splunk · gabrielm-splunk · Apr 21, 2026 · Apr 21, 2026
diff --git a/.github/workflows/validate-helm-charts.yml b/.github/workflows/validate-helm-charts.yml
@@ -0,0 +1,85 @@
+name: Validate Helm Charts
+permissions:
+  contents: read
+  pull-requests: write
+on:
+  pull_request:
+    paths:
+      - 'helm-chart/**/*.tgz'
+      - 'helm-chart/**/Chart.yaml'
+      - 'helm-chart/**/values.yaml'
+      - 'tools/validate-helm-charts.sh'
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'helm-chart/**/*.tgz'
+      - 'helm-chart/**/Chart.yaml'
+      - 'helm-chart/**/values.yaml'
+      - 'tools/validate-helm-charts.sh'
+  workflow_dispatch:
+
+jobs:
+  validate-chart-tgz-files:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Validate Helm chart tgz files
+        run: |
+          chmod +x tools/validate-helm-charts.sh
+          ./tools/validate-helm-charts.sh
+
+      - name: Comment on PR with validation results
+        if: failure() && github.event_name == 'pull_request'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '❌ **Helm Chart Validation Failed**\n\nThe `tools/validate-helm-charts.sh` script detected issues with Helm chart tgz files.\n\nPlease check the workflow logs for details and ensure:\n- Operator chart tgz files contain only `splunk-operator/` content (not `splunk-enterprise/`)\n- File sizes are reasonable (3.x charts ~5-10KB, 2.x charts ~400-430KB)\n- No tgz files over 1MB\n\nSee workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
+            })
+
+  lint-helm-charts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          DESIRED_VERSION=v3.8.2 bash get_helm.sh
+
+      - name: Lint splunk-operator chart
+        run: |
+          helm lint helm-chart/splunk-operator
+
+      - name: Lint splunk-enterprise chart
+        run: |
+          helm lint helm-chart/splunk-enterprise
+
+      - name: Test template rendering for common deployments
+        run: |
+          # Test default values
+          helm template test-default helm-chart/splunk-enterprise --dry-run > /dev/null
+
+          # Test c3 deployment
+          helm template test-c3 helm-chart/splunk-enterprise \
+            --set sva.c3.enabled=true \
+            --set "sva.c3.indexerClusters[0].name=idx1" \
+            --set "sva.c3.searchHeadClusters[0].name=shc1" \
+            --set clusterManager.enabled=true \
+            --dry-run > /dev/null
+
+          # Test s1 deployment
+          helm template test-s1 helm-chart/splunk-enterprise \
+            --set sva.s1.enabled=true \
+            --dry-run > /dev/null
+
+          echo "✅ All template rendering tests passed"
diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-3.0.0.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-3.0.0.tgz
diff --git a/tools/validate-helm-charts.sh b/tools/validate-helm-charts.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+# Validation script for Helm chart tgz files
+# This script ensures that splunk-operator chart tgz files contain only the operator chart,
+# not the full splunk-enterprise chart (which would cause Helm to load a stale subchart).
+
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+CHARTS_DIR="${REPO_ROOT}/helm-chart/splunk-enterprise/charts"
+
+echo "Validating Helm chart tgz files in ${CHARTS_DIR}"
+echo ""
+
+EXIT_CODE=0
+
+# Expected size ranges for operator charts (in KB)
+MIN_OPERATOR_SIZE_KB=5     # 3.x charts are ~6-7KB (no CRDs)
+MAX_OPERATOR_SIZE_2X_KB=450 # 2.x charts are ~400-430KB (with CRDs)
+MAX_OPERATOR_SIZE_3X_KB=10  # 3.x charts should be under 10KB
+
+for TGZ_FILE in "${CHARTS_DIR}"/splunk-operator-*.tgz; do
+    if [ ! -f "${TGZ_FILE}" ]; then
+        continue
+    fi
+
+    FILENAME=$(basename "${TGZ_FILE}")
+    VERSION=$(echo "${FILENAME}" | sed 's/splunk-operator-\(.*\)\.tgz/\1/')
+
+    # Get file size in KB
+    SIZE_BYTES=$(stat -f%z "${TGZ_FILE}" 2>/dev/null || stat -c%s "${TGZ_FILE}" 2>/dev/null)
+    SIZE_KB=$((SIZE_BYTES / 1024))
+
+    echo "Checking ${FILENAME} (${SIZE_KB}KB)..."
+
+    # Check contents
+    FIRST_DIR=$(tar -tzf "${TGZ_FILE}" | head -1 | cut -d'/' -f1)
+
+    if [ "${FIRST_DIR}" != "splunk-operator" ]; then
+        echo -e "${RED}ERROR: ${FILENAME} does not start with 'splunk-operator/' directory${NC}"
+        echo "  Expected: splunk-operator/..."
+        echo "  Got: ${FIRST_DIR}/..."
+        EXIT_CODE=1
+        continue
+    fi
+
+    # Check for splunk-enterprise content (should NOT be present)
+    if tar -tzf "${TGZ_FILE}" | grep -q "splunk-enterprise/Chart.yaml"; then
+        echo -e "${RED}ERROR: ${FILENAME} contains splunk-enterprise chart content${NC}"
+        echo "  This file appears to be a full splunk-enterprise chart package instead of just the operator chart."
+        echo "  Expected: Only splunk-operator chart files"
+        echo "  Found: splunk-enterprise/Chart.yaml (and likely other splunk-enterprise files)"
+        EXIT_CODE=1
+        continue
+    fi
+
+    # Check size is reasonable based on version
+    MAJOR_VERSION=$(echo "${VERSION}" | cut -d'.' -f1)
+
+    if [ "${MAJOR_VERSION}" = "3" ]; then
+        # 3.x charts removed CRDs, should be small
+        if [ ${SIZE_KB} -gt ${MAX_OPERATOR_SIZE_3X_KB} ]; then
+            echo -e "${YELLOW}WARNING: ${FILENAME} is larger than expected for 3.x (${SIZE_KB}KB > ${MAX_OPERATOR_SIZE_3X_KB}KB)${NC}"
+            echo "  3.x operator charts should not include CRDs and should be under 10KB"
+        fi
+    elif [ "${MAJOR_VERSION}" = "2" ]; then
+        # 2.x charts included CRDs, larger but still not huge
+        if [ ${SIZE_KB} -gt ${MAX_OPERATOR_SIZE_2X_KB} ]; then
+            echo -e "${YELLOW}WARNING: ${FILENAME} is larger than expected for 2.x (${SIZE_KB}KB > ${MAX_OPERATOR_SIZE_2X_KB}KB)${NC}"
+        fi
+    fi
+
+    # Size sanity check - anything over 1MB is definitely wrong (4.5MB was the corrupted file)
+    if [ ${SIZE_KB} -gt 1024 ]; then
+        echo -e "${RED}ERROR: ${FILENAME} is suspiciously large (${SIZE_KB}KB)${NC}"
+        echo "  This likely contains the full splunk-enterprise chart instead of just the operator chart"
+        EXIT_CODE=1
+        continue
+    fi
+
+    echo -e "${GREEN}✓ ${FILENAME} validated successfully${NC}"
+    echo ""
+done
+
+if [ ${EXIT_CODE} -eq 0 ]; then
+    echo -e "${GREEN}All Helm chart tgz files validated successfully!${NC}"
+else
+    echo -e "${RED}Validation failed! Please fix the issues above.${NC}"
+fi
+
+exit ${EXIT_CODE}