---
name: "Kubeconform"

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
    paths: ["kubernetes/**"]

env:
  KUBERNETES_DIR: ./kubernetes
  SCHEMA_DIR: /home/runner/.datree/crdSchemas

jobs:
  kubeconform:
    name: Kubeconform
    runs-on: ubuntu-latest
    steps:
      - name: Generate Token
        uses: tibdex/github-app-token@0d49dd721133f900ebd5e0dff2810704e8defbc6 # v1.8.2
        id: generate-token
        with:
          app_id: "${{ secrets.BOT_APP_ID }}"
          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"

      - name: Checkout
        uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
        with:
          token: "${{ steps.generate-token.outputs.token }}"

      - name: Setup Homebrew
        uses: Homebrew/actions/setup-homebrew@master

      - name: Setup Tools
        shell: bash
        run: brew install fluxcd/tap/flux kubeconform kustomize

      - name: Download CRDs
        shell: bash
        run: |
          mkdir -p ${{ env.SCHEMA_DIR }}
          flux pull artifact oci://ghcr.io/auricom/manifests/kubernetes-schemas:latest \
              --output=${{ env.SCHEMA_DIR }}

      - name: Run kubeconform
        shell: bash
        run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} ${{ env.SCHEMA_DIR }}