| name: Algorithmic Trading CI/CD Pipeline |
|
|
| on: |
| push: |
| branches: [ main, develop ] |
| pull_request: |
| branches: [ main ] |
| release: |
| types: [ published ] |
|
|
| env: |
| DOCKER_IMAGE: dataen10/algorithmic_trading |
| PYTHON_VERSION: '3.11' |
|
|
| jobs: |
| |
| quality-check: |
| name: Code Quality & Security |
| runs-on: ubuntu-latest |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| pip install flake8 black isort bandit safety |
| |
| - name: Code formatting check |
| run: | |
| black --check --diff . |
| isort --check-only --diff . |
| |
| - name: Linting |
| run: | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics |
| |
| - name: Security scan |
| run: | |
| bandit -r . -f json -o bandit-report.json || true |
| safety check --json --output safety-report.json || true |
| |
| - name: Upload security reports |
| uses: actions/upload-artifact@v4 |
| with: |
| name: security-reports |
| path: | |
| bandit-report.json |
| safety-report.json |
| |
| |
| test: |
| name: Run Test Suite |
| runs-on: ubuntu-latest |
| needs: quality-check |
| |
| strategy: |
| matrix: |
| python-version: ['3.9', '3.10', '3.11'] |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python ${{ matrix.python-version }} |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ matrix.python-version }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| |
| - name: Run tests with coverage |
| run: | |
| pytest tests/ -v --cov=agentic_ai_system --cov-report=xml --cov-report=html |
| |
| - name: Upload coverage reports |
| uses: codecov/codecov-action@v5 |
| with: |
| file: ./coverage.xml |
| flags: unittests |
| name: codecov-umbrella |
| |
| - name: Upload test artifacts |
| uses: actions/upload-artifact@v4 |
| with: |
| name: test-results-${{ matrix.python-version }} |
| path: | |
| htmlcov/ |
| .pytest_cache/ |
| |
| |
| model-training: |
| name: FinRL Model Training |
| runs-on: ubuntu-latest |
| needs: test |
| if: github.ref == 'refs/heads/main' |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| |
| - name: Train FinRL model |
| run: | |
| python -c " |
| from agentic_ai_system.finrl_agent import FinRLAgent, FinRLConfig |
| from agentic_ai_system.data_ingestion import load_data, load_config |
| |
| config = load_config() |
| data = load_data(config) |
| |
| agent = FinRLAgent(FinRLConfig(algorithm='PPO', learning_rate=0.0003)) |
| result = agent.train(data=data, config=config, total_timesteps=10000) |
| print(f'Training completed: {result}') |
| " |
| |
| - name: Upload trained model |
| uses: actions/upload-artifact@v4 |
| with: |
| name: finrl-model |
| path: models/finrl_best/ |
| |
| # Docker Build & Test |
| docker-build: |
| name: Docker Build & Test |
| runs-on: ubuntu-latest |
| needs: [test, model-training] |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Docker Buildx |
| uses: docker/setup-buildx-action@v3 |
| |
| - name: Build Docker image |
| run: | |
| docker build -t ${{ env.DOCKER_IMAGE }}:test . |
| |
| - name: Test Docker image |
| run: | |
| docker run --rm ${{ env.DOCKER_IMAGE }}:test python -c " |
| from agentic_ai_system.main import main |
| print('Docker image test passed') |
| " |
| |
| - name: Save Docker image |
| run: | |
| docker save ${{ env.DOCKER_IMAGE }}:test -o /tmp/docker-image.tar |
| |
| - name: Upload Docker image |
| uses: actions/upload-artifact@v4 |
| with: |
| name: docker-image |
| path: /tmp/docker-image.tar |
| |
| # Docker Hub Push |
| docker-push: |
| name: Push to Docker Hub |
| runs-on: ubuntu-latest |
| needs: docker-build |
| if: github.ref == 'refs/heads/main' |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Docker Buildx |
| uses: docker/setup-buildx-action@v3 |
| |
| - name: Login to Docker Hub |
| uses: docker/login-action@v3 |
| with: |
| username: ${{ secrets.DOCKERHUB_USERNAME }} |
| password: ${{ secrets.DOCKERHUB_TOKEN }} |
| |
| - name: Extract metadata |
| id: meta |
| uses: docker/metadata-action@v5 |
| with: |
| images: ${{ env.DOCKER_IMAGE }} |
| tags: | |
| type=ref,event=branch |
| type=ref,event=pr |
| type=semver,pattern={{version}} |
