#!/usr/bin/env bash

# This script downloads the Flux OpenAPI schemas, then it validates the
# Flux custom resources and the kustomize overlays using kubeconform.
# This script is meant to be run locally and in CI before the changes
# are merged on the main branch that's synced by Flux.

# Copyright 2020 The Flux authors. All rights reserved.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# This script is meant to be run locally and in CI to validate the Kubernetes
# manifests (including Flux custom resources) before changes are merged into
# the branch synced by Flux in-cluster.

set -eo pipefail

KUSTOMIZE_FLAGS=("--load-restrictor=LoadRestrictionsNone")
KUSTOMIZE_CONFIG="kustomization.yaml"

FLUX_PATH="${1:-.}"

find "${FLUX_PATH%/}" -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating %s\n" "$file"
    yq e 'true' "$file" >/dev/null
done

if [ -z "$KUBECONFORM_CONFIG" ]; then
    KUBECONFORM_CONFIG=(
        "-strict"
        "-schema-location" "default"
        "-schema-location" "https://gitea.rknet.org/infra/crds-catalog/raw/branch/catalog/{{.Group}}/{{.ResourceKind}}_{{.ResourceAPIVersion}}.json"
        "-exit-on-error"
        "-summary"
        "-skip" "Secret,CustomResourceDefinition"
    )
else
    # shellcheck disable=SC2128
    IFS=', ' read -r -a KUBECONFORM_CONFIG <<<"$KUBECONFORM_CONFIG"
fi

printf "\nINFO - Validating clusters\n"
find "${FLUX_PATH%/}/clusters" -maxdepth 2 -type f -name '*.yaml' -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating cluster file %s\n" "${file}"
    kubeconform "${KUBECONFORM_CONFIG[@]}" "${file}"
    if [[ ${PIPESTATUS[0]} != 0 ]]; then
        exit 1
    fi
done

printf "\nINFO - Validating kustomize overlays\n"
find "${FLUX_PATH%/}" -type f -name $KUSTOMIZE_CONFIG -print0 | while IFS= read -r -d $'\0' file; do
    printf "INFO - Validating kustomization %s\n" "${file/%$KUSTOMIZE_CONFIG/}"
    kustomize build "${file/%$KUSTOMIZE_CONFIG/}" "${KUSTOMIZE_FLAGS[@]}" |
        kubeconform "${KUBECONFORM_CONFIG[@]}"
    echo
    if [[ ${PIPESTATUS[0]} != 0 ]]; then
        exit 1
    fi
done