name: Git Repository Backup (Pre-scan) on: workflow_dispatch: inputs: branches: description: 'Comma-separated list of sourceRepo/branch entries to mirror (e.g., dev_Net8.git/Develop_Net8,dev.git/develop). If empty, all entries from branch_list file will be mirrored.' required: false default: '' schedule: - cron: '0 17 * * *' # UTC 17:00 == KST 02:00 jobs: backup: runs-on: [internal] timeout-minutes: 500 steps: - name: Checkout uses: actions/checkout@v4 - name: Set up SSH env: SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} run: | mkdir -p ~/.ssh echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -p 22 172.16.10.191 >> ~/.ssh/known_hosts - name: Refresh source mirror repositories (git fetch --mirror) run: | set -euo pipefail echo "Refreshing mirror repos on 172.16.10.191 ..." ssh engdev@172.16.10.191 'set -euo pipefail; shopt -s nullglob; for repo in */.git; do dir="${repo%/.git}"; echo "Updating ${dir}"; (cd "${dir}" && git fetch --mirror --prune); done' - name: Backup Branches (pre-scan → decision → execution) env: BASE_GITEA_TOKEN: ${{ secrets.BASE_GITEA_TOKEN }} BASE_GITEA_URL: ${{ vars.BASE_GITEA_URL }} # e.g., https://gitea.example.com BASE_GITEA_USER: ${{ vars.BASE_GITEA_USER }} # The user who owns the token INPUT_BRANCHES: ${{ github.event.inputs.branches }} NOTIFY_WEBHOOK: ${{ vars.NOTIFY_WEBHOOK }} # Optional chat webhook SYNC_TAGS: ${{ vars.SYNC_TAGS }} # Optional, "false" to skip tag sync TARGET_SEED_DEPTH: ${{ vars.TARGET_SEED_DEPTH }} # Optional, fallback seed depth (default 50) run: | set -euo pipefail CENTER_ORG="center_dev" AUTH_HEADER="Authorization: token ${BASE_GITEA_TOKEN}" SOURCE_SSH_HOST="engdev@172.16.10.191" ROOT_DIR="$(pwd)" NOTIFY_WEBHOOK="${NOTIFY_WEBHOOK:-}" SYNC_TAGS="${SYNC_TAGS:-true}" TARGET_SEED_DEPTH="${TARGET_SEED_DEPTH:-50}" if ! [[ "${TARGET_SEED_DEPTH}" =~ ^[0-9]+$ ]] || (( TARGET_SEED_DEPTH <= 0 )); then echo "::warning::TARGET_SEED_DEPTH(${TARGET_SEED_DEPTH}) is invalid; resetting to 50" TARGET_SEED_DEPTH=50 fi CACHE_BASE="${ROOT_DIR}/.cache_sources" mkdir -p "${CACHE_BASE}" TOTAL_SUCCESS=0 TOTAL_SKIP=0 TOTAL_ERROR=0 TS_KST=$(TZ=Asia/Seoul date '+%Y%m%d_%H%M%S') REPORT_DIR="${ROOT_DIR}/backup_reports" mkdir -p "${REPORT_DIR}" SOURCE_HEADS_FILE="${REPORT_DIR}/source_heads_${TS_KST}.tsv" TARGET_HEADS_FILE="${REPORT_DIR}/target_heads_${TS_KST}.tsv" DECISIONS_FILE="${REPORT_DIR}/decisions_${TS_KST}.tsv" echo -e "source_repo\tbranch\tcommit" > "${SOURCE_HEADS_FILE}" echo -e "target_repo\tbranch\tcommit\texists" > "${TARGET_HEADS_FILE}" echo -e "source_repo\tbranch\talias\tresolved_repo\tsource_commit\ttarget_commit\tdecision\tnote" > "${DECISIONS_FILE}" notify_status() { local status="$1" repo="$2" branch="$3" mode="$4" start_epoch="$5" reason="${6:-}" details="${7:-}" local ts end_epoch duration text payload case "${status}" in success) ((++TOTAL_SUCCESS)) ;; skip) ((++TOTAL_SKIP)) ;; error) ((++TOTAL_ERROR)) ;; esac [[ -z "${NOTIFY_WEBHOOK}" ]] && return ts=$(TZ=Asia/Seoul date '+%Y-%m-%d %H:%M:%S %Z') case "${status}" in start) text="센터Git ${repo} 백업을 ${ts}에 시작합니다. (branch: ${branch}, mode: ${mode})" ;; skip) end_epoch=$(date +%s) duration=$((end_epoch - start_epoch)) text="센터Git ${repo} 백업을 건너뜁니다. (branch: ${branch} -> main, mode: ${mode}, duration: ${duration}s, 시각: ${ts})" ;; success) end_epoch=$(date +%s) duration=$((end_epoch - start_epoch)) text="센터Git ${repo} 백업을 완료했습니다. (branch: ${branch} -> main, mode: ${mode}, duration: ${duration}s, 완료시각: ${ts})" ;; error) end_epoch=$(date +%s) duration=$((end_epoch - start_epoch)) text="센터Git ${repo} 백업이 실패했습니다. (branch: ${branch}, mode: ${mode}, duration: ${duration}s, 이유: ${reason}, 시각: ${ts})" ;; *) text="센터Git ${repo} 상태: ${status} (${ts})" ;; esac if [[ -n "${details}" ]]; then text="${text} (heads: ${details})" fi payload=${text//\"/\\\"} curl -sS -i -X POST \ -H "Content-Type: application/json" \ -d "{\"username\":\"Gitea\",\"icon_url\":\"https://gitea.hmac.kr/assets/img/logo.svg\",\"text\":\"${payload}\"}" \ "${NOTIFY_WEBHOOK}" >/dev/null || echo "::warning::Notification failed for ${repo} (${status})" } set_default_branch_main() { local repo_name="$1" local response http_status body attempt max_api_retry max_api_retry=3 attempt=1 while (( attempt<=max_api_retry )); do response=$(curl -s -w "\n%{http_code}" -X PATCH -H "Content-Type: application/json" -H "${AUTH_HEADER}" -d "{\"default_branch\":\"main\"}" "${BASE_GITEA_URL}/api/v1/repos/${CENTER_ORG}/${repo_name}") || response=$'\n000' http_status=$(echo "${response}" | tail -n1) body=$(echo "${response}" | sed '$d') if [[ "${http_status}" == "000" || "${http_status}" =~ ^5 || "${http_status}" == "429" ]]; then echo "::warning::Retrying default branch set (HTTP ${http_status}) for ${repo_name} (${attempt}/3)..." sleep 5 ((attempt++)) continue fi break done if [[ "${http_status}" != "200" ]]; then echo "::warning::Failed to set default branch to 'main' for ${CENTER_ORG}/${repo_name} (status ${http_status})" if [[ -n "${body}" ]]; then echo "${body}" fi else echo "Default branch set to 'main' for ${CENTER_ORG}/${repo_name}" fi } map_repo_name() { local branch_name="$1" alias_name="$2" resolved resolved="${branch_name}" if [[ "${branch_name}" == "Develop_Net8" ]]; then resolved="base" elif [[ "${branch_name}" == "Develop_Net8_"* ]]; then resolved="${branch_name#Develop_Net8_}" elif [[ "${branch_name}" == "Develop_"* ]]; then resolved="${branch_name#Develop_}" elif [[ "${branch_name}" == "develop_"* ]]; then resolved="${branch_name#develop_}" fi if [[ -n "${alias_name}" ]]; then resolved="${alias_name}" fi echo "${resolved}" } declare -A SOURCE_HEADS declare -A ENTRY_SOURCE declare -A ENTRY_BRANCH declare -A ENTRY_ALIAS declare -A ENTRY_REPO declare -A SOURCE_REPOS declare -A SOURCE_CACHE_PATH declare -a ENTRY_KEYS=() add_entry() { local entry_raw="$1" entry alias_name source_repo branch_name repo_name idx entry="${entry_raw%%#*}" entry="$(echo "$entry" | xargs)" [[ -z "${entry}" ]] && return alias_name="" if [[ "${entry}" == *","* ]]; then IFS=',' read -r entry alias_name <<< "${entry}" entry="$(echo "$entry" | xargs)" alias_name="$(echo "$alias_name" | xargs)" fi if [[ "${entry}" != */* ]]; then echo "::warning::Entry '${entry}' is missing sourceRepo/branch format. Skipping." return fi