# Checks the spelling on all non-third-party files.

name: Codespell

on:
  workflow_dispatch:
  push:
    branches-ignore:
      - 'dependabot/**'
    paths-ignore:
      - 'm4/**'
      - COPYING
  pull_request:
    paths-ignore:
      - 'm4/**'
      - COPYING

permissions:  # added using https://github.com/step-security/secure-workflows
  contents: read

jobs:
  codespell:
    runs-on: ubuntu-22.04
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895
      with:
        egress-policy: block
        allowed-endpoints: >
          archive.ubuntu.com:80
          azure.archive.ubuntu.com:80
          github.com:443
          packages.microsoft.com:443
          ppa.launchpadcontent.net:443
          security.ubuntu.com:80
    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
    - name: update package information
      run: sudo apt-get update -qy
    - name: install dependencies
      run: sudo apt-get install -qy codespell
    - name: print env
      run: ./ci/printenv.sh
    - name: configure
      run: ./configure || (cat config.log; exit 1)
    - run: codespell --version
    - name: codespell
      run: make codespell