227 lines
9.2 KiB
YAML
227 lines
9.2 KiB
YAML
name: Quant Engine CI/CD Pipeline
|
|
|
|
on:
|
|
push:
|
|
branches: [ main ]
|
|
pull_request:
|
|
branches: [ main ]
|
|
workflow_dispatch:
|
|
|
|
# ─────────────────────────────────────────────────────────────────
|
|
# Synology DS216j (ARMv7l 32-bit) 환경 제약
|
|
# - Python: /usr/bin/python3 (3.8.12)
|
|
# - Node.js 18: /usr/local/bin (appstore)
|
|
# - numpy/pandas: 공식 휠 없음, gcc 미설치 → 소스 빌드 불가
|
|
#
|
|
# CI 역할: 코드 구조 검증 게이트 (순수 Python, yaml/json)
|
|
# - Validate Specs / Formula Registry / Coverage / Behavioral Coverage
|
|
# 통합 테스트(run_release_dag, ingest 등)는 로컬에서 실행
|
|
# ─────────────────────────────────────────────────────────────────
|
|
|
|
jobs:
|
|
validate-core:
|
|
runs-on: self-hosted
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
run: |
|
|
if [ -d .git ]; then
|
|
git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
|
|
else
|
|
git init
|
|
git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
|
|
fi
|
|
git fetch origin ${{ github.sha }} --depth=1
|
|
git reset --hard FETCH_HEAD
|
|
|
|
- name: Configure Runtime Paths
|
|
run: |
|
|
# Node.js 18: /usr/local/bin (appstore symlink)
|
|
export PATH=/usr/local/bin:$PATH
|
|
echo "/usr/local/bin" >> $GITHUB_PATH
|
|
echo "=== 런타임 확인 ==="
|
|
/usr/bin/python3 --version
|
|
node --version
|
|
npm --version
|
|
|
|
- name: Setup Python Environment
|
|
run: |
|
|
# 순수 Python 패키지만 설치 (numpy/pandas 제외 — ARMv7l 휠 없음)
|
|
VENV_BASE=/volume1/gitea/python_venv
|
|
REQ_HASH=$(md5sum tools/validate_specs.py 2>/dev/null | cut -d' ' -f1 || echo "default")
|
|
VENV="$VENV_BASE/$REQ_HASH"
|
|
|
|
if [ ! -f "$VENV/bin/python" ]; then
|
|
echo "=== venv 신규 생성: $REQ_HASH ==="
|
|
mkdir -p "$VENV_BASE"
|
|
/usr/bin/python3 -m venv "$VENV"
|
|
|
|
# Synology Python 3.8은 ensurepip가 없어 venv 생성 시 pip가 누락될 수 있음
|
|
if [ ! -f "$VENV/bin/pip" ]; then
|
|
echo "pip missing in venv, installing via get-pip.py..."