source_repo="${entry%%/*}" branch_name="${entry#*/}" if [[ -z "${source_repo}" || -z "${branch_name}" ]]; then echo "::warning::Invalid entry '${entry}'. Skipping." return fi repo_name="$(map_repo_name "${branch_name}" "${alias_name}")" idx="${#ENTRY_KEYS[@]}" ENTRY_KEYS+=("${idx}") ENTRY_SOURCE["${idx}"]="${source_repo}" ENTRY_BRANCH["${idx}"]="${branch_name}" ENTRY_ALIAS["${idx}"]="${alias_name}" ENTRY_REPO["${idx}"]="${repo_name}" SOURCE_REPOS["${source_repo}"]=1 } if [[ -n "${INPUT_BRANCHES}" ]]; then echo "Processing manually specified branches (pre-scan mode): ${INPUT_BRANCHES}" IFS=',' read -r -a branches_to_process <<< "${INPUT_BRANCHES}" for branch in "${branches_to_process[@]}"; do add_entry "${branch}" done else echo "Processing branch_list in pre-scan mode." while IFS= read -r branch_line || [[ -n "${branch_line}" ]]; do add_entry "${branch_line}" done < branch_list fi if (( ${#ENTRY_KEYS[@]} == 0 )); then echo "::error::No valid branch entries to process." exit 1 fi prepare_cache() { local source_repo="$1" cache_dir="${CACHE_BASE}/${source_repo//\//_}.git" if [[ ! -d "${cache_dir}" ]]; then echo "Initializing local cache for ${source_repo} at ${cache_dir}" if ! git clone --mirror "${SOURCE_SSH_HOST}:${source_repo}" "${cache_dir}"; then echo "::warning::Failed to clone cache for ${source_repo}" return 1 fi else echo "Refreshing cache for ${source_repo}" if ! git -C "${cache_dir}" fetch --mirror --prune; then echo "::warning::Failed to refresh cache for ${source_repo}" return 1 fi fi SOURCE_CACHE_PATH["${source_repo}"]="${cache_dir}" } echo "Preparing per-source caches..." for source_repo in "${!SOURCE_REPOS[@]}"; do prepare_cache "${source_repo}" || echo "::warning::Cache unavailable for ${source_repo}; will fallback to direct fetch" done echo "Step 1) 소스 브랜치 해시 스캔" for source_repo in "${!SOURCE_REPOS[@]}"; do cache_dir="${SOURCE_CACHE_PATH[${source_repo}]:-}" source_repo_url="${SOURCE_SSH_HOST}:${source_repo}" if [[ -n "${cache_dir}" && -d "${cache_dir}" ]]; then echo " - using cache: ${cache_dir}" remote_output=$(git -C "${cache_dir}" for-each-ref --format='%(objectname)\t%(refname)' 'refs/heads/*') || { echo "::warning::Failed to read heads from cache ${cache_dir}; falling back to remote." remote_output=$(git ls-remote --heads "${source_repo_url}") || { echo "::warning::Failed to ls-remote ${source_repo_url}. Entries for this repo may fail." continue } } else echo " - ${source_repo_url}" if ! remote_output=$(git ls-remote --heads "${source_repo_url}"); then echo "::warning::Failed to ls-remote ${source_repo_url}. Entries for this repo may fail." continue fi fi while IFS=$'\t' read -r commit ref || [[ -n "${commit}" ]]; do [[ -z "${commit}" || -z "${ref}" ]] && continue branch="${ref#refs/heads/}" SOURCE_HEADS["${source_repo}|${branch}"]="${commit}" echo -e "${source_repo}\t${branch}\t${commit}" >> "${SOURCE_HEADS_FILE}" done <<< "${remote_output}" done echo "Step 2) 타겟 해시 스캔 및 실행 계획 수립" GITEA_HOSTNAME=$(echo "${BASE_GITEA_URL}" | sed -e 's~^https*://~~' -e 's~/$~~') for idx in "${ENTRY_KEYS[@]}"; do