Update test_docker.yml #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Validate Nginx Configuration with WAF Rules | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger on push to main branch | |
| pull_request: | |
| branches: | |
| - main # Trigger on pull request to main branch | |
| jobs: | |
| validate-nginx-configuration: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Download WAF rules | |
| run: | | |
| wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip | |
| echo "Downloaded nginx_waf.zip" | |
| ls -lh nginx_waf.zip | |
| - name: Extract WAF rules | |
| run: | | |
| unzip nginx_waf.zip -d waf_rules | |
| echo "Extracted WAF rules into waf_rules directory" | |
| ls -lh waf_rules/waf_patterns/nginx/ | |
| - name: Verify WAF rules extraction | |
| run: | | |
| if [ ! -d "waf_rules/waf_patterns/nginx" ]; then | |
| echo "Error: WAF rules directory not found after extraction!" | |
| exit 1 | |
| fi | |
| if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then | |
| echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/" | |
| echo "Contents of waf_rules/waf_patterns/nginx/:" | |
| ls -l waf_rules/waf_patterns/nginx/ | |
| exit 1 | |
| fi | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.9" | |
| - name: Install crossplane | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install crossplane | |
| - name: Validate individual WAF rule files | |
| run: | | |
| for file in waf_rules/waf_patterns/nginx/*.conf; do | |
| echo "Validating $file..." | |
| # Use crossplane to parse and validate the file | |
| if ! crossplane parse "$file" > /dev/null; then | |
| echo "Error: Validation failed for $file" | |
| crossplane parse "$file" # Print detailed error | |
| exit 1 | |
| fi | |
| echo "Validation successful for $file" | |
| done | |
| - name: Merge all WAF rules into a single file | |
| run: | | |
| echo "Merging all WAF rules into a single file..." | |
| echo "http {" > merged_waf_rules.conf | |
| for file in waf_rules/waf_patterns/nginx/*.conf; do | |
| echo "Merging $file..." | |
| cat "$file" >> merged_waf_rules.conf | |
| echo "" >> merged_waf_rules.conf | |
| done | |
| echo "}" >> merged_waf_rules.conf | |
| echo "Contents of merged_waf_rules.conf:" | |
| cat merged_waf_rules.conf | |
| - name: Validate merged WAF rules | |
| run: | | |
| echo "Validating merged WAF rules..." | |
| # Use crossplane to parse and validate the merged file | |
| if ! crossplane parse merged_waf_rules.conf > /dev/null; then | |
| echo "Error: Validation failed for merged_waf_rules.conf" | |
| crossplane parse merged_waf_rules.conf # Print detailed error | |
| exit 1 | |
| fi | |
| echo "Validation successful for merged_waf_rules.conf" |