name: Validate Kubernetes Manifests

on:
  pull_request:
    branches: [main]

jobs:
  kubeconform:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/yannh/kubeconform:v0.7.0-alpine
    steps:

      - name: Install dependencies
        run: |
          apk add --no-cache \
            yq \
            findutils \
            curl \
            jq \
            npm \
            nodejs \
            bash

      - name: Checkout code
        uses: actions/checkout@v6
        with:
          fetch-depth: 0

      - name: Create kubeconform configuration
        run: |
          cat > /tmp/kubeconform-config.yaml << 'EOF'
          schema_location:
            - default
            - "https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/{{ .ResourceKind }}_{{ .ResourceAPIVersion }}.json"
          EOF

      - name: Validate Manifests
        shell: bash
        run: |
          # Define schema mappings
          declare -A SCHEMA_MAP=(
            ["HelmRelease"]="helm.toolkit.fluxcd.io/helmrelease_v2.json"
            ["HelmRepository"]="source.toolkit.fluxcd.io/helmrepository_v1.json"
            ["L2Advertisement"]="metallb.io/l2advertisement_v1beta1.json"
            ["IPAddressPool"]="metallb.io/ipaddresspool_v1beta1.json"
            ["SealedSecret"]="bitnami.com/sealedsecret_v1alpha1.json"
          )
          
          # Create cache directory
          export KUBECONFORM_CACHE_DIR="/tmp/kubeconform-cache"
          mkdir -p "$KUBECONFORM_CACHE_DIR"
          
          # Exit code tracking
          EXIT_CODE=0
          
          # Process all YAML files
          while IFS= read -r file; do
            echo "=== Validating: $file ==="
            
            # Skip excluded paths
            if [[ "$file" == *".gitea/"* ]] || [[ "$file" == *"clusters/default/system-upgrade/"* ]]; then
              echo "Skipping excluded file"
              continue
            fi
            
            # Detect resource kind
            KIND=$(yq -r '.kind // ""' "$file" 2>/dev/null || echo "")
            
            if [[ -n "$KIND" && -n "${SCHEMA_MAP[$KIND]}" ]]; then
              echo "Found $KIND - using custom schema"
              SCHEMA_URL="https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/${SCHEMA_MAP[$KIND]}"
              
              if ! kubeconform \
                -schema-location "$SCHEMA_URL" \
                -cache "$KUBECONFORM_CACHE_DIR" \
                -output json \
                "$file"; then
                EXIT_CODE=1
              fi
            else
              echo "Validating with default schemas"
              if ! kubeconform \
                -schema-location default \
                -cache "$KUBECONFORM_CACHE_DIR" \
                -output json \
                "$file"; then
                EXIT_CODE=1
              fi
            fi
            
            echo ""
          done < <(find . -type f \( -name "*.yml" \) -print)
          
          exit $EXIT_CODE