Add PR check to ensure sidecar executable files are have correct perm…

…issions (#824)

If a sidecar adds any .sh files, check that they are executable to prevent entrypoint errors.

Fixes eclipse-che/che#18737

Signed-off-by: Eric Williams <ericwill@redhat.com>

.ci/sidecar-check-script-permissions.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+#
+# Copyright (c) 2021 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+set -e
+
+# shellcheck disable=SC2207
+FILES_CHANGED=($(git diff --name-only -r "$1" "$2" -- "sidecars/*.sh"))
+NON_EXECUTABLE_SCRIPTS=()
+
+for file in "${FILES_CHANGED[@]}"
+do
+    if ! [[ -x "$file" ]]; then
+        echo "ERROR: $file is not executable"
+        NON_EXECUTABLE_SCRIPTS+=("$file")
+    fi
+done
+
+# shellcheck disable=SC2199
+if [[ "${NON_EXECUTABLE_SCRIPTS[@]}" ]]; then
+    exit 1
+fi

.github/workflows/sidecar-scripts-executable-pr-check.yaml

@@ -0,0 +1,30 @@
+#
+# Copyright (c) 2021 Red Hat, Inc.
+# This program and the accompanying materials are made
+# available under the terms of the Eclipse Public License 2.0
+# which is available at https://www.eclipse.org/legal/epl-2.0/
+#
+# SPDX-License-Identifier: EPL-2.0
+#
+
+name: Sidecar scripts PR check
+
+on:
+  pull_request:
+    paths:
+    - 'sidecars/**'
+
+jobs:
+  executable-permissions-pr-check:
+    runs-on: ubuntu-20.04
+
+    steps:
+    - name: Clone source code
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+        ref: ${{ github.event.pull_request.head.sha }}
+
+    - name: Check .sh files inside sidecars folder
+      run: |
+        ./.ci/sidecar-check-script-permissions.sh origin/${{ github.base_ref }} ${{ github.event.pull_request.head.sha }}