Edwin Salguero
Merge pull request #1 from EAName/dependabot/github_actions/github/codeql-action-3
1315d62
unverified
| name: Algorithmic Trading CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main ] | |
| release: | |
| types: [ published ] | |
| env: | |
| DOCKER_IMAGE: dataen10/algorithmic_trading | |
| PYTHON_VERSION: '3.11' | |
| jobs: | |
| # Quality Assurance | |
| quality-check: | |
| name: Code Quality & Security | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install flake8 black isort bandit safety | |
| - name: Code formatting check | |
| run: | | |
| black --check --diff . | |
| isort --check-only --diff . | |
| - name: Linting | |
| run: | | |
| flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics | |
| flake8 . --count --exit-zero --max-complexity=10 --max-line-length=88 --statistics | |
| - name: Security scan | |
| run: | | |
| bandit -r . -f json -o bandit-report.json || true | |
| safety check --json --output safety-report.json || true | |
| - name: Upload security reports | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: security-reports | |
| path: | | |
| bandit-report.json | |
| safety-report.json | |
| # Testing | |
| test: | |
| name: Run Test Suite | |
| runs-on: ubuntu-latest | |
| needs: quality-check | |
| strategy: | |
| matrix: | |
| python-version: ['3.9', '3.10', '3.11'] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Run tests with coverage | |
| run: | | |
| pytest tests/ -v --cov=agentic_ai_system --cov-report=xml --cov-report=html | |
| - name: Upload coverage reports | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| file: ./coverage.xml | |
| flags: unittests | |
| name: codecov-umbrella | |
| - name: Upload test artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-results-${{ matrix.python-version }} | |
| path: | | |
| htmlcov/ | |
| .pytest_cache/ | |
| # FinRL Model Training & Validation | |
| model-training: | |
| name: FinRL Model Training | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| - name: Train FinRL model | |
| run: | | |
| python -c " | |
| from agentic_ai_system.finrl_agent import FinRLAgent, FinRLConfig | |
| from agentic_ai_system.data_ingestion import load_data, load_config | |
| config = load_config() | |
| data = load_data(config) | |
| agent = FinRLAgent(FinRLConfig(algorithm='PPO', learning_rate=0.0003)) | |
| result = agent.train(data=data, config=config, total_timesteps=10000) | |
| print(f'Training completed: {result}') | |
| " | |
| - name: Upload trained model | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: finrl-model | |
| path: models/finrl_best/ | |
| # Docker Build & Test | |
| docker-build: | |
| name: Docker Build & Test | |
| runs-on: ubuntu-latest | |
| needs: [test, model-training] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Build Docker image | |
| run: | | |
| docker build -t ${{ env.DOCKER_IMAGE }}:test . | |
| - name: Test Docker image | |
| run: | | |
| docker run --rm ${{ env.DOCKER_IMAGE }}:test python -c " | |
| from agentic_ai_system.main import main | |
| print('Docker image test passed') | |
| " | |
| - name: Save Docker image | |
| run: | | |
| docker save ${{ env.DOCKER_IMAGE }}:test -o /tmp/docker-image.tar | |
| - name: Upload Docker image | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: docker-image | |
| path: /tmp/docker-image.tar | |
| # Docker Hub Push | |
| docker-push: | |
| name: Push to Docker Hub | |
| runs-on: ubuntu-latest | |
| needs: docker-build | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Extract metadata | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ${{ env.DOCKER_IMAGE }} | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| type=sha | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # Documentation Generation | |
| docs: | |
| name: Generate Documentation | |
| runs-on: ubuntu-latest | |
| needs: test | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install sphinx sphinx-rtd-theme | |
| - name: Generate API documentation | |
| run: | | |
| sphinx-apidoc -o docs/source agentic_ai_system/ | |
| sphinx-build -b html docs/source docs/build/html | |
| - name: Deploy to GitHub Pages | |
| uses: peaceiris/actions-gh-pages@v4 | |
| if: github.ref == 'refs/heads/main' | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| publish_dir: ./docs/build/html | |
| # Performance Testing | |
| performance: | |
| name: Performance & Load Testing | |
| runs-on: ubuntu-latest | |
| needs: docker-build | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ env.PYTHON_VERSION }} | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements.txt | |
| pip install locust | |
| - name: Run performance tests | |
| run: | | |
| python -c " | |
| from agentic_ai_system.data_ingestion import load_data, load_config | |
| from agentic_ai_system.strategy_agent import StrategyAgent | |
| import time | |
| config = load_config() | |
| data = load_data(config) | |
| agent = StrategyAgent() | |
| start_time = time.time() | |
| for _ in range(100): | |
| signals = agent.generate_signals(data) | |
| end_time = time.time() | |
| avg_time = (end_time - start_time) / 100 | |
| print(f'Average signal generation time: {avg_time:.4f} seconds') | |
| assert avg_time < 0.1, 'Performance threshold exceeded' | |
| " | |
| - name: Upload performance report | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: performance-report | |
| path: performance-results.json | |
| # Security & Compliance | |
| security: | |
| name: Security & Compliance Check | |
| runs-on: ubuntu-latest | |
| needs: test | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Run Trivy vulnerability scanner | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ env.DOCKER_IMAGE }}:test | |
| format: 'sarif' | |
| output: 'trivy-results.sarif' | |
| - name: Upload Trivy scan results | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: always() | |
| with: | |
| sarif_file: 'trivy-results.sarif' | |
| - name: Check for secrets in code | |
| run: | | |
| pip install detect-secrets | |
| detect-secrets scan --baseline .secrets.baseline | |
| - name: Trading compliance check | |
| run: | | |
| python -c " | |
| from agentic_ai_system.execution_agent import ExecutionAgent | |
| from agentic_ai_system.config import load_config | |
| config = load_config() | |
| agent = ExecutionAgent(config) | |
| # Check risk management settings | |
| assert config['risk']['max_position'] <= 100, 'Position limit too high' | |
| assert config['risk']['max_drawdown'] <= 0.05, 'Drawdown limit too high' | |
| print('Compliance checks passed') | |
| " | |
| # Notification | |
| notify: | |
| name: Notify Team | |
| runs-on: ubuntu-latest | |
| needs: [docker-push, docs, performance, security] | |
| if: always() | |
| steps: | |
| - name: Notify on success | |
| if: success() | |
| run: | | |
| echo "✅ CI/CD Pipeline completed successfully!" | |
| echo "🚀 New version deployed to Docker Hub" | |
| echo "📚 Documentation updated" | |
| echo "🔒 Security checks passed" | |
| - name: Notify on failure | |
| if: failure() | |
| run: | | |
| echo "❌ CI/CD Pipeline failed!" | |
| echo "Please check the logs for details" | |
| - name: Send Slack notification | |
| if: always() | |
| uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| channel: '#trading-alerts' | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} |