feat: JS and Go static Analysis Integrated

[EuclidStellar]

PR: Static Analysis Workflows for Go and JavaScript

🧩 Overview

This PR implements comprehensive and robust static analysis workflows for both Go and JavaScript codebases.
It ensures code quality, consistency, and early detection of issues by leveraging industry-standard tools and best practices.
The workflows are designed to be resilient, efficient, and developer-friendly.

---

Key Features & Improvements

Language	Tooling	Features
Go	golangci-lint, reviewdog	- Ensures go.mod exists - Runs go mod tidy - Caches modules - PR inline review - Summarizes results - Uploads artifacts - Uses strict linter config
JavaScript	ESLint, reviewdog	- Detects all JS projects - Handles package-lock.json for caching - PR inline review - Summarizes results - Uses strict ESLint config

---

📌 Example Reviewed PRs

Status	Description	PR Link
✅ Passed	Good and correct code	#43
❌ Failed	Contains static analysis errors	#44

---

✅ Passed PRs show green CI checks.
❌ Failed PRs show inline feedback from reviewdog and failed workflow status.

✅ Robustness Details

🔹 Go Workflow

• Ensures Go module: Checks for go.mod and initializes if missing.
• Dependency Hygiene: Runs go mod tidy every time to keep dependencies clean.
• Caching: Uses actions/cache for Go build cache and go.sum for faster builds.
• Strict Linting: Uses a comprehensive .golangci.yml with multiple linters enabled.
• Reviewdog Integration: Inline PR comments for lint issues.
• Artifact Upload: Lint results are uploaded for traceability.
• Summary Step: Adds a summary to the PR for visibility.
• Fail on Error: Workflow fails if linting fails, enforcing code quality.

🔹 JavaScript Workflow

• Project Discovery: Finds all package.json files (supports monorepos).
• Dependency Management: Uses npm ci if package-lock.json exists, else npm install.
• Caching: Node modules are cached for faster installs if lock file exists.
• Strict Linting: Uses a recommended ESLint config with custom rules.
• Reviewdog Integration: Inline PR comments for lint issues.
• Summary Step: Adds a summary to the PR for visibility.
• Fail on Error: Workflow fails if linting fails, enforcing code quality.

---

Parameters I had while developing this feature

• Automated: Runs on every PR affecting Go or JS code.
• Fail-fast: PRs cannot be merged if linting fails.
• Inline Feedback: Developers get actionable feedback directly in the PR.
• Dependency Hygiene: Ensures dependencies are always up to date and clean.
• Performance: Uses caching for faster CI runs.
• Traceability: Artifacts and summaries are uploaded for auditability.
• Extensible: Easily supports more JS projects or Go modules in the future.

---

🔒 Security & Permissions

Workflow	Permissions Needed
Go Job	contents: write, pull-requests: write
JS Job	contents: read, pull-requests: write

---

🛠️ Workflow Diagrams

🔧 Go Static Analysis Workflow

graph TD
    A[Trigger on PR] --> B{Check go.mod}
    B -->|Exists| C[Run go mod tidy]
    B -->|Missing| D[Initialize go.mod]
    C --> E[Run golangci-lint]
    E --> F[Run reviewdog]
    F --> G[Upload summary & artifacts]
    G --> H{Linting Passed?}
    H -->|Yes| I[Pass CI]
    H -->|No| J[Fail PR]

Loading

🔧 JS Static Analysis Workflow

graph TD
    A[Trigger on PR] --> B[Find package.json files]
    B --> C{package-lock.json exists?}
    C -->|Yes| D[Run npm ci]
    C -->|No| E[Run npm install]
    D --> F[Run ESLint]
    E --> F[Run ESLint]
    F --> G[Run reviewdog]
    G --> H[Upload summary]
    H --> I{Linting Passed?}
    I -->|Yes| J[Pass CI]
    I -->|No| K[Fail PR]

Loading

[keploy]

To generate Unit Tests for this PR, please click here.

[Copilot]

Pull Request Overview

This PR introduces end-to-end static analysis workflows for both Go (using golangci-lint & reviewdog) and JavaScript (using ESLint & reviewdog), restructures the Go code into a /code subfolder, and adds minimal project scaffolding (README, package.json, ESLint config).

• Added GitHub Actions workflow for Go and JS static analysis
• Added .golangci.yml, js-code/package.json, and .eslintrc.json
• Restructured Go code under code/ and removed root-level main.go & go.mod

Reviewed Changes

Copilot reviewed 8 out of 9 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
main.go	Removed obsolete root-level Go entrypoint
go.mod	Removed root module; consider relocating to /code
code/main.go	Added empty Go package stub
.golangci.yml	Added linting config; update import prefix
js-code/package.json	Added JS project manifest for linting
js-code/.eslintrc.json	Added ESLint config (invalid JSON comments/trailing comma)
.github/workflows/static-analysis.yml	Added CI job for Go & JS static analysis
README.md	Added placeholder README

Comments suppressed due to low confidence (5)

.golangci.yml:17

• The local-prefixes setting should match your actual module path (e.g., github.com/<your-org>/<your-repo>). Update this to avoid import grouping issues.

    local-prefixes: github.com/keploy/code-review-agent

README.md:1

• [nitpick] The README currently contains no usage or setup instructions. Add a brief description of how to run the workflows locally, and how contributors should use the new static analysis checks.

# Code Review Agent

js-code/.eslintrc.json:1

• JSON configuration files do not allow JavaScript-style comments. Remove the leading // or convert this file to a JSONC-supported format.

//      runs-on: ubuntu-latest 

js-code/.eslintrc.json:16

• Trailing commas are invalid in strict JSON and will cause a parse error. Remove the comma after the last property.

    "no-console": "off"