OiLUdZddlmZddlZddlZddlZddlZddlZddlZddl m Z dZ dZ de d<d Zd Zed Ze ej%j&j&Zed z d z ez Zej,dGddZedddddeddddeddddedddded d!dded"d#dded$d%d&ddd'(fZd)e d*<dAdBd+ZdCdDd,ZdEd-ZdFd.ZdGd/ZdGd0ZdHd1ZdId2Z dFd3Z!dJd4Z"dJd5Z# dK dLd6Z$ dMd7Z%dEd8Z&dFd9Z'dNd:Z(dOd;Z)dNd<Z*dNd=Z+dPdQd>Z,dPdRd?Z-e.d@k(r e/e-y)Sutask-2450 — Multi-Repo Enforcement Phase A1 setup automation. 7개 회장 리포에 dev_workspace와 동일한 enforcement 패턴 (8 required checks + ruleset main-protection)을 일괄 적용합니다. 회장 절대 기준 -------------- - "task.md 수정 금지. 중간 정정 = 100% 무효." - "taskctl을 거치지 않고는 main을 절대 변경할 수 없다 — 모든 회장 리포에서 동일하게." 본 스크립트의 책임 범위 ---------------------- - 7개 외부 리포에 ci.yml(또는 taskctl-ci.yml) workflow + qc_report_guard.py stub 추가 PR 생성 (idempotent) - 7개 외부 리포에 ruleset main-protection 등록 (idempotent) - dev_workspace 기존 ruleset 15896715 무변경 (회귀 0) 비즈니스 코드(src/app/server/lib)는 절대 손대지 않습니다. 사용 예시 -------- # 사전 점검 (변경 0) python3 scripts/multi_repo_enforcement_setup.py --dry-run # workflow + stub PR 일괄 생성 python3 scripts/multi_repo_enforcement_setup.py --create-prs # ruleset 일괄 등록 (Pro 활성화 후) python3 scripts/multi_repo_enforcement_setup.py --register-rulesets # 합격조건 A/B/C 검증 python3 scripts/multi_repo_enforcement_setup.py --verify ) annotationsN)Path JonghyukJeon)zcancel-kill-switchzqc-checkzhidden-path-auditz lock-in-checkzmerge-safety-checkzgemini-review-gatezci/guardguardztuple[str, ...]REQUIRED_CHECKSzmain-protectionz task-2450z-multi-repo-enforcementscripts templatesT)frozencVeZdZUdZded<ded<ded<ded<dZd ed <d Zded <y )RepoSpecu7 개 외부 리포 정의.strnameintprioritylanguageworkflow_filenameFboolneeds_initial_commitnotesN)__name__ __module__ __qualname____doc____annotations__rr'scripts/multi_repo_enforcement_setup.pyr r Cs.% IMM!&$&E3Orr InsuRo TypeScriptztaskctl-ci.ymlu기존 ci.yml 보호)rInsuWikici.ymlMediScanPython ThreadAutoBlogAuto InfoKeywordzmy-asset-managerunknownu$empty repo — initial commit 필요)rrztuple[RepoSpec, ...]REPOSc>dg|}tj||d|S)u4gh CLI 호출. capture=True면 stdout/stderr 캡쳐.ghT)capture_outputtextcheck subprocessrun)argscapturer5cmds r_ghr<as* -$-C >>    rc<tjdg||dd|S)NgitT)cwdr3r4r5r6)r?r9r5s r_gitr@ls( >>     rctddtd|jddg}|jdk7r%t d|jd|j |j xsd j}|xsd S) Napirepos//--jqz.default_branchrz!default_branch lookup failed for z: rmain)r<OWNERr returncode RuntimeErrorstderrstdoutstrip)reporesbranchs rfetch_default_branchrPvsv uugQtyyk2FtyykCJJ<XYYjjB % % 'F  Vrctddtd|jdg}|jdk7r0|jxsdj }d|vsd|vrd |d Sd |d S t j|jxsd }|Dcgc]}|jdtk(s|}}d||dS#t j$r}d d |d cYd}~Sd}~wwxYwcc}w)uI리포 ruleset 요약. 403 (Pro 미가입) 시 status=blocked 로 마크.rBrCrD /rulesetsrrzUpgrade to GitHub Pro403 blocked-pro)statusmessageerror[]z json decode: Nrok)rUrulesetsmatching) r<rGrrHrJrLjsonloadsrKJSONDecodeErrorget RULESET_NAME)rMrNmsgdataexcrr[s rfetch_ruleset_summaryre~s uugQtyyk;< =C ~~zzR&&( "c )Uc\+< <!c22Ezz#**,- Aa155=L#@AHA( CC   E! cU.CDDEAs*##B4 C(C4CCCCc tddtd|jd|jddg}|jdk(xr+|j xsdj |jk(S) NrBrCrDz/contents/.github/workflows/rE.namerr)r<rGrrrHrKrLrMrNs rworkflow_presentriso UG1TYYK'CDDZDZC[ \     C >>Q  WCJJ$4"#;#;#=AWAW#WWrctddtd|jdddg}|jdk(xr!|jxsdj d k(S) NrBrCrDz$/contents/scripts/qc_report_guard.pyrErgrrqc_report_guard.py)r<rGrrHrKrLrhs rqc_stub_presentrls_ UG1TYYK'K L     C >>Q  UCJJ$4"#;#;#=AU#UUrc tdddtd|jdddtdd g }|jd k7ry t j |jxsd }|r|d Sd S#t j$rYy wxYw) uE현재 BRANCH_NAME 으로 열려있는 PR을 반환 (없으면 None).prlist--reporDz--stateopen--headz--jsonz"number,url,headRefName,title,staterNrX) r<rGr BRANCH_NAMErHr\r]rKr^)rMrNrbs rlist_existing_prrts   gQtyyk "      0  C ~~zz#**,-47$$   s#A**B?Bctddgdgdgdiddiddid d d gd d d gd dddd d tDcgc]}d|ic}ddgdScc}w)udev_workspace ruleset 15896715 와 동일 구조. `~DEFAULT_BRANCH` 키워드 사용으로 main/master 자동 매칭. rOactiveref_namez~DEFAULT_BRANCH)excludeincludetypedeletionnon_fast_forward pull_requestrFT)mergesquashrebase)required_approving_review_countdismiss_stale_reviews_on_pushrequired_reviewersrequire_code_owner_reviewrequire_last_push_approval!required_review_thread_resolutionallowed_merge_methods)rz parametersrequired_status_checkscontext)$strict_required_status_checks_policydo_not_enforce_on_creater)rtarget enforcement bypass_actors conditionsrules)r`r)ctxs rbuild_ruleset_payloadrs  -. Z ' (&785:*,16279=-J 1<@054C/-0C(/  % %>/s Ac ~t}t|}|jddk(rdd|dS|jddk(r|jdgng}d}d td |jd }|r!d }d td |jd |dd}t j |}tjddd||ddddg |dd}|jdk7rd|jjdSi} t j|jxsd} t| tr| }|jdxsg} | D cgc]$} t| ts| jd&} } |dk(rdnd|jd|jd | d!S#t j $ri}YwxYwcc} w)"uAidempotent: 이미 main-protection 있으면 PUT, 없으면 POST.rUrTskippedzgithub-pro-required)actionreasondetailrYr[POSTrCrDrRPUT /rulesets/ridr2rBz-Xz-Hz#Accept: application/vnd.github+jsonz--input-T)inputr3r4rW)rrV{}rrz registeredupdatedr)r ruleset_idrr)rrer_rGrr\dumpsr7r8rHrJrLr]rK isinstancedictr^) rMpayloadexistingr[methodendpoint payload_strrNbodyloaded rules_rawrd rule_typess rregister_rulesetrs#%G$T*H||H.