| type=semver,pattern={{major}}.{{minor}} |
| type=sha |
| |
| - name: Build and push Docker image |
| uses: docker/build-push-action@v6 |
| with: |
| context: . |
| push: true |
| tags: ${{ steps.meta.outputs.tags }} |
| labels: ${{ steps.meta.outputs.labels }} |
| cache-from: type=gha |
| cache-to: type=gha,mode=max |
| |
| # Documentation Generation |
| docs: |
| name: Generate Documentation |
| runs-on: ubuntu-latest |
| needs: test |
| if: github.ref == 'refs/heads/main' |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| pip install sphinx sphinx-rtd-theme |
| |
| - name: Generate API documentation |
| run: | |
| sphinx-apidoc -o docs/source agentic_ai_system/ |
| sphinx-build -b html docs/source docs/build/html |
| |
| - name: Deploy to GitHub Pages |
| uses: peaceiris/actions-gh-pages@v4 |
| if: github.ref == 'refs/heads/main' |
| with: |
| github_token: ${{ secrets.GITHUB_TOKEN }} |
| publish_dir: ./docs/build/html |
| |
| # Performance Testing |
| performance: |
| name: Performance & Load Testing |
| runs-on: ubuntu-latest |
| needs: docker-build |
| if: github.ref == 'refs/heads/main' |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Set up Python |
| uses: actions/setup-python@v5 |
| with: |
| python-version: ${{ env.PYTHON_VERSION }} |
| |
| - name: Install dependencies |
| run: | |
| python -m pip install --upgrade pip |
| pip install -r requirements.txt |
| pip install locust |
| |
| - name: Run performance tests |
| run: | |
| python -c " |
| from agentic_ai_system.data_ingestion import load_data, load_config |
| from agentic_ai_system.strategy_agent import StrategyAgent |
| import time |
| |
| config = load_config() |
| data = load_data(config) |
| |
| agent = StrategyAgent() |
| |
| start_time = time.time() |
| for _ in range(100): |
| signals = agent.generate_signals(data) |
| end_time = time.time() |
| |
| avg_time = (end_time - start_time) / 100 |
| print(f'Average signal generation time: {avg_time:.4f} seconds') |
| assert avg_time < 0.1, 'Performance threshold exceeded' |
| " |
| |
| - name: Upload performance report |
| uses: actions/upload-artifact@v4 |
| with: |
| name: performance-report |
| path: performance-results.json |
| |
| # Security & Compliance |
| security: |
| name: Security & Compliance Check |
| runs-on: ubuntu-latest |
| needs: test |
| |
| steps: |
| - name: Checkout code |
| uses: actions/checkout@v4 |
| |
| - name: Run Trivy vulnerability scanner |
| uses: aquasecurity/trivy-action@master |
| with: |
| image-ref: ${{ env.DOCKER_IMAGE }}:test |
| format: 'sarif' |
| output: 'trivy-results.sarif' |
| |
| - name: Upload Trivy scan results |
| uses: github/codeql-action/upload-sarif@v3 |
| if: always() |
| with: |
| sarif_file: 'trivy-results.sarif' |
| |
| - name: Check for secrets in code |
| run: | |
| pip install detect-secrets |
| detect-secrets scan --baseline .secrets.baseline |
| |
| - name: Trading compliance check |
| run: | |
| python -c " |
| from agentic_ai_system.execution_agent import ExecutionAgent |
| from agentic_ai_system.config import load_config |
| |
| config = load_config() |
| agent = ExecutionAgent(config) |
| |
| |
| assert config['risk']['max_position'] <= 100, 'Position limit too high' |
| assert config['risk']['max_drawdown'] <= 0.05, 'Drawdown limit too high' |
| print('Compliance checks passed') |
| " |
| |
| # Notification |
| notify: |
| name: Notify Team |
| runs-on: ubuntu-latest |
| needs: [docker-push, docs, performance, security] |
| if: always() |
| |
| steps: |
| - name: Notify on success |
| if: success() |
| run: | |
| echo "β
CI/CD Pipeline completed successfully!" |
| echo "π New version deployed to Docker Hub" |
| echo "π Documentation updated" |
| echo "π Security checks passed" |
| |
| - name: Notify on failure |
| if: failure() |
| run: | |
| echo "β CI/CD Pipeline failed!" |
| echo "Please check the logs for details" |
| |
| - name: Send Slack notification |
| if: always() |
| uses: 8398a7/action-slack@v3 |
| with: |
| status: ${{ job.status }} |
| channel: '#trading-alerts' |
| env: |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |
