Merge pull request #5955 from kmk3/build-codespell-improvements

build: codespell improvements
netblue30 · Aug 14, 2023 · fd05c9a · fd05c9a
2 parents e6b7fdf + b2821a3
commit fd05c9a
Show file tree

Hide file tree

Showing 12 changed files with 64 additions and 33 deletions.
diff --git a/.github/workflows/build-extra.yml b/.github/workflows/build-extra.yml
@@ -13,6 +13,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build.yml
  - .github/workflows/codeql-analysis.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml
@@ -35,6 +36,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build.yml
  - .github/workflows/codeql-analysis.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml
@@ -163,25 +165,3 @@ jobs:
  - run: cppcheck --version
  - name: cppcheck
  run: cppcheck -q --force --error-exitcode=1 --enable=warning,performance .
- codespell:
- runs-on: ubuntu-22.04
- steps:
- - name: Harden Runner
- uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
- with:
- egress-policy: block
- allowed-endpoints: >
- archive.ubuntu.com:80
- azure.archive.ubuntu.com:80
- github.com:443
- packages.microsoft.com:443
- ppa.launchpadcontent.net:443
- security.ubuntu.com:80
- - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
- - name: update package information
- run: sudo apt-get update -qy
- - name: install dependencies
- run: sudo apt-get install -qy codespell
- - run: codespell --version
- - name: codespell
- run: make codespell
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -9,6 +9,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build-extra.yml
  - .github/workflows/codeql-analysis.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml
@@ -26,6 +27,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build-extra.yml
  - .github/workflows/codeql-analysis.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml

diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -18,6 +18,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build-extra.yml
  - .github/workflows/build.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml
@@ -40,6 +41,7 @@ on:
  - .github/pull_request_template.md
  - .github/workflows/build-extra.yml
  - .github/workflows/build.yml
+ - .github/workflows/codespell.yml
  - .github/workflows/profile-checks.yml
  - .gitignore
  - .gitlab-ci.yml

diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -0,0 +1,40 @@
+name: Codespell
+
+on:
+ push:
+ paths-ignore:
+ - 'm4/**'
+ - COPYING
+ pull_request:
+ paths-ignore:
+ - 'm4/**'
+ - COPYING
+
+permissions: # added using https://github.com/step-security/secure-workflows
+ contents: read
+
+jobs:
+ codespell:
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Harden Runner
+ uses: step-security/harden-runner@8ca2b8b2ece13480cda6dacd3511b49857a23c09
+ with:
+ egress-policy: block
+ allowed-endpoints: >
+ archive.ubuntu.com:80
+ azure.archive.ubuntu.com:80
+ github.com:443
+ packages.microsoft.com:443
+ ppa.launchpadcontent.net:443
+ security.ubuntu.com:80
+ - uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9
+ - name: update package information
+ run: sudo apt-get update -qy
+ - name: install dependencies
+ run: sudo apt-get install -qy codespell
+ - name: configure
+ run: ./configure || (cat config.log; exit 1)
+ - run: codespell --version
+ - name: codespell
+ run: make codespell
diff --git a/Makefile b/Makefile
@@ -366,9 +366,16 @@ cppcheck: clean
 scan-build: clean
  scan-build $(MAKE)
 
+# TODO: Old codespell versions (such as v2.1.0 in CI) have issues with
+# contrib/syscalls.sh
 .PHONY: codespell
-codespell: clean
- codespell --ignore-regex "UE|creat|doas|ether|isplay|shotcut" src test
+codespell:
+ @printf 'Running %s...\n' $@
+ @codespell --ignore-regex 'UE|als|chage|creat|doas|ether|isplay|readby|[Ss]hotcut' \
+ -S *.gz,*.o,*.so \
+ -S COPYING,m4 \
+ -S ./contrib/syscalls.sh \
+ .
 
 .PHONY: print-env
 print-env:

diff --git a/RELNOTES b/RELNOTES
@@ -363,7 +363,7 @@ firejail (0.9.62) baseline; urgency=low
  * whitelisting /usr/share in a large number of profiles
  * new scripts in contrib: gdb-firejail.sh and sort.py
  * enhancement: whitelist /usr/share in some profiles
- * added signal mediation ot apparmor profile
+ * added signal mediation to apparmor profile
  * new conditions: HAS_X11, HAS_NET
  * new profiles: qgis, klatexformula, klatexformula_cmdl, links, xlinks
  * new profiles: pandoc, teams-for-linux, OpenArena, gnome-sound-recorder
@@ -758,7 +758,7 @@ firejail (0.9.44.4) baseline; urgency=low
 
 firejail (0.9.44.2) baseline; urgency=low
  * security: overwrite /etc/resolv.conf found by Martin Carpenter (CVE-2016-10118)
- * secuirty: TOCTOU exploit for --get and --put found by Daniel Hodson
+ * security: TOCTOU exploit for --get and --put found by Daniel Hodson
  * security: invalid environment exploit found by Martin Carpenter (CVE-2016-10122)
  * security: several security enhancements
  * bugfix: crashing VLC by pressing Ctrl-O

diff --git a/contrib/jail_prober.py b/contrib/jail_prober.py
@@ -151,8 +151,8 @@ def run_firejail(program, all_args):
  if arg:
  myargs.insert(-1, arg)
  subprocess.call(myargs)
- ans = input('Did %s run correctly? [y]/n ' % program)
- if ans in ['n', 'N']:
+ answer = input('Did %s run correctly? [y]/n ' % program)
+ if answer in ['n', 'N']:
  bad_args.append(arg)
  elif arg:
  good_args.insert(-1, arg)

diff --git a/etc/profile-a-l/kwin_x11.profile b/etc/profile-a-l/kwin_x11.profile
@@ -5,7 +5,7 @@ include kwin_x11.local
 # Persistent global definitions
 include globals.local
 
-# fix automatical kwin_x11 sandboxing:
+# fix automatic kwin_x11 sandboxing:
 # echo KDEWM=kwin_x11 >> ~/.pam_environment
 
 noblacklist ${HOME}/.cache/kwin

diff --git a/etc/profile-m-z/tvbrowser.profile b/etc/profile-m-z/tvbrowser.profile
@@ -1,5 +1,5 @@
 # Firejail profile for tvbrowser
-# Description: java tv programm form tvbrowser.org
+# Description: java tv program form tvbrowser.org
 # This file is overwritten after every install/update
 # Persistent local customizations
 include tvbrowser.local

diff --git a/etc/profile-m-z/twitch.profile b/etc/profile-m-z/twitch.profile
@@ -1,5 +1,5 @@
 # Firejail profile for twitch
-# Description: Unofficial electron based desktop warpper for Twitch
+# Description: Unofficial electron based desktop wrapper for Twitch
 # This file is overwritten after every install/update
 # Persistent local customizations
 include twitch.local

diff --git a/etc/profile-m-z/youtube.profile b/etc/profile-m-z/youtube.profile
@@ -1,5 +1,5 @@
 # Firejail profile for youtube
-# Description: Unofficial electron based desktop warpper for YouTube
+# Description: Unofficial electron based desktop wrapper for YouTube
 # This file is overwritten after every install/update
 # Persistent local customizations
 include youtube.local

diff --git a/etc/profile-m-z/youtubemusic-nativefier.profile b/etc/profile-m-z/youtubemusic-nativefier.profile
@@ -1,5 +1,5 @@
 # Firejail profile for youtubemusic-nativefier
-# Description: Unofficial electron based desktop warpper for YouTube Music
+# Description: Unofficial electron based desktop wrapper for YouTube Music
 # This file is overwritten after every install/update
 # Persistent local customizations
 include youtube.local