Add linters for shell, and add improved run-gunicorn-v2.sh - not yet used

crivetimihai · crivetimihai · commit eee17cdb2e22 · 2025-06-08T12:42:17.000+01:00
Signed-off-by: Mihai Criveti &lt;crivetimihai@gmail.com&gt;
diff --git a/Makefile b/Makefile
@@ -1835,3 +1835,66 @@ devpi-delete: devpi-setup-user                 ## Delete mcpgateway==$(VER) from
 		devpi use $(DEVPI_INDEX) && \
 		devpi remove -y mcpgateway==$(VER) || true"
 	@echo "✅  Delete complete (if it existed)"
+
+
+# =============================================================================
+# 🐚 LINT SHELL FILES
+# =============================================================================
+# help: 🐚 LINT SHELL FILES
+# help: shell-linters-install - Install ShellCheck, shfmt & bashate (best-effort per OS)
+# help: shell-lint            - Run shfmt (check-only) + ShellCheck + bashate on every *.sh
+# help: shfmt-fix             - AUTO-FORMAT all *.sh in-place with shfmt -w
+# -----------------------------------------------------------------------------
+
+# ──────────────────────────
+# Which shell files to scan
+# ──────────────────────────
+SHELL_SCRIPTS := $(shell find . -type f -name '*.sh' -not -path './node_modules/*')
+
+.PHONY: shell-linters-install shell-lint shfmt-fix shellcheck bashate
+
+shell-linters-install:     ## 🔧  Install shellcheck, shfmt, bashate
+	@echo "🔧  Installing/ensuring shell linters are present…"
+	@set -e ; \
+	# -------- ShellCheck -------- \
+	if ! command -v shellcheck >/dev/null 2>&1 ; then \
+	  echo "🛠  Installing ShellCheck…" ; \
+	  case "$$(uname -s)" in \
+	    Darwin)  brew install shellcheck ;; \
+	    Linux)   { command -v apt-get && sudo apt-get update -qq && sudo apt-get install -y shellcheck ; } || \
+	             { command -v dnf && sudo dnf install -y ShellCheck ; } || \
+	             { command -v pacman && sudo pacman -Sy --noconfirm shellcheck ; } || true ;; \
+	    *) echo "⚠️  Please install ShellCheck manually" ;; \
+	  esac ; \
+	fi ; \
+	# -------- shfmt (Go) -------- \
+	if ! command -v shfmt >/dev/null 2>&1 ; then \
+	  echo "🛠  Installing shfmt…" ; \
+	  GO111MODULE=on go install mvdan.cc/sh/v3/cmd/shfmt@latest || \
+	  { echo "⚠️  go not found – install Go or brew/apt shfmt package manually"; } ; \
+	  export PATH=$$PATH:$$HOME/go/bin ; \
+	fi ; \
+	# -------- bashate (pip) ----- \
+	if ! $(VENV_DIR)/bin/bashate -h >/dev/null 2>&1 ; then \
+	  echo "🛠  Installing bashate (into venv)…" ; \
+	  test -d "$(VENV_DIR)" || $(MAKE) venv ; \
+	  /bin/bash -c "source $(VENV_DIR)/bin/activate && python -m pip install --quiet bashate" ; \
+	fi
+	@echo "✅  Shell linters ready."
+
+# -----------------------------------------------------------------------------
+
+shell-lint: shell-linters-install  ## 🔍  Run shfmt, ShellCheck & bashate
+	@echo "🔍  Running shfmt (diff-only)…"
+	@shfmt -d -i 4 -ci $(SHELL_SCRIPTS) || true
+	@echo "🔍  Running ShellCheck…"
+	@shellcheck $(SHELL_SCRIPTS) || true
+	@echo "🔍  Running bashate…"
+	@$(VENV_DIR)/bin/bashate -C $(SHELL_SCRIPTS) || true
+	@echo "✅  Shell lint complete."
+
+
+shfmt-fix: shell-linters-install   ## 🎨  Auto-format *.sh in place
+	@echo "🎨  Formatting shell scripts with shfmt -w…"
+	@shfmt -w -i 4 -ci $(SHELL_SCRIPTS)
+	@echo "✅  shfmt formatting done."
diff --git a/run-gunicorn-v2.sh b/run-gunicorn-v2.sh
@@ -0,0 +1,277 @@
+#!/usr/bin/env bash
+#───────────────────────────────────────────────────────────────────────────────
+#  Script : run-gunicorn.sh
+#  Author : Mihai Criveti
+#  Purpose: Launch the MCP Gateway API under Gunicorn with optional TLS support
+#
+#  Description:
+#    This script provides a robust way to launch a production API server using
+#    Gunicorn with the following features:
+#
+#    • Portable Python detection across different distros (python vs python3)
+#    • Virtual environment handling (activates project venv if available)
+#    • Configurable via environment variables for CI/CD pipelines
+#    • Optional TLS/SSL support for secure connections
+#    • Database initialization before server start
+#    • Comprehensive error handling and user feedback
+#
+#  Environment Variables:
+#    PYTHON                        : Path to Python interpreter (optional)
+#    VIRTUAL_ENV                   : Path to active virtual environment (auto-detected)
+#    GUNICORN_WORKERS             : Number of worker processes (default: 2 × CPU cores + 1)
+#    GUNICORN_TIMEOUT             : Worker timeout in seconds (default: 600)
+#    GUNICORN_MAX_REQUESTS        : Max requests per worker before restart (default: 1000)
+#    GUNICORN_MAX_REQUESTS_JITTER : Random jitter for max requests (default: 100)
+#    SSL                          : Enable TLS/SSL (true/false, default: false)
+#    CERT_FILE                    : Path to SSL certificate (default: certs/cert.pem)
+#    KEY_FILE                     : Path to SSL private key (default: certs/key.pem)
+#
+#  Usage:
+#    ./run-gunicorn.sh                     # Run with defaults
+#    SSL=true ./run-gunicorn.sh            # Run with TLS enabled
+#    GUNICORN_WORKERS=16 ./run-gunicorn.sh # Run with 16 workers
+#───────────────────────────────────────────────────────────────────────────────
+
+# Exit immediately on error, undefined variable, or pipe failure
+set -euo pipefail
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 1: Script Location Detection
+# Determine the absolute path to this script's directory for relative path resolution
+#────────────────────────────────────────────────────────────────────────────────
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Change to script directory to ensure relative paths work correctly
+# This ensures gunicorn.config.py and cert paths resolve properly
+cd "${SCRIPT_DIR}" || {
+    echo "❌  FATAL: Cannot change to script directory: ${SCRIPT_DIR}"
+    exit 1
+}
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 2: Virtual Environment Activation
+# Check if a virtual environment is already active. If not, try to activate one
+# from known locations. This ensures dependencies are properly isolated.
+#────────────────────────────────────────────────────────────────────────────────
+if [[ -z "${VIRTUAL_ENV:-}" ]]; then
+    # Check for virtual environment in user's home directory (preferred location)
+    if [[ -f "${HOME}/.venv/mcpgateway/bin/activate" ]]; then
+        echo "🔧  Activating virtual environment: ${HOME}/.venv/mcpgateway"
+        # shellcheck disable=SC1090
+        source "${HOME}/.venv/mcpgateway/bin/activate"
+
+    # Check for virtual environment in script directory (development setup)
+    elif [[ -f "${SCRIPT_DIR}/.venv/bin/activate" ]]; then
+        echo "🔧  Activating virtual environment in script directory"
+        # shellcheck disable=SC1090
+        source "${SCRIPT_DIR}/.venv/bin/activate"
+
+    # No virtual environment found - warn but continue
+    else
+        echo "⚠️  WARNING: No virtual environment found!"
+        echo "   This may lead to dependency conflicts."
+        echo "   Consider creating a virtual environment with:"
+        echo "   python3 -m venv ~/.venv/mcpgateway"
+
+        # Optional: Uncomment the following lines to enforce virtual environment usage
+        # echo "❌  FATAL: Virtual environment required for production deployments"
+        # echo "   This ensures consistent dependency versions."
