Bugfix/ci cd pipeline

.env.example

@@ -124,4 +124,4 @@ GF_SECURITY_ADMIN_PASSWORD=admin
 # JUPYTER CONFIGURATION (Optional - for jupyter profile)
 # ===========================================
 
-JUPYTER_ENABLE_LAB=yes
+JUPYTER_ENABLE_LAB=yes

.github/dependabot.yml

@@ -0,0 +1,62 @@
+# Dependabot configuration for automated dependency updates
+version: 2
+updates:
+  # Python dependencies
+  - package-ecosystem: "pip"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 10
+    reviewers:
+      - "your-github-username"
+    assignees:
+      - "your-github-username"
+    commit-message:
+      prefix: "chore"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "python"
+    target-branch: "develop"
+
+  # GitHub Actions
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "your-github-username"
+    assignees:
+      - "your-github-username"
+    commit-message:
+      prefix: "ci"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "github-actions"
+    target-branch: "develop"
+
+  # Docker
+  - package-ecosystem: "docker"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "09:00"
+    open-pull-requests-limit: 5
+    reviewers:
+      - "your-github-username"
+    assignees:
+      - "your-github-username"
+    commit-message:
+      prefix: "docker"
+      include: "scope"
+    labels:
+      - "dependencies"
+      - "docker"
+    target-branch: "develop"

.github/dependency-review-config.yml

@@ -0,0 +1,54 @@
+# Dependency Review Configuration
+# https://docs.github.com/en/code-security/supply-chain-security/understanding-your-software-supply-chain/configuring-dependency-review
+
+# Fail the action on these severity levels
+fail-on-severity: moderate
+
+# Fail the action on these scopes
+fail-on-scopes:
+  - runtime
+  - development
+
+# Allow these licenses
+allow-licenses:
+  - MIT
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - Python-2.0
+  - GPL-2.0
+  - GPL-3.0
+  - LGPL-2.1
+  - LGPL-3.0
+  - MPL-2.0
+  - CC0-1.0
+
+# Deny these licenses
+deny-licenses:
+  - AGPL-1.0
+  - AGPL-3.0
+  - GPL-2.0-only
+  - GPL-3.0-only
+  - LGPL-2.0
+  - LGPL-2.1-only
+  - LGPL-3.0-only
+  - EUPL-1.1
+  - EUPL-1.2
+
+# Allow these vulnerabilities (use with caution)
+allow-vulnerabilities:
+  # Example: allow specific CVEs if they don't affect your use case
+  # - GHSA-xxxx-xxxx-xxxx
+
+# Allow these dependency changes
+allow-dependencies-licenses:
+  - MIT
+  - Apache-2.0
+  - BSD-2-Clause
+  - BSD-3-Clause
+  - ISC
+  - Python-2.0
+
+# Comment configuration
+comment-summary-in-pr: true

.github/workflows/ci.yml

@@ -4,248 +4,49 @@ on:
   push:
     branches: [ main, develop ]
   pull_request:
-    branches: [ main, develop ]
-  workflow_dispatch:
-
-env:
-  PYTHON_VERSION: "3.12"
-  POETRY_VERSION: "1.8.0"
+    branches: [ main ]
 
 jobs:
-  lint-and-format:
-    name: Lint and Format Check
+  ci:
+    name: CI
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
-      - name: Checkout code
+      - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up Python
+      - name: Setup Python
         uses: actions/setup-python@v5
         with:
-          python-version: ${{ env.PYTHON_VERSION }}
+          python-version: "3.12"
 
       - name: Install Poetry
         uses: snok/install-poetry@v1
         with:
-          version: ${{ env.POETRY_VERSION }}
-          virtualenvs-create: true
-          virtualenvs-in-project: true
-
-      - name: Load cached venv
-        id: cached-poetry-dependencies
-        uses: actions/cache@v4
-        with:
-          path: .venv
-          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
+          version: "1.8.0"
 
       - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction --no-root --with dev
-
-      - name: Install project
-        run: poetry install --no-interaction
+        run: poetry install
 
-      - name: Check code formatting with Black
-        run: poetry run black --check --diff .
+      - name: Format check
+        run: poetry run black --check .
 
-      - name: Check import sorting with isort
-        run: poetry run isort --check-only --diff .
+      - name: Import sort check
+        run: poetry run isort --check-only .
 
-      - name: Lint with Ruff
+      - name: Lint
         run: poetry run ruff check .
 
