makiolaj/DiunDashboard
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
develop
DiunDashboard/README.md
Jean-Luc Makiola eeddd812fa
All checks were successful
CI / build-test (push) Successful in 1m2s
Details
**chore(docs):** add .gitignore for docs and introduce bun.lock file 
- Add `.gitignore` to exclude `node_modules/`, `.vitepress/cache/`, and `.vitepress/dist/` directories
- Include `bun.lock` for dependency management with Bun
2026-02-27 15:28:17 +01:00

3.5 KiB
Raw Permalink Blame History

DIUN Webhook Dashboard

A Go web app that receives DIUN webhook events and shows image updates in a modern dashboard. Events are persisted to SQLite so they survive restarts.

  • Receives DIUN webhooks at POST /webhook
  • Serves a React SPA dashboard at /
  • REST API for updates, tags, and acknowledgements
  • Persistent storage via SQLite (diun.db)
  • Tag/group system to organize images
  • Dismiss (acknowledge) updates you've reviewed
  • Optional webhook authentication via WEBHOOK_SECRET

Quick Start

Docker Compose (recommended)

# Pulls from Gitea registry, persists DB to a named volume
docker compose up -d
# open http://localhost:8080

Standalone Docker

docker build -t diun-webhook-dashboard .
docker run --rm -p 8080:8080 -v diun-data:/data \
  -e DB_PATH=/data/diun.db \
  diun-webhook-dashboard

From Source

cd frontend && bun install && bun run build && cd ..
go run ./cmd/diunwebhook/

See CONTRIBUTING.md for full development setup, testing, and build instructions.

Configuration

Environment Variables

Variable Default Description
PORT 8080 HTTP listen port
DB_PATH ./diun.db Path to the SQLite database file
WEBHOOK_SECRET (unset) When set, POST /webhook requires a matching Authorization header. When unset, the webhook is open (a warning is logged at startup).

Webhook Authentication

Set WEBHOOK_SECRET to protect the webhook endpoint with token authentication:

# Via environment variable
WEBHOOK_SECRET=your-secret-token-here docker compose up -d

# Or in a .env file alongside compose.yml
echo 'WEBHOOK_SECRET=your-secret-token-here' > .env
docker compose up -d

When set, every POST /webhook must include an Authorization header whose value matches WEBHOOK_SECRET exactly.

DIUN Configuration

Configure DIUN to send webhooks to this app:

notif:
  webhook:
    enable: true
    endpoint: http://your-host-or-ip:8080/webhook
    headers:
      authorization: "your-secret-token-here"

Or via environment variable: DIUN_NOTIF_WEBHOOK_HEADERS_AUTHORIZATION=your-secret-token-here

Expected JSON payload:

{
  "image": "library/nginx",
  "tag": "1.27.0",
  "status": "new",
  "time": "2026-02-23T16:00:00Z"
}

API Reference

Method Endpoint Description
POST /webhook Accept a DIUN event JSON body
GET /api/updates Return all events (keyed by image) with tag and acknowledged state
PATCH /api/updates/{image} Mark an event as acknowledged (dismiss)
GET /api/tags List all tags
POST /api/tags Create a new tag
DELETE /api/tags/{id} Delete a tag (cascades to assignments)
PUT /api/tag-assignments Assign an image to a tag
DELETE /api/tag-assignments Unassign an image from its tag

Production Notes

  • Reverse proxy: Ensure the app is reachable at /webhook from DIUN. Forward traffic to port 8080 (or your configured PORT).
  • Database persistence: Data is stored in diun.db by default. Set DB_PATH to a persistent location (e.g. DB_PATH=/data/diun.db). The deploy compose file uses a named volume at /data.
  • Webhook security: Set WEBHOOK_SECRET if the webhook endpoint is exposed publicly.

Contributing

See CONTRIBUTING.md for development setup, testing, project structure, and CI/CD details.

License

MIT — see LICENSE.

Reference in New Issue View Git Blame Copy Permalink