.github/workflows/tests.yml

name: 🛠 Tests

on:
  pull_request:
    paths:
      - '**.yaml'
  workflow_dispatch:

jobs:
  lint:
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    steps:
      - uses: actions/checkout@v4
      - uses: karancode/yamllint-github-action@v2.1.1
        with:
          yamllint_config_filepath: .yamllint
          yamllint_strict: false
          yamllint_comment: true

  validate:
    needs: lint
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    steps:
      - uses: actions/checkout@v4
      - uses: projectdiscovery/actions/setup/nuclei@v1
      - name: Validate templates
        run: nuclei -duc -validate -lfa -ud $GITHUB_WORKSPACE -w workflows/ -et .github/

  weak-matcher-checks:
    needs: lint
    runs-on: ubuntu-latest
    if: github.repository == 'projectdiscovery/nuclei-templates'
    permissions:
      issues: write
      pull-requests: write
    env:
      HONEYPOT_URL: 'http://honey.scanme.sh'
    steps:
      - uses: actions/checkout@v4
      - uses: dorny/paths-filter@v3
        id: filter
        with:
          list-files: shell
          filters: |
            templates: &templates
              - '**.yml'
              - '**.yaml'
              - '!.github/**'
            changed:
              - added|modified: *templates
      - uses: projectdiscovery/actions/setup/nuclei@v1
      - run: bash weak-matcher-checks.sh
        id: check
        if: steps.filter.outputs.changed == 'true'
        env:
          CHANGED_FILES: '${{ steps.filter.outputs.changed_files }}'
        working-directory: '.github/scripts/'
      - uses: actions/github-script@v7
        if: steps.check.outputs.weak == 'true'
        with:
          script: |
            github.rest.issues.createComment({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              body: process.env.COMMENT
            })

            github.rest.issues.addLabels({
              issue_number: context.issue.number,
              owner: context.repo.owner,
              repo: context.repo.repo,
              labels: ['false-positive']
            })
        env:
          COMMENT: '${{ steps.check.outputs.comment }}'
          GITHUB_TOKEN: '${{ secrets.ACCESS_TOKEN }}'