Add web linters to Makefile and lint-web.yml GitHub Actions (#614)

crivetimihai · web-flow · commit e87727d90dd7 · 2025-07-28T08:44:43.000+01:00
* Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> * Add lint-web to CI/CD and add additional linters to Makefile (jshint jscpd markuplint) - closes #390 Signed-off-by: Mihai Criveti <crivetimihai@gmail.com> --------- Signed-off-by: Mihai Criveti <crivetimihai@gmail.com>
diff --git a/.github/workflows/lint-web.yml b/.github/workflows/lint-web.yml
@@ -0,0 +1,156 @@
+# ===============================================================
+# 🕸️  Web Lint & Static Analysis - Frontend Code Quality Gate
+# ===============================================================
+# Authors: Mihai Criveti
+#   - runs each web linter in its own matrix job for visibility
+#   - mirrors the actual CLI commands used locally (no `make`)
+#   - ensures fast-failure isolation: one failure doesn't hide others
+#   - installs tools per-job without package.json
+#   - logs are grouped and plain-text for readability
+# ---------------------------------------------------------------
+
+name: Web Lint & Static Analysis
+
+on:
+  push:
+    branches: ["main"]
+  pull_request:
+    branches: ["main"]
+
+permissions:
+  contents: read
+
+jobs:
+  lint-web:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          # -------------------------------------------------------
+          # 🧼 HTML/CSS/JS Linters & Validators
+          # -------------------------------------------------------
+          - id: htmlhint
+            cmd: |
+              npm install --no-save --legacy-peer-deps htmlhint
+              npx htmlhint "mcpgateway/templates/*.html"
+
+          - id: stylelint
+            cmd: |
+              npm install --no-save --legacy-peer-deps stylelint stylelint-config-standard @stylistic/stylelint-config stylelint-order
+              npx stylelint "mcpgateway/static/*.css"
+
+          - id: eslint
+            cmd: |
+              npm install --no-save --legacy-peer-deps \
+                eslint \
+                eslint-config-standard \
+                eslint-config-prettier \
+                eslint-plugin-import \
+                eslint-plugin-n \
+                eslint-plugin-prettier \
+                eslint-plugin-promise \
+                prettier
+              npx eslint "mcpgateway/static/*.js"
+
+          # -------------------------------------------------------
+          # 🔒 Security Scanners
+          # -------------------------------------------------------
+          - id: retire
+            cmd: |
+              npm install --no-save --legacy-peer-deps retire
+              npx retire --path mcpgateway/static
+
+          - id: npm-audit
+            cmd: |
+              if [ ! -f package.json ]; then
+                npm init -y >/dev/null
+              fi
+              npm audit --audit-level=high || true
+
+          # -------------------------------------------------------
+          # 🔍 Additional Code Quality Tools
+          # -------------------------------------------------------
+          - id: jshint
+            cmd: |
+              npm install --no-save --legacy-peer-deps jshint
+              if [ -f .jshintrc ]; then
+                npx jshint --config .jshintrc "mcpgateway/static/*.js"
+              else
+                npx jshint --esversion=11 "mcpgateway/static/*.js"
+              fi
+
+          - id: jscpd
+            cmd: |
+              npm install --no-save --legacy-peer-deps jscpd
+              npx jscpd "mcpgateway/static/" "mcpgateway/templates/"
+
+          # - id: markuplint
+          #   cmd: |
+          #     npm install --no-save --legacy-peer-deps markuplint
+          #     npx markuplint mcpgateway/templates/*
+
+    name: ${{ matrix.id }}
+    runs-on: ubuntu-latest
+
+    steps:
+      # -----------------------------------------------------------
+      # 0️⃣  Checkout
+      # -----------------------------------------------------------
+      - name: ⬇️  Checkout source
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # -----------------------------------------------------------
+      # 1️⃣  Node.js Setup
+      # -----------------------------------------------------------
+      - name: 📦  Set up Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      # -----------------------------------------------------------
+      # 2️⃣  Run Linter (install and execute in one step)
+      # -----------------------------------------------------------
+      - name: 🔍  Run ${{ matrix.id }}
+        run: ${{ matrix.cmd }}
+
+  # -------------------------------------------------------
+  # 🐍 Python-based JS Security Scanner (separate job)
+  # -------------------------------------------------------
+  nodejsscan:
+    name: nodejsscan
+    runs-on: ubuntu-latest
+
+    steps:
+      # -----------------------------------------------------------
+      # 0️⃣  Checkout
+      # -----------------------------------------------------------
+      - name: ⬇️  Checkout source
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+
+      # -----------------------------------------------------------
+      # 1️⃣  Python Setup
+      # -----------------------------------------------------------
+      - name: 🐍  Set up Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.12"
+          cache: pip
+
+      # -----------------------------------------------------------
+      # 2️⃣  Install nodejsscan
+      # -----------------------------------------------------------
+      - name: 🔧  Install nodejsscan
+        run: |
+          python3 -m pip install --upgrade pip
+          pip install nodejsscan
+
+      # -----------------------------------------------------------
+      # 3️⃣  Run nodejsscan
+      # -----------------------------------------------------------
+      - name: 🔒  Run nodejsscan
+        run: |
+          nodejsscan --directory ./mcpgateway/static
diff --git a/.jshintrc b/.jshintrc
@@ -0,0 +1,13 @@
+{
+  "esversion": 11,
+  "browser": true,
+  "devel": true,
+  "string": true,
+  "globals": {
+    "console": true,
+    "window": true,
+    "document": true,
+    "fetch": true,
+    "URLSearchParams": true
+  }
+}
diff --git a/Makefile b/Makefile
@@ -714,11 +714,14 @@ tomllint:                         ## 📑 TOML validation (tomlcheck)
 # 🕸️  WEBPAGE LINTERS & STATIC ANALYSIS
 # =============================================================================
 # help: 🕸️  WEBPAGE LINTERS & STATIC ANALYSIS (HTML/CSS/JS lint + security scans + formatting)
-# help: install-web-linters  - Install HTMLHint, Stylelint, ESLint, Retire.js & Prettier via npm
+# help: install-web-linters  - Install HTMLHint, Stylelint, ESLint, Retire.js, Prettier, JSHint, jscpd & markuplint via npm
 # help: nodejsscan           - Run nodejsscan for JS security vulnerabilities
 # help: lint-web             - Run HTMLHint, Stylelint, ESLint, Retire.js, nodejsscan and npm audit
+# help: jshint               - Run JSHint for additional JavaScript analysis
+# help: jscpd                - Detect copy-pasted code in JS/HTML/CSS files
+# help: markuplint           - Modern HTML linting with markuplint
 # help: format-web           - Format HTML, CSS & JS files with Prettier
-.PHONY: install-web-linters nodejsscan lint-web format-web
+.PHONY: install-web-linters nodejsscan lint-web jshint jscpd markuplint format-web
 
