Merge: 생성 로직 보상트랜잭션 도입 및 서비스 분리

Refactor: 생성 로직 보상트랜잭션 도입 및 서비스 분리

Author: lunarbae628

infra/deploy.sh

@@ -57,7 +57,7 @@ echo "[deploy] compose=$COMPOSE_FILE env=$ENV_FILE service=$SERVICE"
 docker compose "${ARGS[@]}" config >/dev/null
 
 # 2) 이미지 풀 + 대상 서비스만 업데이트
-docker compose "${ARGS[@]}" pull "$SERVICE" || true
+docker compose "${ARGS[@]}" pull "$SERVICE"
 docker compose "${ARGS[@]}" up -d "$SERVICE"
 
 # 3) 컨테이너 ID를 compose로 조회(이름 하드코딩 회피)
@@ -85,4 +85,4 @@ if [[ $ok -eq 0 ]]; then
   echo -e "\n$SERVICE failed to become healthy (status=${status:-unknown})"
   docker logs --tail=200 "$CID" || true
   exit 1
-fi
+fi

infra/docker-compose.yml

@@ -104,7 +104,7 @@ services:
       --agree-tos --non-interactive
       --no-eff-email
 
-  # 자동 갱신 데몬(하루마다 확인, 갱신되면 nginx 리로드)
+  # 인증서 갱신용 컨테이너(cron)
   certbot_renew:
     image: certbot/certbot:latest
     container_name: docsa-certbot-renew
@@ -114,33 +114,6 @@ services:
       - ./certbot/www:/var/www/certbot:rw
       - ./certbot/etc:/etc/letsencrypt:rw
       - ./certbot/logs:/var/log/letsencrypt:rw
-      - /var/run/docker.sock:/var/run/docker.sock:rw
-    entrypoint: >
-      sh -c '
-        set -eu
-  
-        # curl 없으면 설치
-        if ! command -v curl >/dev/null 2>&1; then
-          if command -v apk >/dev/null 2>&1; then
-            apk add --no-cache curl >/dev/null 2>&1
-          else
-            echo "[ERROR] curl not found and apk not available. Need curl-capable image." >&2
-            exit 1
-          fi
-        fi
-  
-        while :; do
-          # renew 실행
-          certbot renew --webroot -w /var/www/certbot --quiet || true
-  
-          # nginx 무중단 reload (Docker Engine API)
-          curl -sS --unix-socket /var/run/docker.sock \
-            -X POST "http://localhost/v1.41/containers/docsa-nginx/kill?signal=HUP" \
-            >/dev/null 2>&1 || true
-  
-          sleep 24h
-        done
-      '
 
   # ===== METRICS =====
   cadvisor:
@@ -228,4 +201,4 @@ volumes:
   grafana_data:
 
 networks:
-  docsa_net:
+  docsa_net:

