**chore(docs):** add .gitignore for docs and introduce bun.lock file
All checks were successful
CI / build-test (push) Successful in 1m2s
All checks were successful
CI / build-test (push) Successful in 1m2s
- Add `.gitignore` to exclude `node_modules/`, `.vitepress/cache/`, and `.vitepress/dist/` directories - Include `bun.lock` for dependency management with Bun
This commit is contained in:
129
README.md
129
README.md
@@ -8,57 +8,64 @@ A Go web app that receives [DIUN](https://crazymax.dev/diun/) webhook events and
|
||||
- Persistent storage via SQLite (`diun.db`)
|
||||
- Tag/group system to organize images
|
||||
- Dismiss (acknowledge) updates you've reviewed
|
||||
- Optional webhook authentication via `WEBHOOK_SECRET`
|
||||
|
||||
## Quick start
|
||||
## Quick Start
|
||||
|
||||
### Run locally (Go 1.26+)
|
||||
```bash
|
||||
# Build the frontend first
|
||||
cd frontend && bun install && bun run build && cd ..
|
||||
### Docker Compose (recommended)
|
||||
|
||||
# Start the server
|
||||
go run ./cmd/diunwebhook/
|
||||
# open http://localhost:8080
|
||||
```
|
||||
|
||||
### Docker
|
||||
```bash
|
||||
docker build -t diun-webhook-dashboard .
|
||||
docker run --rm -p 8080:8080 diun-webhook-dashboard
|
||||
# open http://localhost:8080
|
||||
```
|
||||
|
||||
### Docker Compose (deploy)
|
||||
```bash
|
||||
# Pulls from Gitea registry, persists DB to a named volume
|
||||
docker compose up -d
|
||||
# open http://localhost:8080
|
||||
```
|
||||
|
||||
### Docker Compose (dev)
|
||||
### Standalone Docker
|
||||
|
||||
```bash
|
||||
# Builds the image locally from source
|
||||
docker compose -f compose.dev.yml up -d
|
||||
# open http://localhost:8080
|
||||
docker build -t diun-webhook-dashboard .
|
||||
docker run --rm -p 8080:8080 -v diun-data:/data \
|
||||
-e DB_PATH=/data/diun.db \
|
||||
diun-webhook-dashboard
|
||||
```
|
||||
|
||||
## Webhook authentication
|
||||
|
||||
Set `WEBHOOK_SECRET` to protect the webhook endpoint with token authentication. When set, every `POST /webhook` must include a matching `Authorization` header. When unset, the webhook is open (a warning is logged at startup).
|
||||
### From Source
|
||||
|
||||
```bash
|
||||
# Run with authentication
|
||||
WEBHOOK_SECRET=your-secret-token-here go run ./cmd/diunwebhook/
|
||||
cd frontend && bun install && bun run build && cd ..
|
||||
go run ./cmd/diunwebhook/
|
||||
```
|
||||
|
||||
# Or via Docker Compose (.env file or inline)
|
||||
See [CONTRIBUTING.md](CONTRIBUTING.md) for full development setup, testing, and build instructions.
|
||||
|
||||
## Configuration
|
||||
|
||||
### Environment Variables
|
||||
|
||||
| Variable | Default | Description |
|
||||
|----------|---------|-------------|
|
||||
| `PORT` | `8080` | HTTP listen port |
|
||||
| `DB_PATH` | `./diun.db` | Path to the SQLite database file |
|
||||
| `WEBHOOK_SECRET` | *(unset)* | When set, `POST /webhook` requires a matching `Authorization` header. When unset, the webhook is open (a warning is logged at startup). |
|
||||
|
||||
### Webhook Authentication
|
||||
|
||||
Set `WEBHOOK_SECRET` to protect the webhook endpoint with token authentication:
|
||||
|
||||
```bash
|
||||
# Via environment variable
|
||||
WEBHOOK_SECRET=your-secret-token-here docker compose up -d
|
||||
|
||||
# Custom database path (useful for Docker volume mounts)
|
||||
DB_PATH=/data/diun.db go run ./cmd/diunwebhook/
|
||||
# Or in a .env file alongside compose.yml
|
||||
echo 'WEBHOOK_SECRET=your-secret-token-here' > .env
|
||||
docker compose up -d
|
||||
```
|
||||
|
||||
## DIUN configuration example
|
||||
Configure DIUN to send webhooks to this app. Example (YAML):
|
||||
When set, every `POST /webhook` must include an `Authorization` header whose value matches `WEBHOOK_SECRET` exactly.
