From d280ef8e69a58dc5b1298989a6c0a566457e0e0a Mon Sep 17 00:00:00 2001 From: kjh2064 Date: Mon, 22 Jun 2026 00:51:42 +0900 Subject: [PATCH] WBS-7.9: split snapshot admin deploy workflow --- .gitea/workflows/snapshot_admin.yml | 66 --------------------- .gitea/workflows/snapshot_admin_deploy.yml | 68 ++++++++++++++++++++++ docs/ROADMAP_WBS.md | 2 +- docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md | 2 +- 4 files changed, 70 insertions(+), 68 deletions(-) create mode 100644 .gitea/workflows/snapshot_admin_deploy.yml diff --git a/.gitea/workflows/snapshot_admin.yml b/.gitea/workflows/snapshot_admin.yml index 2158040..6eda4bb 100644 --- a/.gitea/workflows/snapshot_admin.yml +++ b/.gitea/workflows/snapshot_admin.yml @@ -87,69 +87,3 @@ jobs: echo "status: $STATUS" echo "workflow validation: Temp/snapshot_admin_workflow_v1.json" echo "web validation: Temp/snapshot_admin_web_validation_v1.json" - - deploy-snapshot-admin: - if: github.event_name == 'workflow_dispatch' - needs: - - validate-snapshot-admin-full - runs-on: self-hosted - steps: - - name: Checkout Code - run: | - if [ -d .git ]; then - git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git - else - git init - git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git - fi - git fetch origin main --depth=1 - git reset --hard FETCH_HEAD - - - name: Setup Python Environment - run: | - VENV_BASE=/volume1/gitea/python_venv - REQ_HASH=$(md5sum tools/validate_snapshot_admin_workflow_v1.py 2>/dev/null | cut -d' ' -f1 || echo "snapshot-admin-default") - VENV="$VENV_BASE/$REQ_HASH" - if [ ! -f "$VENV/bin/python" ]; then - mkdir -p "$VENV_BASE" - /usr/bin/python3 -m venv "$VENV" - "$VENV/bin/pip" install --upgrade pip --quiet - fi - "$VENV/bin/pip" install pyyaml --quiet - echo "$VENV/bin" >> $GITHUB_PATH - - - name: Deploy Snapshot Admin Runtime - env: - SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} - SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} - run: | - export ROOT_DIR="$PWD" - export SNAPSHOT_ADMIN_HOST=127.0.0.1 - export SNAPSHOT_ADMIN_PORT=8787 - export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" - export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" - export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" - export SNAPSHOT_ADMIN_PUBLIC_STATE_URL="https://admin.example.com/api/state" - export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" - export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" - bash tools/run_snapshot_admin_synology.sh restart - - - name: Verify Snapshot Admin Runtime - env: - SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} - SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} - run: | - export ROOT_DIR="$PWD" - export SNAPSHOT_ADMIN_HOST=127.0.0.1 - export SNAPSHOT_ADMIN_PORT=8787 - export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" - export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" - export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" - export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" - export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" - bash tools/run_snapshot_admin_synology.sh healthcheck - if [ -n "$SNAPSHOT_ADMIN_AUTH_USER" ] && [ -n "$SNAPSHOT_ADMIN_AUTH_PASSWORD" ]; then - curl -fsS -u "${SNAPSHOT_ADMIN_AUTH_USER}:${SNAPSHOT_ADMIN_AUTH_PASSWORD}" http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" - else - curl -fsS http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" - fi diff --git a/.gitea/workflows/snapshot_admin_deploy.yml b/.gitea/workflows/snapshot_admin_deploy.yml new file mode 100644 index 0000000..e8f9a38 --- /dev/null +++ b/.gitea/workflows/snapshot_admin_deploy.yml @@ -0,0 +1,68 @@ +name: Snapshot Admin Deployment + +on: + workflow_dispatch: + +jobs: + deploy-snapshot-admin: + runs-on: self-hosted + steps: + - name: Checkout Code + run: | + if [ -d .git ]; then + git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git + else + git init + git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git + fi + git fetch origin main --depth=1 + git reset --hard FETCH_HEAD + + - name: Setup Python Environment + run: | + VENV_BASE=/volume1/gitea/python_venv + REQ_HASH=$(md5sum tools/validate_snapshot_admin_workflow_v1.py 2>/dev/null | cut -d' ' -f1 || echo "snapshot-admin-default") + VENV="$VENV_BASE/$REQ_HASH" + if [ ! -f "$VENV/bin/python" ]; then + mkdir -p "$VENV_BASE" + /usr/bin/python3 -m venv "$VENV" + "$VENV/bin/pip" install --upgrade pip --quiet + fi + "$VENV/bin/pip" install pyyaml --quiet + echo "$VENV/bin" >> $GITHUB_PATH + + - name: Deploy Snapshot Admin Runtime + env: + SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} + SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} + run: | + export ROOT_DIR="$PWD" + export SNAPSHOT_ADMIN_HOST=127.0.0.1 + export SNAPSHOT_ADMIN_PORT=8787 + export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" + export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" + export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" + export SNAPSHOT_ADMIN_PUBLIC_STATE_URL="https://admin.example.com/api/state" + export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" + export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" + bash tools/run_snapshot_admin_synology.sh restart + + - name: Verify Snapshot Admin Runtime + env: + SNAPSHOT_ADMIN_AUTH_USER: ${{ vars.SNAPSHOT_ADMIN_AUTH_USER }} + SNAPSHOT_ADMIN_AUTH_PASSWORD: ${{ secrets.SNAPSHOT_ADMIN_AUTH_PASSWORD }} + run: | + export ROOT_DIR="$PWD" + export SNAPSHOT_ADMIN_HOST=127.0.0.1 + export SNAPSHOT_ADMIN_PORT=8787 + export SNAPSHOT_ADMIN_PID_FILE="$PWD/Temp/snapshot_admin.pid" + export SNAPSHOT_ADMIN_LOG_FILE="$PWD/Temp/snapshot_admin.log" + export SNAPSHOT_ADMIN_STATE_URL="http://127.0.0.1:8787/api/state" + export SNAPSHOT_ADMIN_AUTH_USER="${SNAPSHOT_ADMIN_AUTH_USER:-}" + export SNAPSHOT_ADMIN_AUTH_PASSWORD="${SNAPSHOT_ADMIN_AUTH_PASSWORD:-}" + bash tools/run_snapshot_admin_synology.sh healthcheck + if [ -n "$SNAPSHOT_ADMIN_AUTH_USER" ] && [ -n "$SNAPSHOT_ADMIN_AUTH_PASSWORD" ]; then + curl -fsS -u "${SNAPSHOT_ADMIN_AUTH_USER}:${SNAPSHOT_ADMIN_AUTH_PASSWORD}" http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" + else + curl -fsS http://127.0.0.1:8787/api/state | python3 -c "import json,sys; print(json.load(sys.stdin)['version']['app'])" + fi diff --git a/docs/ROADMAP_WBS.md b/docs/ROADMAP_WBS.md index 1b8c257..a3acc61 100644 --- a/docs/ROADMAP_WBS.md +++ b/docs/ROADMAP_WBS.md @@ -866,7 +866,7 @@ python tools/validate_specs.py → PASS |------|------| | **작업** | `src/quant_engine/snapshot_admin_server_v1.py`(Python 어드민 웹 UI)를 Gitea CI/CD 배포 스텝을 통해 Synology NAS에서 상시 서비스로 운영할 수 있는지 검토 | | **현재 상태** | **기술적으로는 가능**. 기본 루프백 보호 + Basic Auth 게이트를 추가했고, Synology 외부 노출은 리버스 프록시 기반 POC로 가이드함. 실배포 검증은 아직 필요 | -| **운영 분리** | `snapshot_admin.yml`은 `push`용 smoke 검증, `workflow_dispatch`용 full 검증, 그리고 `workflow_dispatch` 내 배포 스텝으로 분리했다. `push`에서는 `Validate Snapshot Admin Workflow`까지만, full 검증에서는 `Validate Snapshot Admin Web UI`까지 수행하고, 배포 스텝은 host runner에서 `tools/run_snapshot_admin_synology.sh`를 호출한다. | +| **운영 분리** | `snapshot_admin.yml`은 `push`용 smoke 검증과 `workflow_dispatch`용 full 검증으로 분리하고, 배포는 별도 `snapshot_admin_deploy.yml` `workflow_dispatch`로 떼어냈다. `push`에서는 `Validate Snapshot Admin Workflow`까지만, full 검증에서는 `Validate Snapshot Admin Web UI`까지 수행한다. | | **runner 주의** | Gitea runner를 Docker mode로 두면 job 종료 시 `Cleaning up container` 로그가 남는다. host label로 재등록하면 job container 정리 로그를 피할 수 있다. | | **KIS 분리** | `kis_data_collection.yml`은 `workflow_dispatch`용 mock/config smoke와 `schedule`용 live collection으로 분리했다. 수동 디스패치는 실제 수집을 돌리지 않고, 실수집은 스케줄 전용이다. | | **담당 파일** | `.gitea/workflows/ci.yml`, `tools/run_snapshot_admin_server_v1.py`, `src/quant_engine/snapshot_admin_server_v1.py`, `docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md`, `docs/WBS_7_9_EVIDENCE_PACKET_FINAL.md` | diff --git a/docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md b/docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md index 5e63e8a..db465d9 100644 --- a/docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md +++ b/docs/SYNOLOGY_SNAPSHOT_ADMIN_POC.md @@ -71,7 +71,7 @@ Use these exact values for the first POC. - If you use direct bind mode, keep `--allow-remote` and Basic Auth enabled together - For Gitea Actions runner verification, register `act_runner` with host labels (`self-hosted:host,linux:host`) if you want to avoid Docker job containers and the `Cleaning up container` log line - Preferred launcher script: `tools/run_snapshot_admin_synology.sh` - - Gitea CI deploy path: trigger `.gitea/workflows/snapshot_admin.yml` `workflow_dispatch` and let the host runner call the launcher script + - Gitea CI deploy path: trigger `.gitea/workflows/snapshot_admin_deploy.yml` `workflow_dispatch` and let the host runner call the launcher script - Runner bootstrap: `tools/re_register_act_runner_synology.sh` - Runner daemon start: `tools/start_act_runner_synology.sh`