Skip to content

Commit fed3955

Browse files
authored
Release 1.229.0
See release notes.
2 parents 3aa1ddf + 14fb244 commit fed3955

1,412 files changed

Lines changed: 150253 additions & 69514 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.docker/DockerfileUbuntu

Lines changed: 16 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -14,9 +14,10 @@
1414
# Remove the image
1515
# docker image rm nautilus-dev
1616

17+
FROM rust:1.96.0-slim-bookworm@sha256:b5f842fac1e3b4ff718a652a8e0173b62d9403ec826ef4998880b9347db30684 AS rust-toolchain
18+
1719
# Pin to specific digest for supply-chain security (ubuntu:22.04 as of 2026-04-30)
1820
FROM ubuntu@sha256:962f6cadeae0ea6284001009daa4cc9a8c37e75d1f5191cf0eb83fe565b63dd7
19-
2021
# Set environment variables
2122
ENV DEBIAN_FRONTEND=noninteractive
2223
ENV BUILD_MODE=release
@@ -39,23 +40,27 @@ RUN apt-get update && apt-get install -y \
3940
&& rm -rf /var/lib/apt/lists/*
4041

4142
# Install Rust
42-
RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
43-
ENV PATH="/root/.cargo/bin:${PATH}"
43+
COPY --from=rust-toolchain /usr/local/cargo /usr/local/cargo
44+
COPY --from=rust-toolchain /usr/local/rustup /usr/local/rustup
45+
ENV CARGO_HOME="/usr/local/cargo" \
46+
RUSTUP_HOME="/usr/local/rustup" \
47+
PATH="/usr/local/cargo/bin:${PATH}"
48+
49+
# Set working directory
50+
WORKDIR /workspace
4451

4552
# Install uv
46-
RUN curl -LsSf https://astral.sh/uv/install.sh | sh
47-
ENV PATH="/root/.cargo/bin:/root/.local/bin:${PATH}"
53+
COPY --from=ghcr.io/astral-sh/uv:0.11.23@sha256:d0a0a753ab981624b49c97abc98821c1c09f4ca69d1ef5cee69c501be3d88479 \
54+
/uv /uvx /root/.local/bin/
55+
ENV PATH="/root/.local/bin:${PATH}"
4856

4957
# Install Python 3.13
50-
RUN uv python install
51-
52-
# Set working directory
53-
WORKDIR /workspace
58+
RUN uv python install 3.13
5459

5560
# Copy only necessary files for dependency setup
5661
# The actual source code will be mounted as a volume
57-
COPY ../scripts/rust-toolchain.sh scripts/
58-
COPY ../Cargo.toml Cargo.lock pyproject.toml rust-toolchain.toml ./
62+
COPY scripts/rust-toolchain.sh scripts/
63+
COPY Cargo.toml Cargo.lock rust-toolchain.toml ./
5964

6065
# Set up Rust toolchain based on project requirements
6166
RUN bash scripts/rust-toolchain.sh > /tmp/toolchain.txt && \

.docker/jupyterlab.dockerfile

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,6 @@
1-
ARG GIT_TAG=develop
2-
FROM ghcr.io/nautechsystems/nautilus_trader:$GIT_TAG
1+
ARG BASE_IMAGE_REPOSITORY=ghcr.io/nautechsystems/nautilus_trader:latest
2+
ARG BASE_IMAGE_DIGEST=ffaf4104402164d483371ecb27e21b16231293c416adb9771f9bd97a04f27673
3+
FROM ${BASE_IMAGE_REPOSITORY}@sha256:${BASE_IMAGE_DIGEST}
34

45
COPY docs/tutorials /opt/pysetup/tutorials
56

@@ -28,9 +29,8 @@ RUN curl -fsSL --retry 3 \
2829
mv /tmp/eurusd_instrument.parquet /catalog/data/currency_pair/EURUSD.SIM/part-0.parquet
2930

3031
# Install UV
31-
COPY scripts/uv-version.sh scripts/
32-
COPY pyproject.toml ./
33-
RUN UV_VERSION=$(bash scripts/uv-version.sh) && curl -LsSf https://astral.sh/uv/$UV_VERSION/install.sh | sh
32+
COPY --from=ghcr.io/astral-sh/uv:0.11.23@sha256:d0a0a753ab981624b49c97abc98821c1c09f4ca69d1ef5cee69c501be3d88479 \
33+
/uv /uvx /root/.local/bin/
3434

