fix(deploy): SSH 기반 백엔드 자동 재시작

- signal-batch 프로젝트 패턴 적용: CI에서 SSH로 직접 systemctl restart
- Docker 컨테이너 권한 제약(nsenter 불가, inotify 미작동) 해결
- watcher.path/timer 폴링 제거 → SSH 직접 명령으로 단순화
- 기동 확인: 최대 30초 health check 후 결과 출력
- Gitea Secret: DEPLOY_SSH_KEY 추가

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

.gitea/workflows/deploy.yml

@@ -34,7 +34,7 @@ jobs:
       - name: Install JDK 21 + Maven
         run: |
           apt-get update -qq
-          apt-get install -y -qq wget apt-transport-https gpg maven > /dev/null 2>&1
+          apt-get install -y -qq wget apt-transport-https gpg maven openssh-client > /dev/null 2>&1
           wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /usr/share/keyrings/adoptium.gpg
           echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" > /etc/apt/sources.list.d/adoptium.list
           apt-get update -qq
@@ -48,7 +48,7 @@ jobs:
         working-directory: backend
         run: mvn -B clean package -DskipTests
 
-      - name: Deploy backend
+      - name: Deploy backend files
         env:
           GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
           JWT_SECRET: ${{ secrets.JWT_SECRET }}
@@ -63,7 +63,7 @@ jobs:
             ls -t $DEPLOY_DIR/backup/*.jar | tail -n +6 | xargs -r rm
           fi
 
-          # Secrets → 환경변수 파일 (빈 값은 제외)
+          # Secrets → 환경변수 파일
           : > $DEPLOY_DIR/.env
           [ -n "$GOOGLE_CLIENT_ID" ] && echo "GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}" >> $DEPLOY_DIR/.env
           [ -n "$JWT_SECRET" ] && echo "JWT_SECRET=${JWT_SECRET}" >> $DEPLOY_DIR/.env
@@ -75,12 +75,54 @@ jobs:
             echo "JAR 내부 application-prod.yml 감지 → 외부 파일 제거"
           fi
 
-          # systemd 서비스/타이머 파일 배포 (호스트 타이머가 감지하여 반영)
+          # systemd 서비스 파일 배포
           cp deploy/kcg-backend.service $DEPLOY_DIR/kcg-backend.service
-          cp deploy/kcg-backend-deploy.service $DEPLOY_DIR/kcg-backend-deploy.service
-          cp deploy/kcg-backend-deploy.timer $DEPLOY_DIR/kcg-backend-deploy.timer
 
-          # JAR 교체 (호스트 타이머가 JAR mtime 변경 감지 → 자동 재시작)
+          # JAR 교체
           cp backend/target/kcg.jar $DEPLOY_DIR/kcg.jar
-          echo "Backend deployed at $(date '+%Y-%m-%d %H:%M:%S')"
-          echo "Host timer will detect JAR update and restart within 30s"
+          echo "Backend files deployed at $(date '+%Y-%m-%d %H:%M:%S')"
+
+      - name: Restart backend via SSH
+        env:
+          DEPLOY_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
+        run: |
+          mkdir -p ~/.ssh
+          echo "$DEPLOY_KEY" > ~/.ssh/id_deploy
+          chmod 600 ~/.ssh/id_deploy
+          ssh-keyscan localhost >> ~/.ssh/known_hosts 2>/dev/null || true
+
+          SSH_CMD="ssh -i ~/.ssh/id_deploy -o StrictHostKeyChecking=no root@localhost"
+
+          $SSH_CMD bash -s << 'RESTART'
+          set -e
+          DEPLOY_DIR=/devdata/services/kcg/backend
+          SYSTEMD_DIR=/etc/systemd/system
+
+          # systemd 서비스 파일 갱신
+          CHANGED=0
+          if [ -f "$DEPLOY_DIR/kcg-backend.service" ] && ! diff -q "$DEPLOY_DIR/kcg-backend.service" "$SYSTEMD_DIR/kcg-backend.service" >/dev/null 2>&1; then
+            cp "$DEPLOY_DIR/kcg-backend.service" "$SYSTEMD_DIR/kcg-backend.service"
+            CHANGED=1
+          fi
+          [ "$CHANGED" = "1" ] && systemctl daemon-reload
+
+          # 백엔드 재시작
+          echo "--- Restarting kcg-backend ---"
+          systemctl restart kcg-backend
+
+          # 기동 확인 (최대 30초)
+          for i in $(seq 1 30); do
+            if curl -sf http://localhost:8080/api/aircraft > /dev/null 2>&1; then
+              echo "Backend started successfully (${i}s)"
+              exit 0
+            fi
+            sleep 1
+          done
+          echo "WARNING: Startup timeout. Recent logs:"
+          journalctl -u kcg-backend --no-pager -n 20
+          exit 1
+          RESTART
+
+      - name: Cleanup
+        if: always()
+        run: rm -f ~/.ssh/id_deploy

