---
steps:
gitleaks:
image: zricethezav/gitleaks:v8.18.2@sha256:eadfe256fa18d6a78a717abc9ed454c8e03865d1c46d627bca83977f4424901a
commands:
- gitleaks detect --no-git --verbose --source $CI_WORKSPACE
when:
event:
exclude:
- tag
hadolint:
image: pipelinecomponents/hadolint:0.26.0@sha256:7122937006c7a9bcbb78ce764d3c2f0092f183b843ad128bc9fd6ea918e22d5b
- hadolint Dockerfile
shellcheck:
image: "koalaman/shellcheck-alpine:latest@sha256:eed99e46acb69ede0f68db4fd8f1b3b00cc09d66cb7d4d6f1f6296bd8833932d"
- |
find . -type f -not -path './.git/*' -not -path './collections/*' -exec file {} \; | while IFS= read -r line; do
if echo "$line" | grep -q "shell script"; then
file_path=$(echo "$line" | awk -F':' '{print $1}')
shellcheck "$file_path"
fi
done
...