Add ESLint workflow for code analysis

[revagomes]

This workflow runs ESLint to analyze JavaScript code and uploads the results in SARIF format.

Summary by CodeRabbit

• Chores
  • Implemented automated code quality and style checks that run on every commit and pull request. Code analysis results are now tracked and monitored to maintain consistency and quality standards across the repository.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new GitHub Actions workflow file was added to automatically run ESLint checks on push and pull request events targeting the 2.x branch, with weekly scheduled runs. The workflow installs ESLint and a SARIF formatter, executes linting across JavaScript/TypeScript files, and uploads results to GitHub's security tab.

Changes

Cohort / File(s)	Summary
GitHub Actions ESLint Workflow .github/workflows/eslint.yml	New workflow configuration that runs ESLint checks on 2.x branch (on push, PR, and weekly schedule), formats results in SARIF, and uploads security findings to GitHub. Configured with continue-on-error: true to allow workflow completion despite linting failures.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A linting rabbit hops with glee,
ESLint checks flow wild and free,
GitHub's workflows now shall guard,
Code quality standing strong and hard! 🐇✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately reflects the main change: adding an ESLint workflow for code analysis to the repository.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch revagomes-ci-workflows-eslint

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[Copilot]

Pull request overview

Adds a GitHub Actions workflow intended to run ESLint for JavaScript/TypeScript code scanning and upload findings to GitHub as SARIF.

Changes:

• Introduces a new ESLint workflow triggered on pushes/PRs to 2.x and on a weekly schedule.
• Installs ESLint + SARIF formatter and uploads the generated eslint-results.sarif via github/codeql-action/upload-sarif.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

This workflow relies on whatever Node.js version happens to be preinstalled on ubuntu-latest, and it also doesn't cache npm downloads. Add an explicit actions/setup-node step (pin a Node version compatible with your tooling) and enable npm caching to make runs reproducible and faster.

[Copilot]

The header comment says the workflow uses actions that are not certified by GitHub, but this workflow uses actions/checkout and github/codeql-action/upload-sarif, which are maintained by GitHub. Please update or remove this comment to avoid misleading readers.

Suggested change

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.

[Copilot]

--config .eslintrc.js points to a file that does not exist in this repository, so the ESLint step will fail before producing the SARIF output (and the subsequent upload step will also fail). Add an ESLint config at that path, or update/remove the --config argument to reference an existing config file.

Suggested change

--config .eslintrc.js

[Copilot]

Running npx eslint . from the repo root will lint large vendored/generated JS (e.g., docs assets and built theme bundles) which is likely to be noisy and slow. Consider scoping ESLint to the intended source directories and/or adding an ignore file (e.g., .eslintignore) and invoking ESLint with an explicit file globs/paths.

Suggested change

	run: npx eslint .
	--config .eslintrc.js
	--ext .js,.jsx,.ts,.tsx
	--format @microsoft/eslint-formatter-sarif
	--output-file eslint-results.sarif
	run: |
	mapfile -t eslint_files < <(
	git ls-files -- \
	'*.js' '*.jsx' '*.ts' '*.tsx' \
	':!:docs/**' \
	':!:**/dist/**' \
	':!:**/build/**' \
	':!:**/vendor/**' \
	':!:**/node_modules/**'
	)
	if [ ${#eslint_files[@]} -eq 0 ]; then
	echo "No JavaScript or TypeScript files found to lint."
	exit 0
	fi
	npx eslint \
	--config .eslintrc.js \
	--format @microsoft/eslint-formatter-sarif \
	--output-file eslint-results.sarif \
	"${eslint_files[@]}"

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/eslint.yml:
- Around line 33-45: The workflow references a missing .eslintrc.js and pins
eslint@8.10.0 without TypeScript parser support; fix by either committing a
repository .eslintrc.js and updating the install to a supported ESLint (v9+ or
v10+) plus required plugins (e.g., install `@typescript-eslint/parser` and
`@typescript-eslint/eslint-plugin`) so the Run ESLint step using --config
.eslintrc.js can work, or remove the --config .eslintrc.js flag and adjust the
install to a supported eslint version and include `@typescript-eslint/parser` if
you intend to lint .ts/.tsx files; ensure the Install ESLint step and the Run
ESLint step (npx eslint ... --config .eslintrc.js --ext .ts,.tsx) are
consistent.

