Releases: KofTwentyTwo/Munitor
Release list
v0.3.0
Stable release of Munitor 0.3.0. Adds first-class pnpm and Obsidian pipeline support, opt-in repository Dockerfiles for node-webapp, and consolidated production-only Kustomize GitOps write-back with bounded push-race retries.
v0.2.0
What's Changed
- feat: add gradle-webapp pipeline type by @KofTwentyTwo in #2
Full Changelog: v0.1.2...v0.2.0
v0.1.2
Munitor v0.1.2
Makes org-level defaults overridable, enabling other organizations to adopt Munitor without forking. Published as kof22/munitor@0.1.2.
New Features
Overridable Org Defaults (#1)
All five hardcoded KofTwentyTwo org defaults are now configurable via an optional org section in .munitor.yml:
| Key | Default | Description |
|---|---|---|
docker_registry |
ghcr.io/koftwentytwo |
Container registry prefix |
npm_scope |
@koftwentytwo |
npm package scope |
ci_email |
ci@kof22.com |
Git committer email for CD updates |
ci_name |
kof22-ci |
Git committer name for CD updates |
orb_slug |
kof22/munitor |
CircleCI orb reference |
Existing repos require no changes. New organizations add:
org:
docker_registry: ghcr.io/my-org
npm_scope: "@my-org"
ci_email: ci@my-org.com
ci_name: my-org-ci
orb_slug: my-ns/munitorUpdated orb description to be org-neutral.
Files Changed
src/scripts/extract_munitor_vars.sh- Read org values from config with fallback defaultssrc/scripts/packed_generate_config.sh- Propagate org valuessrc/scripts/packed_generate_dockerfile.sh- Propagate org valuessrc/scripts/update_cd_repo.sh- Use configurable CI identitysrc/@orb.yml- Org-neutral description
Stats
- 5 files changed, 25 insertions, 24 deletions
- Fully backward compatible
v0.1.1
Munitor v0.1.1
Adds supplemental Docker image support, health check improvements, and Trivy update. Published as kof22/munitor@0.1.1.
New Features
Supplemental Docker Images
Build, Trivy-scan, and push N additional container images (e.g., Liquibase migrations, sidecar services) alongside the main app image. Configured via supplemental_images in .munitor.yml:
supplemental_images:
- name: migrations
base: liquibase/liquibase:4.29
copy:
- source: src/main/resources/db
dest: /liquibase/changelog- Auto-generates Dockerfiles from
base+copy, or uses user-provided Dockerfiles - Trivy-scans all supplemental images
- CD repo updates (Helm
values.yamlor Kustomizekustomization.yaml) are atomic (single commit) - Supports both java-webapp, node-api, and node-webapp pipelines
Health Check: Migrations Runner & API Smoke Tests
- Run a migrations image against the DB sidecar before starting the app container (
health_migrationsparameter) - Validate API endpoints return HTTP 200 after health check passes (
health_smoke_pathsparameter)
GIT_COMMIT_SHA Build Arg
- Pass
CIRCLE_SHA1asGIT_COMMIT_SHADocker build arg so applications can embed commit traceability at build time
Bug Fixes
- Trivy 0.58.2 removed from GitHub: Bumped to Trivy 0.69.3 to fix broken security-scan in all downstream pipelines
- Supplemental images JSON injection: Compact
supplemental_imagesJSON to single line to prevent multiline YAML breakage during envsubst - Kustomization.yaml upsert: Create supplemental image entries if missing instead of silently no-op on yq select
- update_cd_repo job: Pass
supplemental_imagesparameter through job definition (was being silently dropped by CircleCI) - build_push_supplemental: Pass
image_nameandregistryenv vars as explicit command parameters
Tests
- Assert
supplemental_imagesJSON is compact single-line - Validate all external download URLs (Trivy, gh, gitleaks, kube-linter, terragrunt, yq, kustomize, kubesec, OpenTofu, sonar-scanner) are reachable
Stats
- 30 files changed, 724 insertions
- 505+ test assertions passing
v0.1.0 - Initial Stable Release
Munitor v0.1.0 - Initial Stable Release
The first stable release of the Munitor CircleCI orb (kof22/munitor@0.1.0), a complete CI/CD pipeline generator for KofTwentyTwo projects.
Pipeline Types
Seven pipeline types, each generating full CircleCI workflows from a single .munitor.yml config file:
- java-webapp - Maven-based Java web applications with Docker packaging
- node-api - Node.js API services (Express, Fastify, etc.)
- node-webapp - Node.js web applications with auto-generated distroless Dockerfiles
- terraform - Terraform/OpenTofu infrastructure with security scanning
- validate-cd-repo - GitOps CD repository validation (Kustomize + Helm)
- sdk-distribution - SDK/library publishing (npm)
- argocd-apps - ArgoCD app-of-apps repositories with environment-based directory validation
Features
Build & Test
- Java builds with configurable JDK version via
cimg/openjdkexecutor - Node.js builds with configurable package manager (npm/yarn/pnpm)
- Automatic version calculation via GitVersion
GIT_COMMIT_SHAbuild arg passed to Docker builds for runtime traceability
Security & Quality
- Trivy container image scanning with binary and DB caching
- OWASP Dependency-Check with toggle for teams affected by NVD H2 bug
- Gitleaks secrets scanning
- Semgrep SAST scanning (conditional)
- SonarQube integration (conditional)
- JaCoCo code coverage enforcement
- ESLint/Prettier for Node.js projects
- tfsec/kube-linter/kubesec for Terraform and Kubernetes manifests
Docker & Deployment
- Docker build, scan, and push to GHCR
- Auto-generated distroless Dockerfiles for node-webapp
- CD repository updates (Helm
values.yamland Kustomizekustomization.yaml) - Health check with PostgreSQL sidecar validation
Workflow Structure
- snapshot (develop/feature branches) - full quality pipeline
- release-candidate (release/* branches) - QA-gated pipeline
- production (main) - fast-path promotion
- lint-pack (all branches) - orb validation
Configuration
Minimal .munitor.yml example:
pipeline_type: java-webapp
java_version: "21"
app_name: my-app
cd:
repo: KofTwentyTwo/My-App-CD
contexts:
registry: ghcrStats
- 31 files, 749 insertions
- 362+ test assertions passing
- 71 orb commands, 5 executors, 28 jobs