@@ -20,31 +20,27 @@ jobs:
2020 runs-on : ubuntu-24.04
2121 steps :
2222 - name : Checkout code
23+ uses : actions/checkout@v4
24+ with :
25+ path : o
26+
27+ - name : Prepare code
2328 env :
24- PR_NUMBER : ${{ github.event.pull_request.number }}
25- PR_HEAD_SHA : ${{ github.event.pull_request.head.sha }}
26- REPO_OWNER : ${{ github.repository_owner }}
27- REPO_NAME : ${{ github.event.repository.name }}
29+ REPO : ${{ github.repository_owner }}/${{ github.event.repository.name }}
30+ PR : ${{ github.event.pull_request.number }}
2831 run : |
29- # Checkout patched files using the REST API and install dependencies concurrently
32+ # Install dependencies and select files to check
3033 pip install codespell &
3134 composer global require -q friendsofphp/php-cs-fixer seld/jsonlint symfony/yaml &
32- mkdir a
3335
34- gh api -H "Accept: application/vnd.github.v3.raw" \
35- "/repos/$REPO_OWNER/$REPO_NAME/contents/.php-cs-fixer.dist.php?ref=$PR_HEAD_SHA" \
36- > a/.php-cs-fixer.dist.php || rm a/.php-cs-fixer.dist.php &
37-
38- gh api --paginate "/repos/$REPO_OWNER/$REPO_NAME/pulls/$PR_NUMBER/files" \
39- | jq -c '.[] | select(.status != "removed") | {filename, sha}' \
40- | while read -r FILE_OBJ; do
41- FILENAME=$(echo "$FILE_OBJ" | jq -r '.filename')
42- FILE_SHA=$(echo "$FILE_OBJ" | jq -r '.sha')
36+ mkdir a
37+ [ -e o/.php-cs-fixer.dist.php ] && cp -a {o,a}/.php-cs-fixer.dist.php
4338
39+ gh api --paginate "/repos/$REPO/pulls/$PR/files" \
40+ | jq -c '.[] | select(.status != "removed") | filename' \
41+ | while read -r FILENAME; do
4442 mkdir -p "a/$(dirname "$FILENAME")"
45- gh api -H "Accept: application/vnd.github.raw" \
46- "/repos/$REPO_OWNER/$REPO_NAME/git/blobs/$FILE_SHA" \
47- > "a/$FILENAME" &
43+ cp -a {o,a}/"$FILENAME"
4844 done
4945
5046 wait
@@ -86,13 +82,12 @@ jobs:
8682name : Check for merge commits
8783 if : always()
8884 env :
89- PR_NUMBER : ${{ github.event.pull_request.number }}
90- REPO_OWNER : ${{ github.repository_owner }}
91- REPO_NAME : ${{ github.event.repository.name }}
85+ REPO : ${{ github.repository_owner }}/${{ github.event.repository.name }}
86+ PR : ${{ github.event.pull_request.number }}
9287 run : |
9388 # If a PR contains merge commits, fail the job
9489 gh api -H "Accept: application/vnd.github.v3+json" \
95- "/repos/$REPO_OWNER/$REPO_NAME /pulls/$PR_NUMBER /commits" \
90+ "/repos/$REPO_OWNER/$REPO /pulls/$PR /commits" \
9691 | jq -r '.[].parents | length > 1' | grep true > /dev/null && {
9792 echo "::error::Merge commits are not allowed in pull requests."
9893 echo "Please rebase your branch."
@@ -245,6 +240,30 @@ jobs:
245240 exit 1
246241 fi
247242
243+ name : Check file permissions
244+ if : always()
245+ run : |
246+ # Check for executable files without a shebang or that are not recognized as executables
247+ cd a
248+ find -type f -perm /u+x,g+x,o+x | while read -r FILE_PATH; do
249+ if head -n 1 "$FILE_PATH" 2>/dev/null | grep -q '^#!'; then
250+ continue
251+ fi
252+ if file -b "$file_path" 2>/dev/null | grep -qi 'elf'; then
253+ continue
254+ fi
255+ echo "$FILE_PATH" >> ../PROBLEM_FILES
256+ done
257+ cd ..
258+
259+ if [ -e PROBLEM_FILES ]; then
260+ echo "::error::Found executable files without a shebang or that are not recognized as executables:"
261+ echo -e "\n \n$(cat PROBLEM_FILES)\n \n"
262+ echo "Remove executable permissions: 'chmod -x <file>' for each listed file."
263+ rm PROBLEM_FILES
264+ exit 1
265+ fi
266+
248267name : 🧠 Fabbot can generate false-positives. Cherry-pick as fits 🍒. Reviewers will help.
249268 if : always()
250269 run : exit 0
0 commit comments