name: Algorithmic Trading CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main ] release: types: [ published ] env: DOCKER_IMAGE: dataen10/algorithmic_trading PYTHON_VERSION: '3.11' jobs: # Quality Assurance quality-check: name: Code Quality & Security runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install flake8 black isort bandit safety - name: Code formatting check run: | black --check --diff . isort --check-only --diff . - name: Linting run: | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics - name: Security scan run: | bandit -r . -f json -o bandit-report.json || true safety check --json --output safety-report.json || true - name: Upload security reports uses: actions/upload-artifact@v4 with: name: security-reports path: | bandit-report.json safety-report.json # Testing test: name: Run Test Suite runs-on: ubuntu-latest needs: quality-check strategy: matrix: python-version: ['3.9', '3.10', '3.11'] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v5 with: python-version: ${{ matrix.python-version }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Run tests with coverage run: | pytest tests/ -v --cov=agentic_ai_system --cov-report=xml --cov-report=html - name: Upload coverage reports uses: codecov/codecov-action@v5 with: file: ./coverage.xml flags: unittests name: codecov-umbrella - name: Upload test artifacts uses: actions/upload-artifact@v4 with: name: test-results-${{ matrix.python-version }} path: | htmlcov/ .pytest_cache/ # FinRL Model Training & Validation model-training: name: FinRL Model Training runs-on: ubuntu-latest needs: test if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt - name: Train FinRL model run: | python -c " from agentic_ai_system.finrl_agent import FinRLAgent, FinRLConfig from agentic_ai_system.data_ingestion import load_data, load_config config = load_config() data = load_data(config) agent = FinRLAgent(FinRLConfig(algorithm='PPO', learning_rate=0.0003)) result = agent.train(data=data, config=config, total_timesteps=10000) print(f'Training completed: {result}') " - name: Upload trained model uses: actions/upload-artifact@v4 with: name: finrl-model path: models/finrl_best/ # Docker Build & Test docker-build: name: Docker Build & Test runs-on: ubuntu-latest needs: [test, model-training] steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Build Docker image run: | docker build -t ${{ env.DOCKER_IMAGE }}:test . - name: Test Docker image run: | docker run --rm ${{ env.DOCKER_IMAGE }}:test python -c " from agentic_ai_system.main import main print('Docker image test passed') " - name: Save Docker image run: | docker save ${{ env.DOCKER_IMAGE }}:test -o /tmp/docker-image.tar - name: Upload Docker image uses: actions/upload-artifact@v4 with: name: docker-image path: /tmp/docker-image.tar # Docker Hub Push docker-push: name: Push to Docker Hub runs-on: ubuntu-latest needs: docker-build if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKERHUB_USERNAME }} password: ${{ secrets.DOCKERHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.DOCKER_IMAGE }} tags: | type=ref,event=branch type=ref,event=pr type=semver,pattern={{version}} type=semver,pattern={{major}}.{{minor}} type=sha - name: Build and push Docker image uses: docker/build-push-action@v6 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max # Documentation Generation docs: name: Generate Documentation runs-on: ubuntu-latest needs: test if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install sphinx sphinx-rtd-theme - name: Generate API documentation run: | sphinx-apidoc -o docs/source agentic_ai_system/ sphinx-build -b html docs/source docs/build/html - name: Deploy to GitHub Pages uses: peaceiris/actions-gh-pages@v4 if: github.ref == 'refs/heads/main' with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/build/html # Performance Testing performance: name: Performance & Load Testing runs-on: ubuntu-latest needs: docker-build if: github.ref == 'refs/heads/main' steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Python uses: actions/setup-python@v5 with: python-version: ${{ env.PYTHON_VERSION }} - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install locust - name: Run performance tests run: | python -c " from agentic_ai_system.data_ingestion import load_data, load_config from agentic_ai_system.strategy_agent import StrategyAgent import time config = load_config() data = load_data(config) agent = StrategyAgent() start_time = time.time() for _ in range(100): signals = agent.generate_signals(data) end_time = time.time() avg_time = (end_time - start_time) / 100 print(f'Average signal generation time: {avg_time:.4f} seconds') assert avg_time < 0.1, 'Performance threshold exceeded' " - name: Upload performance report uses: actions/upload-artifact@v4 with: name: performance-report path: performance-results.json # Security & Compliance security: name: Security & Compliance Check runs-on: ubuntu-latest needs: test steps: - name: Checkout code uses: actions/checkout@v4 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: image-ref: ${{ env.DOCKER_IMAGE }}:test format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results uses: github/codeql-action/upload-sarif@v3 if: always() with: sarif_file: 'trivy-results.sarif' - name: Check for secrets in code run: | pip install detect-secrets detect-secrets scan --baseline .secrets.baseline - name: Trading compliance check run: | python -c " from agentic_ai_system.execution_agent import ExecutionAgent from agentic_ai_system.config import load_config config = load_config() agent = ExecutionAgent(config) # Check risk management settings assert config['risk']['max_position'] <= 100, 'Position limit too high' assert config['risk']['max_drawdown'] <= 0.05, 'Drawdown limit too high' print('Compliance checks passed') " # Notification notify: name: Notify Team runs-on: ubuntu-latest needs: [docker-push, docs, performance, security] if: always() steps: - name: Notify on success if: success() run: | echo "✅ CI/CD Pipeline completed successfully!" echo "🚀 New version deployed to Docker Hub" echo "📚 Documentation updated" echo "🔒 Security checks passed" - name: Notify on failure if: failure() run: | echo "❌ CI/CD Pipeline failed!" echo "Please check the logs for details" - name: Send Slack notification if: always() uses: 8398a7/action-slack@v3 with: status: ${{ job.status }} channel: '#trading-alerts' env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}