|
|
curl -sS https://bootstrap.pypa.io/pip/3.8/get-pip.py -o get-pip.py
|
|
"$VENV/bin/python" get-pip.py --quiet
|
|
rm get-pip.py
|
|
fi
|
|
|
|
"$VENV/bin/pip" install --upgrade pip --quiet
|
|
"$VENV/bin/pip" install requests pyyaml openpyxl --quiet
|
|
|
|
# 오래된 venv 정리 (최근 2개만 유지)
|
|
ls -dt "$VENV_BASE"/*/ 2>/dev/null | tail -n +3 | xargs rm -rf 2>/dev/null || true
|
|
else
|
|
echo "=== venv 캐시 히트: $("$VENV/bin/python" --version 2>&1) ==="
|
|
"$VENV/bin/python" - <<'PY'
|
|
import importlib
|
|
for mod in ("requests", "yaml", "openpyxl"):
|
|
importlib.import_module(mod)
|
|
print("venv dependency import check: PASS")
|
|
PY
|
|
fi
|
|
echo "$VENV/bin" >> $GITHUB_PATH
|
|
|
|
- name: Install Node Dependencies
|
|
run: |
|
|
# package-lock.json 해시로 캐시 유효성 판단
|
|
CACHE_BASE=/volume1/gitea/node_cache
|
|
LOCK_HASH=$(md5sum package-lock.json 2>/dev/null | cut -d' ' -f1 || echo "no-lock")
|
|
[ -z "$LOCK_HASH" ] && LOCK_HASH="no-lock"
|
|
CACHE_DIR="$CACHE_BASE/$LOCK_HASH"
|
|
|
|
if [ -d "$CACHE_DIR/node_modules" ]; then
|
|
echo "=== node_modules 캐시 히트: $LOCK_HASH ==="
|
|
# 이미 같은 캐시를 가리키고 있으면 재연결하지 않음
|
|
if [ -L node_modules ] && [ "$(readlink node_modules)" = "$CACHE_DIR/node_modules" ]; then
|
|
echo "=== node_modules already linked to cache ==="
|
|
else
|
|
if [ -e node_modules ] || [ -L node_modules ]; then
|
|
rm -rf node_modules
|
|
fi
|
|
ln -s "$CACHE_DIR/node_modules" node_modules
|
|
fi
|
|
else
|
|
echo "=== npm install (최초 or lock 변경) ==="
|
|
npm install --quiet
|
|
# 캐시 저장
|
|
mkdir -p "$CACHE_DIR"
|
|
cp -r node_modules "$CACHE_DIR/node_modules"
|
|
echo "캐시 저장 완료: $CACHE_DIR"
|
|
# 오래된 캐시 정리 (최근 3개만 유지)
|
|
ls -dt "$CACHE_BASE"/*/ 2>/dev/null | tail -n +4 | xargs rm -rf 2>/dev/null || true
|
|
fi
|
|
node --version && npm --version
|
|
|
|
- name: "[CRITICAL] No Direct API Trading Gate"
|
|
run: python3 tools/validate_no_direct_api_trading_v1.py
|
|
|
|
- name: "[CRITICAL] Validate KIS API Credentials (mock)"
|
|
env:
|
|
KIS_APP_Key_TEST: ${{ vars.KIS_APP_KEY_TEST }}
|
|
KIS_APP_Secret_TEST: ${{ vars.KIS_APP_SECRET_TEST }}
|
|
run: python3 tools/validate_kis_api_credentials_v1.py --account mock --ticker 005930 --dry-run
|
|
|
|
- name: Validate Specs
|
|
run: python3 tools/validate_specs.py
|
|
|
|
- name: Validate Formula Registry
|
|
run: python3 tools/validate_formula_registry.py
|
|
|
|
- name: Validate Golden Case Coverage
|
|
run: python3 tools/validate_golden_coverage_100.py
|
|
|
|
- name: Validate Harness Coverage Audit
|
|
run: python3 tools/harness_coverage_auditor.py
|
|
|
|
- name: Validate Platform Transition WBS
|
|
run: python3 tools/validate_platform_transition_wbs_v1.py
|
|
|
|
- name: Build Calibration Priority Backlog
|
|
run: python3 tools/build_calibration_priority_v1.py
|
|
|
|
- name: Build Calibration Change Ledger
|
|
run: python3 tools/build_calibration_change_ledger_v4.py
|
|
|
|
- name: Validate Calibration Change Ledger
|
|
run: python3 tools/validate_calibration_change_ledger_v1.py
|
|
|
|