+        # exit 1
+    fi
+else
+    echo "✓  Virtual environment already active: ${VIRTUAL_ENV}"
+fi
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 3: Python Interpreter Detection
+# Locate a suitable Python interpreter with the following precedence:
+#   1. User-provided PYTHON environment variable
+#   2. 'python' binary in active virtual environment
+#   3. 'python3' binary on system PATH
+#   4. 'python' binary on system PATH
+#────────────────────────────────────────────────────────────────────────────────
+if [[ -z "${PYTHON:-}" ]]; then
+    # If virtual environment is active, prefer its Python binary
+    if [[ -n "${VIRTUAL_ENV:-}" && -x "${VIRTUAL_ENV}/bin/python" ]]; then
+        PYTHON="${VIRTUAL_ENV}/bin/python"
+        echo "🐍  Using Python from virtual environment"
+
+    # Otherwise, search for Python in system PATH
+    else
+        # Try python3 first (more common on modern systems)
+        if command -v python3 &> /dev/null; then
+            PYTHON="$(command -v python3)"
+            echo "🐍  Found system Python3: ${PYTHON}"
+
+        # Fall back to python if python3 not found
+        elif command -v python &> /dev/null; then
+            PYTHON="$(command -v python)"
+            echo "🐍  Found system Python: ${PYTHON}"
+
+        # No Python found at all
+        else
+            PYTHON=""
+        fi
+    fi
+fi
+
+# Verify Python interpreter exists and is executable
+if [[ -z "${PYTHON}" ]] || [[ ! -x "${PYTHON}" ]]; then
+    echo "❌  FATAL: Could not locate a Python interpreter!"
+    echo "   Searched for: python3, python"
+    echo "   Please install Python 3.x or set the PYTHON environment variable."
+    echo "   Example: PYTHON=/usr/bin/python3.9 $0"
+    exit 1
+fi
+
+# Display Python version for debugging
+PY_VERSION="$("${PYTHON}" --version 2>&1)"
+echo "📋  Python version: ${PY_VERSION}"
+
+# Verify this is Python 3.x (not Python 2.x)
+if ! "${PYTHON}" -c "import sys; sys.exit(0 if sys.version_info[0] >= 3 else 1)" 2>/dev/null; then
+    echo "❌  FATAL: Python 3.x is required, but Python 2.x was found!"
+    echo "   Please install Python 3.x or update the PYTHON environment variable."
+    exit 1
+fi
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 4: Display Application Banner
+# Show a fancy ASCII art banner for the MCP Gateway
+#────────────────────────────────────────────────────────────────────────────────
+cat <<'EOF'
+███╗   ███╗ ██████╗██████╗      ██████╗  █████╗ ████████╗███████╗██╗    ██╗ █████╗ ██╗   ██╗
+████╗ ████║██╔════╝██╔══██╗    ██╔════╝ ██╔══██╗╚══██╔══╝██╔════╝██║    ██║██╔══██╗╚██╗ ██╔╝
+██╔████╔██║██║     ██████╔╝    ██║  ███╗███████║   ██║   █████╗  ██║ █╗ ██║███████║ ╚████╔╝
+██║╚██╔╝██║██║     ██╔═══╝     ██║   ██║██╔══██║   ██║   ██╔══╝  ██║███╗██║██╔══██║  ╚██╔╝
+██║ ╚═╝ ██║╚██████╗██║         ╚██████╔╝██║  ██║   ██║   ███████╗╚███╔███╔╝██║  ██║   ██║
+╚═╝     ╚═╝ ╚═════╝╚═╝          ╚═════╝ ╚═╝  ╚═╝   ╚═╝   ╚══════╝ ╚══╝╚══╝ ╚═╝  ╚═╝   ╚═╝
+EOF
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 5: Configure Gunicorn Settings
+# Set up Gunicorn parameters with sensible defaults that can be overridden
+# via environment variables for different deployment scenarios
+#────────────────────────────────────────────────────────────────────────────────
+
+# Number of worker processes (adjust based on CPU cores and expected load)
+# Default: 2 × CPU cores + 1 (automatically detected)
+if [[ -z "${GUNICORN_WORKERS:-}" ]]; then
+    # Try to detect CPU count
+    if command -v nproc &>/dev/null; then
+        CPU_COUNT=$(nproc)
+    elif command -v sysctl &>/dev/null && sysctl -n hw.ncpu &>/dev/null; then
+        CPU_COUNT=$(sysctl -n hw.ncpu)
+    else
+        CPU_COUNT=4  # Fallback to reasonable default
+    fi
+    GUNICORN_WORKERS=$((CPU_COUNT * 2 + 1))
+fi
+
+# Worker timeout in seconds (increase for long-running requests)
+GUNICORN_TIMEOUT=${GUNICORN_TIMEOUT:-600}
+
+# Maximum requests a worker will process before restarting (prevents memory leaks)
+GUNICORN_MAX_REQUESTS=${GUNICORN_MAX_REQUESTS:-1000}
+
+# Random jitter for max requests (prevents all workers restarting simultaneously)
+GUNICORN_MAX_REQUESTS_JITTER=${GUNICORN_MAX_REQUESTS_JITTER:-100}
+
+echo "📊  Gunicorn Configuration:"
+echo "   Workers: ${GUNICORN_WORKERS}"
+echo "   Timeout: ${GUNICORN_TIMEOUT}s"
+echo "   Max Requests: ${GUNICORN_MAX_REQUESTS} (±${GUNICORN_MAX_REQUESTS_JITTER})"
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 6: Configure TLS/SSL Settings
+# Handle optional TLS configuration for secure HTTPS connections
+#────────────────────────────────────────────────────────────────────────────────
+
+# SSL/TLS configuration
+SSL=${SSL:-false}                        # Enable/disable SSL (default: false)
+CERT_FILE=${CERT_FILE:-certs/cert.pem}  # Path to SSL certificate file
+KEY_FILE=${KEY_FILE:-certs/key.pem}     # Path to SSL private key file
+
+# Verify SSL settings if enabled
+if [[ "${SSL}" == "true" ]]; then
+    echo "🔐  Configuring TLS/SSL..."
