Update nginx.yml #22
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Nginx Configuration | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| pull_request: | |
| branches: | |
| - main # Trigger on pull request to main branch | |
| jobs: | |
| validate-nginx: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download WAF rules | |
| run: | | |
| wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip | |
| echo "Downloaded nginx_waf.zip" | |
| ls -lh nginx_waf.zip | |
| - name: Extract WAF rules | |
| run: | | |
| unzip nginx_waf.zip -d waf_rules | |
| echo "Extracted WAF rules into waf_rules directory" | |
| ls -lh waf_rules/waf_patterns/nginx/ | |
| - name: Verify WAF rules extraction | |
| run: | | |
| if [ ! -d "waf_rules/waf_patterns/nginx" ]; then | |
| echo "Error: WAF rules directory not found after extraction!" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then | |
| echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/" | |
| echo "Contents of waf_rules/waf_patterns/nginx/:" | |
| ls -l waf_rules/waf_patterns/nginx/ | |
| exit 1 | |
| fi | |
| - name: Verify nginx.conf exists | |
| run: | | |
| if [ ! -f "tests/nginx.conf" ]; then | |
| echo "Error: tests/nginx.conf not found in the repository!" | |
| exit 1 | |
| fi | |
| - name: Separate map directives from WAF rules | |
| run: | | |
| # Extract map directives into a separate file | |
| grep -h "map " waf_rules/waf_patterns/nginx/*.conf > map_directives.conf || true | |
| echo "Extracted map directives into map_directives.conf" | |
| echo "Contents of map_directives.conf:" | |
| cat map_directives.conf | |
| # Remove map directives from the WAF rules | |
| grep -L "map " waf_rules/waf_patterns/nginx/*.conf > waf_rules_without_map.conf || true | |
| echo "WAF rules without map directives:" | |
| cat waf_rules_without_map.conf | |
| - name: Merge WAF rules into a single file with a server block | |
| run: | | |
| # Create a merged_waf_rules.conf file with a server block | |
| echo "server {" > merged_waf_rules.conf | |
| cat waf_rules_without_map.conf >> merged_waf_rules.conf | |
| echo "}" >> merged_waf_rules.conf | |
| echo "Merged WAF rules into merged_waf_rules.conf" | |
| echo "Contents of merged_waf_rules.conf:" | |
| cat merged_waf_rules.conf | |
| - name: Combine Nginx configuration | |
| run: | | |
| # Create a temporary nginx.conf file that includes the map directives and merged WAF rules | |
| echo "events {" > temp_nginx.conf | |
| echo " worker_connections 1024;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "http {" >> temp_nginx.conf | |
| echo " include /etc/nginx/map_directives.conf;" >> temp_nginx.conf | |
| echo " include /etc/nginx/merged_waf_rules.conf;" >> temp_nginx.conf | |
| echo " include /etc/nginx/tests/nginx.conf;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "Combined Nginx configuration:" | |
| cat temp_nginx.conf | |
| - name: Validate Nginx configuration using Docker | |
| run: | | |
| # Copy the map directives, merged WAF rules, and nginx.conf to a Docker volume | |
| docker run --rm -v $(pwd)/map_directives.conf:/etc/nginx/map_directives.conf:ro \ | |
| -v $(pwd)/merged_waf_rules.conf:/etc/nginx/merged_waf_rules.conf:ro \ | |
| -v $(pwd)/tests/nginx.conf:/etc/nginx/tests/nginx.conf:ro \ | |
| -v $(pwd)/temp_nginx.conf:/etc/nginx/nginx.conf:ro \ | |
| nginx nginx -t |