source_repo="${ENTRY_SOURCE[${idx}]}" branch_name="${ENTRY_BRANCH[${idx}]}" alias_name="${ENTRY_ALIAS[${idx}]}" repo_name="${ENTRY_REPO[${idx}]}" start_epoch=$(date +%s) backup_mode="미정" note="" target_commit="" heads_detail="src=unknown tgt=unknown" source_commit="${SOURCE_HEADS[${source_repo}|${branch_name}]:-}" if [[ -z "${source_commit}" ]]; then note="source branch 없음/조회 실패" echo -e "${source_repo}\t${branch_name}\t${alias_name}\t${repo_name}\t\t\t건너뜀\t${note}" >> "${DECISIONS_FILE}" heads_detail="src=none tgt=unknown" notify_status "error" "${repo_name}" "${branch_name}" "사전 스캔 실패" "${start_epoch}" "${note}" "${heads_detail}" echo "Skipping ${branch_name} (${repo_name}) - ${note}" continue fi GITEA_REMOTE="https://${BASE_GITEA_USER}:${BASE_GITEA_TOKEN}@${GITEA_HOSTNAME}/${CENTER_ORG}/${repo_name}.git" repo_exists=false just_created=false max_api_retry=3 attempt=1 while (( attempt<=max_api_retry )); do http_status=$(curl -s -o /dev/null -w "%{http_code}" -H "${AUTH_HEADER}" "${BASE_GITEA_URL}/api/v1/repos/${CENTER_ORG}/${repo_name}") || http_status="000" if [[ "${http_status}" == "000" || "${http_status}" =~ ^5 || "${http_status}" == "429" ]]; then echo "::warning::Repo check HTTP ${http_status} for ${repo_name} (${attempt}/3); retrying in 5s..." sleep 5 ((attempt++)) continue fi break done if [[ "${http_status}" == "200" ]]; then repo_exists=true elif [[ "${http_status}" == "404" ]]; then repo_exists=false else note="repo 조회 실패 (HTTP ${http_status})" echo "::warning::${note}" echo -e "${source_repo}\t${branch_name}\t${alias_name}\t${repo_name}\t${source_commit}\t\t건너뜀\t${note}" >> "${DECISIONS_FILE}" heads_detail="src=${source_commit} tgt=unknown" notify_status "error" "${repo_name}" "${branch_name}" "사전 조회 실패" "${start_epoch}" "${note}" "${heads_detail}" continue fi target_commit="" if ${repo_exists}; then target_main_ref=$(git ls-remote "${GITEA_REMOTE}" "refs/heads/main" || true) target_commit=$(echo "${target_main_ref}" | awk '{print $1}') fi heads_detail="src=${source_commit} tgt=${target_commit:-none}" exists_text=$(${repo_exists} && echo "true" || echo "false") echo -e "${repo_name}\tmain\t${target_commit:-}\t${exists_text}" >> "${TARGET_HEADS_FILE}" decision="" if ! ${repo_exists}; then decision="신규 백업" note="타겟 저장소 없음" elif [[ -z "${target_commit}" ]]; then decision="신규 백업" note="타겟 main 없음" elif [[ "${source_commit}" == "${target_commit}" ]]; then decision="동일 커밋 - 건너뜀" note="동일 커밋" else decision="증분 백업" note="커밋 상이" fi echo -e "${source_repo}\t${branch_name}\t${alias_name}\t${repo_name}\t${source_commit}\t${target_commit}\t${decision}\t${note}" >> "${DECISIONS_FILE}" if [[ "${decision}" == "동일 커밋 - 건너뜀" ]]; then notify_status "skip" "${repo_name}" "${branch_name}" "${decision}" "${start_epoch}" "" "${heads_detail}" echo "Pre-scan marked ${branch_name} (${repo_name}) as skip (same commit)." continue fi if [[ "${decision}" == "신규 백업" ]]; then backup_mode="신규 백업" echo "Repository 'center_dev/${repo_name}' does not exist or main is missing. Will create/push." attempt=1 create_status="" if ! ${repo_exists}; then while (( attempt<=max_api_retry )); do create_status=$(curl -s -o /dev/null -w "%{http_code}" -X POST -H "Content-Type: application/json" -H "${AUTH_HEADER}" -d "{\"name\":\"${repo_name}\",\"private\":true,\"default_branch\":\"main\"}" "${BASE_GITEA_URL}/api/v1/orgs/${CENTER_ORG}/repos") || create_status="000" if [[ "${create_status}" == "000" || "${create_status}" =~ ^5 || "${create_status}" == "429" ]]; then echo "::warning::Repo create HTTP ${create_status} for ${repo_name} (${attempt}/3); retrying in 5s..." sleep 5 ((attempt++)) continue fi break done if [[ "${create_status}" != "201" ]]; then echo "::error::Failed to create repository. HTTP ${create_status}" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "repo 생성 실패 (HTTP ${create_status})" "${heads_detail}" continue fi echo "Repository created successfully." repo_exists=true just_created=true fi else backup_mode="증분 백업" just_created=false fi notify_status "start" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "" "${heads_detail}" shallow_exclude_args=() if ${repo_exists} && [[ -n "${target_commit:-}" ]]; then shallow_exclude_args=(--shallow-exclude="${target_commit}") fi CLONE_DIR=$(mktemp -d) echo "Working directory: ${CLONE_DIR}" if ${just_created}; then echo "Target repo newly created; cloning source branch for initial push..." SOURCE_FETCH_REMOTE="${SOURCE_CACHE_PATH[${source_repo}]:-${SOURCE_SSH_HOST}:${source_repo}}" if ! git clone --bare --no-tags --single-branch --branch "${branch_name}" "${SOURCE_FETCH_REMOTE}" "${CLONE_DIR}"; then echo "::error::Failed to clone source repository ${SOURCE_FETCH_REMOTE}" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "source clone 실패" "${heads_detail}" rm -rf "${CLONE_DIR}" continue fi cd "${CLONE_DIR}" git remote rename origin source git remote add origin "${GITEA_REMOTE}" else cd "${CLONE_DIR}" if ! git init --bare; then echo "::error::Failed to init bare repository" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "bare init 실패" "${heads_detail}" cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" continue fi git remote add origin "${GITEA_REMOTE}" SOURCE_FETCH_REMOTE="${SOURCE_CACHE_PATH[${source_repo}]:-${SOURCE_SSH_HOST}:${source_repo}}" git remote add source "${SOURCE_FETCH_REMOTE}" fi echo "Fetching latest branch '${branch_name}' from source..." FETCH_LOG="${CLONE_DIR}/fetch_shallow.log" if ! git fetch --no-tags "${shallow_exclude_args[@]}" source "+refs/heads/${branch_name}:refs/heads/${branch_name}" 2> >(tee "${FETCH_LOG}" >&2); then if [[ "${#shallow_exclude_args[@]}" -gt 0 ]]; then echo "::warning::shallow-exclude fetch failed (likely unsupported). Log: ${FETCH_LOG}" if [[ -s "${FETCH_LOG}" ]]; then echo "[shallow-exclude stderr tail]" tail -n 40 "${FETCH_LOG}" fi echo "[fallback] Seeding target main depth=${TARGET_SEED_DEPTH} then retrying full fetch without shallow-exclude" SEED_LOG="${CLONE_DIR}/fetch_seed.log" git fetch --no-tags --depth="${TARGET_SEED_DEPTH}" origin "refs/heads/main:refs/heads/main" 2> >(tee "${SEED_LOG}" >&2) || echo "::warning::Seeding from target main skipped (fetch failed or branch missing)" backup_mode="증분 백업 (폴백: shallow-exclude 미지원)" FULL_FETCH_LOG="${CLONE_DIR}/fetch_full.log" if ! git fetch --no-tags source "+refs/heads/${branch_name}:refs/heads/${branch_name}" 2> >(tee "${FULL_FETCH_LOG}" >&2); then if [[ -s "${SEED_LOG:-}" ]]; then echo "[seed stderr tail]" tail -n 40 "${SEED_LOG}" fi if [[ -s "${FULL_FETCH_LOG}" ]]; then echo "[fallback fetch stderr tail]" tail -n 40 "${FULL_FETCH_LOG}" fi echo "::error::Failed to fetch branch '${branch_name}' from source repo (fallback without shallow-exclude)" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "source fetch 오류(폴백)" "${heads_detail}" cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" continue fi else echo "::error::Failed to fetch branch '${branch_name}' from source repo" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "source fetch 오류" "${heads_detail}" cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" continue fi fi if [[ "${SYNC_TAGS}" == "true" ]]; then echo "Fetching tags from source..." if ! git fetch --prune --prune-tags --no-tags source "refs/tags/*:refs/tags/*"; then echo "::error::Failed to fetch tags from source repo" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "tag fetch 오류" "${heads_detail}" cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" continue fi fi echo "Pushing '${branch_name}' to Gitea repository '${repo_name}'..." if ! git push --progress --force origin "refs/heads/${branch_name}:refs/heads/main"; then echo "::error::Failed to push branch '${branch_name}' to target repository" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "push 오류 (-> main)" "${heads_detail}" cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" continue fi if [[ "${SYNC_TAGS}" == "true" ]]; then echo "Pushing tags to Gitea repository '${repo_name}'..." if ! git push --force --prune origin "refs/tags/*:refs/tags/*"; then echo "::warning::Failed to push tags to target repository" notify_status "error" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "tag push 오류" "${heads_detail}" fi fi cd "${ROOT_DIR}" rm -rf "${CLONE_DIR}" echo "Successfully mirrored ${branch_name} to center_dev/${repo_name}" set_default_branch_main "${repo_name}" final_heads_detail="src=${source_commit} tgt=${source_commit}" notify_status "success" "${repo_name}" "${branch_name}" "${backup_mode}" "${start_epoch}" "" "${final_heads_detail}" echo "=================================================" echo "" done TOTAL_PROCESSED=$((TOTAL_SUCCESS + TOTAL_SKIP + TOTAL_ERROR)) SUMMARY_TS=$(TZ=Asia/Seoul date '+%Y-%m-%d %H:%M:%S %Z') SUMMARY_TEXT="브랜치 동기화 완료: 총 ${TOTAL_PROCESSED}개 (성공 ${TOTAL_SUCCESS}, 동일로 건너뜀 ${TOTAL_SKIP}, 오류 ${TOTAL_ERROR}) - ${SUMMARY_TS}" echo "${SUMMARY_TEXT}" echo "Source head 기록: ${SOURCE_HEADS_FILE}" echo "Target head 기록: ${TARGET_HEADS_FILE}" echo "판정 테이블: ${DECISIONS_FILE}" if [[ -n "${NOTIFY_WEBHOOK}" ]]; then SUMMARY_PAYLOAD=${SUMMARY_TEXT//\"/\\\"} curl -sS -i -X POST \ -H "Content-Type: application/json" \ -d "{\"username\":\"Gitea\",\"icon_url\":\"https://gitea.hmac.kr/assets/img/logo.svg\",\"text\":\"${SUMMARY_PAYLOAD}\"}" \ "${NOTIFY_WEBHOOK}" >/dev/null || echo "::warning::Summary notification failed" fi if (( TOTAL_ERROR > 0 )); then echo "::warning::One or more branches failed (${TOTAL_ERROR})." exit 1 fi