deploy/kcg-backend-deploy.service

@@ -1,23 +0,0 @@
-[Unit]
-Description=Check and restart KCG Backend if JAR updated
-
-[Service]
-Type=oneshot
-ExecStart=/bin/bash -c '\
-  DEPLOY_DIR=/devdata/services/kcg/backend; \
-  JAR=$DEPLOY_DIR/kcg.jar; \
-  MARKER=$DEPLOY_DIR/.last-restart; \
-  [ ! -f "$JAR" ] && exit 0; \
-  if [ "$JAR" -nt "$MARKER" ] 2>/dev/null || [ ! -f "$MARKER" ]; then \
-    SYSTEMD_DIR=/etc/systemd/system; \
-    CHANGED=0; \
-    for f in kcg-backend.service kcg-backend-deploy.service kcg-backend-deploy.timer; do \
-      if [ -f "$DEPLOY_DIR/$f" ] && ! diff -q "$DEPLOY_DIR/$f" "$SYSTEMD_DIR/$f" >/dev/null 2>&1; then \
-        cp "$DEPLOY_DIR/$f" "$SYSTEMD_DIR/$f"; \
-        CHANGED=1; \
-      fi; \
-    done; \
-    [ "$CHANGED" = "1" ] && systemctl daemon-reload; \
-    systemctl restart kcg-backend; \
-    touch "$MARKER"; \
-  fi'

deploy/kcg-backend-deploy.timer

@@ -1,9 +0,0 @@
-[Unit]
-Description=Poll for KCG Backend deploy (JAR update check)
-
-[Timer]
-OnBootSec=60
-OnUnitActiveSec=30
-
-[Install]
-WantedBy=timers.target

deploy/kcg-backend-watcher.path

@@ -1,9 +0,0 @@
-[Unit]
-Description=Watch for KCG Backend deploy trigger
-
-[Path]
-PathModified=/devdata/services/kcg/backend/.deploy-trigger
-Unit=kcg-backend-watcher.service
-
-[Install]
-WantedBy=multi-user.target

deploy/kcg-backend-watcher.service

@@ -1,17 +0,0 @@
-[Unit]
-Description=Restart KCG Backend on deploy
-
-[Service]
-Type=oneshot
-ExecStart=/bin/bash -c '\
-  DEPLOY_DIR=/devdata/services/kcg/backend; \
-  SYSTEMD_DIR=/etc/systemd/system; \
-  CHANGED=0; \
-  for f in kcg-backend.service kcg-backend-watcher.service kcg-backend-watcher.path; do \
-    if [ -f "$DEPLOY_DIR/$f" ] && ! diff -q "$DEPLOY_DIR/$f" "$SYSTEMD_DIR/$f" >/dev/null 2>&1; then \
-      cp "$DEPLOY_DIR/$f" "$SYSTEMD_DIR/$f"; \
-      CHANGED=1; \
-    fi; \
-  done; \
-  [ "$CHANGED" = "1" ] && systemctl daemon-reload; \
-  systemctl restart kcg-backend'