---
id: wiki-2026-0508-gates
title: Gates
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Quality Gates, CI Gates, Release Gates]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [architecture, ci-cd, quality, governance]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: yaml
  framework: github-actions
---

# Gates

## 매 한 줄
> **"매 quality gate 의 build/release 의 progress 의 block 의 conditional checkpoint 의 정의"**. 매 SonarQube popularization 의 origin (~2008), 매 modern CI/CD 의 essential part — 매 PR merge / deploy 의 prerequisite 의 automated assertion 의 set.

## 매 핵심

### 매 Gate 종류
- **Build Gate**: compile + unit test pass.
- **Quality Gate**: coverage ≥ 80%, no critical SonarQube issues.
- **Security Gate**: SAST (Semgrep, CodeQL), SCA (Dependabot, Snyk), secret scan.
- **Performance Gate**: bundle size, Lighthouse, p99 latency budget.
- **Manual Approval Gate**: prod deploy 의 human reviewer.

### 매 Gate 위치
- **PR Gate**: pre-merge — fast (<5 min).
- **Main Branch Gate**: post-merge — heavier (E2E, integration).
- **Release Gate**: pre-deploy — canary metrics, smoke tests.
- **Production Gate**: post-deploy — error rate watcher, auto-rollback.

### 매 응용
1. SonarQube Quality Gate (coverage / duplication / issues).
2. GitHub branch protection rules.
3. ArgoCD sync waves with health gates.

## 💻 패턴

### GitHub Actions Quality Gate
```yaml
name: PR Gate
on: pull_request
jobs:
  gate:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20 }
      - run: npm ci
      - run: npm test -- --coverage
      - name: Coverage gate
        run: |
          COV=$(jq '.total.lines.pct' coverage/coverage-summary.json)
          if (( $(echo "$COV < 80" | bc -l) )); then
            echo "Coverage $COV% < 80%"; exit 1
          fi
      - uses: github/codeql-action/analyze@v3
```

### SonarQube Quality Gate
```yaml
- uses: SonarSource/sonarqube-scan-action@v3
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- uses: SonarSource/sonarqube-quality-gate-action@v1
  timeout-minutes: 5
  env:
    SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
```

### Bundle Size Gate
```yaml
- uses: andresz1/size-limit-action@v1
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    skip_step: install
```

### Manual Approval Gate (GitHub Environments)
```yaml
deploy-prod:
  environment:
    name: production
    url: https://app.example.com
  runs-on: ubuntu-latest
  needs: [test, security]
  steps:
    - run: ./deploy.sh prod
```
Configured in repo Settings → Environments → required reviewers.

### ArgoCD Sync Wave Gate
```yaml
metadata:
  annotations:
    argocd.argoproj.io/sync-wave: "1"
    argocd.argoproj.io/hook: PreSync
    argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
```

### Canary Gate (Argo Rollouts)
```yaml
strategy:
  canary:
    steps:
      - setWeight: 10
      - pause: { duration: 5m }
      - analysis:
          templates: [{ templateName: success-rate }]
      - setWeight: 50
      - pause: { duration: 10m }
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| Fast PR feedback | unit + lint + type only (<3 min) |
| Compliance-heavy | SAST + SCA + license + signed commits |
| High-traffic prod | canary + auto-rollback gate |
| Monorepo | path-filtered gates (only run affected) |

**기본값**: PR gate (lint+test+typecheck) → main gate (E2E+coverage) → prod gate (manual approval+canary).

## 🔗 Graph
- 부모: [[CI CD]] · [[DevOps]]
- 변형: [[Quality-Gate]]
- 응용: [[GitHub-Actions]] · [[ArgoCD]] · [[SonarQube]]
- Adjacent: [[Trunk-Based-Development]] · [[Feature-Flags]]

## 🤖 LLM 활용
**언제**: gate 의 thresholds 의 review, gate config 의 generation, failure log 의 root cause 의 analysis.
**언제 X**: gate policy 의 organizational decision (compliance, risk tolerance) — human ownership 필요.

## ❌ 안티패턴
- **Gate inflation**: 매 PR 의 30+ checks → developer frustration, gaming via skip flags.
- **Flaky gates**: intermittent failures 의 normalize → real failures 의 ignore.
- **Bypass culture**: admin 의 "merge anyway" 의 routine usage.
- **No rollback gate**: deploy 후 metrics 의 watch 없이 → bad release 의 prolong.
- **Unmeasured threshold**: "good enough" coverage % 의 arbitrary 의 set.

## 🧪 검증 / 중복
- Verified (Google SRE Book, GitHub branch protection docs, SonarQube Quality Gates).
- 신뢰도 A.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — quality gates / CI gates 의 full content |