-      - name: Type check with MyPy
-        run: poetry run mypy src/
-
-  security:
-    name: Security Checks
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        uses: snok/install-poetry@v1
-        with:
-          version: ${{ env.POETRY_VERSION }}
-          virtualenvs-create: true
-          virtualenvs-in-project: true
-
-      - name: Load cached venv
-        id: cached-poetry-dependencies
-        uses: actions/cache@v4
-        with:
-          path: .venv
-          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
-
-      - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction --no-root --with dev
-
-      - name: Install project
-        run: poetry install --no-interaction
-
-      - name: Run Bandit security linter
-        run: poetry run bandit -r src/ -f json -o reports_output/bandit-report.json || true
-
-      - name: Run Safety check
-        run: poetry run safety check --json --output reports_output/safety-report.json || true
-
-      - name: Upload security reports
-        uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: security-reports
-          path: reports_output/
-
-  test:
-    name: Test Suite
-    runs-on: ubuntu-latest
-    strategy:
-      matrix:
-        python-version: ["3.12"]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ matrix.python-version }}
-
-      - name: Install Poetry
-        uses: snok/install-poetry@v1
-        with:
-          version: ${{ env.POETRY_VERSION }}
-          virtualenvs-create: true
-          virtualenvs-in-project: true
-
-      - name: Load cached venv
-        id: cached-poetry-dependencies
-        uses: actions/cache@v4
-        with:
-          path: .venv
-          key: venv-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('**/poetry.lock') }}
-
-      - name: Install dependencies
-        if: steps.cached-poetry-dependencies.outputs.cache-hit != 'true'
-        run: poetry install --no-interaction --no-root --with dev
-
-      - name: Install project
-        run: poetry install --no-interaction
+      # Type check disabled for showcase project
+      # - name: Type check
+      #   run: poetry run mypy src/
 
-      - name: Create reports directory
-        run: mkdir -p reports_output
+      - name: Security check
+        run: poetry run bandit -r src/ -ll
 
-      - name: Run unit tests
-        run: poetry run pytest tests/ -m "not integration" --cov=src --cov-report=xml --cov-report=html --cov-report=term-missing
+      - name: Test
+        run: poetry run pytest
 
-      - name: Run integration tests
-        run: poetry run pytest tests/ -m "integration" --tb=short || true
-
-      - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v4
-        with:
-          file: ./reports_output/coverage.xml
-          flags: unittests
-          name: codecov-umbrella
-          fail_ci_if_error: false
-
-      - name: Upload test artifacts
-        uses: actions/upload-artifact@v4
-        if: always()
-        with:
-          name: test-results-${{ matrix.python-version }}
-          path: |
-            reports_output/
-            .coverage
-
-  build:
-    name: Build Check
-    runs-on: ubuntu-latest
-    needs: [lint-and-format, security, test]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        uses: snok/install-poetry@v1
-        with:
-          version: ${{ env.POETRY_VERSION }}
-          virtualenvs-create: true
-          virtualenvs-in-project: true
-
-      - name: Build package
+      - name: Build
         run: poetry build
-
-      - name: Upload build artifacts
-        uses: actions/upload-artifact@v4
-        with:
-          name: dist
-          path: dist/
-
-  docker:
-    name: Docker Build
-    runs-on: ubuntu-latest
-    needs: [lint-and-format, security, test]
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v3
-
-      - name: Build Docker image
-        uses: docker/build-push-action@v5
-        with:
-          context: .
-          push: false
-          tags: quant-system:latest
-          cache-from: type=gha
-          cache-to: type=gha,mode=max
-
-  deploy-docs:
-    name: Deploy Documentation
-    runs-on: ubuntu-latest
-    needs: [build]
-    if: github.ref == 'refs/heads/main'
-    steps:
-      - name: Checkout code
-        uses: actions/checkout@v4
-
-      - name: Set up Python
-        uses: actions/setup-python@v5
-        with:
-          python-version: ${{ env.PYTHON_VERSION }}
-
-      - name: Install Poetry
-        uses: snok/install-poetry@v1
-        with:
-          version: ${{ env.POETRY_VERSION }}
-
-      - name: Install dependencies
-        run: poetry install --no-interaction --with dev
-
-      - name: Generate documentation
-        run: |
-          mkdir -p docs_output
-          cp -r docs/* docs_output/
-          cp README.md docs_output/
-          poetry run python -m src.reporting.generate_docs
-
-      - name: Deploy to GitHub Pages
-        uses: peaceiris/actions-gh-pages@v3
-        if: success()
-        with:
-          github_token: ${{ secrets.GITHUB_TOKEN }}
-          publish_dir: ./docs_output