External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-17 09:45:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/.github/workflows/update_patterns.yml
copilot-swe-agent[bot] 1fe6802ffe docs: Fix script names, improve CONTRIBUTING, add WAF READMEs, fix workflow 
Co-authored-by: fabriziosalmi <1569108+fabriziosalmi@users.noreply.github.com>
2025-11-15 19:33:13 +00:00

161 lines
5.0 KiB
YAML
Raw Blame History

name: Update Patterns
permissions:
contents: write # Commit changes, push updates
statuses: write # Update commit statuses
actions: read # Required for checking out the repository
packages: write # For GitHub Packages (if used)
on:
schedule:
- cron: '0 0 * * *' # Daily at midnight UTC
workflow_dispatch: # Manual trigger
jobs:
update-owasp-waf:
runs-on: ubuntu-latest
steps:
- name: 🚚 Checkout Repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # get full git history
- name: ⚙️ Set Up Python 3.11
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: 📦 Cache pip dependencies
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: 📥 Install Dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
- name: 🕷️ Run OWASP Scraper
run: python owasp2json.py
- name: 🔄 Convert OWASP to Nginx WAF
run: python json2nginx.py
- name: 🔄 Convert OWASP to Apache WAF
run: python json2apache.py
- name: 🔄 Convert OWASP to Traefik WAF
run: python json2traefik.py
- name: 🔄 Convert OWASP to HAProxy WAF
run: python json2haproxy.py
- name: 🔄 Generate Bad Bot Blockers
run: python badbots.py
- name: 🚀 Commit and Push Changes (if any)
run: |
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git add .
# Check if there are any changes *before* committing.
if ! git diff --quiet --exit-code; then
git commit -m "Update WAF rules [$(date +'%Y-%m-%d')]"
git push
else
echo "No changes to commit."
fi
continue-on-error: true # Continue even if no changes
- name: 📦 Create Zip Archives
run: |
mkdir -p dist
(cd waf_patterns/nginx && zip -r ../../dist/nginx_waf.zip .)
(cd waf_patterns/apache && zip -r ../../dist/apache_waf.zip .)
(cd waf_patterns/traefik && zip -r ../../dist/traefik_waf.zip .)
(cd waf_patterns/haproxy && zip -r ../../dist/haproxy_waf.zip .)
- name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist)
run: |
gh auth login --with-token <<< "$GITHUB_TOKEN"
# Delete local tag
git tag -d latest || true
# Delete remote tag (force)
git push --delete origin latest || true
# Delete release, --yes for confirmation
gh release delete latest --yes || true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 🚀 Create GitHub Release (if previous steps succeeded)
id: create_release
if: success() # Only create release if previous steps were successful
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: latest
release_name: Latest Release
draft: false
prerelease: false
- name: 📤 Upload Nginx WAF Zip
if: success()
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: dist/nginx_waf.zip
asset_name: nginx_waf.zip
asset_content_type: application/zip
- name: 📤 Upload Apache WAF Zip
if: success()
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: dist/apache_waf.zip
asset_name: apache_waf.zip
asset_content_type: application/zip
- name: 📤 Upload Traefik WAF Zip
if: success()
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: dist/traefik_waf.zip
asset_name: traefik_waf.zip
asset_content_type: application/zip
- name: 📤 Upload HAProxy WAF Zip
if: success()
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: dist/haproxy_waf.zip
asset_name: haproxy_waf.zip
asset_content_type: application/zip
- name: 🧹 Clean Up (Optional)
if: always() # Run cleanup even on failure
run: rm -rf ~/.cache/pip
- name: 🚨 Notify on Failure (Optional)
if: failure()
run: |
echo "🚨 Workflow failed! Please investigate."
# Example: Send a Slack notification (requires a Slack webhook URL)
# curl -X POST -H 'Content-type: application/json' --data '{"text":"WAF update workflow failed!"}' ${{ secrets.SLACK_WEBHOOK }}
Reference in New Issue View Git Blame Copy Permalink