Update blockers meta #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Appsec Rules Tests | |
on: | |
pull_request: | |
branches: [ master ] | |
paths: | |
- 'appsec-configs/**.yaml' | |
- 'appsec-configs/**.yml' | |
- 'appsec-rules/**.yaml' | |
- 'appsec-rules/**.yml' | |
- '.github/workflows/test_appsec_rules.yaml' | |
- '.appsec-tests/**' | |
push: | |
branches: [ master ] | |
paths: | |
- 'appsec-configs/**.yaml' | |
- 'appsec-configs/**.yml' | |
- 'appsec-rules/**.yaml' | |
- 'appsec-rules/**.yml' | |
- '.github/workflows/test_appsec_rules.yaml' | |
- '.appsec-tests/**' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
run-appsec-rules-tests: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Check out code into the Go module directory | |
uses: actions/checkout@v4 | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '1.21' | |
- name: Install requirements | |
run: | | |
sudo apt install libre2-dev | |
go install -v github.com/projectdiscovery/nuclei/v3/cmd/nuclei@v3.1.7 | |
- name: Install CrowdSec | |
run: | | |
git clone https://github.com/crowdsecurity/crowdsec.git | |
cd crowdsec | |
BUILD_STATIC=1 make release | |
cd crowdsec-v* | |
sudo ./wizard.sh --unattended | |
- name: Register Remediation Component API Key | |
run: | | |
sudo cscli bouncers add hubtestAppsec -k "this_is_a_bad_password" | |
- name: Start OpenResty Container | |
run: | | |
docker-compose -f docker/appsec/docker-compose.yaml up -d --build | |
- name: run tests on last crowdsec tag | |
run: | | |
cscli hubtest run --all --appsec --debug --target http://127.0.0.1:7822 | |
echo "APPSEC_RULE_COV=$(cscli hubtest coverage --appsec --percent | cut -d '=' -f2)" >> $GITHUB_ENV | |
APPSEC_RULE_COV_NUMBER=$(cscli hubtest coverage --appsec --percent | cut -d '=' -f2 | tr -d '%' | tr -d '[[:space:]]') | |
echo "APPSEC_RULE_BADGE_COLOR=$(if [ "$APPSEC_RULE_COV_NUMBER" -lt "70" ]; then echo 'red'; else echo 'green'; fi)" >> $GITHUB_ENV | |
- name: Create appsec badge | |
uses: schneegans/dynamic-badges-action@v1.1.0 | |
if: ${{ github.ref == 'refs/heads/master' }} | |
with: | |
auth: ${{ secrets.GIST_BADGES_SECRET }} | |
gistID: ${{ secrets.GIST_BADGES_ID }} | |
filename: hub_appsec_badge.json | |
label: Hub Appsec | |
message: ${{ env.APPSEC_RULE_COV }} | |
color: ${{ env.APPSEC_RULE_BADGE_COLOR }} | |
- name: Stop containers | |
if: always() | |
run: docker-compose -f docker/appsec/docker-compose.yaml down | |