WBS-7.9: split snapshot admin deploy workflow

This commit is contained in:
2026-06-22 00:51:42 +09:00
parent e32cbf49e5
commit d280ef8e69
4 changed files with 70 additions and 68 deletions
-66
View File
@@ -87,69 +87,3 @@ jobs:
echo "status: $STATUS"
echo "workflow validation: Temp/snapshot_admin_workflow_v1.json"
echo "web validation: Temp/snapshot_admin_web_validation_v1.json"
deploy-snapshot-admin:
if: github.event_name == 'workflow_dispatch'
needs:
- validate-snapshot-admin-full
runs-on: self-hosted
steps:
- name: Checkout Code
run: |
if [ -d .git ]; then
git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
else
git init
git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
fi
git fetch origin main --depth=1
git reset --hard FETCH_HEAD
- name: Setup Python Environment
run: |
VENV_BASE=/volume1/gitea/python_venv
REQ_HASH=$(md5sum tools/validate_snapshot_admin_workflow_v1.py 2>/dev/null | cut -d' ' -f1 || echo "snapshot-admin-default")
VENV="$VENV_BASE/$REQ_HASH"
if [ ! -f "$VENV/bin/python" ]; then
mkdir -p "$VENV_BASE"
/usr/bin/python3 -m venv "$VENV"
"$VENV/bin/pip" install --upgrade pip --quiet
fi
"$VENV/bin/pip" install pyyaml --quiet
echo "$VENV/bin" >> $GITHUB_PATH
- name: Deploy Snapshot Admin Runtime
env:
SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }}
SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }}
run: |
export ROOT_DIR="$PWD"
export SNAPSHOT_ADMIN_HOST=127.0.0.1
export SNAPSHOT_ADMIN_PORT=8787
export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid"
export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log"
export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state"
export SNAPSHOT_ADMIN_PUBLIC_STATE_URL="https://admin.example.com/api/state"
export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}"
export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}"
bash tools/run_snapshot_admin_synology.sh restart
- name: Verify Snapshot Admin Runtime
env:
SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }}
SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }}
run: |
export ROOT_DIR="$PWD"
export SNAPSHOT_ADMIN_HOST=127.0.0.1
export SNAPSHOT_ADMIN_PORT=8787
export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid"
export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log"
export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state"
export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}"
export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}"
bash tools/run_snapshot_admin_synology.sh healthcheck
if [ -n "$SNAPSHOT_ADMIN_AUTH_USER" ] && [ -n "$SNAPSHOT_ADMIN_AUTH_PASSWORD" ]; then
curl -fsS -u "${SNAPSHOT_ADMIN_AUTH_USER}:${SNAPSHOT_ADMIN_AUTH_PASSWORD}" http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])"
else
curl -fsS http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])"
fi
@@ -0,0 +1,68 @@
name: Snapshot Admin Deployment
on:
workflow_dispatch:
jobs:
deploy-snapshot-admin:
runs-on: self-hosted
steps:
- name: Checkout Code
run: |
if [ -d .git ]; then
git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
else
git init
git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
fi
git fetch origin main --depth=1
git reset --hard FETCH_HEAD
- name: Setup Python Environment
run: |
VENV_BASE=/volume1/gitea/python_venv
REQ_HASH=$(md5sum tools/validate_snapshot_admin_workflow_v1.py 2>/dev/null | cut -d' ' -f1 || echo "snapshot-admin-default")
VENV="$VENV_BASE/$REQ_HASH"
if [ ! -f "$VENV/bin/python" ]; then
mkdir -p "$VENV_BASE"
/usr/bin/python3 -m venv "$VENV"
"$VENV/bin/pip" install --upgrade pip --quiet
fi
"$VENV/bin/pip" install pyyaml --quiet
echo "$VENV/bin" >> $GITHUB_PATH
- name: Deploy Snapshot Admin Runtime
env:
SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }}
SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }}
run: |
export ROOT_DIR="$PWD"
export SNAPSHOT_ADMIN_HOST=127.0.0.1
export SNAPSHOT_ADMIN_PORT=8787
export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid"
export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log"
export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state"
export SNAPSHOT_ADMIN_PUBLIC_STATE_URL="https://admin.example.com/api/state"
export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}"
export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}"
bash tools/run_snapshot_admin_synology.sh restart
- name: Verify Snapshot Admin Runtime
env:
SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }}
SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }}
run: |
export ROOT_DIR="$PWD"
export SNAPSHOT_ADMIN_HOST=127.0.0.1
export SNAPSHOT_ADMIN_PORT=8787
export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid"
export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log"
export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state"
export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}"
export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}"
bash tools/run_snapshot_admin_synology.sh healthcheck
if [ -n "$SNAPSHOT_ADMIN_AUTH_USER" ] && [ -n "$SNAPSHOT_ADMIN_AUTH_PASSWORD" ]; then
curl -fsS -u "${SNAPSHOT_ADMIN_AUTH_USER}:${SNAPSHOT_ADMIN_AUTH_PASSWORD}" http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])"
else
curl -fsS http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])"
fi
+1 -1
View File
@@ -866,7 +866,7 @@ python tools/validate_specs.py → PASS
|------|------|
| **작업** | `src/quant_engine/snapshot_admin_server_v1.py`(Python 어드민 웹 UI)를 Gitea CI/CD 배포 스텝을 통해 Synology NAS에서 상시 서비스로 운영할 수 있는지 검토 |
| **현재 상태** | **기술적으로는 가능**. 기본 루프백 보호 + Basic Auth 게이트를 추가했고, Synology 외부 노출은 리버스 프록시 기반 POC로 가이드함. 실배포 검증은 아직 필요 |
| **운영 분리** | `snapshot_admin.yml``push`용 smoke 검증, `workflow_dispatch`용 full 검증, 그리고 `workflow_dispatch` 내 배포 스텝으로 분리했다. `push`에서는 `Validate Snapshot Admin Workflow`까지만, full 검증에서는 `Validate Snapshot Admin Web UI`까지 수행하고, 배포 스텝은 host runner에서 `tools/run_snapshot_admin_synology.sh`를 호출한다. |
| **운영 분리** | `snapshot_admin.yml``push`용 smoke 검증 `workflow_dispatch`용 full 검증으로 분리하고, 배포는 별도 `snapshot_admin_deploy.yml` `workflow_dispatch`로 떼어냈다. `push`에서는 `Validate Snapshot Admin Workflow`까지만, full 검증에서는 `Validate Snapshot Admin Web UI`까지 수행한다. |
| **runner 주의** | Gitea runner를 Docker mode로 두면 job 종료 시 `Cleaning up container` 로그가 남는다. host label로 재등록하면 job container 정리 로그를 피할 수 있다. |
| **KIS 분리** | `kis_data_collection.yml``workflow_dispatch`용 mock/config smoke와 `schedule`용 live collection으로 분리했다. 수동 디스패치는 실제 수집을 돌리지 않고, 실수집은 스케줄 전용이다. |
| **담당 파일** | `.gitea/workflows/ci.yml`, `tools/run_snapshot_admin_server_v1.py`, `src/quant_engine/snapshot_admin_server_v1.py`, `docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md`, `docs/WBS_7_9_EVIDENCE_PACKET_FINAL.md` |
+1 -1
View File
@@ -71,7 +71,7 @@ Use these exact values for the first POC.
- If you use direct bind mode, keep `--allow-remote` and Basic Auth enabled together
- For Gitea Actions runner verification, register `act_runner` with host labels (`self-hosted:host,linux:host`) if you want to avoid Docker job containers and the `Cleaning up container` log line
- Preferred launcher script: `tools/run_snapshot_admin_synology.sh`
- Gitea CI deploy path: trigger `.gitea/workflows/snapshot_admin.yml` `workflow_dispatch` and let the host runner call the launcher script
- Gitea CI deploy path: trigger `.gitea/workflows/snapshot_admin_deploy.yml` `workflow_dispatch` and let the host runner call the launcher script
- Runner bootstrap: `tools/re_register_act_runner_synology.sh`
- Runner daemon start: `tools/start_act_runner_synology.sh`