feat(workflow): add WAF integration testing workflow with Docker setup and reporting

2025-12-02 02:10:35 +00:00
parent 44c4d955f5
commit b78d79516e
4 changed files with 456 additions and 5 deletions
--- a/.github/workflows/waf-integration.yml
+++ b/.github/workflows/waf-integration.yml
@@ -0,0 +1,74 @@
+name: WAF Integration Tests
+
+on:
+  push:
+    branches: [ main, development, 'feature/**' ]
+    paths:
+      - 'backend/internal/caddy/**'
+      - 'backend/internal/models/security*.go'
+      - 'scripts/coraza_integration.sh'
+      - 'Dockerfile'
+      - '.github/workflows/waf-integration.yml'
+  pull_request:
+    branches: [ main, development ]
+    paths:
+      - 'backend/internal/caddy/**'
+      - 'backend/internal/models/security*.go'
+      - 'scripts/coraza_integration.sh'
+      - 'Dockerfile'
+      - '.github/workflows/waf-integration.yml'
+  # Allow manual trigger
+  workflow_dispatch:
+
+jobs:
+  waf-integration:
+    name: Coraza WAF Integration
+    runs-on: ubuntu-latest
+    timeout-minutes: 15
+
+    steps:
+      - uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
+
+      - name: Build Docker image
+        run: |
+          docker build \
+            --build-arg VCS_REF=${{ github.sha }} \
+            -t charon:local .
+
+      - name: Run WAF integration tests
+        id: waf-test
+        run: |
+          chmod +x scripts/coraza_integration.sh
+          scripts/coraza_integration.sh 2>&1 | tee waf-test-output.txt
+          exit ${PIPESTATUS[0]}
+
+      - name: WAF Integration Summary
+        if: always()
+        run: |
+          echo "## 🛡️ WAF Integration Test Results" >> $GITHUB_STEP_SUMMARY
+          if [ "${{ steps.waf-test.outcome }}" == "success" ]; then
+            echo "✅ **All WAF tests passed**" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Test Results:" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            grep -E "^✓|^===|^Coraza" waf-test-output.txt || echo "See logs for details"
+            grep -E "^✓|^===|^Coraza" waf-test-output.txt >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          else
+            echo "❌ **WAF tests failed**" >> $GITHUB_STEP_SUMMARY
+            echo "" >> $GITHUB_STEP_SUMMARY
+            echo "### Failure Details:" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+            grep -E "^✗|Unexpected|Error|failed" waf-test-output.txt | head -20 >> $GITHUB_STEP_SUMMARY || echo "See logs for details" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Cleanup
+        if: always()
+        run: |
+          docker rm -f charon-debug || true
+          docker rm -f coraza-backend || true
+          docker network rm containers_default || true