Skip to content

Add CI workflow to check for unintended executable permissions in scripts #67

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 17, 2025
Merged

Add CI workflow to check for unintended executable permissions in scripts #67

merged 1 commit into from
Jun 17, 2025

Conversation

smuppand
Copy link
Contributor

@smuppand smuppand commented Jun 4, 2025
edited
Loading

This PR introduces a GitHub Actions workflow: check-executable-permissions.yml, which scans all tracked files in pull requests to ensure only expected files have executable (+x) permissions.

🔒 Why this is useful:

Prevents accidental commits with chmod +x on README.md, docs, or config files.

Enforces consistent permissions across the repository.

Avoids noisy diffs and review confusion caused by file mode changes.

✅ Allowlisted files (example):

run.sh

Any known executable under scripts/ or utils/

You can update the allowlist inside the workflow file if needed.

@mwasilew @vnarapar

@smuppand smuppand force-pushed the main branch 2 times, most recently from 791d3d4 to e0f0ea1 Compare June 6, 2025 11:38
@smuppand
ci: Add check-executable-permissions workflow to catch misconfigured …
7551c73 
…file modes

Adds a GitHub Actions workflow to validate that only explicitly intended files (like run.sh or executable binaries) have executable permissions.
This helps prevent accidental commits of files with incorrect modes (e.g., *.md, *.txt marked as executable).

The check runs on each PR and fails the job if any suspicious file permission is detected, improving repo hygiene and review quality.

Exemptions (e.g., run.sh) can be controlled by editing the allowlist.

Signed-off-by: Srikanth Muppandam <[email protected]>
@smuppand smuppand requested a review from abbajaj806 June 17, 2025 05:26
abbajaj806
abbajaj806 approved these changes Jun 17, 2025
View reviewed changes
Copy link
Contributor

@abbajaj806 abbajaj806 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good to me.

@abbajaj806 abbajaj806 merged commit fc52e32 into qualcomm-linux:main Jun 17, 2025
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abbajaj806 abbajaj806 abbajaj806 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@smuppand @abbajaj806