Jean-Luc Makiola
4358de87ba
All checks were successful
CI / build-test (push) Successful in 1m1s
- Introduce `Dockerfile` for building and serving static site using Bun and Nginx - Add `nginx.conf` for configuring static file caching and routing rules - Expose port 80 for containerized deployment
DIUN Webhook Dashboard
A Go web app that receives DIUN webhook events and shows image updates in a modern dashboard. Events are persisted to SQLite so they survive restarts.
- Receives DIUN webhooks at
POST /webhook - Serves a React SPA dashboard at
/ - REST API for updates, tags, and acknowledgements
- Persistent storage via SQLite (
diun.db) - Tag/group system to organize images
- Dismiss (acknowledge) updates you've reviewed
- Optional webhook authentication via
WEBHOOK_SECRET
Quick Start
Docker Compose (recommended)
# Pulls from Gitea registry, persists DB to a named volume
docker compose up -d
# open http://localhost:8080
Standalone Docker
docker build -t diun-webhook-dashboard .
docker run --rm -p 8080:8080 -v diun-data:/data \
-e DB_PATH=/data/diun.db \
diun-webhook-dashboard
From Source
cd frontend && bun install && bun run build && cd ..
go run ./cmd/diunwebhook/
See CONTRIBUTING.md for full development setup, testing, and build instructions.
Configuration
Environment Variables
| Variable | Default | Description |
|---|---|---|
PORT |
8080 |
HTTP listen port |
DB_PATH |
./diun.db |
Path to the SQLite database file |
WEBHOOK_SECRET |
(unset) | When set, POST /webhook requires a matching Authorization header. When unset, the webhook is open (a warning is logged at startup). |
Webhook Authentication
Set WEBHOOK_SECRET to protect the webhook endpoint with token authentication:
# Via environment variable
WEBHOOK_SECRET=your-secret-token-here docker compose up -d
# Or in a .env file alongside compose.yml
echo 'WEBHOOK_SECRET=your-secret-token-here' > .env
docker compose up -d
When set, every POST /webhook must include an Authorization header whose value matches WEBHOOK_SECRET exactly.
DIUN Configuration
Configure DIUN to send webhooks to this app:
notif:
webhook:
enable: true
endpoint: http://your-host-or-ip:8080/webhook
headers:
authorization: "your-secret-token-here"
Or via environment variable: DIUN_NOTIF_WEBHOOK_HEADERS_AUTHORIZATION=your-secret-token-here
Expected JSON payload:
{
"image": "library/nginx",
"tag": "1.27.0",
"status": "new",
"time": "2026-02-23T16:00:00Z"
}
API Reference
| Method | Endpoint | Description |
|---|---|---|
POST |
/webhook |
Accept a DIUN event JSON body |
GET |
/api/updates |
Return all events (keyed by image) with tag and acknowledged state |
PATCH |
/api/updates/{image} |
Mark an event as acknowledged (dismiss) |
GET |
/api/tags |
List all tags |
POST |
/api/tags |
Create a new tag |
DELETE |
/api/tags/{id} |
Delete a tag (cascades to assignments) |
PUT |
/api/tag-assignments |
Assign an image to a tag |
DELETE |
/api/tag-assignments |
Unassign an image from its tag |
Production Notes
- Reverse proxy: Ensure the app is reachable at
/webhookfrom DIUN. Forward traffic to port8080(or your configuredPORT). - Database persistence: Data is stored in
diun.dbby default. SetDB_PATHto a persistent location (e.g.DB_PATH=/data/diun.db). The deploy compose file uses a named volume at/data. - Webhook security: Set
WEBHOOK_SECRETif the webhook endpoint is exposed publicly.
Contributing
See CONTRIBUTING.md for development setup, testing, project structure, and CI/CD details.
License
MIT — see LICENSE.