mirror/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2026-06-11 06:54:15 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
5c654b3da8d009f3961af1dd13da48d016a67de4
patterns/.github/workflows/test_nginx.yml
Fabrizio Salmi 5c654b3da8 Redesign docs with Apple-native theme; verify content; route CI to self-hosted runner-02 
- VitePress: custom theme (SF system fonts, glass nav, soft surfaces, pill buttons,
  light/dark code blocks, refined feature cards, platform showcase + stat strip).
- Replace every emoji across docs and README with inline SVG icons.
- Verify and fix doc accuracy against actual scripts: JSON schema (category+pattern only),
  env-var configuration for json2*/import_* scripts, owasp2json CLI surface.
- Add public assets (logo.svg, favicon.svg, hero-shield.svg) and Shiki haproxy alias.
- Workflows default to self-hosted runner-02 with a configurable fallback to GitHub
  runners via the RUNS_ON repo variable.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-01 08:07:04 +02:00

93 lines
2.8 KiB
YAML
Raw Blame History

name: Nginx patterns validation
permissions:
contents: read # Needed to read repository contents (e.g., WAF rules)
on:
push:
branches:
- main # Trigger on push to main branch
pull_request:
branches:
- main # Trigger on pull request to main branch
jobs:
validate-nginx-configuration:
runs-on: ${{ fromJSON(vars.RUNS_ON || '["self-hosted","runner-02"]') }}
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Download WAF rules
run: |
wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
echo "Downloaded nginx_waf.zip"
ls -lh nginx_waf.zip
- name: Extract WAF rules
run: |
unzip nginx_waf.zip -d waf_rules
echo "Extracted WAF rules into waf_rules directory"
ls -lh waf_rules/
- name: Verify WAF rules extraction
run: |
if [ -z "$(ls -A waf_rules/*.conf 2>/dev/null)" ]; then
echo "Error: No .conf files found in waf_rules/"
echo "Contents of waf_rules/:"
ls -l waf_rules/
exit 1
fi
echo "Found WAF configuration files:"
ls -l waf_rules/*.conf
- name: Set up Python
uses: actions/setup-python@v4
with:
python-version: "3.9"
- name: Install crossplane
run: |
python -m pip install --upgrade pip
pip install crossplane
- name: Validate individual WAF rule files
run: |
for file in waf_rules/*.conf; do
echo "Validating $file..."
# Use crossplane to parse and validate the file
if ! crossplane parse "$file" > /dev/null; then
echo "Error: Validation failed for $file"
crossplane parse "$file" # Print detailed error
exit 1
fi
echo "Validation successful for $file"
done
- name: Merge all WAF rules into a single file
run: |
echo "Merging all WAF rules into a single file..."
echo "http {" > merged_waf_rules.conf
for file in waf_rules/*.conf; do
echo "Merging $file..."
cat "$file" >> merged_waf_rules.conf
echo "" >> merged_waf_rules.conf
done
echo "}" >> merged_waf_rules.conf
echo "Contents of merged_waf_rules.conf:"
cat merged_waf_rules.conf
- name: Validate merged WAF rules
run: |
echo "Validating merged WAF rules..."
# Use crossplane to parse and validate the merged file
if ! crossplane parse merged_waf_rules.conf > /dev/null; then
echo "Error: Validation failed for merged_waf_rules.conf"
crossplane parse merged_waf_rules.conf # Print detailed error
exit 1
fi
echo "Validation successful for merged_waf_rules.conf"
Reference in New Issue View Git Blame Copy Permalink