Update nginx.yml #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Nginx Configuration | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| pull_request: | |
| branches: | |
| - main # Trigger on pull request to main branch | |
| jobs: | |
| validate-nginx: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download WAF rules | |
| run: | | |
| wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip | |
| echo "Downloaded nginx_waf.zip" | |
| ls -lh nginx_waf.zip | |
| - name: Extract WAF rules | |
| run: | | |
| unzip nginx_waf.zip -d waf_rules | |
| echo "Extracted WAF rules into waf_rules directory" | |
| ls -lh waf_rules/waf_patterns/nginx/ | |
| - name: Verify WAF rules extraction | |
| run: | | |
| if [ ! -d "waf_rules/waf_patterns/nginx" ]; then | |
| echo "Error: WAF rules directory not found after extraction!" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then | |
| echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/" | |
| echo "Contents of waf_rules/waf_patterns/nginx/:" | |
| ls -l waf_rules/waf_patterns/nginx/ | |
| exit 1 | |
| fi | |
| - name: Verify nginx.conf exists | |
| run: | | |
| if [ ! -f "tests/nginx.conf" ]; then | |
| echo "Error: tests/nginx.conf not found in the repository!" | |
| exit 1 | |
| fi | |
| - name: Extract and format map directives | |
| run: | | |
| # Extract map directives and ensure they are properly formatted | |
| grep -h "map " waf_rules/waf_patterns/nginx/*.conf > map_directives.conf || true | |
| echo "Extracted map directives into map_directives.conf" | |
| # Add closing brace if missing | |
| if ! grep -q "}" map_directives.conf; then | |
| echo "}" >> map_directives.conf | |
| fi | |
| echo "First 40 lines of map_directives.conf:" | |
| head -n 40 map_directives.conf | |
| - name: Merge WAF rules into a single file with a server block | |
| run: | | |
| # Create a merged_waf_rules.conf file with a server block | |
| echo "server {" > merged_waf_rules.conf | |
| grep -L "map " waf_rules/waf_patterns/nginx/*.conf >> merged_waf_rules.conf || true | |
| echo "}" >> merged_waf_rules.conf | |
| # Remove any extra closing braces | |
| sed -i '/^\s*}\s*$/d' merged_waf_rules.conf | |
| echo "}" >> merged_waf_rules.conf | |
| echo "Merged WAF rules into merged_waf_rules.conf" | |
| echo "First 40 lines of merged_waf_rules.conf:" | |
| head -n 40 merged_waf_rules.conf | |
| - name: Combine Nginx configuration | |
| run: | | |
| # Create a temporary nginx.conf file that includes the map directives and merged WAF rules | |
| echo "events {" > temp_nginx.conf | |
| echo " worker_connections 1024;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "http {" >> temp_nginx.conf | |
| echo " include /etc/nginx/map_directives.conf;" >> temp_nginx.conf | |
| echo " include /etc/nginx/merged_waf_rules.conf;" >> temp_nginx.conf | |
| echo " include /etc/nginx/tests/nginx.conf;" >> temp_nginx.conf | |
| echo "}" >> temp_nginx.conf | |
| echo "Combined Nginx configuration:" | |
| echo "First 40 lines of temp_nginx.conf:" | |
| head -n 40 temp_nginx.conf | |
| - name: Validate Nginx configuration using Docker | |
| run: | | |
| # Copy the map directives, merged WAF rules, and nginx.conf to a Docker volume | |
| docker run --rm -v $(pwd)/map_directives.conf:/etc/nginx/map_directives.conf:ro \ | |
| -v $(pwd)/merged_waf_rules.conf:/etc/nginx/merged_waf_rules.conf:ro \ | |
| -v $(pwd)/tests/nginx.conf:/etc/nginx/tests/nginx.conf:ro \ | |
| -v $(pwd)/temp_nginx.conf:/etc/nginx/nginx.conf:ro \ | |
| nginx nginx -t |