name: Update WAF Rules on: schedule: - cron: '0 0 * * *' # Run daily at midnight UTC workflow_dispatch: # Allow manual trigger jobs: update-owasp-waf: runs-on: ubuntu-latest steps: - name: ๐Ÿšš Checkout Repository uses: actions/checkout@v3 with: fetch-depth: 0 # Full history to avoid shallow clone issues - name: โš™๏ธ Set Up Python uses: actions/setup-python@v4 with: python-version: '3.11' - name: ๐Ÿ“ฆ Cache Python Packages id: cache-pip uses: actions/cache@v3 with: path: ~/.cache/pip key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }} restore-keys: | ${{ runner.os }}-pip- - name: ๐Ÿ“ฅ Install Dependencies if: steps.cache-pip.outputs.cache-hit != 'true' run: | python -m pip install --upgrade pip pip install -r requirements.txt continue-on-error: false # Fail the workflow if dependencies fail to install - name: ๐Ÿ•ท๏ธ Run OWASP Scraper run: | python owasp.py continue-on-error: false - name: ๐Ÿ”„ Convert OWASP to Caddy WAF run: | python owasp2caddy.py continue-on-error: false - name: ๐Ÿ”„ Convert OWASP to Nginx WAF run: | python owasp2nginx.py continue-on-error: false # Ensure conf files are pushed even if no changes detected - name: ๐Ÿš€ Commit and Push Caddy and Nginx WAF Configs run: | git config user.name "github-actions[bot]" git config user.email "github-actions[bot]@users.noreply.github.com" git add waf_patterns/caddy/*.conf waf_patterns/nginx/*.conf git commit -m "Automated update: OWASP CRS to Caddy and Nginx WAF rules [$(date)]" || echo "No changes to commit" git push continue-on-error: true # Continue even if no changes are made - name: ๐Ÿงน Cleanup Cache (Optional) run: | rm -rf ~/.cache/pip if: always() # Run this step even if previous steps fail - name: ๐Ÿšจ Notify on Failure (Optional) if: failure() run: | echo "๐Ÿšจ Workflow failed! Please investigate." # Slack or email notification logic (add webhook or SMTP integration here)