dfd26d68aa
Updated supply-chain-pr.yml to run on main/develop/feature branches Injected required API key into crowdsec startup test to prevent config panic Hardened test script to handle missing tools (pgrep) and optional LAPI runtime Ensures consistent security validation in both CI and local dev environments
Scripts Directory
Running Tests Locally Before Pushing to CI
WAF Integration Test
Always run this locally before pushing WAF-related changes to avoid CI failures:
# From project root
bash ./scripts/coraza_integration.sh
Or use the VS Code task: Ctrl+Shift+P → Tasks: Run Task → Coraza: Run Integration Script
Requirements:
-
Docker image
charon:localmust be built first:docker build -t charon:local . -
The script will:
- Start a test container with WAF enabled
- Create a backend container (httpbin)
- Test WAF in block mode (expect HTTP 403)
- Test WAF in monitor mode (expect HTTP 200)
- Clean up all test containers
Expected output:
✓ httpbin backend is ready
✓ Coraza WAF blocked payload as expected (HTTP 403) in BLOCK mode
✓ Coraza WAF in MONITOR mode allowed payload through (HTTP 200) as expected
=== All Coraza integration tests passed ===
Other Test Scripts
- Security Scan:
bash ./scripts/security-scan.sh - Go Test Coverage:
bash ./scripts/go-test-coverage.sh - Frontend Test Coverage:
bash ./scripts/frontend-test-coverage.sh
CI/CD Workflows
Changes to these scripts may trigger CI workflows:
coraza_integration.sh→ WAF Integration Tests workflow- Files in
.github/workflows/directory control CI behavior
Tip: Run tests locally to save CI minutes and catch issues faster!