name: AITBC CI/CD Pipeline on: push: branches: [ main, develop, feature/*, hotfix/* ] pull_request: branches: [ main, develop ] release: types: [ published ] env: PYTHON_VERSION: "3.13" NODE_VERSION: "18" jobs: # Code Quality and Testing lint-and-test: runs-on: ubuntu-latest strategy: matrix: python-version: ["3.11", "3.12", "3.13"] steps: - name: Checkout code uses: actions/checkout@v6 with: fetch-depth: 0 - name: Set up Python ${{ matrix.python-version }} uses: actions/setup-python@v6 with: python-version: ${{ matrix.python-version }} - name: Cache pip dependencies uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ matrix.python-version }}-${{ hashFiles('**/requirements*.txt') }} restore-keys: | ${{ runner.os }}-pip-${{ matrix.python-version }}- - name: Install dependencies run: | python -m pip install --upgrade pip pip install -r requirements.txt pip install -r requirements-dev.txt pip install -r requirements-test.txt - name: Lint Python code run: | flake8 . --count --select=E9,F63,F7,F82 --show-source --statistics flake8 . --count --exit-zero --max-complexity=10 --max-line-length=127 --statistics black --check . isort --check-only --diff . mypy . --ignore-missing-imports - name: Run unit tests run: | pytest tests/unit/ -v --cov=aitbc_cli --cov-report=xml --cov-report=html --cov-report=term - name: Run integration tests run: | pytest tests/integration/ -v --tb=short - name: Run performance tests run: | pytest tests/performance/ -v --tb=short - name: Run security tests run: | pytest tests/security/ -v --tb=short - name: Upload coverage to Codecov uses: codecov/codecov-action@v3 with: file: ./coverage.xml flags: unittests name: codecov-umbrella # CLI Testing test-cli: runs-on: ubuntu-latest needs: lint-and-test steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Install CLI run: | cd cli python -m pip install -e . - name: Test CLI commands run: | cd cli python -m aitbc_cli.main --help python -m aitbc_cli.main wallet --help python -m aitbc_cli.main blockchain --help python -m aitbc_cli.main multisig --help python -m aitbc_cli.main genesis-protection --help python -m aitbc_cli.main transfer-control --help python -m aitbc_cli.main compliance --help python -m aitbc_cli.main exchange --help python -m aitbc_cli.main oracle --help python -m aitbc_cli.main market-maker --help - name: Test CLI functionality run: | cd cli python -m aitbc_cli.main --test-mode multisig create --threshold 3 --owners "owner1,owner2,owner3" python -m aitbc_cli.main --test-mode transfer-control set-limit --wallet test_wallet --max-daily 1000 # Multi-Chain Service Testing test-services: runs-on: ubuntu-latest needs: lint-and-test services: redis: image: redis:7 ports: - 6379:6379 postgres: image: postgres:15 env: POSTGRES_PASSWORD: postgres POSTGRES_DB: aitbc_test ports: - 5432:5432 steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Install dependencies run: | pip install -r requirements.txt pip install -r requirements-dev.txt pip install -r requirements-test.txt - name: Test blockchain service run: | cd apps/blockchain-node python -m pytest tests/ -v -k "test_blockchain" - name: Test coordinator service run: | cd apps/coordinator-api python -m pytest tests/ -v -k "test_coordinator" - name: Test consensus service run: | cd apps/consensus-node python -m pytest tests/ -v -k "test_consensus" - name: Test network service run: | cd apps/network-node python -m pytest tests/ -v -k "test_network" - name: Test explorer service run: | cd apps/explorer python -m pytest tests/ -v -k "test_explorer" # Production Services Testing test-production-services: runs-on: ubuntu-latest needs: lint-and-test steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Install dependencies run: | pip install -r requirements.txt pip install -r requirements-dev.txt pip install -r requirements-test.txt - name: Test exchange service run: | cd apps/exchange-integration python -m pytest tests/ -v -k "test_exchange" - name: Test compliance service run: | cd apps/compliance-service python -m pytest tests/ -v -k "test_compliance" - name: Test trading engine run: | cd apps/trading-engine python -m pytest tests/ -v -k "test_trading" - name: Test plugin registry run: | cd apps/plugin-registry python -m pytest tests/ -v -k "test_plugin_registry" - name: Test plugin marketplace run: | cd apps/plugin-marketplace python -m pytest tests/ -v -k "test_plugin_marketplace" - name: Test global infrastructure run: | cd apps/global-infrastructure python -m pytest tests/ -v -k "test_global_infrastructure" - name: Test AI agents run: | cd apps/global-ai-agents python -m pytest tests/ -v -k "test_ai_agents" # Security Scanning security-scan: runs-on: ubuntu-latest needs: lint-and-test steps: - name: Checkout code uses: actions/checkout@v6 - name: Run Trivy vulnerability scanner uses: aquasecurity/trivy-action@master with: scan-type: 'fs' scan-ref: '.' format: 'sarif' output: 'trivy-results.sarif' - name: Upload Trivy scan results to GitHub Security tab uses: github/codeql-action/upload-sarif@v4 with: sarif_file: 'trivy-results.sarif' - name: Run CodeQL Analysis uses: github/codeql-action/analyze@v4 