Adriano
b5b96f959c
Sei interventi MEDIA priorità sul sistema. 323 test pass, mypy strict
pulito, ruff clean.
1. Docker HEALTHCHECK + cerbero-bite healthcheck:
- nuovo subcommand che esce 0 se kill_switch=0 e last_health_check
entro --max-staleness-s (default 600s);
- HEALTHCHECK direttiva nel Dockerfile (60s interval, 5s timeout,
start_period 120s, retries 3);
- healthcheck definition nel docker-compose.yml.
2. Audit hash chain anti-truncation:
- migration 0002: nuova colonna system_state.last_audit_hash;
- AuditLog accetta callback on_append, dependencies.py la wire al
repository.set_last_audit_hash;
- Orchestrator.boot verifica che il tail file matcha l'anchor
persistito; mismatch → kill switch CRITICAL.
3. return_4h bootstrap da deribit get_historical:
- quando dvol_history è vuoto _fetch_return_4h cade su
deribit.historical_close (1h candle 4h fa);
- alert LOW se anche il fallback fallisce.
4. execution.environment + execution.eur_to_usd in strategy.yaml:
- ExecutionConfig promosso a typed schema con i due campi
consumati al boot;
- CLI start preferisce i valori da config; CLI flag overridano
solo quando differenti dai default.
5. Cycle correlation ID:
- structlog.contextvars.bind_contextvars in run_entry/run_monitor/
run_health propaga cycle_id e cycle nei log strutturati.
6. SIGTERM/SIGINT clean shutdown:
- run_forever installa loop.add_signal_handler per SIGTERM e
SIGINT; il segnale set()ta un asyncio.Event che termina il
blocco principale, scheduler.shutdown e ctx.aclose finalizzano.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
59 lines
1.7 KiB
Docker
59 lines
1.7 KiB
Docker
# syntax=docker/dockerfile:1.7
|
|
FROM python:3.13-slim AS builder
|
|
|
|
# uv ships static binaries; pin a version for reproducibility.
|
|
COPY --from=ghcr.io/astral-sh/uv:0.4.27 /uv /usr/local/bin/uv
|
|
|
|
WORKDIR /app
|
|
|
|
ENV UV_PROJECT_ENVIRONMENT=/opt/venv \
|
|
UV_LINK_MODE=copy \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1
|
|
|
|
# Install only the dependencies first so the layer is cached when the
|
|
# source tree changes.
|
|
COPY pyproject.toml uv.lock ./
|
|
RUN uv sync --frozen --no-dev --no-install-project
|
|
|
|
# Now copy the source tree and install the project itself.
|
|
COPY src ./src
|
|
COPY README.md ./
|
|
RUN uv sync --frozen --no-dev
|
|
|
|
|
|
FROM python:3.13-slim AS runtime
|
|
|
|
RUN apt-get update \
|
|
&& apt-get install -y --no-install-recommends sqlite3 ca-certificates \
|
|
&& rm -rf /var/lib/apt/lists/*
|
|
|
|
# Non-root user with a stable UID for volume permissions.
|
|
RUN useradd --system --uid 10001 --home-dir /app --shell /usr/sbin/nologin bite
|
|
WORKDIR /app
|
|
|
|
ENV PATH=/opt/venv/bin:$PATH \
|
|
PYTHONDONTWRITEBYTECODE=1 \
|
|
PYTHONUNBUFFERED=1 \
|
|
CERBERO_BITE_CORE_TOKEN_FILE=/run/secrets/core_token
|
|
|
|
COPY --from=builder /opt/venv /opt/venv
|
|
COPY --from=builder /app/src /app/src
|
|
COPY scripts /app/scripts
|
|
COPY strategy.yaml /app/strategy.yaml
|
|
|
|
# Persistent state + audit go into /app/data, mounted as a volume in
|
|
# docker-compose.yml.
|
|
RUN mkdir -p /app/data/log /app/data/backups \
|
|
&& chown -R bite:bite /app
|
|
|
|
USER bite
|
|
|
|
# The healthcheck rides on the same Click entrypoint: it queries the
|
|
# SQLite singleton and exits 0/1 based on kill_switch + last_health_check.
|
|
HEALTHCHECK --interval=60s --timeout=5s --start-period=120s --retries=3 \
|
|
CMD ["cerbero-bite", "healthcheck", "--db", "/app/data/state.sqlite"]
|
|
|
|
ENTRYPOINT ["cerbero-bite"]
|
|
CMD ["status"]
|