|
|
name: Algorithmic Trading CI/CD Pipeline |
|
|
|
|
|
on: |
|
|
push: |
|
|
branches: [ main, develop ] |
|
|
pull_request: |
|
|
branches: [ main ] |
|
|
release: |
|
|
types: [ published ] |
|
|
|
|
|
env: |
|
|
DOCKER_IMAGE: dataen10/algorithmic_trading |
|
|
PYTHON_VERSION: '3.11' |
|
|
|
|
|
jobs: |
|
|
|
|
|
quality-check: |
|
|
name: Code Quality & Security |
|
|
runs-on: ubuntu-latest |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python |
|
|
uses: actions/setup-python@v5 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install flake8 black isort bandit safety |
|
|
|
|
|
- name: Code formatting check |
|
|
run: | |
|
|
black --check --diff . |
|
|
isort --check-only --diff . |
|
|
|
|
|
- name: Linting |
|
|
run: | |
|
|
flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics |
|
|
flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics |
|
|
|
|
|
- name: Security scan |
|
|
run: | |
|
|
bandit -r . -f json -o bandit-report.json || true |
|
|
safety check --json --output safety-report.json || true |
|
|
|
|
|
- name: Upload security reports |
|
|
uses: actions/upload-artifact@v4 |
|
|
with: |
|
|
name: security-reports |
|
|
path: | |
|
|
bandit-report.json |
|
|
safety-report.json |
|
|
|
|
|
|
|
|
test: |
|
|
name: Run Test Suite |
|
|
runs-on: ubuntu-latest |
|
|
needs: quality-check |
|
|
|
|
|
strategy: |
|
|
matrix: |
|
|
python-version: ['3.9', '3.10', '3.11'] |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python ${{ matrix.python-version }} |
|
|
uses: actions/setup-python@v5 |
|
|
with: |
|
|
python-version: ${{ matrix.python-version }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
|
|
|
- name: Run tests with coverage |
|
|
run: | |
|
|
pytest tests/ -v --cov=agentic_ai_system --cov-report=xml --cov-report=html |
|
|
|
|
|
- name: Upload coverage reports |
|
|
uses: codecov/codecov-action@v5 |
|
|
with: |
|
|
file: ./coverage.xml |
|
|
flags: unittests |
|
|
name: codecov-umbrella |
|
|
|
|
|
- name: Upload test artifacts |
|
|
uses: actions/upload-artifact@v4 |
|
|
with: |
|
|
name: test-results-${{ matrix.python-version }} |
|
|
path: | |
|
|
htmlcov/ |
|
|
.pytest_cache/ |
|
|
|
|
|
|
|
|
model-training: |
|
|
name: FinRL Model Training |
|
|
runs-on: ubuntu-latest |
|
|
needs: test |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python |
|
|
uses: actions/setup-python@v5 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
|
|
|
- name: Train FinRL model |
|
|
run: | |
|
|
python -c " |
|
|
from agentic_ai_system.finrl_agent import FinRLAgent, FinRLConfig |
|
|
from agentic_ai_system.data_ingestion import load_data, load_config |
|
|
|
|
|
config = load_config() |
|
|
data = load_data(config) |
|
|
|
|
|
agent = FinRLAgent(FinRLConfig(algorithm='PPO', learning_rate=0.0003)) |
|
|
result = agent.train(data=data, config=config, total_timesteps=10000) |
|
|
print(f'Training completed: {result}') |
|
|
" |
|
|
|
|
|
- name: Upload trained model |
|
|
uses: actions/upload-artifact@v4 |
|
|
with: |
|
|
name: finrl-model |
|
|
path: models/finrl_best/ |
|
|
|
|
|
# Docker Build & Test |
|
|
docker-build: |
|
|
name: Docker Build & Test |
|
|
runs-on: ubuntu-latest |
|
|
needs: [test, model-training] |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Docker Buildx |
|
|
uses: docker/setup-buildx-action@v3 |
|
|
|
|
|
- name: Build Docker image |
|
|
run: | |
|
|
docker build -t ${{ env.DOCKER_IMAGE }}:test . |
|
|
|
|
|
- name: Test Docker image |
|
|
run: | |
|
|
docker run --rm ${{ env.DOCKER_IMAGE }}:test python -c " |
|
|
from agentic_ai_system.main import main |
|
|
print('Docker image test passed') |
|
|
" |
|
|
|
|
|
- name: Save Docker image |
|
|
run: | |
|
|
docker save ${{ env.DOCKER_IMAGE }}:test -o /tmp/docker-image.tar |
|
|
|
|
|
- name: Upload Docker image |
|
|
uses: actions/upload-artifact@v4 |
|
|
with: |
|
|
name: docker-image |
|
|
path: /tmp/docker-image.tar |
|
|
|
|
|
# Docker Hub Push |
|
|
docker-push: |
|
|
name: Push to Docker Hub |
|
|
runs-on: ubuntu-latest |
|
|
needs: docker-build |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Docker Buildx |
|
|
uses: docker/setup-buildx-action@v3 |
|
|
|
|
|
- name: Login to Docker Hub |
|
|
uses: docker/login-action@v3 |
|
|
with: |
|
|
username: ${{ secrets.DOCKERHUB_USERNAME }} |
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }} |
|
|
|
|
|
- name: Extract metadata |
|
|
id: meta |
|
|
uses: docker/metadata-action@v5 |
|
|
with: |
|
|
images: ${{ env.DOCKER_IMAGE }} |
|
|
tags: | |
|
|
type=ref,event=branch |
