Merge branch 'qualcomm-linux:main' into main

Author: manasab-qli

.github/workflows/check-executable-permissions.yml

@@ -0,0 +1,46 @@
+name: Enforce Script Executable Permissions
+
+on:
+  pull_request_target:
+    branches: [ "main" ]
+    paths:
+      - '**/run.sh'
+      - '**/*.sh'
+  push:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+jobs:
+  permissions:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Detect missing executable permissions on shell scripts
+        run: |
+          # Find all .sh and run.sh scripts without +x
+          BAD=$(find . -type f \( -name "*.sh" -o -name "run.sh" \) ! -perm -u=x)
+          if [ -n "$BAD" ]; then
+            echo "::error file=run.sh,line=1::❌ Some shell scripts are missing executable permissions. This can break CI and LAVA. Please fix before merging."
+            echo "::error file=run.sh,line=2::To fix, run: find . -name '*.sh' -o -name 'run.sh' | xargs chmod +x && git add . && git commit -m 'Fix: restore executable bits on scripts' && git push"
+            echo ""
+            echo "The following scripts need 'chmod +x':"
+            echo "$BAD"
+            # Output a PR annotation for each file
+            echo "$BAD" | while read -r file; do
+              echo "::error file=$file,line=1::$file is not executable. Please run: chmod +x $file && git add $file"
+            done
+            exit 1
+          else
+            echo "✅ All shell scripts have correct executable permissions."
+          fi
+
+      - name: Detect accidental executables on non-shell files (optional, warning only)
+        run: |
+          # (Advanced/optional) Warn if any non-.sh file has +x (customize as needed)
+          OTHER_EXEC=$(find . -type f ! -name '*.sh' ! -name 'run.sh' -perm -u=x)
+          if [ -n "$OTHER_EXEC" ]; then
+            echo "::warning file=run.sh,line=1::Warning: Non-shell files with executable permissions detected. Review if needed."
+            echo "$OTHER_EXEC"
+          fi

.github/workflows/copyright-license-checker-action.yml

@@ -0,0 +1,23 @@
+name: preflight-checkers 
+on:
+  pull_request_target:
+    branches: [ "main" ]
+  push:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+permissions:
+ contents: read
+ security-events: write
+
+jobs:
+  checker:
+    uses: qualcomm-linux/qli-actions/.github/workflows/multi-checker.yml@main
+    with:
+        repolinter: true # default: true
+        semgrep: true # default: true
+        copyright-license-detector: true # default: true
+        pr-check-emails: true # default: true
+
+    secrets:
+      SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}

.github/workflows/preflight-checker-workflow.yml

@@ -0,0 +1,19 @@
+name: Shell Lint
+
+on:
+  pull_request_target:
+    branches: [ "main" ]
+  push:
+    branches: [ "main" ]
+  workflow_dispatch:
+
+jobs:
+  shellcheck:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+      - name: Install ShellCheck 0.9.0-1
+        run: sudo apt-get install -y shellcheck=0.9.0-1
+      - name: Run ShellCheck with exclusions
+        run: |
+          find . -name '*.sh' -print0 | xargs -0 shellcheck -S warning -e SC1091,SC2230,SC3043