How can I fill this YML file?

Question

I have this code for a flask authentication app and I have to run it through a local SonarQube (which I did), and have to run through gitlab pipelines. It should have four stages: build, test, SAST and deploy. However, I was only shown how to do the YML with Apache Maven commands and my current problem is in Python, so I'm not sure how to fill it. I've been doing this almost all weekend and the only thing i've got is the build stage. the test stage is blank so it always passes, but my biggest problem as for right now is the SAST stage.

Here is my YML file:

stages:
  - build
  - test
  - sast
  - deploy

variables:
  SONAR_TOKEN: "squ_1b804d297730d729fd6b7f90f019b33fdb2c2afe"
  SONAR_HOST_URL: "http://sonarqube:9000"  # Update with your SonarQube server URL

# image: gitlab/dind

# services:
#   - docker:dind

# before_script:
#   # - python -V
#   - pip install -r requirements.txt

build:
  stage: build
  image: python:3.8-slim-buster
  script:
    - apt-get update -q -y
    - apt-get install -y python-pip
    - python -V
    - echo "hello world"
    - pip install -r requirements.txt

test:
  stage: test
  script:
    - echo "Running tests"



sonarqube-check:
  stage: sast
  image: python:3.8-slim-buster
  cache:
    paths:
      - .sonar/cache
  script:
    - echo "SONAR_ORGANIZATION ${SONAR_ORGANIZATION}"
    - echo "CI_PROJECT_NAME ${CI_PROJECT_NAME}"
    - echo "SONAR_HOST_URL ${SONAR_HOST_URL}"
    - docker run --rm --network gitlab-network -e SONAR_HOST_URL="http://sonarqube:9000/" -e SONAR_LOGIN="squ_1b804d297730d729fd6b7f90f019b33fdb2c2afe" -v "./:/usr/src" sonarsource/sonar-scanner-cli

deploy:
  stage: deploy
  script:
    - echo "Deploying with Docker Compose"
    - docker-compose up -d

and this is the error that it gives me:

$ docker run --rm --network gitlab-network -e SONAR_HOST_URL="http://sonarqube:9000/" -e SONAR_LOGIN="squ_1b804d297730d729fd6b7f90f019b33fdb2c2afe" -v "./:/usr/src" sonarsource/sonar-scanner-cli
/bin/bash: line 153: docker: command not found
Cleaning up project directory and file based variables
00:01
ERROR: Job failed: exit code 1

I believe that the problem is the SAST stage. I may have put the wrong image and also the command is wrong. Could anyone help me fill the 3 stages?

Answer 1

I agree with czende. It seems that docker command is not available on the container you are running in that stage. That would require you to have a docker in docker setup. An alternative could be to expose your local sonar instance to the Internet with ngrok if you are toying with it. I've made this chapter in my course avaialable for free, so you can check out how it works: udemy.com/course/domina-sonarqube. Its in spanish though, but you might be a spanish speaker