Release 1.220.0

See release notes.

Author: cjdsellers

.cargo/config.toml

@@ -5,6 +5,14 @@ rustflags = [
     "-Aclippy::drop_non_drop",
 ]
 
+[target.'cfg(target_os = "linux")']
+rustflags = [
+    "-C", "link-arg=-Wl,--gc-sections",
+    "-C", "link-arg=-Wl,--as-needed",
+    "-C", "link-arg=-Wl,-z,norelro",
+    "-C", "relocation-model=pic",
+]
+
 [target.x86_64-apple-darwin]
 rustflags = [
     "-C", "link-arg=-undefined",

.docker/DockerfileUbuntu

@@ -40,9 +40,6 @@ RUN apt-get update && apt-get install -y \
 RUN curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
 ENV PATH="/root/.cargo/bin:${PATH}"
 
-# Install mold linker
-RUN curl -L https://github.com/rui314/mold/releases/download/v2.35.1/mold-2.35.1-x86_64-linux.tar.gz | tar -xz -C /usr/local --strip-components=1
-
 # Install uv
 RUN curl -LsSf https://astral.sh/uv/install.sh | sh
 ENV PATH="/root/.cargo/bin:/root/.local/bin:${PATH}"

.docker/docker-compose.yml

@@ -1,13 +1,11 @@
-version: '3.5'
-
 services:
   postgres:
     container_name: nautilus-database
     image: postgres
     environment:
-      POSTGRES_USER: ${POSTGRES_USER:-postgres}
+      POSTGRES_USER: ${POSTGRES_USER:-nautilus}
       POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:-pass}
-      POSTGRES_DATABASE: nautilus
+      POSTGRES_DB: ${POSTGRES_DB:-nautilus}
       PGDATA: /data/postgres
     volumes:
       - nautilus-database:/data/postgres
@@ -37,7 +35,7 @@ services:
     container_name: nautilus-redis
     image: redis
     ports:
-      - 6379:6379
+      - "6379:6379"
     restart: unless-stopped
     networks:
       - nautilus-network

.docker/nautilus_trader.dockerfile

@@ -47,3 +47,4 @@ RUN find /usr/local/lib/python3.13/site-packages -name "*.pyc" -exec rm -f {} \;
 FROM base AS application
 
 COPY --from=builder /usr/local/lib/python3.13/site-packages /usr/local/lib/python3.13/site-packages
+COPY --from=builder /usr/local/bin/ /usr/local/bin/

.env.example

@@ -0,0 +1,7 @@
+# Environment Variables for NautilusTrader
+# Copy this file to .env and update with your actual values
+
+# Data Paths
+# NAUTILUS_PATH should point to the root directory containing your Nautilus data
+# The catalog will be automatically located at NAUTILUS_PATH/catalog
+NAUTILUS_PATH=/path/to/nautilus/data

.github/OVERVIEW.md

@@ -6,51 +6,37 @@
 This directory contains reusable composite actions and workflow definitions for
 CI/CD, testing, publishing, and automation within the NautilusTrader repository.
 
-## Composite Actions (`.github/actions`)
+## Composite actions (`.github/actions`)
 
-- **common-setup**: prepares the environment (OS packages, Rust toolchain, Python,
-  sccache, mold, pre-commit).
+- **common-setup**: prepares the environment (OS packages, Rust toolchain, Python, sccache, pre-commit).
 - **common-test-data**: caches large test data under `tests/test_data/large`.
-- **common-wheel-build**: builds and installs Python wheels across Linux,
-  macOS, and Windows for multiple Python versions.
-- **publish-wheels**: publishes built wheels to Cloudflare R2, manages old wheel
-  cleanup and index generation.
+- **common-wheel-build**: builds and installs Python wheels across Linux, macOS, and Windows for multiple Python versions.
+- **publish-wheels**: publishes built wheels to Cloudflare R2, manages old wheel cleanup and index generation.
 - **upload-artifact-wheel**: uploads the latest wheel artifact to GitHub Actions.
 
