Fix corrupted splunk-operator-3.0.0.tgz and add validation

gabrielm-splunk · claude · gabrielm-splunk · commit 75bb1b5fedb3 · 2026-04-21T15:00:09.000-04:00
The splunk-operator-3.0.0.tgz file was corrupted - it contained the full splunk-enterprise chart (4.5MB) instead of just the operator chart (5.8KB). This caused Helm to load a stale splunk-enterprise as a subchart, leading to template rendering errors: Error: INSTALLATION FAILED: template: splunk-enterprise/charts/ splunk-enterprise/templates/enterprise_v4_ingestorcluster.yaml:1:14: executing "splunk-enterprise/charts/splunk-enterprise/templates/ enterprise_v4_ingestorcluster.yaml" at <.Values.ingestorCluster.enabled>: nil pointer evaluating interface {}.enabled Root cause: The file was replaced with a packaged splunk-enterprise chart in multiple "Restore helm chart version 3.0.0" commits (see b9766dd and related commits in git history). Fix: - Restored correct splunk-operator-3.0.0.tgz from commit a3737ba (5.8KB) - File now contains only splunk-operator chart content, not splunk-enterprise Validation: - helm lint passes on both splunk-operator and splunk-enterprise charts - helm template successfully renders c3 deployment without errors - Added tools/validate-helm-charts.sh script to detect future corruption - Added .github/workflows/validate-helm-charts.yml for automated CI validation The validation script checks: - tgz files start with "splunk-operator/" directory (not "splunk-enterprise/") - Files don't contain splunk-enterprise/Chart.yaml content - File sizes are reasonable (detects 4.5MB corruption vs expected 5-400KB) The CI workflow runs on PRs/pushes that touch helm-chart files and validates: - Tgz structure (via validation script) - Helm lint on both charts - Template rendering for common deployment patterns (default, c3, s1) This prevents the corruption from happening again in future PRs. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
diff --git a/.github/workflows/validate-helm-charts.yml b/.github/workflows/validate-helm-charts.yml
@@ -0,0 +1,85 @@
+name: Validate Helm Charts
+permissions:
+  contents: read
+  pull-requests: write
+on:
+  pull_request:
+    paths:
+      - 'helm-chart/**/*.tgz'
+      - 'helm-chart/**/Chart.yaml'
+      - 'helm-chart/**/values.yaml'
+      - 'tools/validate-helm-charts.sh'
+  push:
+    branches:
+      - main
+      - develop
+    paths:
+      - 'helm-chart/**/*.tgz'
+      - 'helm-chart/**/Chart.yaml'
+      - 'helm-chart/**/values.yaml'
+      - 'tools/validate-helm-charts.sh'
+  workflow_dispatch:
+
+jobs:
+  validate-chart-tgz-files:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Validate Helm chart tgz files
+        run: |
+          chmod +x tools/validate-helm-charts.sh
+          ./tools/validate-helm-charts.sh
+
+      - name: Comment on PR with validation results
+        if: failure() && github.event_name == 'pull_request'
+        uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.createComment({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              body: '❌ **Helm Chart Validation Failed**\n\nThe `tools/validate-helm-charts.sh` script detected issues with Helm chart tgz files.\n\nPlease check the workflow logs for details and ensure:\n- Operator chart tgz files contain only `splunk-operator/` content (not `splunk-enterprise/`)\n- File sizes are reasonable (3.x charts ~5-10KB, 2.x charts ~400-430KB)\n- No tgz files over 1MB\n\nSee workflow run: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}'
+            })
+
+  lint-helm-charts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install Helm
+        run: |
+          curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
+          chmod 700 get_helm.sh
+          DESIRED_VERSION=v3.8.2 bash get_helm.sh
+
+      - name: Lint splunk-operator chart
+        run: |
+          helm lint helm-chart/splunk-operator
+
+      - name: Lint splunk-enterprise chart
+        run: |
+          helm lint helm-chart/splunk-enterprise
+
+      - name: Test template rendering for common deployments
+        run: |
+          # Test default values
+          helm template test-default helm-chart/splunk-enterprise --dry-run > /dev/null
+
+          # Test c3 deployment
+          helm template test-c3 helm-chart/splunk-enterprise \
+            --set sva.c3.enabled=true \
+            --set "sva.c3.indexerClusters[0].name=idx1" \
+            --set "sva.c3.searchHeadClusters[0].name=shc1" \
+            --set clusterManager.enabled=true \
+            --dry-run > /dev/null
+
+          # Test s1 deployment
+          helm template test-s1 helm-chart/splunk-enterprise \
+            --set sva.s1.enabled=true \
+            --dry-run > /dev/null
+
+          echo "✅ All template rendering tests passed"
diff --git a/helm-chart/splunk-enterprise/charts/splunk-operator-3.0.0.tgz b/helm-chart/splunk-enterprise/charts/splunk-operator-3.0.0.tgz
diff --git a/tools/validate-helm-charts.sh b/tools/validate-helm-charts.sh
@@ -0,0 +1,96 @@
+#!/bin/bash
+# Validation script for Helm chart tgz files
+# This script ensures that splunk-operator chart tgz files contain only the operator chart,
+# not the full splunk-enterprise chart (which would cause Helm to load a stale subchart).