infra/scripts/cert_renew.sh

@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$ROOT"
+
+# Slack webhook (선택)
+ENV_FILE="$ROOT/docsa-alert.env"
+[[ -f "$ENV_FILE" ]] && source "$ENV_FILE"
+
+notify_slack () {
+  local msg="$1"
+  [[ -z "${SLACK_WEBHOOK_URL:-}" ]] && return 0
+  curl -sS -X POST -H 'Content-type: application/json' \
+    --data "{\"text\":${msg@Q}}" \
+    "$SLACK_WEBHOOK_URL" >/dev/null 2>&1 || true
+}
+
+# ---- 1) certbot renew 실행 ----
+out="$(
+  docker compose run --rm --no-deps certbot_renew \
+    certbot renew --webroot -w /var/www/certbot 2>&1 || true
+)"
+
+echo "$out"
+
+# ---- 2) 실패 감지 ----
+# certbot이 실패할 때 자주 나오는 문구 위주로 (오탐 줄임)
+if echo "$out" | grep -Eqi \
+  "certbot failed to authenticate|failed authorization procedure|the following errors were reported|unauthorized|too many requests|nxdomain|connection refused|timeout"; then
+  err_summary="$(echo "$out" | tail -n 40)"
+  notify_slack "❌ *Certbot renew 실패*
+\`\`\`
+${err_summary}
+\`\`\`"
+  exit 1
+fi
+
+# ---- 3) 갱신됨 감지 (갱신 성공 시에만 nginx reload) ----
+# 성공 시 출력되는 대표 문구들
+renewed=0
+if echo "$out" | grep -Eqi "successfully renewed|congratulations, all renewals succeeded|renewal succeeded"; then
+  renewed=1
+fi
+
+if (( renewed == 1 )); then
+  # 실행 중인 컨테이너만 HUP
+  for c in docsa-nginx docsa-nginx-stg; do
+    if [[ -n "$(docker ps -q -f "name=^/${c}$")" ]]; then
+      docker kill -s HUP "$c" >/dev/null 2>&1 || true
+    fi
+  done
+
+  # ---- 4) 실제 서비스에서 인증서 만료일 확인(nginx 적용 검증) ----
+  cert_api="$(echo | openssl s_client -connect api.docsa.o-r.kr:443 -servername api.docsa.o-r.kr 2>/dev/null \
+    | openssl x509 -noout -enddate | cut -d= -f2 || true)"
+
+  cert_stg="$(echo | openssl s_client -connect stg.api.docsa.o-r.kr:8443 -servername stg.api.docsa.o-r.kr 2>/dev/null \
+    | openssl x509 -noout -enddate | cut -d= -f2 || true)"
+
+  notify_slack "✅ *인증서 갱신 성공* → Nginx Reload 완료
+• api 만료일: \`${cert_api:-확인실패}\`
+• stg 만료일: \`${cert_stg:-확인실패}\`"
+else
+  # 갱신 불필요도 정상. (스팸 방지로 슬랙은 안 보냄)
+  echo "[info] No renewal needed."
+fi

infra/scripts/check_cert_expiry.sh

@@ -0,0 +1,48 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ENV_FILE="/srv/docsa/infra/docsa-alert.env"
+THRESHOLD_DAYS=14
+
+DOMAINS=(
+  "api.docsa.o-r.kr:443"
+  "stg.api.docsa.o-r.kr:8443"
+)
+
+[[ -f "$ENV_FILE" ]] && source "$ENV_FILE"
+
+notify_slack () {
+  local msg="$1"
+  [[ -z "${SLACK_WEBHOOK_URL:-}" ]] && return 0
+  curl -sS -X POST -H 'Content-type: application/json' \
+    --data "{\"text\":${msg@Q}}" \
+    "$SLACK_WEBHOOK_URL" >/dev/null || true
+}
+
+failed=0
+now_epoch=$(date -u +%s)
+
+for target in "${DOMAINS[@]}"; do
+  host="${target%%:*}"
+  port="${target##*:}"
+
+  exp_date=$(echo | openssl s_client -connect "$host:$port" -servername "$host" 2>/dev/null \
+    | openssl x509 -noout -enddate \
+    | cut -d= -f2 || true)
+
+  [[ -z "$exp_date" ]] && {
+    notify_slack "❌ $host:$port 인증서 만료일 조회 실패"
+    failed=1
+    continue
+  }
+
+  exp_epoch=$(date -u -d "$exp_date" +%s)
+  remain_days=$(( (exp_epoch - now_epoch) / 86400 ))
+
+  if (( remain_days <= THRESHOLD_DAYS )); then
+    notify_slack "⚠️ $host:$port 인증서 만료 임박 D-${remain_days} (만료: $exp_date UTC)"
+    failed=1
+  fi
+done
+
+exit "$failed"

