diff --git a/.woodpecker/.build.yaml b/.woodpecker.yaml
similarity index 83%
rename from .woodpecker/.build.yaml
rename to .woodpecker.yaml
index f59d616..ffb8897 100644
--- a/.woodpecker/.build.yaml
+++ b/.woodpecker.yaml
@@ -1,5 +1,5 @@
 steps:
-  build main:
+  build-main:
     when:
       - event: push
         branch: main
@@ -12,11 +12,9 @@ steps:
       password:
         from_secret: gitea_token
       repo: git.verdigado.com/${CI_REPO,,}
-      tags:
-        - 'latest'
-        - ${CI_COMMIT_SHA}
+      tag: 'latest'
 
-  build branch:
+  build-branch:
     when:
       - event: push
         branch:
@@ -30,6 +28,4 @@ steps:
       password:
         from_secret: gitea_token
       repo: git.verdigado.com/${CI_REPO,,}
-      tags:
-        - ${CI_COMMIT_BRANCH}
-        - ${CI_COMMIT_SHA}
+      tag: ${CI_COMMIT_BRANCH}
diff --git a/.woodpecker/.test.yaml b/.woodpecker/.test.yaml
deleted file mode 100644
index b63c742..0000000
--- a/.woodpecker/.test.yaml
+++ /dev/null
@@ -1,56 +0,0 @@
-skip_clone: true
-when:
-  - event: push
-depends_on:
-  - build
-variables:
-  - &image 'git.verdigado.com/verdigado-images/container-pre-commit:${CI_COMMIT_SHA}'
-steps:
-  await-image:
-    image: alpine@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0
-    environment:
-      IMAGE: *image
-    commands:
-      - apk add --update --no-cache img
-      - 'while !(( img pull $IMAGE 2>&1 | grep -q "Error: failed to unmount" )) ; do echo "Awaiting image $IMAGE..."; sleep 3; done'
-      - echo 'found.'
-
-  clone salt:
-    image: woodpeckerci/plugin-git@sha256:7af90de3a9aa5dc93cc0d5cd2e67e28cb237d4b8e891ccacfd9031f78f4b05a8
-    settings:
-      remote: https://git.verdigado.com/verdigado-Privileged/Salt.git
-      path: salt
-      sha: ''
-      ref: refs/heads/master
-      branch: master
-
-  pre-commit salt:
-    image: *image
-    depends_on:
-      - await-image
-      - clone salt
-    environment:
-      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
-    commands:
-      - cd salt
-      - pre-commit run --all-files
-
-  clone rocketchat2matrix:
-    image: woodpeckerci/plugin-git@sha256:7af90de3a9aa5dc93cc0d5cd2e67e28cb237d4b8e891ccacfd9031f78f4b05a8
-    settings:
-      remote: https://git.verdigado.com/NB-Public/rocketchat2matrix.git
-      path: rocketchat2matrix
-      sha: ''
-      ref: refs/heads/main
-      branch: master
-
-  pre-commit rocketchat2matrix:
-    image: *image
-    depends_on:
-      - await-image
-      - clone rocketchat2matrix
-    environment:
-      - SKIP=no-commit-to-branch # Ignore "don't commit to protected branch" check
-    commands:
-      - cd rocketchat2matrix
-      - pre-commit run --all-files
diff --git a/Dockerfile b/Dockerfile
index e988a6a..d5f6e51 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,17 +1,21 @@
-FROM python:3.12.4-alpine3.20@sha256:dc095966439c68283a01dde5e5bc9819ba24b28037dddd64ea224bf7aafc0c82
+FROM python:3.12.4-alpine3.20@sha256:a982997504b8ec596f553d78f4de4b961bbdf5254e0177f6e99bb34f4ef16f95
+COPY --from=koalaman/shellcheck:v0.10.0@sha256:2097951f02e735b613f4a34de20c40f937a6c8f18ecb170612c88c34517221fb /bin/shellcheck /usr/bin/
+COPY --from=ghcr.io/gitleaks/gitleaks:v8.18.4@sha256:f44e526acc67786b7476db413edb993ce2d152660d32fb3eb48d9bca06fa83f8 /usr/bin/gitleaks /usr/bin/
 
 # renovate: datasource=repology depName=alpine_3_20/build-base versioning=loose
 ENV BUILD_BASE_VERSION="0.5-r3"
 # renovate: datasource=repology depName=alpine_3_20/gcc versioning=loose
 ENV GCC_VERSION="13.2.1_git20240309-r0"
 # renovate: datasource=repology depName=alpine_3_20/ruby versioning=loose
-ENV RUBY_VERSION="3.3.3-r0"
+ENV RUBY_VERSION="3.3.1-r0"
 # renovate: datasource=repology depName=alpine_3_20/git versioning=loose
 ENV GIT_VERSION="2.45.2-r0"
 # renovate: datasource=repology depName=alpine_3_20/openssh-keygen versioning=loose
 ENV OPENSSH_KEYGEN_VERSION="9.7_p1-r3"
 # renovate: datasource=pypi depName=pre-commit versioning=pep440
 ENV PRE_COMMIT_VERSION="3.7.1"
+# renovate: datasource=rubygems depName=mdl versioning=ruby
+ENV MDL_VERSION="0.13.0"
 
 RUN mkdir /data /tmp/pre-commit
 COPY .pre-commit-config.yaml /tmp/pre-commit
@@ -19,11 +23,13 @@ COPY .pre-commit-config.yaml /tmp/pre-commit
 RUN apk add --update --no-cache \
       build-base="${BUILD_BASE_VERSION}" \
       gcc="${GCC_VERSION}" \
+      ruby="${RUBY_VERSION}" \
       ruby-dev="${RUBY_VERSION}" \
       git="${GIT_VERSION}" \
       openssh-keygen="${OPENSSH_KEYGEN_VERSION}" \
     && \
     pip install --no-cache-dir pre-commit=="${PRE_COMMIT_VERSION}" && \
+    gem install --no-document mdl -v "${MDL_VERSION}" && \
     git config --global --add safe.directory /data && \
     cd /tmp/pre-commit && \
     git init --initial-branch main && \