3535
RUN uv pip install --system jupyterlab datafusion
3636

.docker/nautilus_trader.dockerfile

Lines changed: 15 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,21 @@
1-
# Pin to specific digest for supply-chain security (python:3.13-slim as of 2026-04-30)
2-
FROM python@sha256:a0779d7c12fc20be6ec6b4ddc901a4fd7657b8a6bc9def9d3fde89ed5efe0a3d AS base
1+
FROM rust:1.96.0-slim-bookworm@sha256:b5f842fac1e3b4ff718a652a8e0173b62d9403ec826ef4998880b9347db30684 AS rust-toolchain
2+
3+
# Pin to specific digest for supply-chain security (python:3.13-slim as of 2026-04-30).
4+
# Keep the version tag: scripts/ci/check-docker-toolchain-pins.bash treats it as the
5+
# canonical Docker Python version and aligns the site-packages paths below to it.
6+
FROM python:3.13-slim@sha256:a0779d7c12fc20be6ec6b4ddc901a4fd7657b8a6bc9def9d3fde89ed5efe0a3d AS base
37
ENV PYTHONUNBUFFERED=1 \
48
PYTHONDONTWRITEBYTECODE=1 \
59
PIP_NO_CACHE_DIR=off \
610
PIP_DISABLE_PIP_VERSION_CHECK=on \
711
PIP_DEFAULT_TIMEOUT=100 \
812
PYO3_PYTHON="/usr/local/bin/python3" \
913
PYSETUP_PATH="/opt/pysetup" \
10-
RUSTUP_TOOLCHAIN="stable" \
14+
CARGO_HOME="/usr/local/cargo" \
15+
RUSTUP_HOME="/usr/local/rustup" \
1116
BUILD_MODE="release" \
1217
CC="clang"
13-
ENV PATH="/root/.local/bin:/root/.cargo/bin:$PATH"
18+
ENV PATH="/root/.local/bin:/usr/local/cargo/bin:$PATH"
1419
WORKDIR $PYSETUP_PATH
1520

1621
FROM base AS builder
@@ -22,12 +27,12 @@ RUN apt-get update && \
2227
rm -rf /var/lib/apt/lists/*
2328

2429
# Install Rust
25-
RUN curl https://sh.rustup.rs -sSf | bash -s -- -y
30+
COPY --from=rust-toolchain /usr/local/cargo /usr/local/cargo
31+
COPY --from=rust-toolchain /usr/local/rustup /usr/local/rustup
2632

2733
# Install UV
28-
COPY scripts/uv-version.sh scripts/
29-
COPY pyproject.toml ./
30-
RUN UV_VERSION=$(bash scripts/uv-version.sh) && curl -LsSf https://astral.sh/uv/$UV_VERSION/install.sh | sh
34+
COPY --from=ghcr.io/astral-sh/uv:0.11.23@sha256:d0a0a753ab981624b49c97abc98821c1c09f4ca69d1ef5cee69c501be3d88479 \
35+
/uv /uvx /root/.local/bin/
3136

3237
# Install package requirements
3338
COPY uv.lock pyproject.toml build.py ./
@@ -37,6 +42,8 @@ RUN uv sync --no-install-package nautilus_trader
3742
COPY Cargo.toml ./
3843
COPY Cargo.lock ./
3944
COPY crates ./crates
45+
COPY patches ./patches
46+
COPY examples/tutorials ./examples/tutorials
4047
RUN cargo build --lib --release --all-features
4148

4249
COPY nautilus_trader ./nautilus_trader

.github/OVERVIEW.md

Lines changed: 15 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -28,20 +28,20 @@ CI/CD, testing, publishing, and automation within the NautilusTrader repository.
2828
release publication and attestation verification. Uses Depot 8-core runners for Linux and Windows
2929
builds. Includes a plan step that skips builds on docs-only changes and skips Rust tests on
3030
Python-only changes.
31-
- **build-v2.yml**: CI pipeline for the v2 Rust-native system. Uses Depot 8-core runners for Linux builds.
31+
- **build-v2.yml**: CI pipeline for the v2 Rust-native system. Runs Linux builds on the self-hosted `build-v2` pool.
3232
- **build-docs.yml**: dispatches documentation build on `master` and `nightly` pushes.
3333
- **cli-binaries.yml**: builds and publishes CLI binaries for multiple platforms.
3434
- **codeql-analysis.yml**: CodeQL security scans for Python and Rust on PRs to `master`, pushes to
3535
`nightly`, and manual dispatch.
36-
- **copilot-setup-steps.yml**: environment setup for GitHub Copilot coding agent.
3736
- **coverage.yml**: coverage report generation, currently paused and runs only on `workflow_dispatch`.
3837
- **docker.yml**: builds and pushes multi-platform Docker images (`nautilus_trader`, `jupyterlab`)
3938
using Buildx and native ARM runners.
4039
- **nightly-docs-features-check.yml**: nightly docs.rs build checks and crate feature compatibility verification.
4140
- **nightly-merge.yml**: auto-merges `develop` into `nightly` when CI succeeds.
42-
- **nightly-tests.yml**: extended test suites too slow for PR builds - turmoil network tests plus
43-
macOS, Windows, and Linux ARM build-and-test jobs that run daily at 12:00 UTC to give early
44-
visibility on develop before `nightly-merge` at 14:00 UTC.
41+
- **nightly-tests.yml**: extended test suites too slow for PR builds - turmoil network tests,
42+
macOS, Windows, and Linux ARM build-and-test jobs, plus final Cargo publish-plan and dry-run
43+
checks that run daily at 12:00 UTC to give early visibility on develop before `nightly-merge`
44+
at 14:00 UTC.
4545
- **performance.yml**: Rust/Python benchmarks on `nightly`, reporting to CodSpeed.
4646
- **security-audit.yml**: nightly supply chain security checks (cargo-audit, cargo-deny,
4747
cargo-vet, pip-audit, osv-scanner, and Zizmor).
@@ -109,11 +109,16 @@ CI/CD, testing, publishing, and automation within the NautilusTrader repository.
109109
repo `nautechsystems/nautilus_trader`, workflow `build.yml`, and environment `release`; the
110110
job uses a short-lived token from `rust-lang/crates-io-auth-action` and no long-lived cargo token.
111111
- **Post-publish verification**: `publish-release-integrity` verifies PyPI files against
112-
`dist-manifest.json`, verifies PyPI provenance publisher metadata, verifies crates.io entries
113-
were trusted-published by this repository, records whether each crate matches the release commit
114-
or was already published, uploads `crates-manifest.json`, attaches attestation siblings, and
115-
cleans up release workflow artifacts. `publish-github-release` then publishes the draft release
116-
and verifies GitHub's release attestation.
112+
`dist-manifest.json`, verifies PyPI provenance publisher metadata, and verifies crates.io entries
113+
were trusted-published by this repository. These verifier calls retry transient
114+
Sigstore/Rekor/TUF lag, while provenance and identity mismatches fail fast. The job records
115+
whether each crate matches the release commit, was already published, or matched an explicit
116+
`CRATES_IO_MANUAL_PUBLISH_EXCEPTIONS` `crate@version` entry for emergency token-publish
117+
recovery. Manual entries are recorded in `crates-manifest.json` with
118+
`release_status: "manual_token_publish"`. Malformed or unused exception entries fail the job. The
119+
job uploads `crates-manifest.json`, attaches attestation siblings, and cleans up release workflow
120+
artifacts. `publish-github-release` then publishes the draft release and verifies GitHub's
121+
release attestation.
117122
- **Caching**: Rust target directory cache (`Swatinem/rust-cache`), prek hook environments, and test
118123
data caches speed up workflows while preserving hermetic builds. Rust cache saves are restricted
119124
to push events to prevent PR cache pollution.

.github/actionlint.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,6 @@ self-hosted-runner:
33
- depot-ubuntu-22.04-8
44
- depot-ubuntu-22.04-arm-8
55
- depot-windows-2022-8
6-
- depot-macos-14
7-
- depot-macos-15
86
- self-hosted-linux-x86
97
- build
108
- build-v2

.github/actions/common-wheel-build/action.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -102,4 +102,4 @@ runs:
102102
shell: bash
103103
run: |-
104104
bash scripts/ci/retry-on-corruption.sh uv sync --all-groups --all-extras --no-install-package nautilus_trader
105-
bash scripts/ci/retry-on-corruption.sh uv pip install dist/*.whl
105+
bash scripts/ci/retry-on-corruption.sh uv pip install dist/nautilus_trader-*.whl

.github/actions/upload-artifact-wheel/action.yml

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -9,15 +9,16 @@ runs:
99
if: >-
1010
github.event_name == 'push' &&
1111
(github.ref_name == 'develop' || github.ref_name == 'nightly' ||
12-
github.ref_name == 'master' || github.ref_name == 'test-ci')
12+
github.ref_name == 'master' || github.ref_name == 'test-ci' ||
13+
github.ref_name == 'test-ci-v2')
1314
id: vars
1415
run: |
1516
if [ ! -d "./dist" ]; then
1617
echo "Error: dist directory not found"
1718
exit 1
1819
fi
1920
20-
ASSET_PATH=$(find ./dist -name "nautilus_trader-*.whl" -type f | xargs ls -t 2>/dev/null | head -n 1)
21+
ASSET_PATH=$(find ./dist -name "nautilus_trader-*.whl" -type f -print | sort | head -n 1)
2122
2223
if [ -z "$ASSET_PATH" ]; then
2324
echo "Error: No nautilus_trader wheel files found in dist directory"
@@ -30,11 +31,13 @@ runs:
3031
if: >-
3132
github.event_name == 'push' &&
3233
(github.ref_name == 'develop' || github.ref_name == 'nightly' ||
33-
github.ref_name == 'master' || github.ref_name == 'test-ci')
34+
github.ref_name == 'master' || github.ref_name == 'test-ci' ||
35+
github.ref_name == 'test-ci-v2')
3436
# https://github.com/actions/upload-artifact
3537
# Use wildcard to flatten dist/ prefix: path before first wildcard is stripped
3638
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
3739
with:
3840
name: ${{ env.ASSET_NAME }}
3941
path: dist/nautilus_trader-*.whl
42+
if-no-files-found: error
4043
retention-days: 1

0 commit comments

Comments
 (0)