Update nginx.yml #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Nginx Configuration | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| pull_request: | |
| branches: | |
| - main # Trigger on pull request to main branch | |
| jobs: | |
| validate-nginx: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download WAF rules | |
| run: | | |
| wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip | |
| echo "Downloaded nginx_waf.zip" | |
| ls -lh nginx_waf.zip | |
| - name: Extract WAF rules | |
| run: | | |
| unzip nginx_waf.zip -d waf_rules | |
| echo "Extracted WAF rules into waf_rules directory" | |
| ls -lh waf_rules/waf_patterns/nginx/ | |
| - name: Verify WAF rules extraction | |
| run: | | |
| if [ ! -d "waf_rules/waf_patterns/nginx" ]; then | |
| echo "Error: WAF rules directory not found after extraction!" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then | |
| echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/" | |
| echo "Contents of waf_rules/waf_patterns/nginx/:" | |
| ls -l waf_rules/waf_patterns/nginx/ | |
| exit 1 | |
| fi | |
| - name: Verify nginx.conf exists | |
| run: | | |
| if [ ! -f "tests/nginx.conf" ]; then | |
| echo "Error: tests/nginx.conf not found in the repository!" | |
| exit 1 | |
| fi | |
| - name: Merge WAF rules into a single file | |
| run: | | |
| # Merge all WAF rules into a single file | |
| cat waf_rules/waf_patterns/nginx/*.conf > merged_waf_rules.conf | |
| echo "Merged WAF rules into merged_waf_rules.conf" | |
| echo "Contents of merged_waf_rules.conf:" | |
| cat merged_waf_rules.conf | |
| - name: Combine Nginx configuration | |
| run: | | |
| # Create a temporary nginx.conf file that includes the merged WAF rules | |
| echo "events {" > temp_nginx.conf | |
| echo " worker_connections 1024;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "http {" >> temp_nginx.conf | |
| echo " include /etc/nginx/merged_waf_rules.conf;" >> temp_nginx.conf | |
| echo " include /etc/nginx/tests/nginx.conf;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "Combined Nginx configuration:" | |
| cat temp_nginx.conf | |
| - name: Validate Nginx configuration using Docker | |
| run: | | |
| # Copy the merged WAF rules and nginx.conf to a Docker volume | |
| docker run --rm -v $(pwd)/merged_waf_rules.conf:/etc/nginx/merged_waf_rules.conf:ro \ | |
| -v $(pwd)/tests/nginx.conf:/etc/nginx/tests/nginx.conf:ro \ | |
| -v $(pwd)/temp_nginx.conf:/etc/nginx/nginx.conf:ro \ | |
| nginx nginx -t |