# Woodpecker CI pipeline for Stonks Oracle # Images push to registry.celestium.life/stonks-oracle/: and :latest # # Storage: longhorn-rwx (RWX) for cross-node step scheduling # Scheduling: podAntiAffinity spreads pipeline pods across cluster nodes steps: lint-python: image: registry.celestium.life/dockerhub-cache/library/python:3.12-slim commands: - pip install ruff==0.15.10 --quiet - ruff --version - ruff check --output-format=concise . backend_options: kubernetes: resources: requests: memory: 256Mi cpu: 200m limits: memory: 512Mi cpu: 1000m when: event: [push, pull_request] test-python: image: registry.celestium.life/dockerhub-cache/library/python:3.12-slim commands: - pip install -r requirements.txt --quiet - pip install hypothesis --quiet - pytest tests/ -x --tb=short -q --ignore=tests/integration backend_options: kubernetes: resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 2000m when: event: [push, pull_request] test-frontend: image: registry.celestium.life/dockerhub-cache/library/node:24-slim commands: - cd frontend - npm ci - npx vitest --run backend_options: kubernetes: resources: requests: memory: 512Mi cpu: 500m limits: memory: 1Gi cpu: 2000m when: event: [push, pull_request] build-scheduler: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/scheduler registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile.scheduler context: . backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-symbol-registry: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/symbol-registry registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=uvicorn services.symbol_registry.app:app --host 0.0.0.0 --port 8000" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-ingestion: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/ingestion registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.ingestion.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-parser: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/parser registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.parser.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-extractor: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/extractor registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.extractor.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-aggregation: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/aggregation registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.aggregation.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-recommendation: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/recommendation registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.recommendation.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-risk: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/risk registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=uvicorn services.risk.app:app --host 0.0.0.0 --port 8000" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-broker-adapter: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/broker-adapter registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.adapters.broker_adapter" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-lake-publisher: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/lake-publisher registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=python -m services.lake_publisher.worker" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-query-api: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/query-api registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=uvicorn services.api.app:app --host 0.0.0.0 --port 8000" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-trading-engine: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/trading-engine registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile context: . build_args: "SERVICE_CMD=uvicorn services.trading.app:app --host 0.0.0.0 --port 8000" backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-dashboard: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/dashboard registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: frontend/Dockerfile context: frontend no_cache: true backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend build-superset: image: woodpeckerci/plugin-docker-buildx privileged: true settings: repo: registry.celestium.life/stonks-oracle/superset registry: registry.celestium.life custom_dns: 192.168.42.1 buildx_flags: --driver-opt network=host buildkitd_config: | [registry."docker.io"] mirrors = ["registry.celestium.life/v2/dockerhub-cache"] [registry."ghcr.io"] mirrors = ["registry.celestium.life/v2/ghcr-cache"] no_proxy: "10.0.0.0/8,192.168.0.0/16,127.0.0.1,localhost,.local,.celestium.life" logins: - registry: https://registry.celestium.life username: from_secret: harbor_username password: from_secret: harbor_password - registry: https://index.docker.io/v1/ username: from_secret: docker_username password: from_secret: docker_password tags: - ${CI_COMMIT_SHA} - latest dockerfile: docker/Dockerfile.superset context: docker backend_options: kubernetes: resources: requests: memory: 1Gi cpu: 1000m limits: memory: 2Gi cpu: 4000m when: event: push branch: main depends_on: - lint-python - test-python - test-frontend integration-test: image: registry.celestium.life/dockerhub-cache/alpine/k8s:1.30.2 environment: DOCKERHUB_USER: from_secret: docker_username DOCKERHUB_TOKEN: from_secret: docker_password commands: - bash infra/inttest/run_pipeline.sh --image-tag ${CI_COMMIT_SHA} --results-file inttest-results.json backend_options: kubernetes: resources: requests: memory: 256Mi cpu: 200m limits: memory: 512Mi cpu: 1000m when: event: push branch: main depends_on: - build-scheduler - build-symbol-registry - build-ingestion - build-parser - build-extractor - build-aggregation - build-recommendation - build-risk - build-broker-adapter - build-lake-publisher - build-query-api - build-trading-engine - build-dashboard - build-superset mirror-github: image: registry.celestium.life/dockerhub-cache/alpine/git failure: ignore environment: GITHUB_SSH_KEY: from_secret: github_ssh_key commands: - "[ -z \"$GITHUB_SSH_KEY\" ] && echo 'No SSH key configured, skipping mirror' && exit 0" - mkdir -p ~/.ssh - echo "$GITHUB_SSH_KEY" > ~/.ssh/id_ed25519 - chmod 600 ~/.ssh/id_ed25519 - ssh-keyscan github.com >> ~/.ssh/known_hosts 2>/dev/null - git remote add github git@github.com:celesrenata/stonks-oracle.git || git remote set-url github git@github.com:celesrenata/stonks-oracle.git - git fetch --unshallow origin || true - git push github main --force - git push github --tags --force when: event: push branch: main depends_on: - integration-test