From 5ea9494c24be58bcd2c3445e2eea1a4a4d997cb0 Mon Sep 17 00:00:00 2001
From: aggarwalakshun <aggarwalakshun@gmail.com>
Date: Fri, 12 Dec 2025 16:08:41 +0530
Subject: [PATCH] only validate changed files

---
 .gitea/workflows/kubeconform.yml | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml
index b578df4..2343b0f 100644
--- a/.gitea/workflows/kubeconform.yml
+++ b/.gitea/workflows/kubeconform.yml
@@ -29,6 +29,13 @@ jobs:
         with:
           fetch-depth: 0
 
+      - name: Get changed files
+        id: changed-files
+        uses: tj-actions/changed-files@v47
+        with:
+          files: |
+            **.yml
+
       - name: Create kubeconform configuration
         run: |
           cat > /tmp/kubeconform-config.yaml << 'EOF'
@@ -38,9 +45,13 @@ jobs:
           EOF
 
       - name: Validate Manifests
+        if: steps.changed-files.outputs.any_changed == 'true'
+        env:
+          ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }}
         shell: bash
         run: |
-          # Define schema mappings
+          set -o pipefail
+
           declare -A SCHEMA_MAP=(
             ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json"
             ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json"
@@ -50,24 +61,13 @@ jobs:
             ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json"
           )
 
-          # Create cache directory
+          EXIT_CODE=0
           export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache"
           mkdir -p "$KUBECONFORM_CACHE_DIR"
 
-          # Exit code tracking
-          EXIT_CODE=0
-
-          # Process all YAML files
           while IFS= read -r file; do
+            [ -z "$file" ] && continue
             echo "=== Validating: $file ==="
-
-            # Skip excluded paths
-            if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then
-              echo "Skipping excluded file"
-              continue
-            fi
-
-            # Detect resource kind
             KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "")
 
             if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
@@ -75,6 +75,7 @@ jobs:
               SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
 
               if ! /kubeconform \
+                -config /tmp/kubeconform-config.yaml \
                 -schema-location "$SCHEMA_URL" \
                 -cache "$KUBECONFORM_CACHE_DIR" \
                 -output json \
@@ -84,6 +85,7 @@ jobs:
             else
               echo "Validating with default schemas"
               if ! /kubeconform \
+                -config /tmp/kubeconform-config.yaml \
                 -schema-location default \
                 -cache "$KUBECONFORM_CACHE_DIR" \
                 -output json \
@@ -93,6 +95,6 @@ jobs:
             fi
 
             echo ""
-          done < <(find . -type f \( -name "*.yml" \) -print)
+          done <<< "${ALL_CHANGED_FILES}"
 
           exit $EXIT_CODE