How to configure CircleCI and SonarQube for GoLang Application
One of the important things in our projects is the CI process. Continuous Integration (CI) is the practice of automating the integration of code changes and guarantee the quality of the software. If CI is so important, why we don’t configure this process in our personal projects? Maybe because we think is so harder to configure or even it’s taking so much time. In this post, I’m going to show you a simple way to configure a strong CI process using some of the best tools for that, CircleCI and SonarQube.
For this post we are configuring a CI for a simple GoLang application creating a multistage CI, each stage we called Job, at the end of this post we’re going to have four jobs: Lint, Test and Coverage, Quality Analysis with SonarQube, and Build. The proposal where is to explain that CI not build a GoLang application so we assume you already know the GoLang basics and some tools Test Pkg, GolangCI Lint also the basics about Github and Github Actions.
The project that was built can be found in this repository.
Initial Configurations
First, we need to create a YAML file to configure our CI processes, for CircleCI this file need to be created in a specific directory:
> make .circleci
> touch .circleci/config.yml
We’ll start our config.yml like this:
We can see two main tags: ‘jobs’ and ‘workflows’. Basically, the tag ‘jobs’ define the job execution flow and in the ‘workflows’ how to execute the ‘jobs’. Let’s start with the build job.
Build Job
This job is self-explanatory basically we downloaded the project packages and build our project. With this job, we can run our first pipeline, but first, we need to publish the config.yml in the repository, and then we need to configure our project in CircleCi Projects.
At this time the CircleCi will run for the first time our pipeline 🚀🚀.
Lint Job
Now let’s create our lint job
For lint, we used the GolangCI Lint but we have some configurations to do, how you can see the golangci-lint execution has a bunch of arguments, let’s talk about that. The first argument--out-format needed to be ‘checkstyle’ for integrating better with sonar. Another flag important to talk about is --issues-exit-code=0, we need to configure this flag with 0 because when golangci execute and found something wrong in our project the executor will finish with exit code Igual 1, and when our pipeline receives this result the pipeline fails. To avoid the pipeline failure and get the report to send for the sonar we needed to change the flag--issues-exit-code. Before the runner, we have a step to persist the report file in a path to allowed others' jobs to access it.
For this point we can now configure our workflows with these jobs:
In our workflows we can see something different, it’s because we wanted the build job to execute only after the lint job finished their execution.
Test and coverage Job
That job is quite equal to the others, we have thee runners, the first to get the GoLang pkg’s, the second one to run the unit tests, and the last one to run the coverage. Now our workflows look like this:
SonarCloud Job
SonarCloud is a platform that offers SonarQube as a service, SonarQube is a multi-language tool that analyzes our codebase in search of bugs, vulnerabilities, code smells, and returns quality indicators. To integrate CircleCI with the SonarCloud platform we going to use a powerful tool in CircleCI called Orbs, you can find more about Orbs here. To use orbs you need to allow your organization to use them. Go to Organization Settings > Security and allowed orbs.
First of all, we need to create an account in SonarCloud, and before we need to add our public repository to be analyzed by sonar.
Before that sonar will get you two important things your projectKey and SONAR_TOKEN don’t lose then. The next thing to do is create our sonar-project-properties file, this file contains our sonar scanner configuration to configure sonar to do everting we want.
The last configuration is to register our SONAR_TOKEN into our CircleCI project. To do that navigate through our CircleCI project, go to the Project Configurations > Environment Variable and add the SONAR_TOKEN. With all of these steps done we can write our SonarCloud Job.
Finally, if we merge all of the jobs in our config.yml we get our beautiful pipeline 😍.
