From a063a2e64daffa7fb3fb5b4f72541bebf02ee719 Mon Sep 17 00:00:00 2001
From: "John Paul E. Balandan, CPA" <paulbalandan@gmail.com>
Date: Sun, 4 Aug 2024 02:58:33 +0800
Subject: [PATCH] Add check-file-permissions script

---
 .github/workflows/static-code-analysis.yml |  3 ++
 bin/check-file-permissions                 | 39 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)
 create mode 100755 bin/check-file-permissions

diff --git a/.github/workflows/static-code-analysis.yml b/.github/workflows/static-code-analysis.yml
index a1156c7..ebbd6f1 100644
--- a/.github/workflows/static-code-analysis.yml
+++ b/.github/workflows/static-code-analysis.yml
@@ -52,6 +52,9 @@ jobs:
       - name: Install dependencies
         run: composer update --ansi
 
+      - name: Check - file permissions
+        run: bin/check-file-permissions
+
       - name: Check - PHP-CS-Fixer
         run: composer cs:check
 
diff --git a/bin/check-file-permissions b/bin/check-file-permissions
new file mode 100755
index 0000000..20e662d
--- /dev/null
+++ b/bin/check-file-permissions
@@ -0,0 +1,39 @@
+#!/usr/bin/env sh
+set -eu
+
+FILES_WITH_WRONG_PERMISSIONS=$(
+    git ls-files --stage . ':!bin/*' \
+    | grep --extended-regexp "^100755 " \
+    | sort -fh
+)
+BIN_FILES_WITH_WRONG_PERMISSIONS=$(
+    git ls-files --stage bin \
+    | grep --invert-match --extended-regexp "^100755 " \
+    | sort -fh
+)
+
+if [ -n "$FILES_WITH_WRONG_PERMISSIONS" ]; then
+    printf '\033[31mFAIL\033[0m Non-executable files with +x permissions were detected!\n'
+    [ -z "${GITHUB_ACTIONS+x}" ] || echo '::group::Non-executable files'
+    echo "$FILES_WITH_WRONG_PERMISSIONS"
+    echo ''
+    echo "$FILES_WITH_WRONG_PERMISSIONS" | awk '{print $4}' | xargs -n1 printf 'Please run "\033[32msudo chmod\033[0m -x %s".\n'
+    [ -z "${GITHUB_ACTIONS+x}" ] || echo '::endgroup::'
+fi
+
+if [ -n "$BIN_FILES_WITH_WRONG_PERMISSIONS" ]; then
+    printf '\033[31mFAIL\033[0m Executable files with -x permissions were detected!\n'
+    [ -z "${GITHUB_ACTIONS+x}" ] || echo '::group::Executable files'
+    echo "$BIN_FILES_WITH_WRONG_PERMISSIONS"
+    echo -e ''
+    echo $BIN_FILES_WITH_WRONG_PERMISSIONS | awk '{print $4}' | xargs -n1 printf 'Please run "\033[32msudo chmod\033[0m +x %s".\n'
+    [ -z "${GITHUB_ACTIONS+x}" ] || echo '::endgroup::'
+fi
+
+if [ -n "$FILES_WITH_WRONG_PERMISSIONS" ]; then
+    exit 3
+elif [ -n "$BIN_FILES_WITH_WRONG_PERMISSIONS" ]; then
+    exit 4
+fi
+
+printf '\033[32mOK\033[0m No wrong permissions were detected.\n'