name: Check Kubernetes YAMLs

on:
  push:
    branches: [main, master]
    paths:
      - "kubernetes/apps/production/**"
  pull_request:
    paths:
      - "kubernetes/apps/production/**"

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: "1.23.1"

      - name: Cache Go modules
        uses: actions/cache@v4
        with:
          path: |
            ~/.cache/go-build
            ~/go/pkg/mod
          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
          restore-keys: |
            ${{ runner.os }}-go-

      - name: Install kube-linter
        run: |
          go install golang.stackrox.io/kube-linter/cmd/kube-linter@latest

      - name: Scan yaml files with kube-linter
        run: |
          kube-linter lint ./kubernetes/apps/production --config kubelinter-config.yaml