|
||||
|
||||
### DIUN Configuration
|
||||
|
||||
Configure DIUN to send webhooks to this app:
|
||||
|
||||
```yaml
|
||||
notif:
|
||||
@@ -69,11 +76,10 @@ notif:
|
||||
authorization: "your-secret-token-here"
|
||||
```
|
||||
|
||||
Or via env: `DIUN_NOTIF_WEBHOOK_HEADERS_AUTHORIZATION=your-secret-token-here`
|
||||
Or via environment variable: `DIUN_NOTIF_WEBHOOK_HEADERS_AUTHORIZATION=your-secret-token-here`
|
||||
|
||||
The `authorization` header value must match `WEBHOOK_SECRET` exactly.
|
||||
Expected JSON payload:
|
||||
|
||||
Expected JSON payload (simplified):
|
||||
```json
|
||||
{
|
||||
"image": "library/nginx",
|
||||
@@ -83,7 +89,7 @@ Expected JSON payload (simplified):
|
||||
}
|
||||
```
|
||||
|
||||
## API
|
||||
## API Reference
|
||||
|
||||
| Method | Endpoint | Description |
|
||||
|--------|----------|-------------|
|
||||
@@ -96,51 +102,16 @@ Expected JSON payload (simplified):
|
||||
| `PUT` | `/api/tag-assignments` | Assign an image to a tag |
|
||||
| `DELETE` | `/api/tag-assignments` | Unassign an image from its tag |
|
||||
|
||||
## Project Structure
|
||||
## Production Notes
|
||||
|
||||
```
|
||||
cmd/diunwebhook/ — main application entrypoint
|
||||
pkg/diunwebhook/ — core library (handlers, DB, models)
|
||||
frontend/ — React SPA (Bun + Vite + React 19 + Tailwind + shadcn/ui)
|
||||
.gitea/workflows/ — CI/CD workflows (Gitea Actions)
|
||||
Dockerfile — 3-stage multi-stage build
|
||||
compose.yml — deploy compose (pulls from Gitea registry)
|
||||
compose.dev.yml — dev compose (builds locally)
|
||||
```
|
||||
- **Reverse proxy:** Ensure the app is reachable at `/webhook` from DIUN. Forward traffic to port `8080` (or your configured `PORT`).
|
||||
- **Database persistence:** Data is stored in `diun.db` by default. Set `DB_PATH` to a persistent location (e.g. `DB_PATH=/data/diun.db`). The deploy compose file uses a named volume at `/data`.
|
||||
- **Webhook security:** Set `WEBHOOK_SECRET` if the webhook endpoint is exposed publicly.
|
||||
|
||||
## Development
|
||||
## Contributing
|
||||
|
||||
**Backend:**
|
||||
```bash
|
||||
go run ./cmd/diunwebhook/
|
||||
```
|
||||
|
||||
**Frontend (dev server with hot reload):**
|
||||
```bash
|
||||
cd frontend
|
||||
bun install
|
||||
bun run dev # http://localhost:5173, proxies API to :8080
|
||||
```
|
||||
|
||||
## Testing
|
||||
|
||||
Run unit tests and check coverage:
|
||||
|
||||
```bash
|
||||
go test -v -coverprofile=coverage.out -coverpkg=./... ./...
|
||||
```
|
||||
|
||||
Aim for 80-90% coverage. Coverage below 80% will emit a warning in CI but will not fail the pipeline.
|
||||
|
||||
## CI/CD with Gitea Actions
|
||||
|
||||
- **CI** (`.gitea/workflows/ci.yml`): Runs on push/PR to `develop`. Checks formatting (`gofmt`), runs `go vet`, tests with coverage, and builds the binary.
|
||||
- **Release** (`.gitea/workflows/release.yml`): Manual dispatch. Runs tests, bumps version, tags, builds and pushes Docker image to Gitea registry, creates a release with changelog.
|
||||
|
||||
## Production notes
|
||||
- Behind a reverse proxy, ensure the app is reachable at `/webhook` from DIUN.
|
||||
- Data is persisted to `diun.db` in the working directory by default. Set `DB_PATH` to change the location (e.g. `DB_PATH=/data/diun.db`). The deploy compose file uses a named volume at `/data`.
|
||||
- Set `WEBHOOK_SECRET` to protect the webhook endpoint if exposed publicly.
|
||||
See [CONTRIBUTING.md](CONTRIBUTING.md) for development setup, testing, project structure, and CI/CD details.
|
||||
|
||||
## License
|
||||
MIT — see `LICENSE`.
|
||||
|
||||
MIT — see [LICENSE](LICENSE).
|
||||
|
||||
Reference in New Issue
Block a user