Helpful Golang tools to make your code great again

Introduction

Hello, breathtaking DEV people!

All last week I was refactoring my Go projects. And realized that I was using the same tools to check code quality and safety everywhere. Yes, this should be done from time to time to keep the code base clean and orderly (this applies not only to programming, but in general in life).

By the way, this article is not about the built-in linters and formatters in the Go plugin for VS Code or similar! These will be different projects from various authors, that you can add to your programming cycle.

So, why not tell my readers about helpful tools? Let's go!

Table of contents

• Why it is important and my vision for Go projects
• Setting up the environment correctly
• The gosec package
• The go-critic package
• The golangci-lint package
• Afterwards

Why it is important and my vision for Go projects

I have to tell you: I love writing code. But more than that, I like reading structured code from other developers.

Why? It helps to better understand the author, adopt useful techniques and methods, as well as, just to understand the work of a particular function and the package as a whole!

For this reason, I am meticulous about tools to make it easier to write code and, as a consequence, to read it afterwards. I encourage you to be careful and use the tips and tools I describe in this article, too someone is still reading the code you've written.

Table of contents

Setting up the environment correctly

First, the default .editorconfig for all of my Go projects, looks like this:

# ./.editorconfigroot = true[*] # <-- rules for all filesindent_style = spaceindent_size = 2charset = utf-8trim_trailing_whitespace = trueinsert_final_newline = true[{go.mod,go.sum,*.go}] # <-- rules only for Go's project filesindent_style = tabindent_size = 4# ...other rules...

The second, but just as important as the first, always updated Go plugin for Visual Studio Code (which I mentioned above) with default settings.

Table of contents

The gosec package

The gosec inspects source code for security problems by scanning the Go AST. This package contains over 30 different rules to test the security of your Go code.

Note: In computer science, an abstract syntax tree (AST), or just syntax tree, is a tree representation of the abstract syntactic structure of source code written in a programming language.

Here's an example from one of my projects. I call the command gosec ./... in the root directory of my module:

[gosec] 2021/10/25 18:03:37 Including rules: default[gosec] 2021/10/25 18:03:37 Excluding rules: default[gosec] 2021/10/25 18:03:37 Import directory: /Users/koddr/Code/project/api/app/models[gosec] 2021/10/25 18:03:37 Checking package: models# ...list of all *.go files...Results:[/Users/koddr/Code/project/api/platform/cdn/digitalocean_spaces.go:62] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)    61:         // Open the file from system path.  > 62:         file, errOpen := os.OpenFile(pathToFile, os.O_RDONLY, 0o600)    63:         if errOpen != nil {Summary:  Gosec  : 2.9.1  Files  : 29  Lines  : 2760  Nosec  : 0  Issues : 1

And this give me a lot of information to fix it! You can easily fix this part of the code by wrapping the pathToFile variable with the filepath.Clean() function built into Golang.

Note: Yes, it may seem strange at first glance, but if you've ever run Go projects in production, you'll understand why you can't leave such things out of your code.

Table of contents

The go-critic package

The go-critic is a collection of checks that detect style, performance issues as well as some common programming errors. It provides as much useful checks as possible. This wonderful tool not only shows you the problematic part of your Go code, but also tells you what to replace it with.

For an example, let's run gocritic check -enableAll ./... for the popular Swagger documentation generator package swaggo/swag:

./operation.go:1033:24: ioutilDeprecated: ioutil.ReadFile is deprecated, use os.ReadFile instead./parser.go:604:1: paramTypeCombine: func(tagName string, dirPath string) ([]byte, error) could be replaced with func(tagName, dirPath string) ([]byte, error)./packages.go:41:5: emptyStringTest: replace `len(packageDir) == 0` with `packageDir == ""`# ...and over 20 more...

If there is a rule group you don't need at the moment, just disable it via a disable flag with tag like this:

gocritic check -disable='#style' ./...

Supported tags (always enabled):

• #diagnostic kind of checks that detect various errors
• #style kind of checks that find style issues
• #performance kind of checks that detect potential performance issues
• #security kind of checks that find security issues

And tags which disabled by default (enable it by the -enable='<TAG>' flag with specific tag, or use -enableAll flag):

• #experimental check is under testing and development
• #opinionated check can be unwanted for some people

For turn off a specific rule, just run this command:

gocritic check -disable=emptyStringTest ./...

Note: You can find a complete list of all the rules here.

Table of contents

The golangci-lint package

The golangci-lint is a fast Go linters runner. Most installations of this package performed for CI, but you can use it, for example, as a standard linter in your favorite IDE.

The main advantages:

1. Runs linters in parallel, reuses Go build cache and caches analysis results
2. YAML-based configuration
3. Many linters included, no need to install them
4. Minimum number of false positives because of tuned default settings
5. Nice output with colors, source code lines and marked identifiers

And yes, personally, I often use it with GitHub Actions to check all incoming PRs for projects in the repositories.

Note: If you missed it, here's my series of articles that will give you insight and practice with GitHub Actions.

The config file for Actions looks like this, for example:

# ./.github/workflows/golangci-lint.ymlname: golangci-linton:  push:    branches:      - master  pull_request:jobs:  golangci:    name: lint    runs-on: ubuntu-latest    steps:      - uses: actions/checkout@v2      - name: golangci-lint        uses: golangci/golangci-lint-action@v2        with:          version: latest          only-new-issues: true  # ...

A small demo from the developers of golangci-lint that shows the problematic areas of the Beego web framework (by golangci-lint run command):

Table of contents

Afterwards

I hope that this article has helped you. Write in the comments if you have any other good tools for checking and formatting code. And be never afraid to take a little time to make your code great again.

It's well worth it!

Table of contents

Photos and videos by

• Tools authors and Vic Shstak

P.S.

If you want more articles like this on this blog, then post a comment below and subscribe to me. Thanks!