#/DPXYY/7||H/E/Mx||J+SUH Fwa {)4HE7!DII;j!T9J8KL**W%K ..       1     C  ~~!cjj.>.>.@AADCJJ.$/ fd #D!'RI)2JAjD6I!%%-JJJ"(F"2, hhtnxx .     Ks:5FF:F:F76F7c&|jdSNutf-8encoding read_text template_paths rrender_workflowr   " "G " 44rc&|jdSrrrs rrender_qc_stubr$rrc|rd|jdSt|}|r d|d|ddS|xs td}|jdd ||jz }|j rt j |d td |jd }|jrt||||Sttjd dd|t|gd}|jdk7rdd |jjdSt!|} t|d| gdt|ddt"gd|dz dz |j$z } | j&jdd | j rddt| dS| j)t+|d|dz dz } | j&jdd | j s-| j)t-|d| j/d t|d!t| t| gdd"} t|d#d$| gdt|d%d&d't"gd} | jdk7rdd%| jjdSt1d(d)d*td |jd+| d,t"d-d.d/t3|g }|jdk7rdd0|jjdSd1|j4xsd2jd3S)4u리포 clone → branch 생성 → workflow + stub 추가 → push → PR 생성. idempotent: - 같은 BRANCH_NAME 의 OPEN PR 있으면 그대로 반환 - workflow/stub 이미 있으면 추가하지 않음 (덮어쓰기 금지) zdry-run)rrMexistsnumberurl)r pr_numberr/tmp/multi-repo-enforcementTparentsexist_okhttps://github.com/rD.gitclonez--depth10Fr5rrWrsteprVcheckout-b.github workflowsrzworkflow-already-exists)rrpathrrrrkaddutask-2450: add multi-repo enforcement workflow + qc stub - 8 required checks (dev_workspace ruleset 15896715 정합) - 비즈니스 코드 0 변경 (PR enforcement만 추가) commit-mpush-uoriginrncreaterpz--baserrz--titlez*task-2450: multi-repo enforcement Phase A1z--bodyz pr-createcreatedr)rr)rrtrmkdirrshutilrmtreerGr_bootstrap_empty_repor@r?r rHrJrLrPrsrparent write_textrrchmodr<_pr_bodyrK)rMworkflow_templateqc_stub_templatedry_run work_rootrworkdir clone_urlrNdefault_branch workflow_dststub_dst commit_msgpush_respr_ress rcreate_pr_for_repor(s#TYY77%H"(1CHUZO\\@T"?@I OOD4O0$))#G~~ g%eWAdii[=I   $T74EGWXX txxzGYiWNV[ \C ~~!7szz?O?O?QRR)$/N:~.e<:t[1?Y&4t7M7MMLdT:/ %  O,=>Q"%99H OO$6 ?? N+;S>S>UVV    gQtyyk "      8  TN F A!;6==CVCVCXYY)<"(C(C(E FFrc |jddt|gddt|dddd td |jd gd|d z }|j d |jdd|dz dz |j z }|j jdd|j t|d|dz dz }|j jdd|j t|d|jdt|dd t|t|gdt|gddt|gdd}|jdk7rdd|jjdSdddS)u:empty repo (커밋 0개) initial commit + workflow + stub.Tr)initrrFFrremoterrrrDrz README.mdz# z? task-2450: initial commit (multi-repo enforcement Phase A1). rrrrrrkr)rrz8task-2450: bootstrap empty repo + multi-repo enforcement)rrrrFrrWz push-emptyr bootstrappeduHempty repo — initial commit pushed directly to main (no prior history))rnote)rr@rGrrrrrrrr rHrJrL)rMrrrreadmerrrs rrrs MM$M.(68UH0CE7!DII;VZ.[\dij { "F  TYYKI I Y&4t7M7MMLdT:O,=>Q"%99H OO$6 '787K NN55+s<'8#h-HPUVT G=UKHa!