feat: added Github CI workflow

[airween]

Added .github/workflow/ci.yml and necessary files with a complex test workflow for each PR.

A brief summary about how does it work:

• set up dependencies (required packages)
• install latest ModSecurity3 release
• get ModSecurity-nginx source
• get latest Nginx soure
• build Nginx with ModSecurity module
• start Nginx with ModSecurity
• there are two virtual hosts
• there is only one rule
• run a valid request (expected code is 200) and an attack (expected code is 403) against both vhosts

[airween]

@theseion many thanks for your suggestion. Please take a review again, if everything is fine I'm going to merge it.

[theseion]

Looks to me like you were trying to set environment variables from scripts, but scripts are isolated, so export will have no effect on the next script (neither will a cd at the end of a script block btw). What you should do instead is setting the environment variable for the step, like so:

      - name: Build nginx with ModSecurity-nginx module
        working-directory: nginx
        env:
          CC: "${{ matrix.compiler }}"
        run: |
          echo "Compiler: ${CC}"

          ./auto/configure --with-ld-opt="-Wl,-rpath,/usr/local/lib" --without-pcre2 --add-module=/home/runner/work/ModSecurity-nginx/ModSecurity-nginx/ModSecurity-nginx
          make
          make modules
          sudo make install

[airween]

What you should do instead is setting the environment variable for the step, like so:

Thanks!

How can I use environment variables in evaluation, eg. in an if statement?

    if [ matrix.compiler == "gcc" ]; then
        ...

${{ matrix.compiler }} it's not good, because it's the evaluated value (literally "gcc").

[theseion]

By passing it through an environment variable like so:

- name: a script
  env:
    COMPILER: "${{ matrix.compiler }}"
  run: |
    if [ "${COMPILER}" == "gcc" ]; then
      ...

[airween]

By passing it through an environment variable like so:

- name: a script
  env:
    COMPILER: "${{ matrix.compiler }}"
  run: |
    if [ "${COMPILER}" == "gcc" ]; then
      ...

I'm afraid in this case the evaluated code will be something similar:

    if [ "gcc" == "gcc" ]; then

which is always true.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
No data about Coverage
No data about Duplication

See analysis details on SonarCloud

[airween]

See the newest clear version: #318.