Skip to content

feat: added Github CI workflow #317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 40 commits into from
Closed

feat: added Github CI workflow #317

Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
40 commits
Select commit Hold shift + click to select a range
b7e92c8
Added Github CI workflow
airween Apr 11, 2024
db6ccb7
Remove unanted keyword
airween Apr 11, 2024
ba4b524
Set up correct module path
airween Apr 11, 2024
0ca1272
Add Nginx run tests
airween Apr 11, 2024
690f8fc
Fix permission with 'sudo'
airween Apr 11, 2024
eded2a9
Added missing 'run' keyword
airween Apr 11, 2024
53a579b
Set absolute path for modsecurity.conf
airween Apr 11, 2024
be54da2
Set Nginx daemon mode on
airween Apr 11, 2024
5ab6ee7
Remove working_directory directive
airween Apr 11, 2024
f62d3e9
Set up correct root path
airween Apr 11, 2024
aaf409d
Set up correct root path
airween Apr 11, 2024
257f795
Move configuration files under nginx/
airween Apr 12, 2024
b52be3a
Changed download mechanism; use gh cli
airween Apr 12, 2024
e5877f5
Remove unwanted tar command
airween Apr 12, 2024
5aaab8d
Change subtitution form at using of nproc cmd
airween Apr 12, 2024
a1c9b00
Add 'fetch-depth' keys to cloned repositories
airween Apr 12, 2024
b5dfe42
Rename ci.yml to test.yaml
airween Apr 12, 2024
9bad4b0
Refactorize HTTP request tests
airween Apr 12, 2024
3bb063f
Add more info to task name
airween Apr 12, 2024
768b388
Remove unnecessary modsecver variable
airween Apr 13, 2024
0c11754
Use latest actions
airween Apr 13, 2024
ffe3a7e
Use latest actions
airween Apr 13, 2024
cf5ee91
Fix build matrix dependencies
airween Apr 14, 2024
3ceb16d
Typo fix
airween Apr 14, 2024
30537ee
Use correct quoted syntax
airween Apr 14, 2024
33682cf
Add CXXFLAGS for CPP compilers (libmodsecurity)
airween Apr 14, 2024
91e0363
Remove platform and compiler options
airween Apr 14, 2024
16457a8
Added platform and compiler options again
airween Apr 15, 2024
612b453
Typo fixes
airween Apr 15, 2024
9ca7521
Fix env variable name
airween Apr 15, 2024
01f1318
Fix env variable names
airween Apr 15, 2024
a966764
Added missing packages for x32 build
airween Apr 15, 2024
deb6548
Added necessary i386 packages
airween Apr 15, 2024
25f1cc2
Tune package names
airween Apr 15, 2024
885d013
Split install process of architecture packages
airween Apr 15, 2024
84841a5
Split jobs into x64 and x32 workflow
airween Apr 15, 2024
bf1e4c4
Install i386 packages in a separated step
airween Apr 15, 2024
6dc9912
Remove x32 platform tests
airween Apr 15, 2024
e6597a7
Use COMPDEPS env var to install minimal requirements
airween Apr 16, 2024
bb116ea
Typo fix
airween Apr 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
0 .github/mime.types → .github/nginx/mime.types
View file
Open in desktop
File renamed without changes.
0 .github/modsecurity.conf → .github/nginx/modsecurity.conf
View file
Open in desktop
File renamed without changes.
4 changes: 2 additions & 2 deletions .github/nginx.conf → .github/nginx/nginx.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ http {
server_name modsectest1;

modsecurity on;
modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/modsecurity.conf;
modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/modsecurity.conf;
root /usr/local/nginx/html/;

location / {
Expand All @@ -66,7 +66,7 @@ http {
server_name modsectest2;

modsecurity on;
modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/modsecurity.conf;
modsecurity_rules_file /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/modsecurity.conf;
root /usr/local/nginx/html/;

location / {
Expand Down
0 .github/unicode.mapping → .github/nginx/unicode.mapping
View file
Open in desktop
File renamed without changes.
52 changes: 37 additions & 15 deletions .github/workflows/ci.yml → .github/workflows/test.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,25 +18,27 @@ jobs:
sudo apt-get update -y -qq
sudo apt-get install -y gcc g++ make autoconf automake make libyajl-dev libxml2-dev libmaxminddb-dev libpcre2-dev libpcre2-8-0 libpcre2-16-0 libpcre2-32-0 libcurl4-gnutls-dev jq wget
- name: Install ModSecurity library
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
modsec=`curl -s https://api.github.com/repos/owasp-modsecurity/ModSecurity/releases/latest | jq .assets[0].browser_download_url | tr -d "\""`
modsecver=`curl -s https://api.github.com/repos/owasp-modsecurity/ModSecurity/releases/latest | jq .name | tr -d "\""`
wget $modsec -O modsecurity.tar.gz
tar -xzf modsecurity.tar.gz
modsecver=`gh release view -R owasp-modsecurity/ModSecurity -q .tagName --json tagName`
gh release download -p "*.tar.gz" -R owasp-modsecurity/ModSecurity $modsecver -O - | tar -xzf -
cd modsecurity-$modsecver
./configure --disable-lmdb --prefix=/usr
make -j `nproc`
make -j $(nproc)
sudo make install
cd
- uses: actions/checkout@v2
with:
path: ModSecurity-nginx
fetch-depth: 1
- name: Get Nginx source
uses: actions/checkout@v3
with:
repository: nginx/nginx
path: nginx
- name: Build nginx
fetch-depth: 1
- name: Build nginx with ModSecurity-nginx module
working-directory: nginx
run: |
./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --add-module=/home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx
Expand All @@ -45,21 +47,41 @@ jobs:
sudo make install
- name: Start Nginx
run: |
sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx.conf
sudo /usr/local/nginx/sbin/nginx -c /home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx/.github/nginx/nginx.conf
- name: Run attack test vhost 1
run: |
resp=`curl -I -X GET -H "Host: modsectest1" http://localhost/?q=attack | head -1 | cut -d$' ' -f2`
if [ $resp == "403" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=attack")
if [ "${status}" == "403" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run non-attack test vhost 1
run: |
resp=`curl -I -X GET -H "Host: modsectest1" http://localhost/?q=1 | head -1 | cut -d$' ' -f2`
if [ $resp == "200" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest1" "http://localhost/?q=1")
if [ "${status}" == "200" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run attack test vhost 2
run: |
resp=`curl -I -X GET -H "Host: modsectest2" http://localhost/?q=attack | head -1 | cut -d$' ' -f2`
if [ $resp == "403" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=attack")
if [ "${status}" == "403" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi
- name: Run non-attack test vhost 2
run: |
resp=`curl -I -X GET -H "Host: modsectest2" http://localhost/?q=1 | head -1 | cut -d$' ' -f2`
if [ $resp == "200" ]; then echo "OK"; else echo "FAIL"; exit 1; fi
status=$(curl -sSo /dev/null -w %{http_code} -I -X GET -H "Host: modsectest2" "http://localhost/?q=1")
if [ "${status}" == "200" ]; then
echo "OK"
else
echo "FAIL"
exit 1
fi