Skip to content

Releases: KofTwentyTwo/Munitor

v0.3.0

Choose a tag to compare

@KofTwentyTwo KofTwentyTwo released this 12 Jul 15:03
1dc88ef

Stable release of Munitor 0.3.0. Adds first-class pnpm and Obsidian pipeline support, opt-in repository Dockerfiles for node-webapp, and consolidated production-only Kustomize GitOps write-back with bounded push-race retries.

v0.2.0

Choose a tag to compare

@KofTwentyTwo KofTwentyTwo released this 22 Mar 23:40
v0.2.0
af15015

What's Changed

Full Changelog: v0.1.2...v0.2.0

v0.1.2

Choose a tag to compare

@KofTwentyTwo KofTwentyTwo released this 21 Mar 21:02
v0.1.2
d766747

Munitor v0.1.2

Makes org-level defaults overridable, enabling other organizations to adopt Munitor without forking. Published as kof22/munitor@0.1.2.

New Features

Overridable Org Defaults (#1)

All five hardcoded KofTwentyTwo org defaults are now configurable via an optional org section in .munitor.yml:

Key Default Description
docker_registry ghcr.io/koftwentytwo Container registry prefix
npm_scope @koftwentytwo npm package scope
ci_email ci@kof22.com Git committer email for CD updates
ci_name kof22-ci Git committer name for CD updates
orb_slug kof22/munitor CircleCI orb reference

Existing repos require no changes. New organizations add:

org:
  docker_registry: ghcr.io/my-org
  npm_scope: "@my-org"
  ci_email: ci@my-org.com
  ci_name: my-org-ci
  orb_slug: my-ns/munitor

Updated orb description to be org-neutral.

Files Changed

  • src/scripts/extract_munitor_vars.sh - Read org values from config with fallback defaults
  • src/scripts/packed_generate_config.sh - Propagate org values
  • src/scripts/packed_generate_dockerfile.sh - Propagate org values
  • src/scripts/update_cd_repo.sh - Use configurable CI identity
  • src/@orb.yml - Org-neutral description

Stats

  • 5 files changed, 25 insertions, 24 deletions
  • Fully backward compatible

v0.1.1

Choose a tag to compare

@KofTwentyTwo KofTwentyTwo released this 21 Mar 21:02
v0.1.1
5f70823

Munitor v0.1.1

Adds supplemental Docker image support, health check improvements, and Trivy update. Published as kof22/munitor@0.1.1.

New Features

Supplemental Docker Images

Build, Trivy-scan, and push N additional container images (e.g., Liquibase migrations, sidecar services) alongside the main app image. Configured via supplemental_images in .munitor.yml:

supplemental_images:
  - name: migrations
    base: liquibase/liquibase:4.29
    copy:
      - source: src/main/resources/db
        dest: /liquibase/changelog
  • Auto-generates Dockerfiles from base + copy, or uses user-provided Dockerfiles
  • Trivy-scans all supplemental images
  • CD repo updates (Helm values.yaml or Kustomize kustomization.yaml) are atomic (single commit)
  • Supports both java-webapp, node-api, and node-webapp pipelines

Health Check: Migrations Runner & API Smoke Tests

  • Run a migrations image against the DB sidecar before starting the app container (health_migrations parameter)
  • Validate API endpoints return HTTP 200 after health check passes (health_smoke_paths parameter)

GIT_COMMIT_SHA Build Arg

  • Pass CIRCLE_SHA1 as GIT_COMMIT_SHA Docker build arg so applications can embed commit traceability at build time

Bug Fixes

  • Trivy 0.58.2 removed from GitHub: Bumped to Trivy 0.69.3 to fix broken security-scan in all downstream pipelines
  • Supplemental images JSON injection: Compact supplemental_images JSON to single line to prevent multiline YAML breakage during envsubst
  • Kustomization.yaml upsert: Create supplemental image entries if missing instead of silently no-op on yq select
  • update_cd_repo job: Pass supplemental_images parameter through job definition (was being silently dropped by CircleCI)
  • build_push_supplemental: Pass image_name and registry env vars as explicit command parameters

Tests

  • Assert supplemental_images JSON is compact single-line
  • Validate all external download URLs (Trivy, gh, gitleaks, kube-linter, terragrunt, yq, kustomize, kubesec, OpenTofu, sonar-scanner) are reachable

Stats

  • 30 files changed, 724 insertions
  • 505+ test assertions passing

v0.1.0 - Initial Stable Release

Choose a tag to compare

@KofTwentyTwo KofTwentyTwo released this 21 Mar 21:02
v0.1.0
9247dcc

Munitor v0.1.0 - Initial Stable Release

The first stable release of the Munitor CircleCI orb (kof22/munitor@0.1.0), a complete CI/CD pipeline generator for KofTwentyTwo projects.

Pipeline Types

Seven pipeline types, each generating full CircleCI workflows from a single .munitor.yml config file:

  • java-webapp - Maven-based Java web applications with Docker packaging
  • node-api - Node.js API services (Express, Fastify, etc.)
  • node-webapp - Node.js web applications with auto-generated distroless Dockerfiles
  • terraform - Terraform/OpenTofu infrastructure with security scanning
  • validate-cd-repo - GitOps CD repository validation (Kustomize + Helm)
  • sdk-distribution - SDK/library publishing (npm)
  • argocd-apps - ArgoCD app-of-apps repositories with environment-based directory validation

Features

Build & Test

  • Java builds with configurable JDK version via cimg/openjdk executor
  • Node.js builds with configurable package manager (npm/yarn/pnpm)
  • Automatic version calculation via GitVersion
  • GIT_COMMIT_SHA build arg passed to Docker builds for runtime traceability

Security & Quality

  • Trivy container image scanning with binary and DB caching
  • OWASP Dependency-Check with toggle for teams affected by NVD H2 bug
  • Gitleaks secrets scanning
  • Semgrep SAST scanning (conditional)
  • SonarQube integration (conditional)
  • JaCoCo code coverage enforcement
  • ESLint/Prettier for Node.js projects
  • tfsec/kube-linter/kubesec for Terraform and Kubernetes manifests

Docker & Deployment

  • Docker build, scan, and push to GHCR
  • Auto-generated distroless Dockerfiles for node-webapp
  • CD repository updates (Helm values.yaml and Kustomize kustomization.yaml)
  • Health check with PostgreSQL sidecar validation

Workflow Structure

  • snapshot (develop/feature branches) - full quality pipeline
  • release-candidate (release/* branches) - QA-gated pipeline
  • production (main) - fast-path promotion
  • lint-pack (all branches) - orb validation

Configuration

Minimal .munitor.yml example:

pipeline_type: java-webapp
java_version: "21"
app_name: my-app
cd:
  repo: KofTwentyTwo/My-App-CD
contexts:
  registry: ghcr

Stats

  • 31 files, 749 insertions
  • 362+ test assertions passing
  • 71 orb commands, 5 executors, 28 jobs