From f3948a895fe027febb4b3aa6c5cd6a4ba0ee5948 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 12 Aug 2023 19:56:52 -0300 Subject: ci: move codespell job into its own workflow Split the spellchecking job from the build-related jobs to make debugging easier. --- .github/workflows/build-extra.yml | 24 ++-------------------- .github/workflows/build.yml | 2 ++ .github/workflows/codeql-analysis.yml | 2 ++ .github/workflows/codespell.yml | 38 +++++++++++++++++++++++++++++++++++ 4 files changed, 44 insertions(+), 22 deletions(-) create mode 100644 .github/workflows/codespell.yml (limited to '.github') diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml index 0f7ddb466..3fc71a299 100644 --- a/.github/workflows/build-extra.yml +++ b/.github/workflows/build-extra.yml @@ -13,6 +13,7 @@ on: - .github/pull_request_template.md - .github/workflows/build.yml - .github/workflows/codeql-analysis.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml @@ -35,6 +36,7 @@ on: - .github/pull_request_template.md - .github/workflows/build.yml - .github/workflows/codeql-analysis.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml @@ -163,25 +165,3 @@ jobs: - run: cppcheck --version - name: cppcheck run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance . - codespell: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 - with: - egress-policy: block - allowed-endpoints: > - archive.ubuntu.com:80 - azure.archive.ubuntu.com:80 - github.com:443 - packages.microsoft.com:443 - ppa.launchpadcontent.net:443 - security.ubuntu.com:80 - - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 - - name: update package information - run: sudo apt-get update -qy - - name: install dependencies - run: sudo apt-get install -qy codespell - - run: codespell --version - - name: codespell - run: make codespell diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cb2c15759..489ed4335 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -9,6 +9,7 @@ on: - .github/pull_request_template.md - .github/workflows/build-extra.yml - .github/workflows/codeql-analysis.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml @@ -26,6 +27,7 @@ on: - .github/pull_request_template.md - .github/workflows/build-extra.yml - .github/workflows/codeql-analysis.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 0f9c0f740..bbd4e47d5 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,6 +18,7 @@ on: - .github/pull_request_template.md - .github/workflows/build-extra.yml - .github/workflows/build.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml @@ -40,6 +41,7 @@ on: - .github/pull_request_template.md - .github/workflows/build-extra.yml - .github/workflows/build.yml + - .github/workflows/codespell.yml - .github/workflows/profile-checks.yml - .gitignore - .gitlab-ci.yml diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml new file mode 100644 index 000000000..aab0674ec --- /dev/null +++ b/.github/workflows/codespell.yml @@ -0,0 +1,38 @@ +name: Codespell + +on: + push: + paths: + - 'src/**' + - 'test/**' + pull_request: + paths: + - 'src/**' + - 'test/**' + +permissions: # added using https://github.com/step-security/secure-workflows + contents: read + +jobs: + codespell: + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09 + with: + egress-policy: block + allowed-endpoints: > + archive.ubuntu.com:80 + azure.archive.ubuntu.com:80 + github.com:443 + packages.microsoft.com:443 + ppa.launchpadcontent.net:443 + security.ubuntu.com:80 + - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 + - name: update package information + run: sudo apt-get update -qy + - name: install dependencies + run: sudo apt-get install -qy codespell + - run: codespell --version + - name: codespell + run: make codespell -- cgit v1.2.3-54-g00ecf From 894b1456a8f80c508bacb31213139090cd232dbd Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 12 Aug 2023 20:14:49 -0300 Subject: ci: run ./configure in codespell Since it runs through make, the target may depend on variables that are defined by ./configure (such as the ones in config.mk). --- .github/workflows/codespell.yml | 2 ++ 1 file changed, 2 insertions(+) (limited to '.github') diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index aab0674ec..19ae6f34d 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -33,6 +33,8 @@ jobs: run: sudo apt-get update -qy - name: install dependencies run: sudo apt-get install -qy codespell + - name: configure + run: ./configure || (cat config.log; exit 1) - run: codespell --version - name: codespell run: make codespell -- cgit v1.2.3-54-g00ecf From b2821a3448b489bc751e4acf2d6da1ad6f05a834 Mon Sep 17 00:00:00 2001 From: "Kelvin M. Klann" Date: Sat, 12 Aug 2023 19:51:30 -0300 Subject: build: run codespell on almost all files Ignore only third-party/vendored files (such as license files and files in m4/). And ignore more words to fix the following errors: $ make codespell Running codespell... ./README:484: als ==> also ./README:646: Shotcut ==> Shortcut ./RELNOTES:516: als ==> also ./etc/inc/disable-common.inc:506: chage ==> change, charge ./etc/apparmor/firejail-default:35: readby ==> read, read by ./etc/apparmor/firejail-default:36: readby ==> read, read by ./etc/profile-a-l/als.profile:1: als ==> also ./etc/profile-a-l/als.profile:5: als ==> also make: *** [Makefile:374: codespell] Error 65 $ codespell --version 2.2.5 --- .github/workflows/codespell.yml | 12 ++++++------ Makefile | 8 ++++++-- 2 files changed, 12 insertions(+), 8 deletions(-) (limited to '.github') diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index 19ae6f34d..e39755dbd 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -2,13 +2,13 @@ name: Codespell on: push: - paths: - - 'src/**' - - 'test/**' + paths-ignore: + - 'm4/**' + - COPYING pull_request: - paths: - - 'src/**' - - 'test/**' + paths-ignore: + - 'm4/**' + - COPYING permissions: # added using https://github.com/step-security/secure-workflows contents: read diff --git a/Makefile b/Makefile index 7bbdcbfd3..c04d721cf 100644 --- a/Makefile +++ b/Makefile @@ -366,12 +366,16 @@ cppcheck: clean scan-build: clean scan-build $(MAKE) +# TODO: Old codespell versions (such as v2.1.0 in CI) have issues with +# contrib/syscalls.sh .PHONY: codespell codespell: @printf 'Running %s...\n' $@ - @codespell --ignore-regex "UE|creat|doas|ether|isplay|shotcut" \ + @codespell --ignore-regex 'UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \ -S *.gz,*.o,*.so \ - src test + -S COPYING,m4 \ + -S ./contrib/syscalls.sh \ + . .PHONY: print-env print-env: -- cgit v1.2.3-54-g00ecf