When you write code, whether it's app code or automation code one fact still holds true: the code must follow best practices and be tested on best practices. Otherwise, you run the risk of having syntax and security issues in production-level code.
This guide will cover how to test Golang code using SonarQube, a popular and free static code analysis tool.
To follow along with this guide, you should have:
Before starting with static code analysis, you need to have a SonarQube environment up and running. From a development environment perspective, the best way to do this is via Docker on localhost.
To create and run the Docker container, open up a terminal and use the following command.
1docker run -d --name sonarqube -p 9000:9000 sonarqube
Next, log into the Docker container. Open up a web browser and go to the following link.
1http://localhost:90000
You should see the SonarQube web portal up and running, as shown in the screenshot below.
To log into SonarQube, the default username and password is admin
.
Click on the Log in button to type in the username and password.
SonarScanner is the command-line tool that you'll use to run SonarQube tests. The tests send the results to the SonarQube server so you can view them.
To install SonarScanner, open up a web browser and go to the following URL.
1https://docs.sonarqube.org/latest/analysis/scan/sonarscanner/
Choose which operating system you are running and download SonarScanner.
Save the download to a location that you can use in the next section to add SonarScanner to the operating systems environment $PATH. For example, you can save it to the Desktop or Documents folder. The location needs to be a place that won't be deleted because SonarScanner will be used to run the tests.
Regardless of whether you're using Windows or MacOS, you need to add SonarScanner to an environment $PATH if you don't want to have to constantly cd
to the SonarScanner path to use it.
Add the following directory to the $PATH.
1location_of_download\sonar-scanner-version-operatingsystem\bin
You'll find the program in the bin
directory, and that's where the $PATH needs to point to so you can run sonar-scanner
from the terminal.
When you test any code in Golang, including with Static Code Analysis, you have to ensure you have a proper Golang test. The key attributes to a proper Golang test are:
_test.go
at the end. For example, azure_auth_test.go
Test
. For example, func TestAzureAuth(t *testing.T) {}
The code in this example that you will use to test is a very lite example. It's meant not to be a hardcore Golang test, but to show the workflow of testing in SonarQube.
1package Test
2
3import (
4 "testing"
5
6 "github.com/stretchr/testify/assert"
7)
8
9func TestDemo(t *testing.T) {
10 one := "one"
11 two := "one"
12
13 assert.Equal(t, one, two, "the two variables should be the same value")
14}
Create a directory on the desktop called Test
and save the code as my_test.go
inside of the directory. Although the desktop location isn't mandatory, that's what this guide will be following.
When you want to run Static Code Analysis tests locally, or even in some sort of pipeline, you'll need a home for the reports of the Static Code Analysis to live. That's where projects come into play. When you run a test, the output and results go to a project in SonarQube.
To create a new project, open up a web browser and go to the SonarQube dashboard.
Next, click Projects.
Click the Create new project button.
To follow along with this example, name your project "Gotest." Once named, clicked the Set Up button.
Next, you'll need to generate a token. The token allows you to authenticate from localhost while running SonarQube tests. Name the token "Gotest" and click the Generate button.
Click the Continue button and move on to the next section for running a test.
Now that the project is created, it's time to start running the tests.
Under step 2, choose the Other option to run the Golang tests.
Choose the OS that you're running on.
Copy the sonar-scanner
command line to start running the test. The command line specifies the project from SonarQube, the host URL, and the generated token.
Now, head over to the command line and cd
into the directory where the test is saved from the section The Code to Test.
Once you are in the same directory as the test, run the sonar-scanner
command line that you copied. You should see a screenshot similar to the one below specifying the execution success.
Go back to the SonarQube Dashboard and click on Projects. You will now see the test that has just run and successfully passed.
Congrats! You have successfully run a SonarQube test on Golang
When you decide to write any code, code quality is crucial to you and everyone using it. When it comes to code quality, you need to know if the code you're writing is ready to be released to the world. With Static Code Analysis, you get the satisfaction of knowing the code you run is properly configured.