[bug]: Webhook endpoint URL validation accepts unsupported schemes like ftp://

[rambhardwajj]

Description

Webhook endpoint URL validation currently accepts unsupported URL schemes such as ftp:// and file://.

The CLI uses utils.ValidateURL to validate webhook endpoint URLs. While the validator checks URL parsing and host validity, it does not restrict the URL scheme.
Since Harbor webhook endpoints are HTTP-based, the CLI should reject non-HTTP(S) endpoint URLs before making the API request.

---

Steps to Reproduce

1. Configure/login to Harbor CLI with a valid Harbor instance.

2. Run the following command:

harbor webhook create invalid-scheme-webhook \
  --project my-project \
  --notify-type http \
  --event-type PUSH_ARTIFACT \
  --endpoint-url ftp://example.com/webhook \
  --payload-format Default

---

Arguments Used

--project my-project
--notify-type http
--event-type PUSH_ARTIFACT
--endpoint-url ftp://example.com/webhook
--payload-format Default

---

Expected Behavior

The CLI should reject webhook endpoint URLs that do not use http or https.

Example expected error:

URL scheme must be http or https

---

Actual Behavior

The endpoint URL passes client-side validation as long as the URL contains a valid host, even when the scheme is unsupported.

Examples that currently pass validation but should be rejected:

ftp://example.com/webhook
file://example.com/webhook

---

Environment

• OS: macOS / Darwin 25.3.0 arm64
• Harbor CLI Version: 0.1.0
• Commit: a40b548
• Go Version: go1.26.2 darwin/arm64

---

Affected Paths

Command Paths

cmd/harbor/root/webhook/create.go
cmd/harbor/root/webhook/edit.go

Interactive View Paths

pkg/views/webhook/create/view.go
pkg/views/webhook/edit/view.go

Shared Validator

pkg/utils/helper.go