diff --git a/.gitea/workflows/kubeconform.yml b/.gitea/workflows/kubeconform.yml
index 2225880..c023e1d 100644
--- a/.gitea/workflows/kubeconform.yml
+++ b/.gitea/workflows/kubeconform.yml
@@ -8,14 +8,22 @@ jobs:
   kubeconform:
     runs-on: ubuntu-latest
     container:
-      image: docker.io/archlinux/archlinux:latest
+      image: ghcr.io/yannh/kubeconform:v0.7.0-alpine
     steps:
-      - name: Setup environment
+
+      - name: Install dependencies
         run: |
-          pacman -Syu --noconfirm kubeconform git yq nodejs npm
-      
+          apk add --no-cache \
+            yq \
+            findutils \
+            curl \
+            jq \
+            npm \
+            nodejs \
+            bash
+
       - name: Checkout code
-        uses: actions/checkout@v4
+        uses: actions/checkout@v6
         with:
           fetch-depth: 0
 
@@ -26,55 +34,62 @@ jobs:
             - default
             - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json"
           EOF
-      
+
       - name: Validate Manifests
+        shell: bash
         run: |
-          # Create a cache directory for schemas
-          mkdir -p /tmp/kubeconform-cache
+          # Define schema mappings
+          declare -A SCHEMA_MAP=(
+            ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json"
+            ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json"
+            ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json"
+            ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json"
+            ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json"
+          )
           
-          # Validate manifests with proper schema resolution
-          find . -type f \( -name "*.yml" \) \
-            -not -path "./.gitea/*" \
-            -not -path "./clusters/default/system-upgrade/*" \
-            -exec sh -c '
-              for file do
-                echo "=== Validating: $file ==="
-                if yq -e "select(.kind == \"HelmRelease\")" "$file" >/dev/null 2>&1; then
-                  echo "Found HelmRelease - using fluxcd schema"
-                  kubeconform \
-                    -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json" \
-                    -output json \
-                    "$file"
-                elif yq -e "select(.kind == \"HelmRepository\")" "$file" >/dev/null 2>&1; then
-                  echo "Found HelmRepository - using fluxcd schema"
-                  kubeconform \
-                    -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json" \
-                    -output json \
-                    "$file"
-                elif yq -e "select(.kind == \"L2Advertisement\")" "$file" >/dev/null 2>&1; then
-                  echo "Found L2Advertisement - using metallb schema"
-                  kubeconform \
-                    -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json" \
-                    -output json \
-                    "$file"
-                elif yq -e "select(.kind == \"IPAddressPool\")" "$file" >/dev/null 2>&1; then
-                  echo "Found IPAddressPool - using metallb schema"
-                  kubeconform \
-                    -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json" \
-                    -output json \
-                    "$file"
-                elif yq -e "select(.kind == \"SealedSecret\")" "$file" >/dev/null 2>&1; then
-                  echo "Found SealedSecret - using bitnami schema"
-                  kubeconform \
-                    -schema-location "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json" \
-                    -output json \
-                    "$file"
-                else
-                  echo "Validating with default schemas"
-                  kubeconform \
-                    -schema-location default \
-                    -output json \
-                    "$file"
-                fi
-              done
-            ' sh {} +
+          # Create cache directory
+          export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache"
+          mkdir -p "$KUBECONFORM_CACHE_DIR"
+          
+          # Exit code tracking
+          EXIT_CODE=0
+          
+          # Process all YAML files
+          while IFS= read -r file; do
+            echo "=== Validating: $file ==="
+            
+            # Skip excluded paths
+            if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then
+              echo "Skipping excluded file"
+              continue
+            fi
+            
+            # Detect resource kind
+            KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "")
+            
+            if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
+              echo "Found $KIND - using custom schema"
+              SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
+              
+              if ! /kubeconform \
+                -schema-location "$SCHEMA_URL" \
+                -cache "$KUBECONFORM_CACHE_DIR" \
+                -output json \
+                "$file"; then
+                EXIT_CODE=1
+              fi
+            else
+              echo "Validating with default schemas"
+              if ! /kubeconform \
+                -schema-location default \
+                -cache "$KUBECONFORM_CACHE_DIR" \
+                -output json \
+                "$file"; then
+                EXIT_CODE=1
+              fi
+            fi
+            
+            echo ""
+          done < <(find . -type f \( -name "*.yml" \) -print)
+          
+          exit $EXIT_CODE