fleet/.github/workflows/validate-maintained-apps-inputs.yml

name: Validate maintained apps inputs

on:
  pull_request:
    paths:
      - 'ee/maintained-apps/inputs/homebrew/*.json'

permissions:
  contents: read
  pull-requests: read

jobs:
  build:
    permissions:
      contents: write         # Required to push new branch
      pull-requests: write    # Required to open PRs
    runs-on: ubuntu-latest
    timeout-minutes: 180

    steps:
      - name: Harden Runner
        uses: step-security/harden-runner@20cf305ff2072d973412fa9b1e3a4f227bda3c76 # v2.14.0
        with:
          egress-policy: audit

      - name: Checkout Fleet
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          repository: fleetdm/fleet
          fetch-depth: 1
          ref: ${{ github.head_ref }}
          path: fleet

      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
          python-version: '3.13'
      - name: Install check-jsonschema
        run: pipx install check-jsonschema

      - name: Validate JSON
        run: |
          for i in $(ls fleet/ee/maintained-apps/inputs/homebrew/*.json); do
            echo "Validating $i"
            check-jsonschema --schemafile fleet/ee/maintained-apps/inputs/homebrew/schema/input-schema.json $i
            echo
          done