patterns/.github/workflows/test_apache_docker.yml

name: Apache with Docker patterns validation

permissions:
  contents: read  # Needed to read Apache WAF configuration files

on:
  push:
    branches:
      - main  # Trigger on push to main branch
  pull_request:
    branches:
      - main  # Trigger on pull request to main branch

jobs:
  validate-waf-patterns:
    runs-on: ${{ fromJSON(vars.RUNS_ON || '["self-hosted","runner-02"]') }}

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Cache Docker setup
      id: cache-docker
      uses: actions/cache@v3
      with:
        path: /var/lib/docker
        key: docker-setup-${{ runner.os }}

    - name: Set up Docker
      run: |
        sudo apt-get update
        # Remove conflicting containerd package
        sudo apt-get remove -y containerd
        # Install Docker dependencies
        sudo apt-get install -y ca-certificates curl
        # Add Docker's official GPG key
        sudo install -m 0755 -d /etc/apt/keyrings
        curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
        sudo chmod a+r /etc/apt/keyrings/docker.gpg
        # Add Docker's repository
        echo \
          "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
          $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
          sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
        # Install Docker
        sudo apt-get update
        sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
        sudo docker --version

    - name: Pull Docker images
      run: |
        echo "Pulling ApacheDocker image..."
        sudo docker pull httpd:latest

    - name: Validate Apache configuration
      run: |
        echo "Validating Apache configuration..."
        for file in waf_patterns/apache/*.conf; do
          echo "Validating $file..."
          sudo docker run --rm -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra:ro httpd httpd -t
          if [ $? -ne 0 ]; then
            echo "Error: Validation failed for $file"
            exit 1
          fi
        done

    - name: Start Apache container with WAF rules
      run: |
        echo "Starting Apache container..."
        sudo docker run -d \
          --name apache-waf \
          -p ${{ env.APACHE_PORT }}:80 \
          -v $(pwd)/waf_patterns/apache:/usr/local/apache2/conf/extra \
          httpd:latest
        echo "Apache is running on port ${{ env.APACHE_PORT }}."

    - name: Check Apache container logs
      run: |
        echo "Checking Apache container logs..."
        sudo docker logs apache-waf

    - name: Clean up containers
      if: always()
      run: |
        echo "Stopping and removing containers..."
        sudo docker stop apache-waf || true
        sudo docker rm apache-waf || true
        echo "Containers stopped and removed."