patterns/.github/workflows/nginx.yml

name: Validate Nginx Configuration

on:
  push:
    branches:
      - main  # Trigger on push to main branch
  pull_request:
    branches:
      - main  # Trigger on pull request to main branch

jobs:
  validate-nginx:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout repository
      uses: actions/checkout@v3

    - name: Download WAF rules
      run: |
        wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
        echo "Downloaded nginx_waf.zip"
        ls -lh nginx_waf.zip

    - name: Extract WAF rules
      run: |
        unzip nginx_waf.zip -d waf_rules
        echo "Extracted WAF rules into waf_rules directory"
        ls -lh waf_rules/waf_patterns/nginx/

    - name: Verify WAF rules extraction
      run: |
        if [ ! -d "waf_rules/waf_patterns/nginx" ]; then
          echo "Error: WAF rules directory not found after extraction!"
          exit 1
        fi
        if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then
          echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/"
          echo "Contents of waf_rules/waf_patterns/nginx/:"
          ls -l waf_rules/waf_patterns/nginx/
          exit 1
        fi

    - name: Verify nginx.conf exists
      run: |
        if [ ! -f "tests/nginx.conf" ]; then
          echo "Error: tests/nginx.conf not found in the repository!"
          exit 1
        fi

    - name: Combine Nginx configuration
      run: |
        cat tests/nginx.conf waf_rules/waf_patterns/nginx/*.conf > combined_nginx.conf
        echo "Combined Nginx configuration:"
        cat combined_nginx.conf

    - name: Validate Nginx configuration using Docker
      run: |
        docker run --rm -v $(pwd)/combined_nginx.conf:/etc/nginx/nginx.conf:ro nginx nginx -t