 ## Workflows (`.github/workflows`)
 
-- **build.yml**: runs pre-commit, Rust tests, Python tests, builds wheels on multiple
-  platforms, and uploads wheel artifacts.
-- **build-docs.yml**: dispatches a repository event to trigger the documentation build
-  on `master` and `nightly` pushes.
-- **codeql-analysis.yml**: schedules and runs CodeQL security scans on pull requests
-  and periodically via cron.
+- **build.yml**: runs pre-commit, Rust tests, Python tests, builds wheels on multiple platforms, and uploads wheel artifacts.
+- **build-docs.yml**: dispatches a repository event to trigger the documentation build on `master` and `nightly` pushes.
+- **codeql-analysis.yml**: schedules and runs CodeQL security scans on pull requests and periodically via cron.
 - **coverage.yml**: (optional) coverage report generation for the `nightly` branch.
-- **docker.yml**: builds and pushes Docker images (`nautilus_trader`, `jupyterlab`)
-  for `master` and `nightly` branches using Buildx and QEMU.
-- **nightly-merge.yml**: automatically merges `develop` into `nightly` when the
-  latest `develop` workflows succeed.
-- **performance.yml**: runs Rust/Python performance benchmarks on the `nightly` branch
-  and reports to CodSpeed.
+- **docker.yml**: builds and pushes Docker images (`nautilus_trader`, `jupyterlab`) for `master` and `nightly` branches using Buildx and QEMU.
+- **nightly-merge.yml**: automatically merges `develop` into `nightly` when the latest `develop` workflows succeed.
+- **performance.yml**: runs Rust/Python performance benchmarks on the `nightly` branch and reports to CodSpeed.
 
 ## Security
 
-- **Immutable Action Pinning**: all third-party actions are pinned to specific commit
-  SHAs to guarantee immutability and reproducibility.
-- **Hardened Runners**: most workflows employ `step-security/harden-runner` with an
-  `egress-policy: audit` to reduce attack surface and monitor outbound traffic.
-- **Secret Management**: no secrets or credentials are stored in the repo. AWS, PyPI,
-  and other credentials are provided via GitHub Secrets and injected at runtime.
-- **Code Scanning**: CodeQL is enabled for continuous security analysis.
-- **Dependency Pinning**: key tools (pre-commit, Python versions, Rust toolchain,
-  mold, cargo-nextest) are locked to fixed versions or SHAs.
-- **Least-Privilege Tokens**: workflows default the `GITHUB_TOKEN` to
+- **Immutable action pinning**: all third-party actions are pinned to specific commit SHAs to guarantee immutability and reproducibility.
+- **Hardened runners**: most workflows employ `step-security/harden-runner` with an `egress-policy: audit` to reduce attack surface and monitor outbound traffic.
+- **Secret management**: no secrets or credentials are stored in the repo. AWS, PyPI, and other credentials are provided via GitHub Secrets and injected at runtime.
+- **Code scanning**: CodeQL is enabled for continuous security analysis.
+- **Dependency pinning**: key tools (pre-commit, Python versions, Rust toolchain, cargo-nextest) are locked to fixed versions or SHAs.
+- **Least-privilege tokens**: workflows default the `GITHUB_TOKEN` to
   `contents: read, actions: read` and selectively elevate scopes (e.g.
   `contents: write`) only for the jobs that need to tag a release or upload
   assets. This follows the principle of least privilege and limits blast
   radius if a job is compromised.
-- **Caching**: caches for sccache, pip/site-packages, pre-commit, and test data
-  speed up workflows while preserving hermetic builds.
+- **Caching**: caches for sccache, pip/site-packages, pre-commit, and test data speed up workflows while preserving hermetic builds.
 
 For updates or changes to actions or workflows, please adhere to the repository's
 CONTRIBUTING guidelines and maintain these security best practices.

.github/actions/common-setup/action.yml

@@ -43,10 +43,22 @@ runs:
         sudo apt-get install -y curl clang git make pkg-config
         sudo apt-get install -y python3-dev libpython3-dev
         sudo apt-get install -y capnproto libcapnp-dev
+        sudo apt-get clean
+        sudo rm -rf /var/lib/apt/lists/*
 
-    - name: Install mold
-      # https://github.com/rui314/setup-mold
-      uses: rui314/setup-mold@565a5a945b82f5759c6148485163f6ecd90da653 # v1
+    - name: Install capnproto (macOS)
+      if: runner.os == 'macOS'
+      shell: bash
+      run: |
+        brew update
+        brew install capnp
+        brew cleanup
+
+    - name: Install capnproto (Windows)
+      if: runner.os == 'Windows'
+      shell: bash
+      run: |
+        choco install capnproto -y || echo "capnproto install via choco failed or unavailable"
 
