diff --git a/.github/workflows/test-file-permissions.yml b/.github/workflows/test-file-permissions.yml index e6ad5949d8b4..7e364801bb9c 100644 --- a/.github/workflows/test-file-permissions.yml +++ b/.github/workflows/test-file-permissions.yml @@ -21,4 +21,4 @@ jobs: uses: actions/checkout@v4 - name: Detect unnecessary execution permissions - run: php utils/check_permission_x.php + run: utils/check-file-permissions diff --git a/utils/check-file-permissions b/utils/check-file-permissions new file mode 100755 index 000000000000..ac694c3b73cf --- /dev/null +++ b/utils/check-file-permissions @@ -0,0 +1,51 @@ +#!/usr/bin/env bash +set -eu + +INCLUDE_DIRS=( + '.github/' + 'admin/' + 'app/' + 'changelogs/' + 'contributing/' + 'public/' + 'system/' + 'tests/' + 'user_guide_src/' + 'utils/' + 'writable/' +) +EXCLUDE_FILES=( + ':!.github/scripts/deploy-userguide' + ':!admin/release-userguide' + ':!admin/release-deploy' + ':!admin/apibot' + ':!admin/alldocs' + ':!admin/release' + ':!admin/docbot' + ':!admin/release-notes.bb' + ':!admin/release-revert' + ':!admin/starter/builds' + ':!admin/userguide/.github/scripts/deploy.sh' + ':!user_guide_src/add-edit-this-page' + ':!utils/check-file-permissions' +) +FILES_WITH_WRONG_PERMISSIONS=$( + git ls-files --stage "${INCLUDE_DIRS[@]}" "${EXCLUDE_FILES[@]}" \ + | grep --extended-regexp "^100755 " \ + | sort -fh +) + +if [[ -n "$FILES_WITH_WRONG_PERMISSIONS" ]]; then + printf '\033[41m FAIL \033[0m Files with unnecessary execution permissions were detected:\n' + [[ -z "${GITHUB_ACTIONS+x}" ]] || echo '::group::Non-executable files' + echo "$FILES_WITH_WRONG_PERMISSIONS" | awk '{print " - " $4}' + echo '' + echo "$FILES_WITH_WRONG_PERMISSIONS" | awk '{print $4}' | xargs -n1 printf 'Please run "\033[32msudo chmod\033[0m -x %s".\n' + [[ -z "${GITHUB_ACTIONS+x}" ]] || echo '::endgroup::' +fi + +if [[ -n "$FILES_WITH_WRONG_PERMISSIONS" ]]; then + exit 1 +fi + +printf '\033[42m OK \033[0m No files with unnecessary execution permissions were detected.\n' diff --git a/utils/check_permission_x.php b/utils/check_permission_x.php deleted file mode 100644 index 84f4b00a1b1a..000000000000 --- a/utils/check_permission_x.php +++ /dev/null @@ -1,95 +0,0 @@ - - * - * For the full copyright and license information, please view - * the LICENSE file that was distributed with this source code. - */ - -namespace Utils; - -require __DIR__ . '/../system/Test/bootstrap.php'; - -use CodeIgniter\CLI\CLI; -use RecursiveDirectoryIterator; -use RecursiveIteratorIterator; -use RuntimeException; - -function findExecutableFiles($dir) -{ - $execFileList = [ - 'admin/release-userguide', - 'admin/release-deploy', - 'admin/apibot', - 'admin/alldocs', - 'admin/release', - 'admin/docbot', - 'admin/release-notes.bb', - 'admin/release-revert', - 'admin/starter/builds', - 'user_guide_src/add-edit-this-page', - ]; - - $executableFiles = []; - - // Check if the directory exists - if (! is_dir($dir)) { - throw new RuntimeException('No such directory: ' . $dir); - } - - // Create a Recursive Directory Iterator - $iterator = new RecursiveIteratorIterator( - new RecursiveDirectoryIterator($dir), - ); - - // Iterate over each item in the directory - foreach ($iterator as $fileinfo) { - // Check if the item is a file and is executable - if ($fileinfo->isFile() && is_executable($fileinfo->getPathname())) { - $filePath = $fileinfo->getPathname(); - - // Check allow list - if (in_array($filePath, $execFileList, true)) { - continue; - } - - if (str_ends_with($filePath, '.sh')) { - continue; - } - - $executableFiles[] = $filePath; - } - } - - return $executableFiles; -} - -// Main -chdir(__DIR__ . '/../'); - -$dirs = ['admin', 'app', 'system', 'tests', 'user_guide_src', 'utils', 'writable']; - -$executableFiles = []; - -foreach ($dirs as $dir) { - $executableFiles = array_merge($executableFiles, findExecutableFiles($dir)); -} - -if ($executableFiles !== []) { - CLI::write('Files with unnecessary execution permissions were detected:', 'light_gray', 'red'); - - foreach ($executableFiles as $file) { - CLI::write('- ' . $file); - } - - exit(1); -} - -CLI::write('No files with unnecessary execution permissions were detected.', 'black', 'green'); - -exit(0);