Go Trade

Go Trade is a Go-based webhook service designed to integrate with TradingView. When TradingView alerts are triggered based on your PineScript indicators and strategies, this application allows you to programmatically place buy or sell orders via the KuCoin API. The project provides multiple command-line binaries to generate tokens, create secrets, and run the live API.

---

Overview

Go Trade provides a complete solution to:

• Authenticate TradingView webhook requests using JWTs.
• Place orders (buy/sell) on KuCoin programmatically based on TradingView alerts.
• Generate secrets for secure JWT signing using either HMAC (symmetric) or Ed25519 (asymmetric) keys.
• Deploy as a containerized application in Kubernetes with automated CI/CD and Helm charts.

---

Components

The project is organized into several binaries (each under the ./cmd folder):

1. auth Binary

• Location: ./cmd/auth/main.go
• Purpose:
  An interactive terminal user interface (TUI) built with Bubble Tea and Lip Gloss.
  • It prompts the user for a JWT secret.
  • It simulates progress using a progress bar.
  • It then generates a JWT token (using HMAC-SHA256) by invoking the JWT service.
  • The token is displayed on screen (with the version embedded at compile time) and can be copied to the clipboard.
• Usage:
  Run the binary to generate a JWT token that can be used in TradingView’s webhook configuration.
  The version (e.g. v_abc123.645a) is compiled into the binary using Go’s ldflags, so the binary displays the version at startup.

2. secret Binary

• Location: ./cmd/secret/main.go
• Purpose:
  A TUI application that generates a high-entropy HMAC key (256-bit secret) for JWT signing.
  • It simulates several steps (with a spinner, progress bar, and styled UI) to generate the key.
  • The generated key is encoded (using base64) and displayed to the user.
• Usage:
  Run the binary when you need to create a new JWT signing secret. This secret can then be stored securely (for example, in Kubernetes secrets or a secrets manager).

3. api Binary

• Location: ./cmd/api/main.go
• Purpose:
  The core web API that receives webhook requests from TradingView. It is built using the Fiber web framework.
  • It exposes endpoints such as /api/order (to trigger a buy/sell order) and /health (to check the status).
  • It validates incoming JWT tokens using the JWT service.
  • If a request is valid, it uses the KuCoin service to place orders.
• Usage:
  Deploy this binary as a containerized application. It reads its configuration (such as JWT_SECRET, KUCOIN_API_KEY, etc.) from environment variables (which are typically set via Kubernetes Secrets).

---

How It Works

1. TradingView Integration:
   TradingView alerts (written in PineScript) trigger an HTTP request (webhook) to the api binary.

2. Authentication:
   The api binary uses the JWT service to validate the provided token.

   • The token can be generated using the auth binary.
   • The token is signed with an HMAC secret, which you can generate or update using the secret binary.

3. Order Execution:
   Upon successful authentication, the API processes the request and calls the KuCoin service to place an order (buy or sell) using the parameters provided by TradingView.

4. Deployment & CI/CD:
   The application is containerized. A GitHub Actions pipeline builds the container image and binaries, injects a version tag into the auth binary (via ldflags), creates Kubernetes secrets for each environment (dev or prod), and deploys the application via Helm.

---

Setup & Configuration

Local Development

• Environment Variables:
  For local development, create a .env file with the required keys:

  JWT_SECRET=your-jwt-secret
  KUCOIN_API_KEY=your-kucoin-api-key
  KUCOIN_API_SECRET=your-kucoin-api-secret
  KUCOIN_API_PASSPHRASE=your-kucoin-passphrase

  Then run your API binary with:

  go run ./cmd/api/main.go

• Building Binaries:
  To build the auth binary with version injection:

  go build -ldflags="-X main.Version=v_abc123.645a" -o gotrade_auth ./cmd/auth

  To build the secret binary (without version injection):

  go build -o gotrade_secret ./cmd/secret

Kubernetes Deployment

• Kubernetes Secrets:
  Create Kubernetes secrets for each environment (dev, prod) to store your sensitive credentials. For example:

  kubectl create secret tls go-trade-api-tls-secret --cert=path/to/tls.crt --key=path/to/tls.key --namespace=gotrade-dev
  kubectl create secret generic trading-api-secrets \
      --from-literal=jwt_secret="your-jwt-secret" \
      --from-literal=kucoin_api_key="your-kucoin-api-key" \
      --from-literal=kucoin_api_secret="your-kucoin-api-secret" \
      --from-literal=kucoin_api_passphrase="your-kucoin-passphrase" \
      --namespace=gotrade-dev

• Helm Chart:
  The project includes a Helm chart (in the charts/ folder) that defines the Kubernetes resources (Deployment, Service, Ingress, HPA, etc.). Environment variables such as ENVIRONMENT and VERSION are injected via the chart's extraEnv section, and sensitive credentials are referenced from Kubernetes secrets.

• CI/CD Pipeline:
  The GitHub Actions pipeline:

  • Checks out code and computes version tags.
  • Builds Docker images and the binaries.
  • Creates/updates Kubernetes secrets using kubectl.
  • Deploys the application via Helm to dev or prod, passing the computed VERSION and ENVIRONMENT as overrides.

---

GitHub Actions Pipeline Overview

The pipeline is organized into multiple jobs:

• setup:
  Checks out the code, computes a version tag (based on commit SHA and timestamp), and exposes it as outputs.

• build:

  • Builds and pushes a Docker image for the API.
  • Compiles the auth binary (with the version injected) and the secret binary (without version injection).
  • Creates a GitHub Release for the auth binary on merges to main.

• create-secrets:
  Creates or updates Kubernetes secrets for dev and prod using temporary files (to avoid exposing secrets in logs).

• helm-deploy:
  Uses Helm (via the vimeda/helm GitHub Action) to deploy the application to the appropriate environment (dev or prod), passing the computed version and environment type as overrides.

---

Usage Scenarios

• Generate a JWT Token:
  Run the auth binary to interactively enter a JWT secret and generate a token. Use the token in your TradingView alert webhook configuration.

• Generate a New HMAC Secret:
  Run the secret binary to generate a new high-entropy secret key for JWT signing. Save and use this key when updating your Kubernetes secrets.

• Run the API:
  Deploy the api binary in your Kubernetes cluster. When a TradingView alert is received, the API validates the token and triggers a buy or sell order on KuCoin via the integrated services.

---

Additional Information

• Technology Stack:

  • Go: Core language for all components.
  • Fiber: Lightweight web framework used in the API.
  • Bubble Tea & Lip Gloss: TUI framework and styling library used in the auth and secret generators.
  • KuCoin API: Integrated via a custom service to execute orders.
  • JWT: Used for authenticating TradingView alerts.
  • Helm & Kubernetes: Used for container orchestration and deployment.

• CI/CD:
  The GitHub Actions pipeline builds, tags, and pushes Docker images; compiles binaries; manages Kubernetes secrets; and deploys via Helm.
  Environment-specific configuration (e.g., dev vs. prod) is managed by passing overrides to the Helm chart at deployment time.