.de/makiolaj/diundashboard:latest
+    ports:
+      - "8080:8080"
+    environment:
+      - WEBHOOK_SECRET=${WEBHOOK_SECRET:-}
+      - PORT=${PORT:-8080}
+      - DB_PATH=/data/diun.db
+    volumes:
+      - diun-data:/data
+    restart: unless-stopped
+
+volumes:
+  diun-data: