diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml index b578df4..7a421db 100644 --- a/.gitea/workflows/kubeconform.yml +++ b/.gitea/workflows/kubeconform.yml @@ -22,25 +22,30 @@ jobs: jq \ npm \ nodejs \ - bash + bash \ + git - name: Checkout code uses: actions/checkout@v6 with: fetch-depth: 0 - - name: Create kubeconform configuration - run: | - cat > /tmp/kubeconform-config.yaml << 'EOF' - schema_location: - - default - - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json" - EOF + - name: Get changed files + id: changed-files + uses: tj-actions/changed-files@v47 + with: + files: | + **.yml + !.gitea/workflows/** - name: Validate Manifests + if: steps.changed-files.outputs.any_changed == 'true' + env: + ALL_CHANGED_FILES: ${{ steps.changed-files.outputs.all_changed_files }} shell: bash run: | - # Define schema mappings + set -o pipefail + declare -A SCHEMA_MAP=( ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json" ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json" @@ -50,24 +55,13 @@ jobs: ["ClusterPolicy"]="nvidia.com/clusterpolicy_v1.json" ) - # Create cache directory + EXIT_CODE=0 export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache" mkdir -p "$KUBECONFORM_CACHE_DIR" - # Exit code tracking - EXIT_CODE=0 - - # Process all YAML files while IFS= read -r file; do + [ -z "$file" ] && continue echo "=== Validating: $file ===" - - # Skip excluded paths - if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then - echo "Skipping excluded file" - continue - fi - - # Detect resource kind KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "") if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then @@ -93,6 +87,6 @@ jobs: fi echo "" - done < <(find . -type f \( -name "*.yml" \) -print) + done <<< "${ALL_CHANGED_FILES}" exit $EXIT_CODE