infra/scripts/check_server_alive.sh

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+ENV_FILE="/srv/docsa/infra/docsa-alert.env"
+TIMEOUT=5
+
+TARGETS=(
+  "api.docsa.o-r.kr:443"
+  "stg.api.docsa.o-r.kr:8443"
+)
+
+[[ -f "$ENV_FILE" ]] && source "$ENV_FILE"
+
+notify_slack () {
+  local msg="$1"
+  [[ -z "${SLACK_WEBHOOK_URL:-}" ]] && return 0
+  curl -sS -X POST -H 'Content-type: application/json' \
+    --data "{\"text\":${msg@Q}}" \
+    "$SLACK_WEBHOOK_URL" >/dev/null 2>&1 || true
+}
+
+for target in "${TARGETS[@]}"; do
+  host="${target%%:*}"
+  port="${target##*:}"
+
+  if ! timeout "${TIMEOUT}" bash -c "</dev/tcp/${host}/${port}" 2>/dev/null; then
+    notify_slack "🚨 아아 공습경보 서버 불량: ${host}:${port}"
+  fi
+done

src/main/java/io/ejangs/docsa/domain/branch/app/BranchQueryService.java

@@ -0,0 +1,76 @@
+package io.ejangs.docsa.domain.branch.app;
+
+import io.ejangs.docsa.domain.branch.dao.mysql.BranchRepository;
+import io.ejangs.docsa.domain.branch.entity.Branch;
+import io.ejangs.docsa.domain.commit.entity.Commit;
+import io.ejangs.docsa.domain.edge.dto.graph.BranchGraphDto;
+import io.ejangs.docsa.domain.doc.entity.Doc;
+import io.ejangs.docsa.global.exception.CustomException;
+import io.ejangs.docsa.global.exception.errorcode.BranchErrorCode;
+import io.ejangs.docsa.global.util.RenewUpdatedAtHelper;
+import java.util.List;
+import lombok.RequiredArgsConstructor;
+import org.springframework.stereotype.Service;
+import org.springframework.transaction.annotation.Transactional;
+
+@Service
+@RequiredArgsConstructor
+public class BranchQueryService {
+
+    private final BranchRepository branchRepository;
+
+    @Transactional(readOnly = true)
+    public Branch getById(Long id) {
+        return branchRepository.findById(id).orElseThrow(() -> new CustomException(BranchErrorCode.BRANCH_NOT_FOUND));
+    }
+
+    @Transactional(readOnly = true)
+    public List<BranchGraphDto> getBranchGraphList(Long docId) {
+        return branchRepository.findBranchGraphDtoList(docId);
+    }
+
+    public Branch save(Branch branch) {
+        return branchRepository.save(branch);
+    }
+
+    public Branch createBranch(Doc doc, String branchName) {
+        Branch branch = branchRepository.save(Branch.builder().name(branchName).doc(doc).build());
+        RenewUpdatedAtHelper.touch(branch);
+        return branch;
+    }
+
+    public Branch createBranch(Doc doc, String branchName, Commit fromCommit) {
+        Branch branch = Branch.builder().name(branchName).doc(doc).fromCommit(fromCommit).build();
+        return branchRepository.save(branch);
+    }
+
+    @Transactional(readOnly = true)
+    public boolean existsSubBranchByFromCommitIds(List<Long> commitIds) {
+        return branchRepository.existsByFromCommitIdIn(commitIds);
+    }
+
+    public void delete(Branch branch) {
+        branchRepository.delete(branch);
+    }
+
+    //TODO: 검증하는 메소드는 별도의 ex.ValidationService로 분리(모든 도메인)
+    public void checkBranchInDocOwnedByUser(Long documentId, Long branchId, Long userId) {
+        boolean exists =
+                branchRepository.existsByIdAndDocIdAndDocUserId(branchId, documentId, userId);
+        if (!exists) {
+            throw new CustomException(BranchErrorCode.BRANCH_NOT_FOUND);
+        }
+    }
+
+    public boolean checkFromOrRootCommitInBranch(Commit commit) {
+        return branchRepository.existsByRootCommitIdOrFromCommitId(commit.getId());
+    }
+
+    public void checkDuplicatedWithBranchName(Long docId, String branchName) {
+        boolean isDuplicate = branchRepository.existsByDocIdAndName(docId, branchName);
+
+        if (isDuplicate) {
+            throw new CustomException(BranchErrorCode.BRANCH_NAME_DUPLICATED);
+        }
+    }
+}