2nd/10_Wiki/Topics/AI_and_ML/Modern Engineering Practices (현대적 엔지니어링 프랙티스).md

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

id	title	category	status	canonical_id	aliases	duplicate_of	source_trust_level	confidence_score	verification_status	tags	raw_sources	last_reinforced	github_commit	tech_stack
wiki-2026-0508-modern-engineering-practices-현대적	Modern Engineering Practices (현대적 엔지니어링 프랙티스)	10_Wiki/Topics	verified	self	Modern Engineering Modern Dev Practices 현대 엔지니어링 Engineering Best Practices 2026	none	A	0.92	applied	engineering devops ci-cd dora sre observability ai-augmented trunk-based iac		2026-05-10	pending	language framework any github-actions|terraform|opentelemetry

Modern Engineering Practices (현대적 엔지니어링 프랙티스)

한 줄: 2026년 표준 — 작은 PR·trunk-based·CI/CD·IaC·observability·DORA 측정·AI-augmented dev. "고객까지 30분 안에 배포".

핵심

• Flow: trunk-based + short-lived branch (≤1일), feature flag, 작은 PR (<400 LOC), 즉시 review, 즉시 merge.
• CI/CD: 모든 PR에서 build·test·lint·security scan, 머지 즉시 staging, canary/progressive rollout (LaunchDarkly·Argo Rollouts).
• DORA 4 metrics: deployment frequency, lead time for changes, change failure rate, MTTR. Elite = 다회/일·<1h·<15%·<1h.
• IaC: Terraform/OpenTofu·Pulumi·Crossplane. Drift detection. GitOps (Argo CD, Flux).
• Observability: 3 pillars (logs·metrics·traces) + profiles. OpenTelemetry 표준, Grafana/Datadog/Honeycomb.
• AI-augmented: Copilot/Cursor/Claude Code 코드 작성·PR review·테스트 생성. SLSA·SBOM 등 supply-chain security.

결정 기준

영역	채택	회피
브랜치 전략	trunk-based + short branch + flag	git-flow (대형 long-lived branch)
배포	progressive (canary 1%→10%→100%)	big-bang weekend deploy
테스트 피라미드	unit > contract > integ > e2e	역피라미드 (UI 무거움)
Secret 관리	Vault, SOPS, cloud KMS	env 파일 git 커밋
Infra	IaC + GitOps	콘솔 클릭
모니터링	OTel + SLO 알람	모든 에러 페이지
Code review	< 4시간 응답, 작은 PR	1000줄 PR

💻 패턴

GitHub Actions: PR + main 분리

name: ci
on:
  pull_request:
  push: { branches: [main] }
jobs:
  test:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: actions/setup-node@v4
        with: { node-version: 20, cache: pnpm }
      - run: pnpm install --frozen-lockfile
      - run: pnpm lint && pnpm test --coverage
      - uses: codecov/codecov-action@v4
  deploy:
    needs: test
    if: github.ref == 'refs/heads/main'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: ./scripts/deploy.sh staging

Trunk-based + feature flag

import { useFlag } from "@/lib/flags";
export function Checkout() {
  const newFlow = useFlag("checkout-v2", { default: false });
  return newFlow ? <CheckoutV2 /> : <CheckoutV1 />;
}

Terraform 모듈 + remote state

terraform {
  required_version = ">= 1.7"
  backend "s3" {
    bucket = "tfstate-prod" key = "app/terraform.tfstate"
    region = "us-east-1" dynamodb_table = "tf-locks"
  }
}
module "api" {
  source  = "./modules/service"
  name    = "api" image = "ghcr.io/org/api:${var.git_sha}"
  min_replicas = 3 cpu = "500m"
}

OpenTelemetry instrumentation (Node)

import { NodeSDK } from "@opentelemetry/sdk-node";
import { OTLPTraceExporter } from "@opentelemetry/exporter-trace-otlp-http";
import { getNodeAutoInstrumentations } from "@opentelemetry/auto-instrumentations-node";

new NodeSDK({
  traceExporter: new OTLPTraceExporter({ url: process.env.OTEL_ENDPOINT }),
  instrumentations: [getNodeAutoInstrumentations()],
}).start();

Progressive delivery (Argo Rollouts)

apiVersion: argoproj.io/v1alpha1
kind: Rollout
spec:
  strategy:
    canary:
      steps:
        - setWeight: 5
        - pause: { duration: 5m }
        - setWeight: 25
        - analysis: { templates: [{ templateName: success-rate }] }
        - setWeight: 100

SLO 정의 (Prometheus)

- alert: APILatencyBudgetBurn
  expr: (1 - histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))/0.3) < 0.5
  for: 10m
  annotations: { summary: "P99 latency burn rate" }

Pre-commit + secret scan

# .pre-commit-config.yaml
repos:
  - repo: https://github.com/gitleaks/gitleaks
    rev: v8.21.0
    hooks: [{ id: gitleaks }]
  - repo: https://github.com/pre-commit/pre-commit-hooks
    rev: v5.0.0
    hooks: [{ id: trailing-whitespace }, { id: end-of-file-fixer }]

AI-augmented PR review (Claude/Copilot)

# GitHub Action에서 PR diff → LLM review
- uses: anthropics/claude-code-action@v1
  with:
    anthropic-api-key: ${{ secrets.ANTHROPIC_API_KEY }}
    prompt: "Review for bugs/security/perf, suggest tests"

🔗 Graph

• 상위: Software-Engineering · DevOps · SRE
• 관련: CI-CD · Trunk-Based-Development · GitOps · Terraform · OpenTelemetry · DORA · Feature-Flags · Progressive-Delivery · SLSA · Code-Review
• AI 결합: AI-Augmented-Development · Copilot · Cursor · Claude-Code

🤖 LLM 활용

• PR 리뷰 1차 자동화, 테스트 생성, 마이그레이션 스크립트, 문서 초안.
• runbook 생성: 알람 → LLM이 과거 인시던트 컨텍스트로 대응 가이드.
• 위험: 보안·라이선스 검증 없이 머지 금지. 사람 review 필수.

❌ 안티패턴

• DORA 측정 없는 "DevOps" — 베이스라인 없이 개선 불가.
• Long-lived feature branch — merge hell. trunk + flag.
• 모든 알람 = 페이지 — alert fatigue. SLO burn rate 알람만 페이지.
• 수동 prod 배포 — 재현·롤백 불가. CI/CD 강제.
• Secret을 env 파일 커밋 — Vault·KMS·SOPS.
• Test 커버리지만 KPI — gaming. mutation testing·핵심 path 우선.
• AI 코드 무검토 머지 — hallucination·라이선스·보안 이슈. 동일한 review 게이트.

🧪 검증 / 중복

• 중복 후보: CI-CD, DevOps, SRE — 본 문서는 우산 (실천 종합), 각 페이지는 deep dive.
• 검증: DORA 자동 수집 (Sleuth, LinearB, Faros) · SLO 대시보드 · CFR < 15%.

🕓 Changelog

• 2026-05-08 | Phase 1 — 자동 시드.
• 2026-05-10 | Manual cleanup — DORA·trunk-based·Terraform·OTel·Argo Rollouts·AI-augmented 패턴 정리.