forked from coreruleset/coreruleset
-
Notifications
You must be signed in to change notification settings - Fork 0
77 lines (62 loc) · 2.63 KB
/
lint.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: Lint
on: [push, pull_request, merge_group]
# Pin versions to not disrupt test pipelines
env:
CRS_TOOLCHAIN_VERSION: '2.1.0'
SECRULES_PARSING_VERSION: '0.2.9'
jobs:
check-syntax:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.2
with:
# required for version detection using `git describe`
fetch-depth: 50
- name: Lint Yaml
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
with:
format: github
file_or_dir: tests/regression/tests
config_file: .yamllint.yml
- name: Linelint
uses: fernandrone/linelint@7907a5dca0c28ea7dd05c6d8d8cacded713aca11 # v0.0.6
id: linelint
- name: Set up Python 3
uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
with:
python-version: 3.7
- name: "Check CRS syntax"
run: |
pip install --upgrade setuptools
pip install secrules-parsing==${{ env.SECRULES_PARSING_VERSION }}
secrules-parser -c --output-type github -f rules/*.conf
- name: Fetch upstream tags for version detection in next step
run: |
git remote add upstream https://github.com/coreruleset/coreruleset
git fetch --tags upstream
- name: "Check CRS formatting"
run: |
pip install --upgrade setuptools
pip install -r ./util/crs-rules-check/requirements.txt
./util/crs-rules-check/rules-check.py --output=github -r crs-setup.conf.example -r rules/*.conf -t util/APPROVED_TAGS
- name: "Find rules without test"
run: |
pip install --upgrade setuptools
pip install -r ./util/find-rules-without-test/requirements.txt
./util/find-rules-without-test/find-rules-without-test.py --output=github .
- name: "Install crs-toolchain ${{ env.CRS_TOOLCHAIN_VERSION }}"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release download -R coreruleset/crs-toolchain "v${{ env.CRS_TOOLCHAIN_VERSION }}" \
-p "crs-toolchain_${{ env.CRS_TOOLCHAIN_VERSION }}_linux_amd64.tar.gz" -O - | tar -xzvf - crs-toolchain
- name: "Check that all assembly files are properly formatted"
run: |
./crs-toolchain regex format -aco github
- name: "Check that all rules are up to date"
run: |
./crs-toolchain regex compare -ao github
- name: "Check that all tests are properly numbered"
run: |
./crs-toolchain util renumber-tests -cao github