Update nginx.yml #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Nginx Configuration | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| pull_request: | |
| branches: | |
| - main # Trigger on pull request to main branch | |
| jobs: | |
| validate-nginx: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download WAF rules | |
| run: | | |
| wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip | |
| echo "Downloaded nginx_waf.zip" | |
| ls -lh nginx_waf.zip | |
| - name: Extract WAF rules | |
| run: | | |
| unzip nginx_waf.zip -d waf_rules | |
| echo "Extracted WAF rules into waf_rules directory" | |
| ls -lh waf_rules/waf_patterns/nginx/ | |
| - name: Verify WAF rules extraction | |
| run: | | |
| if [ ! -d "waf_rules/waf_patterns/nginx" ]; then | |
| echo "Error: WAF rules directory not found after extraction!" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then | |
| echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/" | |
| echo "Contents of waf_rules/waf_patterns/nginx/:" | |
| ls -l waf_rules/waf_patterns/nginx/ | |
| exit 1 | |
| fi | |
| - name: Verify nginx.conf exists | |
| run: | | |
| if [ ! -f "tests/nginx.conf" ]; then | |
| echo "Error: tests/nginx.conf not found in the repository!" | |
| exit 1 | |
| fi | |
| - name: Combine Nginx configuration | |
| run: | | |
| # Wrap WAF rules in a server block | |
| echo "server {" > wrapped_waf_rules.conf | |
| cat waf_rules/waf_patterns/nginx/*.conf >> wrapped_waf_rules.conf | |
| echo "}" >> wrapped_waf_rules.conf | |
| # Combine nginx.conf with wrapped WAF rules | |
| cat tests/nginx.conf wrapped_waf_rules.conf > combined_nginx.conf | |
| echo "Combined Nginx configuration:" | |
| cat combined_nginx.conf | |
| - name: Debug combined_nginx.conf | |
| run: | | |
| echo "Contents of combined_nginx.conf:" | |
| cat combined_nginx.conf | |
| - name: Validate Nginx configuration using Docker | |
| run: | | |
| docker run --rm -v $(pwd)/combined_nginx.conf:/etc/nginx/nginx.conf:ro nginx nginx -t |