|
|
type=ref,event=pr |
|
|
type=semver,pattern={{version}} |
|
|
type=semver,pattern={{major}}.{{minor}} |
|
|
type=sha |
|
|
|
|
|
- name: Build and push Docker image |
|
|
uses: docker/build-push-action@v6 |
|
|
with: |
|
|
context: . |
|
|
push: true |
|
|
tags: ${{ steps.meta.outputs.tags }} |
|
|
labels: ${{ steps.meta.outputs.labels }} |
|
|
cache-from: type=gha |
|
|
cache-to: type=gha,mode=max |
|
|
|
|
|
# Documentation Generation |
|
|
docs: |
|
|
name: Generate Documentation |
|
|
runs-on: ubuntu-latest |
|
|
needs: test |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python |
|
|
uses: actions/setup-python@v5 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install sphinx sphinx-rtd-theme |
|
|
|
|
|
- name: Generate API documentation |
|
|
run: | |
|
|
sphinx-apidoc -o docs/source agentic_ai_system/ |
|
|
sphinx-build -b html docs/source docs/build/html |
|
|
|
|
|
- name: Deploy to GitHub Pages |
|
|
uses: peaceiris/actions-gh-pages@v4 |
|
|
if: github.ref == 'refs/heads/main' |
|
|
with: |
|
|
github_token: ${{ secrets.GITHUB_TOKEN }} |
|
|
publish_dir: ./docs/build/html |
|
|
|
|
|
# Performance Testing |
|
|
performance: |
|
|
name: Performance & Load Testing |
|
|
runs-on: ubuntu-latest |
|
|
needs: docker-build |
|
|
if: github.ref == 'refs/heads/main' |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Set up Python |
|
|
uses: actions/setup-python@v5 |
|
|
with: |
|
|
python-version: ${{ env.PYTHON_VERSION }} |
|
|
|
|
|
- name: Install dependencies |
|
|
run: | |
|
|
python -m pip install --upgrade pip |
|
|
pip install -r requirements.txt |
|
|
pip install locust |
|
|
|
|
|
- name: Run performance tests |
|
|
run: | |
|
|
python -c " |
|
|
from agentic_ai_system.data_ingestion import load_data, load_config |
|
|
from agentic_ai_system.strategy_agent import StrategyAgent |
|
|
import time |
|
|
|
|
|
config = load_config() |
|
|
data = load_data(config) |
|
|
|
|
|
agent = StrategyAgent() |
|
|
|
|
|
start_time = time.time() |
|
|
for _ in range(100): |
|
|
signals = agent.generate_signals(data) |
|
|
end_time = time.time() |
|
|
|
|
|
avg_time = (end_time - start_time) / 100 |
|
|
print(f'Average signal generation time: {avg_time:.4f} seconds') |
|
|
assert avg_time < 0.1, 'Performance threshold exceeded' |
|
|
" |
|
|
|
|
|
- name: Upload performance report |
|
|
uses: actions/upload-artifact@v4 |
|
|
with: |
|
|
name: performance-report |
|
|
path: performance-results.json |
|
|
|
|
|
# Security & Compliance |
|
|
security: |
|
|
name: Security & Compliance Check |
|
|
runs-on: ubuntu-latest |
|
|
needs: test |
|
|
|
|
|
steps: |
|
|
- name: Checkout code |
|
|
uses: actions/checkout@v4 |
|
|
|
|
|
- name: Run Trivy vulnerability scanner |
|
|
uses: aquasecurity/trivy-action@master |
|
|
with: |
|
|
image-ref: ${{ env.DOCKER_IMAGE }}:test |
|
|
format: 'sarif' |
|
|
output: 'trivy-results.sarif' |
|
|
|
|
|
- name: Upload Trivy scan results |
|
|
uses: github/codeql-action/upload-sarif@v3 |
|
|
if: always() |
|
|
with: |
|
|
sarif_file: 'trivy-results.sarif' |
|
|
|
|
|
- name: Check for secrets in code |
|
|
run: | |
|
|
pip install detect-secrets |
|
|
detect-secrets scan --baseline .secrets.baseline |
|
|
|
|
|
- name: Trading compliance check |
|
|
run: | |
|
|
python -c " |
|
|
from agentic_ai_system.execution_agent import ExecutionAgent |
|
|
from agentic_ai_system.config import load_config |
|
|
|
|
|
config = load_config() |
|
|
agent = ExecutionAgent(config) |
|
|
|
|
|
|
|
|
assert config['risk']['max_position'] <= 100, 'Position limit too high' |
|
|
assert config['risk']['max_drawdown'] <= 0.05, 'Drawdown limit too high' |
|
|
print('Compliance checks passed') |
|
|
" |
|
|
|
|
|
# Notification |
|
|
notify: |
|
|
name: Notify Team |
|
|
runs-on: ubuntu-latest |
|
|
needs: [docker-push, docs, performance, security] |
|
|
if: always() |
|
|
|
|
|
steps: |
|
|
- name: Notify on success |
|
|
if: success() |
|
|
run: | |
|
|
echo "β
CI/CD Pipeline completed successfully!" |
|
|
echo "π New version deployed to Docker Hub" |
|
|
echo "π Documentation updated" |
|
|
echo "π Security checks passed" |
|
|
|
|
|
- name: Notify on failure |
|
|
if: failure() |
|
|
run: | |
|
|
echo "β CI/CD Pipeline failed!" |
|
|
echo "Please check the logs for details" |
|
|
|
|
|
- name: Send Slack notification |
|
|
if: always() |
|
|
uses: 8398a7/action-slack@v3 |
|
|
with: |
|
|
status: ${{ job.status }} |
|
|
channel: '#trading-alerts' |
|
|
env: |
|
|
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |
