mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2026-01-04 03:57:42 -05:00
a6f372e0c9
The nginx_waf.zip extracts files directly to the target directory, not into waf_patterns/nginx/ subdirectory. Updated paths accordingly.
93 lines
2.7 KiB
YAML
93 lines
2.7 KiB
YAML
name: Nginx patterns validation
|
|
|
|
permissions:
|
|
contents: read # Needed to read repository contents (e.g., WAF rules)
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main # Trigger on push to main branch
|
|
pull_request:
|
|
branches:
|
|
- main # Trigger on pull request to main branch
|
|
|
|
jobs:
|
|
validate-nginx-configuration:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Download WAF rules
|
|
run: |
|
|
wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
|
|
echo "Downloaded nginx_waf.zip"
|
|
ls -lh nginx_waf.zip
|
|
|
|
- name: Extract WAF rules
|
|
run: |
|
|
unzip nginx_waf.zip -d waf_rules
|
|
echo "Extracted WAF rules into waf_rules directory"
|
|
ls -lh waf_rules/
|
|
|
|
- name: Verify WAF rules extraction
|
|
run: |
|
|
if [ -z "$(ls -A waf_rules/*.conf 2>/dev/null)" ]; then
|
|
echo "Error: No .conf files found in waf_rules/"
|
|
echo "Contents of waf_rules/:"
|
|
ls -l waf_rules/
|
|
exit 1
|
|
fi
|
|
echo "Found WAF configuration files:"
|
|
ls -l waf_rules/*.conf
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v4
|
|
with:
|
|
python-version: "3.9"
|
|
|
|
- name: Install crossplane
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install crossplane
|
|
|
|
- name: Validate individual WAF rule files
|
|
run: |
|
|
for file in waf_rules/*.conf; do
|
|
echo "Validating $file..."
|
|
# Use crossplane to parse and validate the file
|
|
if ! crossplane parse "$file" > /dev/null; then
|
|
echo "Error: Validation failed for $file"
|
|
crossplane parse "$file" # Print detailed error
|
|
exit 1
|
|
fi
|
|
echo "Validation successful for $file"
|
|
done
|
|
|
|
- name: Merge all WAF rules into a single file
|
|
run: |
|
|
echo "Merging all WAF rules into a single file..."
|
|
echo "http {" > merged_waf_rules.conf
|
|
for file in waf_rules/*.conf; do
|
|
echo "Merging $file..."
|
|
cat "$file" >> merged_waf_rules.conf
|
|
echo "" >> merged_waf_rules.conf
|
|
done
|
|
echo "}" >> merged_waf_rules.conf
|
|
|
|
echo "Contents of merged_waf_rules.conf:"
|
|
cat merged_waf_rules.conf
|
|
|
|
- name: Validate merged WAF rules
|
|
run: |
|
|
echo "Validating merged WAF rules..."
|
|
# Use crossplane to parse and validate the merged file
|
|
if ! crossplane parse merged_waf_rules.conf > /dev/null; then
|
|
echo "Error: Validation failed for merged_waf_rules.conf"
|
|
crossplane parse merged_waf_rules.conf # Print detailed error
|
|
exit 1
|
|
fi
|
|
echo "Validation successful for merged_waf_rules.conf"
|
|
|