feat(validate-cmd-file): add validation for read/execute rights

README.md

@@ -74,7 +74,7 @@ Specify a command to run when the image start.
 By default the image run
 `renovate`.
 This option is useful to customize the image before running `renovate`.
-It must be an existing executable file on the local system.
+It must be an existing file on the local system and the it must have execute permission.
 It will be mounted to the docker container.
 
 For example you can create a simple script like this one (let's call it

src/renovate.ts

@@ -103,15 +103,26 @@ class Renovate {
     }
 
     const configurationFile = this.input.configurationFile();
+    if (configurationFile !== null) {
       if (
-      configurationFile !== null &&
+        !fs.existsSync(configurationFile.value) ||
-      (!fs.existsSync(configurationFile.value) ||
+        !fs.statSync(configurationFile.value).isFile()
-        !fs.statSync(configurationFile.value).isFile())
       ) {
         throw new Error(
           `configuration file '${configurationFile.value}' MUST be an existing file`,
         );
       }
+      try {
+        fs.accessSync(
+          configurationFile.value,
+          fs.constants.S_IXUSR | fs.constants.S_IRUSR,
+        );
+      } catch {
+        throw new Error(
+          `configuration file '${configurationFile.value}' MUST have read and execute rights`,
+        );
+      }
+    }
   }
 }