+
+set -e
+
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_ROOT="$(cd "${SCRIPT_DIR}/.." && pwd)"
+CHARTS_DIR="${REPO_ROOT}/helm-chart/splunk-enterprise/charts"
+
+echo "Validating Helm chart tgz files in ${CHARTS_DIR}"
+echo ""
+
+EXIT_CODE=0
+
+# Expected size ranges for operator charts (in KB)
+MIN_OPERATOR_SIZE_KB=5     # 3.x charts are ~6-7KB (no CRDs)
+MAX_OPERATOR_SIZE_2X_KB=450 # 2.x charts are ~400-430KB (with CRDs)
+MAX_OPERATOR_SIZE_3X_KB=10  # 3.x charts should be under 10KB
+
+for TGZ_FILE in "${CHARTS_DIR}"/splunk-operator-*.tgz; do
+    if [ ! -f "${TGZ_FILE}" ]; then
+        continue
+    fi
+
+    FILENAME=$(basename "${TGZ_FILE}")
+    VERSION=$(echo "${FILENAME}" | sed 's/splunk-operator-\(.*\)\.tgz/\1/')
+
+    # Get file size in KB
+    SIZE_BYTES=$(stat -f%z "${TGZ_FILE}" 2>/dev/null || stat -c%s "${TGZ_FILE}" 2>/dev/null)
+    SIZE_KB=$((SIZE_BYTES / 1024))
+
+    echo "Checking ${FILENAME} (${SIZE_KB}KB)..."
+
+    # Check contents
+    FIRST_DIR=$(tar -tzf "${TGZ_FILE}" | head -1 | cut -d'/' -f1)
+
+    if [ "${FIRST_DIR}" != "splunk-operator" ]; then
+        echo -e "${RED}ERROR: ${FILENAME} does not start with 'splunk-operator/' directory${NC}"
+        echo "  Expected: splunk-operator/..."
+        echo "  Got: ${FIRST_DIR}/..."
+        EXIT_CODE=1
+        continue
+    fi
+
+    # Check for splunk-enterprise content (should NOT be present)
+    if tar -tzf "${TGZ_FILE}" | grep -q "splunk-enterprise/Chart.yaml"; then
+        echo -e "${RED}ERROR: ${FILENAME} contains splunk-enterprise chart content${NC}"
+        echo "  This file appears to be a full splunk-enterprise chart package instead of just the operator chart."
+        echo "  Expected: Only splunk-operator chart files"
+        echo "  Found: splunk-enterprise/Chart.yaml (and likely other splunk-enterprise files)"
+        EXIT_CODE=1
+        continue
+    fi
+
+    # Check size is reasonable based on version
+    MAJOR_VERSION=$(echo "${VERSION}" | cut -d'.' -f1)
+
+    if [ "${MAJOR_VERSION}" = "3" ]; then
+        # 3.x charts removed CRDs, should be small
+        if [ ${SIZE_KB} -gt ${MAX_OPERATOR_SIZE_3X_KB} ]; then
+            echo -e "${YELLOW}WARNING: ${FILENAME} is larger than expected for 3.x (${SIZE_KB}KB > ${MAX_OPERATOR_SIZE_3X_KB}KB)${NC}"
+            echo "  3.x operator charts should not include CRDs and should be under 10KB"
+        fi
+    elif [ "${MAJOR_VERSION}" = "2" ]; then
+        # 2.x charts included CRDs, larger but still not huge
+        if [ ${SIZE_KB} -gt ${MAX_OPERATOR_SIZE_2X_KB} ]; then
+            echo -e "${YELLOW}WARNING: ${FILENAME} is larger than expected for 2.x (${SIZE_KB}KB > ${MAX_OPERATOR_SIZE_2X_KB}KB)${NC}"
+        fi
+    fi
+
+    # Size sanity check - anything over 1MB is definitely wrong (4.5MB was the corrupted file)
+    if [ ${SIZE_KB} -gt 1024 ]; then
+        echo -e "${RED}ERROR: ${FILENAME} is suspiciously large (${SIZE_KB}KB)${NC}"
+        echo "  This likely contains the full splunk-enterprise chart instead of just the operator chart"
+        EXIT_CODE=1
+        continue
+    fi
+
+    echo -e "${GREEN}✓ ${FILENAME} validated successfully${NC}"
+    echo ""
+done
+
+if [ ${EXIT_CODE} -eq 0 ]; then
+    echo -e "${GREEN}All Helm chart tgz files validated successfully!${NC}"
+else
+    echo -e "${RED}Validation failed! Please fix the issues above.${NC}"
+fi
+
+exit ${EXIT_CODE}
