name: Check with kubeconform

on:
  push:
    branches: [main]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      - uses: bmuschko/setup-kubeconform@v1
        name: Setup Kubeconform

      - name: Validate manifests
        run: |
          find . -name '*.yaml' \
            ! -name '*values.yaml' \
            ! -path './.gitea/*' -print0 |
          xargs -0 kubeconform \
            -summary \
            -output json \
            -ignore-missing-schemas \
            -schema-location default \
            -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
            -schema-location 'https://raw.githubusercontent.com/SchemaStore/schemastore/master/src/schemas/json/kustomization.json' \
            > kubeconform_output.json

          invalid_count=$(jq '[.resources[] | select(.status=="invalid")] | length' kubeconform_output.json)

          if [[ "$invalid_count" -gt 0 ]]; then
            jq -r '.resources[] | select(.status=="invalid") | "- \(.filename): \(.msg)"' kubeconform_output.json > invalid_files.txt
            cat invalid_files.txt
            echo "::error::Validation failed with $invalid_count errors."
            exit 1
          else
            echo "✅ All manifests valid!"
          fi

      - name: Notify Telegram on failure
        if: failure()
        uses: appleboy/telegram-action@master
        with:
          to: ${{ secrets.TELEGRAM_TO }}
          token: ${{ secrets.TELEGRAM_TOKEN }}
          format: html
          message: |
            ❌ <b>Kubernetes validation failed!</b>

            <b>Invalid files:</b>
            <pre>${{ join(files('invalid_files.txt'), '\n') }}</pre>

            🔗 <a href="https://gt.hexor.cy/${{ github.repository }}/actions/runs/${{ github.run_number }}">Details</a>