feat(validate-cmd-file): add validation for read/execute rights

2025-12-18 09:52:35 +00:00 · 2024-02-09 16:13:06 +01:00 · 2024-02-09 16:13:06 +01:00 · 8efb89b3b3
commit 8efb89b3b3
parent fd4ca43dc2
2 changed files with 20 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -74,7 +74,7 @@ Specify a command to run when the image start.
 By default the image run
 `renovate`.
 This option is useful to customize the image before running `renovate`.
-It must be an existing executable file on the local system.
+It must be an existing file on the local system and the it must have execute permission.
 It will be mounted to the docker container.

 For example you can create a simple script like this one (let's call it
--- a/src/renovate.ts
+++ b/src/renovate.ts
@ -103,14 +103,25 @@ class Renovate {
    }

    const configurationFile = this.input.configurationFile();
-    if (
-      configurationFile !== null &&
-      (!fs.existsSync(configurationFile.value) ||
-        !fs.statSync(configurationFile.value).isFile())
-    ) {
-      throw new Error(
-        `configuration file '${configurationFile.value}' MUST be an existing file`,
-      );
+    if (configurationFile !== null) {
+      if (
+        !fs.existsSync(configurationFile.value) ||
+        !fs.statSync(configurationFile.value).isFile()
+      ) {
+        throw new Error(
+          `configuration file '${configurationFile.value}' MUST be an existing file`,
+        );
+      }
+      try {
+        fs.accessSync(
+          configurationFile.value,
+          fs.constants.S_IXUSR | fs.constants.S_IRUSR,
+        );
+      } catch {
+        throw new Error(
+          `configuration file '${configurationFile.value}' MUST have read and execute rights`,
+        );
+      }
    }
  }
 }