---
steps:
gitleaks:
image: zricethezav/gitleaks:v8.18.1@sha256:6945c62ca019ead32bc337ab0c9fd055e98d82961765d38b7ccccc84dae95d0f
commands:
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
when:
event:
exclude:
- tag
hadolint:
image: pipelinecomponents/hadolint:0.26.0@sha256:7122937006c7a9bcbb78ce764d3c2f0092f183b843ad128bc9fd6ea918e22d5b
- hadolint Dockerfile
shellcheck:
image: registry.mgrote.net/allzweckcontainer@sha256:6cc0c5abd063331dd5e205d133ec76097b5d482752fe7ca9b40235ae7712f112
- |
find . -type f -not -path './.git/*' -not -path './collections/*' -exec file {} \; | while IFS= read -r line; do
if echo "$line" | grep -q "shell script"; then
file_path=$(echo "$line" | awk -F':' '{print $1}')
shellcheck "$file_path"
fi
done
...