name: Validate Kubernetes Manifests

on:
  pull_request:
    branches: [ main]

jobs:
  kubeconform:
    runs-on: ubuntu-latest
    container:
      image: docker.io/archlinux/archlinux:latest
    steps:
      - name: Setup environment
        run: |
          pacman -Syu --noconfirm kubeconform git findutils
      - name: Checkout code
        run: |
          git clone https://gitea.akshun-lab.cc/aggarwalakshun/k3s.git /mnt
      - name: Validate Manifests
        run: |
          find /mnt -type f \( -name "*.yml" -o -name "*.yaml" \) \
            -not -path "*/.gitea/*" \
            -print0 | xargs -0 --no-run-if-empty kubeconform \
              -verbose \
              -summary \
              -schema-location default \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/bitnami.com/sealedsecret_v1alpha1.json' \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/helm.toolkit.fluxcd.io/helmrelease_v2.json' \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/ipaddresspool_v1beta1.json' \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/metallb.io/l2advertisement_v1beta1.json' \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/refs/heads/main/source.toolkit.fluxcd.io/helmrepository_v1.json'