tests: run CRS tests as part of the verification

coreruleset · Feb 26, 2025 · 7548d19 · 7548d19
1 parent 4487dfc
commit 7548d19
Showing 1 changed file with 39 additions and 0 deletions.
diff --git a/.github/workflows/verifyimage.yml b/.github/workflows/verifyimage.yml
@@ -7,6 +7,7 @@ on:
 env:
   # sha256sum format: <hash><space><format (space for text)><file name>
   MODSECURITY_RECOMMENDED: "ccff8ba1f12428b34ff41960d8bf773dd9f62b9a7c77755247a027cb01896d4f  modsecurity.conf-recommended"
+  GO_FTW_VERSION: '1.3.0'
 
 jobs:
   prepare:
@@ -107,3 +108,41 @@ jobs:
             grep -q "Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS" headers.txt
             grep -q "Access-Control-Allow-Headers: *" headers.txt
           fi
+
+      - name: Checkout CRS
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+          repository: coreruleset/coreruleset
+          path: crs
+      - name: "Install go-ftw"
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          cd crs
+          gh release download -R coreruleset/go-ftw "v${{ env.GO_FTW_VERSION }}" \
+            -p "ftw_${{ env.GO_FTW_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - ftw
+      - name: Patch CRS compose file to use verification image
+        run: |
+          sed -i \
+            's/image: owasp/modsecurity-crs:${{ contains(matrix.target, 'apache') && 'apache' || 'nginx' }}.*/${{ matrix.target }}-verification/' \
+            crs/tests/docker-compose.yml
+      - name: Run CRS tests for ${{ matrix.target }}
+        run: |
+          cd crs
+          modsec_version="${{ contains(matrix.target, 'apache') && 'modsec2-apache' || 'modsec3-nginx' }}"
+          backend="${{ contains(matrix.target, 'apache') && 'httpd' || 'nginx' }}"
+          mkdir -p "tests/logs/${modsec_version}/{nginx,apache2}"
+          docker compose -f ./tests/docker-compose.yml up -d "${modsec_version}"
+          docker compose -f ./tests/docker-compose.yml logs
+          if ! [ "$(docker inspect ${modsec_version} --format='{{.State.Running}}')" = "true" ]; then
+            echo "Web server failed to start. Aborting."
+            exit 1
+          fi
+
+          ./ftw check -d tests/regression/tests
+          ./ftw run \
+            -d tests/regression/tests \
+            --log-file "tests/logs/${modsec_version}/error.log" \
+            --overrides "tests/regression/${backend}-overrides.yaml" \
+            --show-failures-only