コンテンツにスキップ

AEGIS CI/CD Pipeline Overview

Overview

AEGIS の本番反映はローカル SSH 編集ではなく、GitHub Actions から Synology へ deploy.sh を流す経路に統一されている。

Flow

  1. Developer pushes to main or the workflow-allowed feature branch.
  2. Path-filtered GitHub Actions workflow starts.
  3. Runner sets up Tailscale + SSH and checks out the repository.
  4. Latest aegis_v3/deploy.sh is copied to Synology.
  5. Workflow runs bash /volume1/aegis/deploy.sh --service <service> --branch <ref>.
  6. deploy.sh fetches the requested branch into the Synology repo mirror, prepares host dirs/networks, and rebuilds only the target compose service.
  7. Workflow-specific verify steps confirm the expected container is running and, where needed, inspect logs or in-container artifacts.

Workflow map

Workflow Trigger outline Service Verify target
deploy-pt.yml main, feat/pt-*, PT/config/script paths pt aegis-wft, aegis-quote-collector, aegis-token-keeper-live
deploy-ldas.yml main, feat/pt-*, LDAS/aegis-bt-rs/data paths ldas aegis-ldas
deploy-dashboard.yml main, feat/pt-*, dashboard/config/share-docs paths dashboard aegis-dashboard + built SPA assets
deploy-monitor.yml main, feat/pt-*, monitor paths monitor aegis-monitor
deploy-lt-rust.yml main, LT Rust image + Rust source paths lt-rust aegis-lt-rust + runtime artifacts
deploy-lt-token-keeper.yml LT token keeper paths service-specific compose workflow-side container/status checks
deploy-lt-quote-collector.yml LT quote collector paths service-specific compose workflow-side container/status checks
deploy-lt-scan-cycle.yml LT scan-cycle paths service-specific compose workflow-side container/status checks
deploy-lt-ldas.yml LT LDAS paths service-specific compose workflow-side container/status checks
deploy-lt-ibkr-gateway.yml LT IBKR gateway paths service-specific compose workflow-side container/status checks
deploy-lt-ibkr-quote-collector.yml LT IBKR quote collector paths service-specific compose workflow-side container/status checks

Runner-side helpers

Helper Used by Role
.github/actions/synology-repo-refresh deploy-dashboard.yml refresh Synology-side repo mirror before copying the latest deploy.sh

deploy.sh role

aegis_v3/deploy.sh is the Synology-side deploy control plane.

  • Git sync: git fetch origin <branch> + reset --hard FETCH_HEAD
  • Change detection: needs_rebuild
  • Service rebuild: rebuild_compose
  • Host prep:
  • prepare_pt_host_dirs
  • prepare_ldas_host_dirs
  • prepare_dashboard_host_dirs
  • prepare_monitor_host_dirs
  • prepare_lt_rust_host_dirs
  • Shared infra: ensure_shared_network
  • Basic verify: expected container presence by --service

Synology compose structure

Directory Role
aegis_v3/pt-docker/ PT main lane (aegis-wft, quote collector, token keeper)
aegis_v3/ldas-standalone/ LDAS and Polygon quotes batch lane
aegis_v3/dashboard-docker/ Dashboard container build/runtime
aegis_v3/monitor-docker/ SMS/Slack monitor
aegis_v3/lt-rust-docker/ Rust LT runtime + shadow/parity/scan-cycle/token keeper/IBKR sidecars

Notes

  • Dashboard/Monitor workflows still let the deploy step exit non-zero without failing the job immediately and delegate final truth to explicit verify steps.
  • aegis-shared-net is the cross-compose bridge for PT/Dashboard/Monitor.
  • LT deploy workflows are more fragmented than the core 4 workflows and are a good target for future DRY consolidation.
  • As of 2026-04-12, the LT/IBKR workflow set is part of the normal inventory, not an ad-hoc scaffold: deploy-lt-ibkr-gateway.yml and deploy-lt-ibkr-quote-collector.yml are tracked beside the other LT service workflows.
  • Trigger-drift follow-up has already trimmed at least one known mismatch (deploy-dashboard.yml) and the remaining LT workflow family is documented as sharing the lt-rust-deploy concurrency boundary.
  • The Node 20 deprecated-action cleanup was completed on 2026-04-12; current workflow inventory is already on the post-upgrade baseline.

— Codex