gh-anton-abyzov-specweave-plugins-specweave-kubernetes/skills/helm-chart-scaffolding/scripts/validate-chart.sh

#!/bin/bash
set -e

CHART_DIR="${1:-.}"
RELEASE_NAME="test-release"

echo "═══════════════════════════════════════════════════════"
echo "  Helm Chart Validation"
echo "═══════════════════════════════════════════════════════"
echo ""

# Colors
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
RED='\033[0;31m'
NC='\033[0m' # No Color

success() {
    echo -e "${GREEN}✓${NC} $1"
}

warning() {
    echo -e "${YELLOW}⚠${NC} $1"
}

error() {
    echo -e "${RED}✗${NC} $1"
}

# Check if Helm is installed
if ! command -v helm &> /dev/null; then
    error "Helm is not installed"
    exit 1
fi

echo "📦 Chart directory: $CHART_DIR"
echo ""

# 1. Check chart structure
echo "1️⃣  Checking chart structure..."
if [ ! -f "$CHART_DIR/Chart.yaml" ]; then
    error "Chart.yaml not found"
    exit 1
fi
success "Chart.yaml exists"

if [ ! -f "$CHART_DIR/values.yaml" ]; then
    error "values.yaml not found"
    exit 1
fi
success "values.yaml exists"

if [ ! -d "$CHART_DIR/templates" ]; then
    error "templates/ directory not found"
    exit 1
fi
success "templates/ directory exists"
echo ""

# 2. Lint the chart
echo "2️⃣  Linting chart..."
if helm lint "$CHART_DIR"; then
    success "Chart passed lint"
else
    error "Chart failed lint"
    exit 1
fi
echo ""

# 3. Check Chart.yaml
echo "3️⃣  Validating Chart.yaml..."
CHART_NAME=$(grep "^name:" "$CHART_DIR/Chart.yaml" | awk '{print $2}')
CHART_VERSION=$(grep "^version:" "$CHART_DIR/Chart.yaml" | awk '{print $2}')
APP_VERSION=$(grep "^appVersion:" "$CHART_DIR/Chart.yaml" | awk '{print $2}' | tr -d '"')

if [ -z "$CHART_NAME" ]; then
    error "Chart name not found"
    exit 1
fi
success "Chart name: $CHART_NAME"

if [ -z "$CHART_VERSION" ]; then
    error "Chart version not found"
    exit 1
fi
success "Chart version: $CHART_VERSION"

if [ -z "$APP_VERSION" ]; then
    warning "App version not specified"
else
    success "App version: $APP_VERSION"
fi
echo ""

# 4. Test template rendering
echo "4️⃣  Testing template rendering..."
if helm template "$RELEASE_NAME" "$CHART_DIR" > /dev/null 2>&1; then
    success "Templates rendered successfully"
else
    error "Template rendering failed"
    helm template "$RELEASE_NAME" "$CHART_DIR"
    exit 1
fi
echo ""

# 5. Dry-run installation
echo "5️⃣  Testing dry-run installation..."
if helm install "$RELEASE_NAME" "$CHART_DIR" --dry-run --debug > /dev/null 2>&1; then
    success "Dry-run installation successful"
else
    error "Dry-run installation failed"
    exit 1
fi
echo ""

# 6. Check for required Kubernetes resources
echo "6️⃣  Checking generated resources..."
MANIFESTS=$(helm template "$RELEASE_NAME" "$CHART_DIR")

if echo "$MANIFESTS" | grep -q "kind: Deployment"; then
    success "Deployment found"
else
    warning "No Deployment found"
fi

if echo "$MANIFESTS" | grep -q "kind: Service"; then
    success "Service found"
else
    warning "No Service found"
fi

if echo "$MANIFESTS" | grep -q "kind: ServiceAccount"; then
    success "ServiceAccount found"
else
    warning "No ServiceAccount found"
fi
echo ""

# 7. Check for security best practices
echo "7️⃣  Checking security best practices..."
if echo "$MANIFESTS" | grep -q "runAsNonRoot: true"; then
    success "Running as non-root user"
else
    warning "Not explicitly running as non-root"
fi

if echo "$MANIFESTS" | grep -q "readOnlyRootFilesystem: true"; then
    success "Using read-only root filesystem"
else
    warning "Not using read-only root filesystem"
fi

if echo "$MANIFESTS" | grep -q "allowPrivilegeEscalation: false"; then
    success "Privilege escalation disabled"
else
    warning "Privilege escalation not explicitly disabled"
fi
echo ""

# 8. Check for resource limits
echo "8️⃣  Checking resource configuration..."
if echo "$MANIFESTS" | grep -q "resources:"; then
    if echo "$MANIFESTS" | grep -q "limits:"; then
        success "Resource limits defined"
    else
        warning "No resource limits defined"
    fi
    if echo "$MANIFESTS" | grep -q "requests:"; then
        success "Resource requests defined"
    else
        warning "No resource requests defined"
    fi
else
    warning "No resources defined"
fi
echo ""

# 9. Check for health probes
echo "9️⃣  Checking health probes..."
if echo "$MANIFESTS" | grep -q "livenessProbe:"; then
    success "Liveness probe configured"
else
    warning "No liveness probe found"
fi

if echo "$MANIFESTS" | grep -q "readinessProbe:"; then
    success "Readiness probe configured"
else
    warning "No readiness probe found"
fi
echo ""

# 10. Check dependencies
if [ -f "$CHART_DIR/Chart.yaml" ] && grep -q "^dependencies:" "$CHART_DIR/Chart.yaml"; then
    echo "🔟 Checking dependencies..."
    if helm dependency list "$CHART_DIR" > /dev/null 2>&1; then
        success "Dependencies valid"

        if [ -f "$CHART_DIR/Chart.lock" ]; then
            success "Chart.lock file present"
        else
            warning "Chart.lock file missing (run 'helm dependency update')"
        fi
    else
        error "Dependencies check failed"
    fi
    echo ""
fi

# 11. Check for values schema
if [ -f "$CHART_DIR/values.schema.json" ]; then
    echo "1️⃣1️⃣ Validating values schema..."
    success "values.schema.json present"

    # Validate schema if jq is available
    if command -v jq &> /dev/null; then
        if jq empty "$CHART_DIR/values.schema.json" 2>/dev/null; then
            success "values.schema.json is valid JSON"
        else
            error "values.schema.json contains invalid JSON"
            exit 1
        fi
    fi
    echo ""
fi

# Summary
echo "═══════════════════════════════════════════════════════"
echo "  Validation Complete!"
echo "═══════════════════════════════════════════════════════"
echo ""
echo "Chart: $CHART_NAME"
echo "Version: $CHART_VERSION"
if [ -n "$APP_VERSION" ]; then
    echo "App Version: $APP_VERSION"
fi
echo ""
success "All validations passed!"
echo ""
echo "Next steps:"
echo "  • helm package $CHART_DIR"
echo "  • helm install my-release $CHART_DIR"
echo "  • helm test my-release"
echo ""