name: Check with kubeconform

on:
  push:
    branches: [ main ]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - uses: bmuschko/setup-kubeconform@v1
        name: Setup Kubeconform
      
      # This is the step that was missing in your workflow execution
      - name: Kubeconform validation
        id: kubeconform
        run: |
          # Create a temporary file to store validation output
          VALIDATION_OUTPUT_FILE=$(mktemp)
          
          # Run kubeconform and capture output and exit code
          find . -name '*.yaml' \
            ! -name '*values.yaml' \
            ! -path './.gitea/*' \
            -print0 | xargs -0 kubeconform \
              -summary \
              -verbose \
              -output pretty \
              -ignore-missing-schemas \
              -schema-location default \
              -schema-location 'https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json' \
              -schema-location 'https://raw.githubusercontent.com/SchemaStore/schemastore/refs/heads/master/src/schemas/json/kustomization.json' > $VALIDATION_OUTPUT_FILE 2>&1 || true
          
          # Save the validation output to a step output
          VALIDATION_OUTPUT=$(cat $VALIDATION_OUTPUT_FILE)
          echo "VALIDATION_OUTPUT<<EOF" >> $GITHUB_ENV
          echo "$VALIDATION_OUTPUT" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
          
          # Display the output in the logs
          cat $VALIDATION_OUTPUT_FILE
          
          # Check if there were validation errors
          if grep -q "Error" $VALIDATION_OUTPUT_FILE; then
            echo "VALIDATION_FAILED=true" >> $GITHUB_ENV
            echo "::error::Kubernetes manifest validation failed!"
            exit 1
          else
            echo "All manifests are valid!"
          fi
        continue-on-error: true
      
      - name: Extract invalid files
        if: env.VALIDATION_FAILED == 'true'
        id: extract_errors
        run: |
          echo "INVALID_FILES<<EOF" >> $GITHUB_ENV
          grep -o "[^ ]*.yaml:.*Error:" <<< "${{ env.VALIDATION_OUTPUT }}" | sort | uniq >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
          
      - name: Telegram notify on validation failure
        if: env.VALIDATION_FAILED == 'true'
        uses: appleboy/telegram-action@master
        with:
          to: ${{ secrets.TELEGRAM_TO }}
          token: ${{ secrets.TELEGRAM_TOKEN }}
          message: |
            🚨 Kubernetes manifest validation failed!
            
            Repository: ${{ github.repository }}
            Files with errors:
            ${{ env.INVALID_FILES }}
            
            Check action: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}