||d<ttjt||d<|Sd|d <d|d<|S#tj$ri}YwxYwcc} w)u<합격조건 A (workflow), B (ruleset), C (8 checks) 검증.)rMrA_workflow_presentrlrUruleset_statusrYr[rrrvB_ruleset_activerrrBrCrDrrrrzrrrrequired_checksC_8_checks_presentF)rrrirlrer_r<rGrHr\r]rKr^setrissubset) rMsummaryrsr[ruledetfullchecksrdcs rverify_acceptancers!YYDMMBG$4T$:G !!0!6G  t $B "x 0G )+)9T)Arvvj"%rH{&*hh}&=&I"# $ 5F5'499+ZT |LMN >>Q  zz#**"45FXXgr* g55=$<<45lO4G4GH`bd4efqa lfFf g*0G% &,/,@,I,I#f+,VG( ) N',"#(-$% N''   gs'#F F5F21F2cPtdtD]}t|}t|}t |}|j d}|dk(rt |j dnd}td|jd|jdd |rd nd d |rd nd d ||rdnd y)Nz.== task-2450 multi-repo enforcement dry-run ==rUrYr[Fz [z] z<20z workflow=YNz qc_stub=z ruleset=z/matchrr) printr0rirlrer_rrr)rMwfqcr rs_statusrs_matchs r cmd_dry_runrs :;   d # T " "4 (FF8$ /8D/@4z*+e $--499S/2!s+, sc*+ kh(B!? A   rc|dz }|dz }|jr|jstd|tjyg}tD]{}td|j dt ||||}ttj|d d |jd d k(sa|j|j }|rd SdS)Nr$zqc_report_guard_stub.pyzERROR: templates missing in )filer#== z ==)rF ensure_asciiindentrrWr r) is_filer sysrJr0rrr\rr_append)r templates_dirrrfailuresrMresults rcmd_create_prsrs%0$'@@  $ $ &.>.F.F.H ,]O<3::NH' DII;c"## #%5  djjeA>? ::h 7 * OODII &'1arcg}tD]v}td|jdt|}tt j |dd|j ddvs\|j|jx|rdSd S) Nrz ruleset ==Fr#rr)rWr r)r0r rrr\rr_r)rrMrNs rcmd_register_rulesetsrszH' DII;k*+t$ djj5;< 778  * OODII & ' 1arctDcgc] }t|}}ttj|ddt d|D}|rdSdScc}w)NFr#rc3K|];}|jdxr$|jdxr|jd=yw)rrrN)r_).0rds r zcmd_verify..sC  "#a.@(AaaeeL`FaasAArr )r0rr r\rall)rMrowsall_oks r cmd_verifyr&s[05 6 d # 6D 6 $**Ta 89 F1A 7sAcltjd}|jdd|jdd|jdd|jdd|jd ttd  |jd ttd  |j |S)Nmulti_repo_enforcement_setup)progz --dry-run store_true)rz --create-prsz--register-rulesetsz--verifyz--templates-dirz%/tmp/multi-repo-enforcement/templates)rzdefaultz --work-rootr)argparseArgumentParser add_argumentr parse_args)argvparsers rr/r/s  $ $*H IF  L9 |< -lC  <8  <=   23   T ""rcjt|}|js.|js"|js|js t S|jr t S|jr t |j|jS|jr tS|jr tSy)Nr) r/r create_prsregister_rulesetsverifyrrrrrr&)r0r9s rrFrF/s d D LLDOOt/E/E} ||} dnnd.@.@AA $&& {{| r__main__)TF)r9 list[str]r:rr5rreturnsubprocess.CompletedProcess)T)r?rr9r7r5rr8r9)rMr r8r )rMr r8r)rMr r8r)rMr r8z dict | None)r8r)rrr8r )FN) rMr rrrrrrrz Path | Noner8r) rMr rrrrrrr8r)r8r)rrrrr8r)N)r0list[str] | Noner8zargparse.Namespace)r0r:r8r)0r __future__rr, dataclassesr\rr7rpathlibrrGrrr`TASK_IDrs__file__resolver REPO_ROOTDEFAULT_TEMPLATES_DIR dataclassr r0r<r@rPrerirlrtrrrrrrrrrrrr&r/rFr SystemExitrrrrEs6 B#   $ !  01 N " " $ + + 2 2 !I- ;gEd#$ Xq,(8@VW ZL(3 ZHh/ \1h1 ZHh/ ]A|X6  !4 $ D X V%2*Z1h55! WG WGWGWG WG  WG  WGt+ + ++ +  +\&@ " & #&   z TV r