External/patterns
1
0
Fork 0
mirror of https://github.com/fabriziosalmi/patterns.git synced 2025-12-24 21:25:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
patterns/.github/workflows/update_patterns.yml
fab 76e6ccb5ce
Update update_patterns.yml
2025-01-03 13:49:41 +01:00

164 lines
5.0 KiB
YAML
Raw Blame History

name: Update patterns
on:
schedule:
- cron: '0 0 * * *' # Run daily at midnight UTC
workflow_dispatch: # Allow manual trigger
jobs:
update-owasp-waf:
runs-on: ubuntu-latest
steps:
- name: 🚚 Checkout Repository
uses: actions/checkout@v3
with:
fetch-depth: 0 # Full history to avoid shallow clone issues
- name: ⚙️ Set Up Python
uses: actions/setup-python@v4
with:
python-version: '3.11'
- name: 📦 Cache Python Packages
id: cache-pip
uses: actions/cache@v3
with:
path: ~/.cache/pip
key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
restore-keys: |
${{ runner.os }}-pip-
- name: 📥 Install Dependencies
if: steps.cache-pip.outputs.cache-hit != 'true'
run: |
python -m pip install --upgrade pip
pip install -r requirements.txt
continue-on-error: false # Fail the workflow if dependencies fail to install
- name: 🕷️ Run OWASP Scraper
run: |
python owasp.py
continue-on-error: false
- name: 🔄 Convert OWASP to Nginx WAF
run: |
python owasp2nginx.py
continue-on-error: false
- name: 🔄 Convert OWASP to Apache WAF
run: |
python owasp2apache.py
continue-on-error: false
- name: 🔄 Convert OWASP to Traefik WAF
run: |
python owasp2traefik.py
continue-on-error: false
- name: 🔄 Convert OWASP to HAProxy WAF
run: |
python owasp2haproxy.py
continue-on-error: false
- name: 🔄 Generate Bad Bot Blockers
run: |
python badbots.py
continue-on-error: false
# Ensure conf files are pushed even if no changes detected
- name: 🚀 Commit and Push OWASP WAF patterns
run: |
git config user.name "github-actions[bot]"
git config user.email "github-actions[bot]@users.noreply.github.com"
git add .
git commit -m "Update: [$(date)]" || echo "No changes to commit"
git push
continue-on-error: true # Continue even if no changes are made
- name: 📦 Create Zip Files for Each Web Server
run: |
mkdir -p zips
zip -r zips/nginx_waf.zip waf_patterns/nginx/
zip -r zips/apache_waf.zip waf_patterns/apache/
zip -r zips/traefik_waf.zip waf_patterns/traefik/
zip -r zips/haproxy_waf.zip waf_patterns/haproxy/
- name: 🗑️ Delete Existing 'latest' Tag and Release (if they exist)
run: |
# Delete the local 'latest' tag
if git rev-parse --verify --quiet refs/tags/latest; then
git tag -d latest
fi
# Delete the remote 'latest' tag
git push origin :refs/tags/latest || echo "Tag 'latest' does not exist on remote."
# Delete the 'latest' release (if it exists)
gh release delete latest --yes || echo "Release 'latest' does not exist."
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: 🚀 Create GitHub Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: latest # Use "latest" as the tag name
release_name: Latest Release
draft: false
prerelease: false
- name: 📤 Upload Nginx WAF Zip to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: zips/nginx_waf.zip
asset_name: nginx_waf.zip
asset_content_type: application/zip
- name: 📤 Upload Apache WAF Zip to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: zips/apache_waf.zip
asset_name: apache_waf.zip
asset_content_type: application/zip
- name: 📤 Upload Traefik WAF Zip to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: zips/traefik_waf.zip
asset_name: traefik_waf.zip
asset_content_type: application/zip
- name: 📤 Upload HAProxy WAF Zip to Release
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: zips/haproxy_waf.zip
asset_name: haproxy_waf.zip
asset_content_type: application/zip
- name: 🧹 Cleanup Cache (Optional)
run: |
rm -rf ~/.cache/pip
if: always() # Run this step even if previous steps fail
- name: 🚨 Notify on Failure (Optional)
if: failure()
run: |
echo "🚨 Workflow failed! Please investigate."
# Slack or email notification logic (add webhook or SMTP integration here).
Reference in New Issue View Git Blame Copy Permalink