     # > --------------------------------------------------
     # > Rust
@@ -87,12 +99,11 @@ runs:
       run: |
         echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
 
-        # Based on GitHub Actions runner constraints
-        # and Nautilus Trader uncompressed package final size (~1 GiB)
-        echo "SCCACHE_CACHE_SIZE=4G" >> $GITHUB_ENV
-        echo "SCCACHE_IDLE_TIMEOUT=0" >> $GITHUB_ENV
-        echo "SCCACHE_DIRECT=true" >> $GITHUB_ENV
-        echo "SCCACHE_CACHE_MULTIARCH=1" >> $GITHUB_ENV
+        # Respect pre-existing settings from the workflow env; otherwise set sane defaults
+        if [ -z "${SCCACHE_CACHE_SIZE:-}" ]; then echo "SCCACHE_CACHE_SIZE=4G" >> $GITHUB_ENV; fi
+        if [ -z "${SCCACHE_IDLE_TIMEOUT:-}" ]; then echo "SCCACHE_IDLE_TIMEOUT=0" >> $GITHUB_ENV; fi
+        if [ -z "${SCCACHE_DIRECT:-}" ]; then echo "SCCACHE_DIRECT=true" >> $GITHUB_ENV; fi
+        if [ -z "${SCCACHE_CACHE_MULTIARCH:-}" ]; then echo "SCCACHE_CACHE_MULTIARCH=1" >> $GITHUB_ENV; fi
 
         echo "CARGO_INCREMENTAL=0" >> $GITHUB_ENV
 
@@ -136,6 +147,11 @@ runs:
       with:
         python-version: ${{ inputs.python-version }}
 
+    - name: Ensure ~/.local/bin on PATH
+      shell: bash
+      run: |
+        echo "$HOME/.local/bin" >> "$GITHUB_PATH"
+
     - name: Get Python version
       shell: bash
       run: |

.github/actions/common-test-data/action.yml

@@ -10,5 +10,7 @@ runs:
         uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
         with:
           path: tests/test_data/large
-          key: ${{ runner.os }}-large-files-${{ hashFiles('tests/test_data/large/checksums.json') }}
-          restore-keys: ${{ runner.os }}-large-files-
+          key: large-files-${{ hashFiles('tests/test_data/large/checksums.json') }}
+          restore-keys: large-files-
+          save-always: true
+          enableCrossOsArchive: true

.github/actions/publish-wheels/action.yml

@@ -1,10 +1,5 @@
 name: Publish wheels (R2)
 description: Publish wheels to Cloudflare R2
-inputs:
-  cleanup-local-dist:
-    description: 'Cleanup local dist directory after publishing to R2'
-    required: false
-    default: 'true'
 
 runs:
   using: "composite"
@@ -59,18 +54,3 @@ runs:
       shell: bash
       run: |
         bash ./scripts/ci/publish-wheels-r2-verify-files.sh
-
-    - name: Clean up local dist directory
-      if: ${{ inputs.cleanup-local-dist == 'true' && success() }}
-      shell: bash
-      run: |
-        set -euo pipefail
-
-        if [[ -d dist ]]; then
-          echo "Found dist directory:"
-          ls -lh dist/
-          rm -rf dist/*
-          echo "Cleanup completed"
-        else
-          echo "No dist directory found"
-        fi

.github/pull_request_template.md

@@ -2,6 +2,8 @@
 
 **NautilusTrader prioritizes correctness and reliability, please follow existing patterns for validation and testing.**
 
+- [ ] I have reviewed the `CONTRIBUTING.md` and followed the established practices
+
 ## Summary
 
 <!-- Provide a brief description of *what* changed, *why* it was changed, and the impact on the system or users (2–3 sentences). -->
@@ -24,6 +26,10 @@
 
 <!-- If this is a breaking change, describe the impact and any migration steps required for users or developers. -->
 
+## Documentation
+
+- [ ] Documentation changes follow the style guide (`docs/developer_guide/docs.md`)
+
 ## Release notes
 
 - [ ] I added a concise entry to `RELEASES.md` that follows the existing conventions (when applicable)