nuclei-templates/.github/workflows/tests.yaml

76 lines
2.2 KiB
YAML
Raw Normal View History

name: 🛠 Tests
on:
pull_request:
paths:
- '**.yaml'
workflow_dispatch:
jobs:
lint:
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
- uses: karancode/yamllint-github-action@v2.1.1
with:
yamllint_config_filepath: .yamllint
yamllint_strict: false
yamllint_comment: true
validate:
needs: lint
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
steps:
- uses: actions/checkout@v4
- uses: projectdiscovery/actions/setup/nuclei@v1
- name: Validate templates
run: nuclei -duc -validate -lfa -ud $GITHUB_WORKSPACE -w workflows/ -et .github/
weak-matcher-checks:
needs: lint
runs-on: ubuntu-latest
if: github.repository == 'projectdiscovery/nuclei-templates'
env:
HONEYPOT_URL: 'http://honey.scanme.sh'
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
list-files: shell
filters: |
templates: &templates
- '**.yml'
- '**.yaml'
- '!.github/**'
changed:
- added|modified: *templates
- uses: projectdiscovery/actions/setup/nuclei@v1
- run: bash weak-matcher-checks.sh
id: check
if: steps.filter.outputs.changed == 'true'
env:
CHANGED_FILES: '${{ steps.filter.outputs.changed_files }}'
working-directory: '.github/scripts/'
- uses: actions/github-script@v7
if: steps.check.outputs.weak == 'true'
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: process.env.COMMENT
})
github.rest.issues.addLabels({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['false-positive']
})
env:
COMMENT: '${{ steps.check.outputs.comment }}'