---
name: "Kubeconform"

on:
  workflow_dispatch:
  pull_request:
    branches: ["main"]
    paths: ["kubernetes/**"]

env:
  KUBERNETES_DIR: ./kubernetes
  SCHEMA_DIR: /home/runner/.datree/crdSchemas

jobs:
  kubeconform:
    name: Kubeconform
    runs-on: ubuntu-latest
    steps:
      - name: Generate Token
        uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
        id: generate-token
        with:
          app_id: "${{ secrets.BOT_APP_ID }}"
          private_key: "${{ secrets.BOT_APP_PRIVATE_KEY }}"

      - name: Checkout
        uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 # v3.5.3
        with:
          token: "${{ steps.generate-token.outputs.token }}"

      - name: Setup Homebrew
        uses: Homebrew/actions/setup-homebrew@master

      - name: Setup Tools
        shell: bash
        run: brew install fluxcd/tap/flux kubeconform kustomize

      - name: Download CRDs
        shell: bash
        run: |
          mkdir -p ${{ env.SCHEMA_DIR }}
          flux pull artifact oci://ghcr.io/auricom/manifests/kubernetes-schemas:latest \
              --output=${{ env.SCHEMA_DIR }}

      - name: Run kubeconform
        shell: bash
        run: bash ./.github/scripts/kubeconform.sh ${{ env.KUBERNETES_DIR }} ${{ env.SCHEMA_DIR }}