Skip to content

Improve documentation and dependency management for nginx-waf#37

Merged
StrangeRanger merged 7 commits into
mainfrom
dev
Jul 3, 2026
Merged

Improve documentation and dependency management for nginx-waf#37
StrangeRanger merged 7 commits into
mainfrom
dev

Conversation

@StrangeRanger

Copy link
Copy Markdown
Owner

This pull request marks the release of version 1.0.0 of the Nginx WAF project, transitioning it out of beta. The main improvements focus on safer update procedures for Git repositories, better cleanup of build artifacts, and enhanced documentation. The most important changes are grouped below:

Update Safety and Build Process Improvements:

  • Added a confirm_git_pull function to prompt the user before pulling updates in existing Git checkouts when local changes are present, preventing accidental overwrites. This is now used for ModSecurity, ModSecurity-nginx, and the OWASP Core Rule Set repositories. [1] [2] [3] [4]
  • The script now cleans up any existing downloaded Nginx tarball and extracted source directory before downloading and extracting a fresh copy, ensuring a clean build environment.

Documentation and Versioning:

  • Updated the version to v1.0.0 and removed the beta warning from the README.md. [1] [2]
  • Added a changelog entry for v1.0.0, documenting the new confirmation prompt, improved ignore rules, and build cleanup.

Code Quality and Maintainability:

  • Improved inline documentation for utility functions, clarifying parameters and side effects. [1] [2]
  • Removed obsolete TODOs and cleaned up unused code sections. [1] [2]

Copilot AI review requested due to automatic review settings July 3, 2026 21:38
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@StrangeRanger StrangeRanger merged commit 3479fbb into main Jul 3, 2026
2 checks passed

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR finalizes the nginx-waf hardening script as v1.0.0 by improving update safety for embedded Git checkouts, ensuring cleaner rebuilds of the Nginx module, and updating project documentation/changelog accordingly.

Changes:

  • Added confirm_git_pull and integrated it into update flows for ModSecurity, ModSecurity-nginx, and CRS to avoid accidental overwrites when local changes exist.
  • Ensured repeatable builds by removing any existing downloaded Nginx tarball and extracted source directory before fetching/extracting again.
  • Updated documentation/versioning (README beta warning removal, v1.0.0 changelog entry) and added .gitignore rules for generated build artifacts.

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated 1 comment.

File Description
hardening/Nginx WAF/nginx-waf.bash Adds confirm_git_pull, uses it for existing clones, and cleans Nginx tarball/source dir before rebuilding.
hardening/Nginx WAF/README.md Removes beta warning from the documentation.
hardening/Nginx WAF/CHANGELOG.md Adds v1.0.0 release notes (prompt + cleanup + ignore rules).
.gitignore Ignores ModSecurity/ModSecurity-nginx and Nginx build artifacts generated by the script.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +127 to 129
printf "%sPull anyway? This may fail or require conflict resolution. " "$C_NOTE"
read -rp "[y/N] " reply

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants