algorithmic_trading / HUGGINGFACE_PROTECTION.md

Edwin Salguero

feat: Add comprehensive Dependabot PR review workflow

184a5a6 5 months ago

preview code

raw

history blame

5.16 kB

🤗 Hugging Face Repository Protection Guide

📋 Overview

Hugging Face repositories have different protection mechanisms than GitHub. This guide shows how to implement protection for your algorithmic trading repositories on Hugging Face.

🛡️ Available Protection Methods

1. Repository Settings (Web Interface)

Access Control:

Go to your repository: https://huggingface.co/ParallelLLC/algorithmic_trading
Click "Settings" tab
Configure these settings:

Repository Visibility:

Private (recommended for trading systems)
Public (if you want to share)

Collaboration:

Require approval for new collaborators
Restrict push access to maintainers only

Model Card:

Require model card for uploads
Validate model card format

2. Git Hooks (Local Protection)

Pre-commit Hook:

The pre-commit hook I created will:

✅ Warn about direct commits to main
✅ Run tests before commit
✅ Check code formatting
✅ Scan for secrets
✅ Prevent commits if checks fail

Install the Hook:

# The hook is already installed in .git/hooks/pre-commit
# It will run automatically on every commit

3. CI/CD Protection

GitHub Actions (Recommended):

Since Hugging Face integrates with GitHub:

Keep GitHub as primary with full protection
Sync to Hugging Face after GitHub validation
Use GitHub's branch protection rules

Workflow:

# 1. Develop on GitHub (with protection)
git push origin feature/new-strategy

# 2. Create PR on GitHub
# 3. All checks pass
# 4. Merge to main
# 5. Sync to Hugging Face
git push hf main
git push esalguero_hf main

4. Manual Protection Practices

Development Workflow:

# Always use feature branches
git checkout -b feature/new-strategy
# Make changes
git commit -m "feat: add new strategy"
git push origin feature/new-strategy

# Create PR on GitHub (not Hugging Face)
# Get reviews and approvals
# Merge on GitHub
# Then sync to Hugging Face

Code Review Process:

Never commit directly to main
Always create feature branches
Use GitHub for PRs and reviews
Sync to Hugging Face after approval

🔧 Implementation Steps

Step 1: Configure Repository Settings

Go to: https://huggingface.co/ParallelLLC/algorithmic_trading/settings
Set repository to Private
Enable Require approval for collaborators

Step 2: Use GitHub as Primary

Develop on GitHub with full protection
Use GitHub's branch protection rules
Sync to Hugging Face after validation

Step 3: Enable Pre-commit Hook

# The hook is already installed and executable
# It will run automatically on commits

Step 4: Team Guidelines

## Development Guidelines for Hugging Face Repos

### ✅ Do:
- Use GitHub for development and PRs
- Create feature branches for all changes
- Get code review before merging
- Run tests locally before pushing
- Sync to Hugging Face after GitHub approval

### ❌ Don't:
- Commit directly to main branch
- Push untested code
- Skip code review process
- Use Hugging Face for development workflow

🚨 Emergency Procedures

If Direct Commit to Main is Needed:

# 1. Create emergency branch
git checkout -b hotfix/emergency-fix

# 2. Make minimal fix
git commit -m "hotfix: emergency fix for critical issue"

# 3. Test thoroughly
python -m pytest tests/
python demo.py

# 4. Push to GitHub first
git push origin hotfix/emergency-fix

# 5. Create emergency PR
# 6. Get expedited review
# 7. Merge and sync to Hugging Face

📊 Protection Summary

GitHub (Primary Development):

✅ Full branch protection
✅ Required reviews
✅ CI/CD checks
✅ Code owner reviews
✅ Automated testing

Hugging Face (Distribution):

✅ Private repository
✅ Pre-commit hooks
✅ Manual review process
✅ Sync after GitHub validation

🎯 Best Practices

1. Use GitHub as Source of Truth

All development happens on GitHub
Hugging Face is for distribution
Sync after GitHub validation

2. Never Skip Protection

Always use feature branches
Always get code review
Always run tests
Always validate on GitHub first

3. Monitor Both Repositories

Check GitHub for development status
Check Hugging Face for distribution status
Ensure both are in sync

🔗 Useful Links

GitHub Repository: https://github.com/EAName/algorithmic_trading
Hugging Face ParallelLLC: https://huggingface.co/ParallelLLC/algorithmic_trading
Hugging Face esalguero: https://huggingface.co/esalguero/algorithmic_trading
GitHub Settings: https://github.com/EAName/algorithmic_trading/settings/branches
Hugging Face Settings: https://huggingface.co/ParallelLLC/algorithmic_trading/settings

Note: Hugging Face repositories are best used for model distribution and sharing, while GitHub provides the robust development and protection features needed for algorithmic trading systems.