Rename nginx.yml to test_nginx.yml

2025-12-29 16:15:12 +00:00 · 2025-01-16 19:19:08 +01:00
parent 45d9f34241
commit cf1a4da2bd
1 changed files with 1 additions and 1 deletions
--- a/.github/workflows/test_nginx.yml
+++ b/.github/workflows/test_nginx.yml
@@ -0,0 +1,90 @@
+name: Validate Nginx Configuration with WAF Rules
+
+on:
+  push:
+    branches:
+      - main  # Trigger on push to main branch
+  pull_request:
+    branches:
+      - main  # Trigger on pull request to main branch
+
+jobs:
+  validate-nginx-configuration:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v3
+
+    - name: Download WAF rules
+      run: |
+        wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
+        echo "Downloaded nginx_waf.zip"
+        ls -lh nginx_waf.zip
+
+    - name: Extract WAF rules
+      run: |
+        unzip nginx_waf.zip -d waf_rules
+        echo "Extracted WAF rules into waf_rules directory"
+        ls -lh waf_rules/waf_patterns/nginx/
+
+    - name: Verify WAF rules extraction
+      run: |
+        if [ ! -d "waf_rules/waf_patterns/nginx" ]; then
+          echo "Error: WAF rules directory not found after extraction!"
+          exit 1
+        fi
+        if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then
+          echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/"
+          echo "Contents of waf_rules/waf_patterns/nginx/:"
+          ls -l waf_rules/waf_patterns/nginx/
+          exit 1
+        fi
+
+    - name: Set up Python
+      uses: actions/setup-python@v4
+      with:
+        python-version: "3.9"
+
+    - name: Install crossplane
+      run: |
+        python -m pip install --upgrade pip
+        pip install crossplane
+
+    - name: Validate individual WAF rule files
+      run: |
+        for file in waf_rules/waf_patterns/nginx/*.conf; do
+          echo "Validating $file..."
+          # Use crossplane to parse and validate the file
+          if ! crossplane parse "$file" > /dev/null; then
+            echo "Error: Validation failed for $file"
+            crossplane parse "$file"  # Print detailed error
+            exit 1
+          fi
+          echo "Validation successful for $file"
+        done
+
+    - name: Merge all WAF rules into a single file
+      run: |
+        echo "Merging all WAF rules into a single file..."
+        echo "http {" > merged_waf_rules.conf
+        for file in waf_rules/waf_patterns/nginx/*.conf; do
+          echo "Merging $file..."
+          cat "$file" >> merged_waf_rules.conf
+          echo "" >> merged_waf_rules.conf
+        done
+        echo "}" >> merged_waf_rules.conf
+
+        echo "Contents of merged_waf_rules.conf:"
+        cat merged_waf_rules.conf
+
+    - name: Validate merged WAF rules
+      run: |
+        echo "Validating merged WAF rules..."
+        # Use crossplane to parse and validate the merged file
+        if ! crossplane parse merged_waf_rules.conf > /dev/null; then
+          echo "Error: Validation failed for merged_waf_rules.conf"
+          crossplane parse merged_waf_rules.conf  # Print detailed error
+          exit 1
+        fi
+        echo "Validation successful for merged_waf_rules.conf"