🪄 Autofix (Beta)

❌ Autofix failed (check again to retry)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 197a9c33-10b2-4fbe-ab86-fa089276b21a

📥 Commits

Reviewing files that changed from the base of the PR and between 039cdda and 273f02c.

📒 Files selected for processing (1)

• .github/workflows/eslint.yml

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Description: Confirm ESLint config and package metadata are present for this workflow.

set -euo pipefail

printf '\n== ESLint config files ==\n'
fd -a '^(\.eslintrc\.js|eslint\.config\.js|package\.json|package-lock\.json)$'

printf '\n== ESLint-related package metadata ==\n'
fd -a '^(package\.json|package-lock\.json)$' -x sh -c '
  echo "--- $1 ---"
  sed -n "/eslint/Ip;/@typescript-eslint/Ip;/formatter-sarif/Ip" "$1"
' sh {}

Repository: PECE-project/drupal-pece

Length of output: 1782

---

🌐 Web query:

What ESLint major versions are currently supported, and when did ESLint v8 reach end of life?

💡 Result:

Currently supported ESLint major versions are v10.x (Current status) and v9.x (Maintenance status). ESLint v8 reached end of life on 2024-10-05.

Citations:

• 1: https://eslint.org/version-support/
• 2: https://endoflife.date/eslint
• 3: https://eslint.org/blog/2024/09/eslint-v8-eol-version-support/

---

🏁 Script executed:

#!/bin/bash
# Check if .eslintrc.js exists anywhere in the repo
printf '== Searching for .eslintrc.js ==\n'
find . -name '.eslintrc.js' -o -name '.eslintrc.json' -o -name '.eslintrc.yml' 2>/dev/null || echo "No ESLint config files found"

printf '\n== Root package.json contents ==\n'
if [ -f package.json ]; then
  cat -n package.json | head -40
else
  echo "No root package.json"
fi

printf '\n== Checking for TypeScript dependencies ==\n'
if [ -f package.json ]; then
  rg -i 'typescript|@typescript-eslint' package.json
else
  echo "No root package.json"
fi

Repository: PECE-project/drupal-pece

Length of output: 220

---

Fix missing ESLint config and upgrade to supported version.

The workflow references .eslintrc.js with --config .eslintrc.js, but this file does not exist in the repository. Additionally, eslint@8.10.0 is pinned to an end-of-life version (EOL October 5, 2024), and the workflow lacks the required @typescript-eslint/parser to lint .ts and .tsx files. Without a repo-managed ESLint setup and proper TypeScript support, this workflow cannot function as intended.

Either create a committed .eslintrc.js and package.json with ESLint (v9 or v10) and required dependencies, or remove the --config .eslintrc.js argument if a default config is acceptable. If linting TypeScript, add @typescript-eslint/parser to the install step.

See ESLint version support: https://eslint.org/version-support/

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/eslint.yml around lines 33 - 45, The workflow references a
missing .eslintrc.js and pins eslint@8.10.0 without TypeScript parser support;
fix by either committing a repository .eslintrc.js and updating the install to a
supported ESLint (v9+ or v10+) plus required plugins (e.g., install
`@typescript-eslint/parser` and `@typescript-eslint/eslint-plugin`) so the Run
ESLint step using --config .eslintrc.js can work, or remove the --config
.eslintrc.js flag and adjust the install to a supported eslint version and
include `@typescript-eslint/parser` if you intend to lint .ts/.tsx files; ensure
the Install ESLint step and the Run ESLint step (npx eslint ... --config
.eslintrc.js --ext .ts,.tsx) are consistent.

[coderabbitai]

Note

Autofix is a beta feature. Expect some limitations and changes as we gather feedback and continue to improve it.

An unexpected error occurred while generating fixes: Resource not accessible by integration - https://docs.github.com/rest/git/trees#create-a-tree