 install-web-linters:
 	@echo "🔧 Installing HTML/CSS/JS lint, security & formatting tools..."
@@ -731,7 +734,10 @@ install-web-linters:
 		stylelint stylelint-config-standard @stylistic/stylelint-config stylelint-order \
 		eslint eslint-config-standard \
 		retire \
-		prettier
+		prettier \
+		jshint \
+		jscpd \
+		markuplint
 
 nodejsscan:
 	@echo "🔒 Running nodejsscan for JavaScript security vulnerabilities..."
@@ -754,6 +760,24 @@ lint-web: install-web-linters nodejsscan
 	  echo "⚠️  Skipping npm audit: no package.json found"; \
 	fi
 
+jshint: install-web-linters
+	@echo "🔍 Running JSHint for JavaScript analysis..."
+	@if [ -f .jshintrc ]; then \
+	  echo "📋 Using .jshintrc configuration"; \
+	  npx jshint --config .jshintrc mcpgateway/static/*.js || true; \
+	else \
+	  echo "📋 No .jshintrc found, using defaults with ES11"; \
+	  npx jshint --esversion=11 mcpgateway/static/*.js || true; \
+	fi
+
+jscpd: install-web-linters
+	@echo "🔍 Detecting copy-pasted code with jscpd..."
+	@npx jscpd "mcpgateway/static/" "mcpgateway/templates/" || true
+
+markuplint: install-web-linters
+	@echo "🔍 Running markuplint for modern HTML validation..."
+	@npx markuplint mcpgateway/templates/* || true
+
 format-web: install-web-linters
 	@echo "🎨 Formatting HTML, CSS & JS with Prettier..."
 	@npx prettier --write "mcpgateway/templates/**/*.html" \
