---
steps:
  gitleaks:
    image: zricethezav/gitleaks:v8.18.2
    commands:
      - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
    when:
      - evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'

  hadolint:
    image: pipelinecomponents/hadolint:0.26.0
    commands:
      - hadolint Dockerfile
    when:
      - evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'

  shellcheck:
    image: "koalaman/shellcheck-alpine:latest"
    commands:
      - |
        find . -type f -not -path './.git/*' -not -path './collections/*' -exec file {} \; | while IFS= read -r line; do
          if echo "$line" | grep -q "shell script"; then
            file_path=$(echo "$line" | awk -F':' '{print $1}')
            shellcheck "$file_path"
          fi
        done
    when:
      - evaluate: 'CI_COMMIT_AUTHOR_EMAIL != "renovate@mgrote.net"'
...