+
+    # Verify certificate files exist
+    if [[ ! -f "${CERT_FILE}" ]]; then
+        echo "❌  FATAL: SSL certificate file not found: ${CERT_FILE}"
+        exit 1
+    fi
+
+    if [[ ! -f "${KEY_FILE}" ]]; then
+        echo "❌  FATAL: SSL private key file not found: ${KEY_FILE}"
+        exit 1
+    fi
+
+    # Verify certificate and key files are readable
+    if [[ ! -r "${CERT_FILE}" ]]; then
+        echo "❌  FATAL: Cannot read SSL certificate file: ${CERT_FILE}"
+        exit 1
+    fi
+
+    if [[ ! -r "${KEY_FILE}" ]]; then
+        echo "❌  FATAL: Cannot read SSL private key file: ${KEY_FILE}"
+        exit 1
+    fi
+
+    echo "✓  TLS enabled – using:"
+    echo "   Certificate: ${CERT_FILE}"
+    echo "   Private Key: ${KEY_FILE}"
+else
+    echo "🔓  Running without TLS (HTTP only)"
+fi
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 7: Database Initialization
+# Run database setup/migrations before starting the server
+#────────────────────────────────────────────────────────────────────────────────
+echo "🗄️  Initializing database..."
+if ! "${PYTHON}" -m mcpgateway.db; then
+    echo "❌  FATAL: Database initialization failed!"
+    echo "   Please check your database configuration and connection."
+    exit 1
+fi
+echo "✓  Database initialized successfully"
+
+#────────────────────────────────────────────────────────────────────────────────
+# SECTION 8: Launch Gunicorn Server
+# Start the Gunicorn server with all configured options
+# Using 'exec' replaces this shell process with Gunicorn for cleaner process management
+#────────────────────────────────────────────────────────────────────────────────
+echo "🚀  Starting Gunicorn server..."
+echo "─────────────────────────────────────────────────────────────────────"
+
+# Check if gunicorn is available
+if ! command -v gunicorn &> /dev/null; then
+    echo "❌  FATAL: gunicorn command not found!"
+    echo "   Please install it with: pip install gunicorn"
+    exit 1
+fi
+
+# Build command array to handle spaces in paths properly
+cmd=(
+    gunicorn
+    -c gunicorn.config.py
+    --worker-class uvicorn.workers.UvicornWorker
+    --workers              "${GUNICORN_WORKERS}"
+    --timeout              "${GUNICORN_TIMEOUT}"
+    --max-requests         "${GUNICORN_MAX_REQUESTS}"
+    --max-requests-jitter  "${GUNICORN_MAX_REQUESTS_JITTER}"
+    --access-logfile -
+    --error-logfile -
+)
+
+# Add SSL arguments if enabled
+if [[ "${SSL}" == "true" ]]; then
+    cmd+=( --certfile "${CERT_FILE}" --keyfile "${KEY_FILE}" )
+fi
+
+# Add the application module
+cmd+=( "mcpgateway.main:app" )
+
+# Launch Gunicorn with all configured options
+exec "${cmd[@]}"
diff --git a/run-gunicorn.sh b/run-gunicorn.sh
@@ -55,7 +55,7 @@ if [[ "${SSL}" == "true" ]]; then
 fi
 
 # Initialize databases
-python -m mcpgateway.db
+"$PYTHON" -m mcpgateway.db
 
 exec gunicorn -c gunicorn.config.py \
     --worker-class uvicorn.workers.UvicornWorker \
