.lint-scripts: &lint-scripts |
  set -e
  function log_info() {
     echo -e "[\e[1;94mINFO\e[0m] $*"
  }

  function log_error() {
   echo -e "[\e[1;91mERROR\e[0m] $*" >&2
  }

  function install_ca_certs() {
    certs=$1
    if [[ -z "$certs" ]]
    then
      return
    fi

    # import in system
    if echo "$certs" >> /etc/ssl/certs/ca-certificates.crt
    then
      log_info "CA certificates imported in \\e[33;1m/etc/ssl/certs/ca-certificates.crt\\e[0m"
    fi
    if echo "$certs" >> /etc/ssl/cert.pem
    then
      log_info "CA certificates imported in \\e[33;1m/etc/ssl/cert.pem\\e[0m"
    fi
  }

  # validates an input GitLab CI YAML file
  function ci_lint() {
    rc=0
    for file in $(eval "ls -1 $GITLAB_CI_FILES")
    do
      log_info "Validating: $file..."
      REQUEST="{\"content\": $(jq --raw-input --slurp '.'  < "${file:-/dev/stdin}")}"
      RESULT=$(curl -s --header "Content-Type: application/json" --header "PRIVATE-TOKEN: $GITLAB_TOKEN" $CI_API_V4_URL/ci/lint --data "$REQUEST")
      if [ "$(echo "$RESULT" |  jq '.status')" == "\"valid\"" ]
      then
        log_info " ... valid ($RESULT)"
      else
        log_error " ... invalid: $RESULT"
        rc=1
      fi
    done
    exit $rc
  }

gitlab-ci-lint:
  image: dwdraju/alpine-curl-jq:latest
  stage: build
  before_script:
    - *lint-scripts
    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"
  script:
    - ci_lint
  rules:
    # enabled if $GITLAB_TOKEN and GITLAB_CI_FILES are set
    - if: '$GITLAB_TOKEN && $GITLAB_CI_FILES'

check-links:
  image: 
    name: lycheeverse/lychee:latest
    entrypoint: [""]
  stage: build
  script:
    - lychee --exclude-path CHANGELOG.md *.md