---
steps:
  gitleaks:
    image: zricethezav/gitleaks:v8.18.2@sha256:eadfe256fa18d6a78a717abc9ed454c8e03865d1c46d627bca83977f4424901a
    commands:
      - gitleaks detect --no-git --verbose --source $CI_WORKSPACE
    when:
      event:
        exclude:
          - tag

  shellcheck:
    image: registry.mgrote.net/allzweckcontainer@sha256:d5c3e533b1fc02b4a074f85c32e234ca266e9a3e00a03280ce0185b654bf60c1
    commands:
      - |
        find . -type f -not -path './.git/*' -not -path './collections/*' -not -path './friedhof/*' -exec file {} \; | while IFS= read -r line; do
          if echo "$line" | grep -q "shell script"; then
            file_path=$(echo "$line" | awk -F':' '{print $1}')
            shellcheck "$file_path"
          fi
        done
    when:
      event:
        exclude:
          - tag
...