name: Check with kubeconform
on:
  push:
    branches: [ main ]
jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - uses: bmuschko/setup-kubeconform@v1
        name: Setup Kubeconform
      
      - name: Kubeconform validation
        id: kubeconform
        run: |
          # Create exclusion list - add files that should be skipped from validation
          EXCLUSIONS=(
            "./k8s/core/system-upgrade/crd.yaml"
            # Add more files here as needed
            # "./path/to/another/file.yaml"
          )
          
          # Create a temporary file for storing validation output
          VALIDATION_OUTPUT=$(mktemp)
          
          # Function to check if file is in exclusions
          is_excluded() {
            local file="$1"
            for exclusion in "${EXCLUSIONS[@]}"; do
              if [[ "$file" == "$exclusion" ]]; then
                return 0
              fi
            done
            return 1
          }
          
          # Find all yaml files and filter out exclusions
          YAML_FILES=()
          while IFS= read -r -d '' file; do
            if ! is_excluded "$file"; then
              YAML_FILES+=("$file")
            else
              echo "⚠️  Skipping excluded file: $file"
            fi
          done < <(find . -name '*.yaml' \
            ! -name '*values.yaml' \
            ! -path './.gitea/*' \
            -print0)
          
          # Run kubeconform only if there are files to validate
          if [ ${#YAML_FILES[@]} -gt 0 ]; then
            printf '%s\0' "${YAML_FILES[@]}" | xargs -0 kubeconform \
              -summary \
              -verbose \
              -output pretty \
              -ignore-missing-schemas \
              -schema-location default \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
              -schema-location 'https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/kustomization.json' > $VALIDATION_OUTPUT 2>&1 || true
          else
            echo "No files to validate after applying exclusions" > $VALIDATION_OUTPUT
          fi
          
          # Display output in logs
          cat $VALIDATION_OUTPUT
          
          # Extract invalid files to a list
          if grep -q "invalid" $VALIDATION_OUTPUT; then
            grep -o "[^ ]*.yaml:.*invalid" $VALIDATION_OUTPUT | sort | uniq > invalid_files.txt
            echo "FAILED=true" >> $GITHUB_ENV
            echo "::error::Kubernetes manifest validation failed!"
            cat invalid_files.txt
            exit 1
          else
            echo "✅ All manifests are valid!"
          fi
        continue-on-error: true
      
      - name: Build notification message
        if: env.FAILED == 'true'
        run: |
          # Read invalid files and format them for the message
          INVALID_FILES=$(cat invalid_files.txt)
          echo "INVALID_FILES<<EOF" >> $GITHUB_ENV
          echo "$INVALID_FILES" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
          
      - name: Send Telegram message
        if: env.FAILED == 'true'
        uses: appleboy/telegram-action@master
        with:
          to: ${{ secrets.TELEGRAM_TO }}
          token: ${{ secrets.TELEGRAM_TOKEN }}
          format: html
          message: |
            ❌ <b>Kubernetes validation failed!</b>
            
            Invalid files:
            ${{ env.INVALID_FILES }}
            <a href="https://gt.hexor.cy/${{ github.repository }}/actions/runs/${{ github.run_number }}">🔗 Check details</a>