mirror of
https://github.com/fabriziosalmi/patterns.git
synced 2025-12-24 05:05:51 +00:00
114 lines
4.0 KiB
YAML
114 lines
4.0 KiB
YAML
name: Validate Nginx Configuration
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main # Trigger on push to main branch
|
|
pull_request:
|
|
branches:
|
|
- main # Trigger on pull request to main branch
|
|
|
|
jobs:
|
|
validate-nginx:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
|
|
- name: Download WAF rules
|
|
run: |
|
|
wget https://github.com/fabriziosalmi/patterns/releases/download/latest/nginx_waf.zip -O nginx_waf.zip
|
|
echo "Downloaded nginx_waf.zip"
|
|
ls -lh nginx_waf.zip
|
|
|
|
- name: Extract WAF rules
|
|
run: |
|
|
unzip nginx_waf.zip -d waf_rules
|
|
echo "Extracted WAF rules into waf_rules directory"
|
|
ls -lh waf_rules/waf_patterns/nginx/
|
|
|
|
- name: Verify WAF rules extraction
|
|
run: |
|
|
if [ ! -d "waf_rules/waf_patterns/nginx" ]; then
|
|
echo "Error: WAF rules directory not found after extraction!"
|
|
exit 1
|
|
fi
|
|
if [ -z "$(ls -A waf_rules/waf_patterns/nginx/*.conf 2>/dev/null)" ]; then
|
|
echo "Error: No .conf files found in waf_rules/waf_patterns/nginx/"
|
|
echo "Contents of waf_rules/waf_patterns/nginx/:"
|
|
ls -l waf_rules/waf_patterns/nginx/
|
|
exit 1
|
|
fi
|
|
|
|
- name: Verify nginx.conf exists
|
|
run: |
|
|
if [ ! -f "tests/nginx.conf" ]; then
|
|
echo "Error: tests/nginx.conf not found in the repository!"
|
|
exit 1
|
|
fi
|
|
|
|
- name: Extract and format map directives
|
|
run: |
|
|
# Extract map directives and ensure they are properly formatted
|
|
grep -h "map " waf_rules/waf_patterns/nginx/*.conf > map_directives.conf || true
|
|
echo "Extracted map directives into map_directives.conf"
|
|
|
|
# Add closing brace if missing
|
|
if ! grep -q "}" map_directives.conf; then
|
|
echo "}" >> map_directives.conf
|
|
fi
|
|
|
|
echo "Contents of map_directives.conf:"
|
|
cat map_directives.conf
|
|
|
|
- name: Merge WAF rules into a single file with a server block
|
|
run: |
|
|
# Create a merged_waf_rules.conf file with a server block
|
|
echo "server {" > merged_waf_rules.conf
|
|
for file in $(grep -L "map " waf_rules/waf_patterns/nginx/*.conf); do
|
|
echo "Merging $file..."
|
|
cat "$file" >> merged_waf_rules.conf
|
|
done
|
|
echo "}" >> merged_waf_rules.conf
|
|
|
|
echo "Contents of merged_waf_rules.conf:"
|
|
cat merged_waf_rules.conf
|
|
|
|
# Debug: Print the problematic line (line 1162)
|
|
echo "Debugging line 1162 of merged_waf_rules.conf:"
|
|
sed -n '1162p' merged_waf_rules.conf
|
|
|
|
- name: Combine Nginx configuration
|
|
run: |
|
|
# Create a temporary nginx.conf file that includes the map directives and merged WAF rules
|
|
echo "events {" > temp_nginx.conf
|
|
echo " worker_connections 1024;" >> temp_nginx.conf
|
|
echo "}" >> temp_nginx.conf
|
|
echo "http {" >> temp_nginx.conf
|
|
echo " include /etc/nginx/map_directives.conf;" >> temp_nginx.conf
|
|
echo " include /etc/nginx/merged_waf_rules.conf;" >> temp_nginx.conf
|
|
echo " include /etc/nginx/tests/nginx.conf;" >> temp_nginx.conf
|
|
echo "}" >> temp_nginx.conf
|
|
|
|
echo "Contents of temp_nginx.conf:"
|
|
cat temp_nginx.conf
|
|
|
|
- name: Debug included files
|
|
run: |
|
|
echo "Contents of map_directives.conf:"
|
|
cat map_directives.conf
|
|
echo "Contents of merged_waf_rules.conf:"
|
|
cat merged_waf_rules.conf
|
|
echo "Contents of tests/nginx.conf:"
|
|
cat tests/nginx.conf
|
|
|
|
- name: Validate Nginx configuration using Docker
|
|
run: |
|
|
# Copy the map directives, merged WAF rules, and nginx.conf to a Docker volume
|
|
docker run --rm -v $(pwd)/map_directives.conf:/etc/nginx/map_directives.conf:ro \
|
|
-v $(pwd)/merged_waf_rules.conf:/etc/nginx/merged_waf_rules.conf:ro \
|
|
-v $(pwd)/tests/nginx.conf:/etc/nginx/tests/nginx.conf:ro \
|
|
-v $(pwd)/temp_nginx.conf:/etc/nginx/nginx.conf:ro \
|
|
nginx nginx -t
|