bluemsi/2nd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
95cd8bb891bf94ea5dd50e4a490ee17d5707ecf2
2nd/10_Wiki/Topics/Architecture/Gates.md
T
koriweb d8a80f6272 chore(wiki): dangling 링크 canonical 정규화 (768파일/1200건) 
이름만 다른(표기 변형) [[위키링크]]를 대상 문서의 canonical 제목으로 치환해
끊겼던 1,200개 링크를 연결. 제목/파일명 정규화 일치만 적용하고 별칭 매칭은
과병합 위험으로 제외(애매성 가드). 원본은 _link_reconcile_backup/ 에 백업.
도구: Datacollect/scripts/link_reconcile_apply.mjs

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-08 12:24:15 +09:00

160 lines
4.7 KiB
Markdown
Raw Blame History

---
id: wiki-2026-0508-gates
title: Gates
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Quality Gates, CI Gates, Release Gates]
duplicate_of: none
source_trust_level: A
confidence_score: 0.9
verification_status: applied
tags: [architecture, ci-cd, quality, governance]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
language: yaml
framework: github-actions
---
# Gates
## 매 한 줄
> **"매 quality gate 의 build/release 의 progress 의 block 의 conditional checkpoint 의 정의"**. 매 SonarQube popularization 의 origin (~2008), 매 modern CI/CD 의 essential part — 매 PR merge / deploy 의 prerequisite 의 automated assertion 의 set.
## 매 핵심
### 매 Gate 종류
- **Build Gate**: compile + unit test pass.
- **Quality Gate**: coverage ≥ 80%, no critical SonarQube issues.
- **Security Gate**: SAST (Semgrep, CodeQL), SCA (Dependabot, Snyk), secret scan.
- **Performance Gate**: bundle size, Lighthouse, p99 latency budget.
- **Manual Approval Gate**: prod deploy 의 human reviewer.
### 매 Gate 위치
- **PR Gate**: pre-merge — fast (<5 min).
- **Main Branch Gate**: post-merge — heavier (E2E, integration).
- **Release Gate**: pre-deploy — canary metrics, smoke tests.
- **Production Gate**: post-deploy — error rate watcher, auto-rollback.
### 매 응용
1. SonarQube Quality Gate (coverage / duplication / issues).
2. GitHub branch protection rules.
3. ArgoCD sync waves with health gates.
## 💻 패턴
### GitHub Actions Quality Gate
```yaml
name: PR Gate
on: pull_request
jobs:
gate:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-node@v4
with: { node-version: 20 }
- run: npm ci
- run: npm test -- --coverage
- name: Coverage gate
run: |
COV=$(jq '.total.lines.pct' coverage/coverage-summary.json)
if (( $(echo "$COV < 80" | bc -l) )); then
echo "Coverage $COV% < 80%"; exit 1
fi
- uses: github/codeql-action/analyze@v3
```
### SonarQube Quality Gate
```yaml
- uses: SonarSource/sonarqube-scan-action@v3
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
- uses: SonarSource/sonarqube-quality-gate-action@v1
timeout-minutes: 5
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
```
### Bundle Size Gate
```yaml
- uses: andresz1/size-limit-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
skip_step: install
```
### Manual Approval Gate (GitHub Environments)
```yaml
deploy-prod:
environment:
name: production
url: https://app.example.com
runs-on: ubuntu-latest
needs: [test, security]
steps:
- run: ./deploy.sh prod
```
Configured in repo Settings → Environments → required reviewers.
### ArgoCD Sync Wave Gate
```yaml
metadata:
annotations:
argocd.argoproj.io/sync-wave: "1"
argocd.argoproj.io/hook: PreSync
argocd.argoproj.io/hook-delete-policy: BeforeHookCreation
```
### Canary Gate (Argo Rollouts)
```yaml
strategy:
canary:
steps:
- setWeight: 10
- pause: { duration: 5m }
- analysis:
templates: [{ templateName: success-rate }]
- setWeight: 50
- pause: { duration: 10m }
```
## 매 결정 기준
| 상황 | Approach |
|---|---|
| Fast PR feedback | unit + lint + type only (<3 min) |
| Compliance-heavy | SAST + SCA + license + signed commits |
| High-traffic prod | canary + auto-rollback gate |
| Monorepo | path-filtered gates (only run affected) |
**기본값**: PR gate (lint+test+typecheck) → main gate (E2E+coverage) → prod gate (manual approval+canary).
## 🔗 Graph
- 부모: [[CI CD]] · [[DevOps]]
- 변형: [[Quality-Gate]]
- 응용: [[GitHub-Actions]] · [[ArgoCD]] · [[SonarQube]]
- Adjacent: [[Trunk-Based-Development]] · [[Feature-Flags]]
## 🤖 LLM 활용
**언제**: gate 의 thresholds 의 review, gate config 의 generation, failure log 의 root cause 의 analysis.
**언제 X**: gate policy 의 organizational decision (compliance, risk tolerance) — human ownership 필요.
## ❌ 안티패턴
- **Gate inflation**: 매 PR 의 30+ checks → developer frustration, gaming via skip flags.
- **Flaky gates**: intermittent failures 의 normalize → real failures 의 ignore.
- **Bypass culture**: admin 의 "merge anyway" 의 routine usage.
- **No rollback gate**: deploy 후 metrics 의 watch 없이 → bad release 의 prolong.
- **Unmeasured threshold**: "good enough" coverage % 의 arbitrary 의 set.
## 🧪 검증 / 중복
- Verified (Google SRE Book, GitHub branch protection docs, SonarQube Quality Gates).
- 신뢰도 A.
## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — quality gates / CI gates 의 full content |
Reference in New Issue View Git Blame Copy Permalink