- name: Validate Qualitative Sell Strategy Pipeline
|
|
run: python3 tools/validate_qualitative_sell_strategy_pipeline_v1.py
|
|
|
|
- name: Validate Gitea Secrets Contract
|
|
run: python3 tools/validate_gitea_secrets_contract_v1.py
|
|
|
|
- name: Validate Snapshot Admin Workflow
|
|
run: python3 tools/validate_snapshot_admin_workflow_v1.py
|
|
|
|
validate-ui-and-storage:
|
|
runs-on: self-hosted
|
|
needs: validate-core
|
|
if: github.event_name != 'push'
|
|
|
|
steps:
|
|
- name: Checkout Code
|
|
run: |
|
|
if [ -d .git ]; then
|
|
git remote set-url origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
|
|
else
|
|
git init
|
|
git remote add origin http://x-access-token:${{ secrets.GITHUB_TOKEN }}@192.168.123.100:8418/KimJaeHyun/myfinance.git
|
|
fi
|
|
git fetch origin ${{ github.sha }} --depth=1
|
|
git reset --hard FETCH_HEAD
|
|
|
|
- name: Setup Python Environment
|
|
run: |
|
|
VENV_BASE=/volume1/gitea/python_venv
|
|
REQ_HASH=$(md5sum tools/validate_snapshot_admin_web_v1.py 2>/dev/null | cut -d' ' -f1 || echo "default")
|
|
VENV="$VENV_BASE/$REQ_HASH"
|
|
|
|
if [ ! -f "$VENV/bin/python" ]; then
|
|
echo "=== venv 신규 생성: $REQ_HASH ==="
|
|
mkdir -p "$VENV_BASE"
|
|
/usr/bin/python3 -m venv "$VENV"
|
|
|
|
if [ ! -f "$VENV/bin/pip" ]; then
|
|
echo "pip missing in venv, installing via get-pip.py..."
|
|
curl -sS https://bootstrap.pypa.io/pip/3.8/get-pip.py -o get-pip.py
|
|
"$VENV/bin/python" get-pip.py --quiet
|
|
rm get-pip.py
|
|
fi
|
|
|
|
"$VENV/bin/pip" install --upgrade pip --quiet
|
|
"$VENV/bin/pip" install requests pyyaml openpyxl --quiet
|
|
else
|
|
echo "=== venv 캐시 히트: $("$VENV/bin/python" --version 2>&1) ==="
|
|
fi
|
|
echo "$VENV/bin" >> $GITHUB_PATH
|
|
|
|
- name: Validate Snapshot Admin Web UI
|
|
if: needs.validate-core.result == 'success'
|
|
run: python3 tools/validate_snapshot_admin_web_v1.py
|
|
|
|
- name: Validate Storage Backend Contracts
|
|
if: needs.validate-core.result == 'success'
|
|
run: python3 -m pytest tests/unit/test_storage_backend_v1.py tests/unit/test_validate_kis_api_credentials_v1.py tests/unit/test_qualitative_sell_strategy_store_v1.py tests/unit/test_kis_api_client_v1.py tests/unit/test_snapshot_admin_store_v1.py tests/unit/test_snapshot_admin_web_v1.py -q
|
|
|
|
- name: Notify PR Result
|
|
if: always() && github.event_name == 'pull_request'
|
|
env:
|
|
CORE_RESULT: ${{ needs.validate-core.result }}
|
|
STAGE_RESULT: ${{ job.status }}
|
|
run: |
|
|
STATUS="$STAGE_RESULT"
|
|
if [ "$CORE_RESULT" != "success" ]; then
|
|
STATUS="failure"
|
|
fi
|
|
PR_NUM="${{ github.event.pull_request.number }}"
|
|
RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
|
|
if [ "$STATUS" = "success" ]; then
|
|
MSG="✅ **CI PASS** — spec/registry/coverage gate OK\n\n[워크플로우 로그](${RUN_URL})"
|
|
else
|
|
MSG="❌ **CI FAIL** — 로그 확인 필요\n\n[워크플로우 로그](${RUN_URL})"
|
|
fi
|
|
curl -s -X POST "${{ github.api_url }}/repos/${{ github.repository }}/issues/${PR_NUM}/comments" \
|
|
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"body\":\"${MSG}\"}"
|