with: languages: python - name: Run Bandit security linter run: | pip install bandit bandit -r . -f json -o bandit-report.json bandit -r . -f text - name: Run Safety check run: | pip install safety safety check --json --output safety-report.json - name: Run semgrep security scan uses: semgrep/semgrep-action@v1 with: config: >- p:security p:owertools # Build and Package build: runs-on: ubuntu-latest needs: [test-cli, test-services, test-production-services] steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Build CLI package run: | cd cli python -m build - name: Build services packages run: | for service in apps/*/; do if [ -f "$service/pyproject.toml" ]; then cd "$service" python -m build cd - > /dev/null fi done - name: Upload build artifacts uses: actions/upload-artifact@v7 with: name: build-artifacts path: | cli/dist/* apps/*/dist/* retention-days: 30 # Deployment to Staging deploy-staging: runs-on: ubuntu-latest needs: build if: github.ref == 'refs/heads/develop' environment: staging steps: - name: Checkout code uses: actions/checkout@v6 - name: Download build artifacts uses: actions/download-artifact@v8 with: name: build-artifacts - name: Deploy CLI to staging run: | echo "Deploying CLI to staging environment" # Add actual deployment commands here - name: Deploy services to staging run: | echo "Deploying services to staging environment" # Add actual deployment commands here - name: Run smoke tests on staging run: | echo "Running smoke tests on staging" # Add smoke test commands here # Deployment to Production deploy-production: runs-on: ubuntu-latest needs: deploy-staging if: github.event_name == 'release' environment: production steps: - name: Checkout code uses: actions/checkout@v6 - name: Download build artifacts uses: actions/download-artifact@v8 with: name: build-artifacts - name: Deploy CLI to production run: | echo "Deploying CLI to production environment" # Add actual deployment commands here - name: Deploy services to production run: | echo "Deploying services to production environment" # Add actual deployment commands here - name: Run health checks on production run: | echo "Running health checks on production" # Add health check commands here - name: Notify deployment success run: | echo "Deployment to production completed successfully" # Performance Testing performance-test: runs-on: ubuntu-latest needs: deploy-staging if: github.event_name == 'pull_request' steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Install dependencies run: | pip install -r requirements-test.txt pip install locust - name: Run performance tests run: | cd tests/performance python -m pytest test_performance.py::TestPerformance::test_cli_performance -v python -m pytest test_performance.py::TestPerformance::test_concurrent_cli_operations -v - name: Run load tests run: | cd tests/performance locust -f locustfile.py --headless -u 10 -r 1 -t 30s --host http://staging.aitbc.dev # Documentation Generation docs: runs-on: ubuntu-latest needs: lint-and-test steps: - name: Checkout code uses: actions/checkout@v6 - name: Set up Python uses: actions/setup-python@v6 with: python-version: "3.13" - name: Install documentation dependencies run: | pip install sphinx sphinx-rtd-theme myst-parser - name: Generate documentation run: | cd docs make html - name: Deploy documentation uses: peaceiris/actions-gh-pages@v4 with: github_token: ${{ secrets.GITHUB_TOKEN }} publish_dir: ./docs/_build/html # Release Management release: runs-on: ubuntu-latest needs: [build, security-scan] if: github.event_name == 'release' steps: - name: Checkout code uses: actions/checkout@v6 - name: Download build artifacts uses: actions/download-artifact@v8 with: name: build-artifacts - name: Create Release uses: actions/create-release@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: tag_name: ${{ github.ref }} release_name: AITBC Release ${{ github.ref }} draft: false prerelease: false - name: Upload CLI Release Asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: cli/dist/* asset_name: aitbc-cli-${{ github.ref_name }}.tar.gz asset_content_type: application/gzip - name: Upload Services Release Asset uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: apps/*/dist/* asset_name: aitbc-services-${{ github.ref_name }}.tar.gz asset_content_type: application/gzip # Notification notify: runs-on: ubuntu-latest needs: [lint-and-test, test-cli, test-services, test-production-services, security-scan] if: always() steps: - name: Notify on success if: needs.lint-and-test.result == 'success' && needs.test-cli.result == 'success' && needs.test-services.result == 'success' && needs.test-production-services.result == 'success' && needs.security-scan.result == 'success' run: | echo "✅ All tests passed successfully!" # Add Slack/Discord notification here - name: Notify on failure if: needs.lint-and-test.result == 'failure' || needs.test-cli.result == 'failure' || needs.test-services.result == 'failure' || needs.test-production-services.result == 'failure' || needs.security-scan.result == 'failure' run: | echo "❌ Some tests failed!" # Add Slack/Discord notification here