From 5a6616a14eb94bb07f0798e6d6223dd44310ce45 Mon Sep 17 00:00:00 2001 From: Tim Smith Date: Mon, 2 Oct 2023 15:51:03 -0700 Subject: [PATCH] Update spellcheck GH action to latest Also sync configs Signed-off-by: Tim Smith --- .github/actions/spelling/README.md | 21 +- .github/actions/spelling/advice.md | 2 +- .github/actions/spelling/allow.txt | 1 - .../actions/spelling/line_forbidden.patterns | 434 +++++++++++++++++- .github/actions/spelling/patterns.txt | 44 +- .github/actions/spelling/reject.txt | 1 + .github/dependabot.yaml | 17 - .github/dependabot.yml | 16 + .github/workflows/spell-check.yaml | 10 +- 9 files changed, 501 insertions(+), 45 deletions(-) delete mode 100644 .github/dependabot.yaml create mode 100644 .github/dependabot.yml diff --git a/.github/actions/spelling/README.md b/.github/actions/spelling/README.md index 516ec07..562091e 100644 --- a/.github/actions/spelling/README.md +++ b/.github/actions/spelling/README.md @@ -1,16 +1,15 @@ # check-spelling/check-spelling configuration -| File | Purpose | Format | Info | -| -------------------------------------------------- | -------------------------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | -| [dictionary.txt](dictionary.txt) | Replacement dictionary (creating this file will override the default dictionary) | one word per line | [dictionary](https://github.com/check-spelling/check-spelling/wiki/Configuration#dictionary) | -| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | -| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | -| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | -| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | -| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | -| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | -| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | -| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | +| File | Purpose | Format | Info | +| -------------------------------------------------- | --------------------------------------------------------------- | --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------- | +| [allow.txt](allow.txt) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow) | +| [reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject) | +| [excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes) | +| [only.txt](only.txt) | Only check matching files (applied after excludes) | perl regular expression | [only](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-only) | +| [patterns.txt](patterns.txt) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | +| [line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns) | +| [expect.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect) | +| [advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice) | Note: you can replace any of these files with a directory by the same name (minus the suffix) and then include multiple files inside that directory (with that suffix) to merge multiple files together. diff --git a/.github/actions/spelling/advice.md b/.github/actions/spelling/advice.md index c37267b..cea808b 100644 --- a/.github/actions/spelling/advice.md +++ b/.github/actions/spelling/advice.md @@ -9,7 +9,7 @@ If items relate to a ... File paths are Perl 5 Regular Expressions - you can [test](https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files. - `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](../tree/HEAD/README.md) (on whichever branch you're using). + `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude README.md (on whichever branch you're using). - well-formed pattern. diff --git a/.github/actions/spelling/allow.txt b/.github/actions/spelling/allow.txt index 8b13789..e69de29 100644 --- a/.github/actions/spelling/allow.txt +++ b/.github/actions/spelling/allow.txt @@ -1 +0,0 @@ - diff --git a/.github/actions/spelling/line_forbidden.patterns b/.github/actions/spelling/line_forbidden.patterns index e24d433..d52a2b6 100644 --- a/.github/actions/spelling/line_forbidden.patterns +++ b/.github/actions/spelling/line_forbidden.patterns @@ -1,6 +1,26 @@ -# Detect common combinations of valid words that are in fact invalid. +# Detect common combinations of valid words that are in fact invalid. # Useful for brand capitalizations +# +# Our Terms +# + +# s.b. Mondoo Platform +\sthe Mondoo Platform\b +\sMondoo platform\b + +# s.b. Compliance Hub +\scompliance hub\b +\sCompliance hubplatform\b + +# +# Industry Terms +# + +# s.b. Side scanning +\bSidescanning\b +\bsidescanning\b + # s.b. DevOps \bDev Ops\b \bDevops\b @@ -9,9 +29,55 @@ \bSaas\b \bsaas\b +# s.b. Docker Hub +\bDockerHub\b +\bDockerhub\b + +# s.b. REST API +\bRest API\b +\brest API\b +\brest api\b + # s.b. DevSecOps \bDevsecops\b +# s.b. on-premises +\bon-premise\b + +# +# Product Names +# + +# s.b. Jira +\bJIRA\b + +# s.b. MariaDB +\bMaria DB\b +\bmariaDB\b +# \bmariaDb\b causes failures in MQL queries + +# s.b. PostgreSQL +\bPostgreSql\b + +# s.b. Firefox +\bFireFox\b + +# s.b. CentOS +\bCentos\b +\bCent OS\b +\bcentOS\b + +# s.b. macOS +\bOS X\b +\bMacOS\b +\bMac OS\b + +# s.b. Okta +\bOcta\b + +# s.b. Elasticsearch +\bElasticSearch\b + # s.b. DocuSign \bDocu Sign\b @@ -26,12 +92,17 @@ \bMongo DB\b \bMongoDb\b +# s.b. MySQL +\bMysql\b +\bMySql\b + # s.b. OpenStack \bOpen Stack\b \bOpenstack\b # s.b. Red Hat \bRedHat\b +\bRedhat\b # s.b. AlmaLinux \bAlma Linux\b @@ -49,6 +120,10 @@ \bApparmor\b \bApp Armor\b +# s.b. SELinux +\bSeLinux\b +\bSelinux\b + # s.b. InSpec \b[Ii]nspec\b @@ -58,18 +133,353 @@ # s.b. GitLab \bGitlab\b -# s.b. EventBridge -\bEventbridge\b - -# s.b. CloudWatch -\bCloudwatch\b - # s.b. JavaScript \bJavascript\b +# s.b. OpenSSL +\bOpenssl\b +\bopenSSL\b + +# +# Microsoft Products +# + # s.b. Microsoft \bMicroSoft\b +# s.b. Windows Server +\bWindows server\b + +# s.b. Team Foundation Server +\bTeam foundation server\b +\bteam foundation server\b + +# s.b. Active Directory +\bActive directory\b +\bactive directory\b + +# s.b. Group Policy Object +\bGroup policy object\b +\bgroup policy object\b +\bGroup Policy object\b + +# +# VMware Products +# + +# s.b. VMware +\bVmware\b +\bVMWare\b + +# s.b. vCenter +\bVcenter\b +\bVCenter\b + +# s.b. vSphere +\bVsphere\b +\bVSphere\b + +# s.b. ESXi +\bEsxi\b + +# +# AWS Products +# + +# s.b. App2Container +\bApp2container\b + +# s.b. AppFlow +\bAppflow\b + +# s.b. AppSync +\bAppsync\b + +# s.b. CloudEnsure +\bCloudensure\b + +# s.b. CloudFormation +\bCloudformation\b + +# s.b. CloudFront +\bCloudfront\b + +# s.b. CloudHSM +\bCloudHsm\b +\bCloudhsm\b + +# s.b. CloudSearch +\bCloudsearch\b + +# s.b. CloudShell +# we can't check for Cloud Shell since that's what Azure calls it +\bCloudshell\b +\bcloudshell\b + +# s.b. CloudTrail +\bCloudtrail\b + +# s.b. CloudWatch +\bCloudwatch\b + +# s.b. CodeArtifact +\bCodeartifact\b + +# s.b. CodeBuild +\bCodebuild\b + +# s.b. CodeCommit +\bCodecommit\b + +# s.b. CodeDeploy +\bCodedeploy\b + +# s.b. CodeGuru +\bCodeguru\b + +# s.b. CodePipeline +\bCodepipeline\b + +# s.b. CodeStar +\bCodestar\b + +# s.b. Copilot +\bCoPilot\b + +# s.b. DeepRacer +\bDeepracer\b + +# s.b. DocumentDB +\bDocument DB\b +\bDocumentDb\b + +# s.b. DynamoDB +\bDynamo DB\b +\bDynamoDb\b + +# s.b. ElastiCache +\bElasticache\b + +# s.b. EventBridge +\bEventbridge\b + +# s.b. Fargate +\bFarGate\b + +# s.b. FinSpace +\bFinSpace\b + +# s.b. FSx +\bFSX\b + +# s.b. GameLift +\bGamelift\b + +# s.b. GuardDuty +\bGuardduty\b + +# s.b. Honeycode +\bHoneyCode\b + +# s.b. Lightsail +\bLightSail\b + +# s.b. MXNet +\bMxnet\b +\bMXnet\b + +# s.b. OpenSearch +\bOpensearch\b + +# s.b. OpenShift +\bOpenshift\b + +# s.b. PrivateLink +\bPrivatelink\b + +# s.b. QuickSight +\bQuicksight\b + +# s.b. Redshift +\bRedShift\b + +# s.b. RoboMaker +\bRobomaker\b + +# s.b. Route 53 +\bRoute53\b + +# s.b. SageMaker +\bSagemaker\b + +# s.b. SiteWise +\bSitewise\b + +# s.b. WorkDocs +\bWorkdocs\b + +# s.b. WorkMail +\bWorkmail\b + +# +# GCP Products +# + +# s.b. Pub/Sub +\bPubSub\b + +# s.b. Cloud SQL +\bCloudSQL\b + +# s.b. Cloud CDN +\bCloudCDN\b + +# s.b. Cloud Functions +\bCloud functions\b + +# s.b. Vertex AI +\bVertexAI\b + +# s.b. Dialogflow +\bDialogFlow\b + +# s.b. Dataplex +\bDataPlex\b + +# s.b. BigLake +\bBig Lake\b + +# s.b. AlloyDB +\bAlloy DB\b + +# s.b. Firestore +\bFireStore\b + +# s.b. Datastream +\bDataStream\b +\bData Stream\b + +# s.b. Memorystore +\bMemoryStore\b +\bMemory Store\b + +# s.b. TensorFlow +\bTensor Flow\b + +# s.b. AppEngine +\bApp Engine\b + +# s.b. AppEngine +\bApp Engine\b + +# s.b. Compute Engine +\bComputeEngine\b +\bCompute engine\b + +# s.b. VMware Engine +\bVMware engine\b +\bVMWare Engine\b + +# s.b. Knative +\bKNative\b + +# s.b. BigQuery +\bBig Query\b + +# s.b. Cloud Build +\bCloudBuild\b +\bCloud build\b + +# s.b. Cloud Run +\bCloudRun\b +\bCloud run\b + +# +# Azure Products +# + +# s.b. Key Vault +\bKey vault\b +\bKeyVault\b + +# s.b. Ampere +\bampere\b + +# s.b. Azure DevOps Server +\bAzure DevOps server\b + +# s.b. Synapse Analytics +\bSynapse analytics\b +\bsynapse analytics\b + +# s.b. Cognitive Services +\bCognitive services\b +\bcognitive services\b + +# s.b. Event Hubs +\bEvent hubs\b +\bevent hubs\b + +# s.b. CloudOps +\bCloud Ops\b +\bCloud ops\b +\bcloud ops\b + +# s.b. Batch Service +\bBatch service\b +\bbatch service\b + +# s.b. Service Fabric Cluster +\bservice fabric cluster\b + +# s.b. Azure Kubernetes Service +\bAzure Kubernetes service\b + +# s.b. Cosmos DB +\bCosmosDB\b +\bCosmoDB\b +\bCosmo DB\b + +# s.b. SignalR Service +\bSignalR service\b +\bSignal R Service\b + +# s.b. App Service Certificate +\bapp service certificate\b + +# s.b. Privileged Identity Management +\bprivileged identity management\b + +# s.b. BizTalk Service +\bBizTalk service\b +\bBiztalk service\b +\bBiz Talk service\b +\bBiz Talk Service\b + +# s.b. Data Box +\bdata box\b + +# s.b. Database Migration Service +\bdatabase migration service\b + +# s.b. Internet Analyzer +\bInternet analyzer\b +\binternet analyzer\b + +# s.b. Web Application Firewall +\bWeb application firewall\b +\bweb Application Firewall\b + +# s.b. SQL Vulnerability Assessment +\bSQL vulnerability assessment\b + +# s.b. StorSimple +\bStor Simple\b + +# +# Common Typos +# + # s.b. another \ban[- ]other\b @@ -101,5 +511,15 @@ # s.b. reentrant [Rr]e-entrant +# s.b. policies +[Pp]olices + +# s.b. ID +# \bId\b # disabled in this repo due to false positives + +# s.b. CSV +\bCVS\b + # Reject duplicate words \s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s + diff --git a/.github/actions/spelling/patterns.txt b/.github/actions/spelling/patterns.txt index 48a903e..0f6ce24 100644 --- a/.github/actions/spelling/patterns.txt +++ b/.github/actions/spelling/patterns.txt @@ -14,16 +14,56 @@ \b([A-Za-z])\g{-1}{3,}\b # ignore funky space IDs that blow up spell checking -\.api\.mondoo\.app\/spaces\/.* +api\.mondoo\.app\/space.*\b +console\.mondoo\.com\/space.*\b # azure subscription ID [0-9A-Fa-f]{8}-([0-9A-Fa-f]{4}-){3}[0-9A-Fa-f]{12} +# azure subscriptions URL +\/subscriptions\/\S* + # docker container -[a-z,0-9]{12} +\b[a-z,0-9]{12}\b # URLs in markdown links / images ]\(.*\) # Azure Key Vault Vault. It feels wrong, but it's technically right Key Vault Vault + +# luna containers in scan output +\bluna/.*\b + +# this comes up in permissions and is valid +\broot root\b + +# AWS resources +(ami|subnet|vpc|sg)-[0-9a-fA-F]{17} + +# http and https URLs +https?:\/\/(www\.)?[-a-zA-Z0-9@:%._\+~#=]{1,256}\.[a-zA-Z0-9()]{1,6}\b([-a-zA-Z0-9()@:%_\+.~#?&//=]*) + +# registry key paths +HKEY_[\w\\]* + +# Container digests +\bsha256:\w* + +# mime types +\bapplication\/\S* + +# skip mql uids +uid:\s.*$ + +# ARN values +\barn:\S* + +# mac user dir path +\/Users\/\S* + +# AWS Token, ID access key, etc +aws_session_token\s+\=(\s+)?.+ +aws_access_key_id\s+\=(\s+)?.+ +aws_secret_access_key\s+\=(\s+)?.+ + diff --git a/.github/actions/spelling/reject.txt b/.github/actions/spelling/reject.txt index b5a6d36..0246d0f 100644 --- a/.github/actions/spelling/reject.txt +++ b/.github/actions/spelling/reject.txt @@ -1,3 +1,4 @@ +ad-hoc ^attache$ benefitting occurences? diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml deleted file mode 100644 index 3193c83..0000000 --- a/.github/dependabot.yaml +++ /dev/null @@ -1,17 +0,0 @@ -# Copyright (c) Mondoo, Inc. -# SPDX-License-Identifier: BUSL-1.1 - -version: 2 -updates: - - package-ecosystem: "gomod" # See documentation for possible values - directory: "/" # Location of package manifests - schedule: - interval: "daily" - allow: - - dependency-name: "github.com/hashicorp/packer-plugin-sdk" - - dependency-name: "github.com/hashicorp/hcl/v2" - - dependency-name: "github.com/zclconf/go-cty" - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..10e0d02 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,16 @@ +--- +version: 2 +updates: + - package-ecosystem: gomod + directory: / + schedule: + interval: weekly + allow: + - dependency-name: "github.com/hashicorp/packer-plugin-sdk" + - dependency-name: "github.com/hashicorp/hcl/v2" + - dependency-name: "github.com/zclconf/go-cty" + - package-ecosystem: github-actions + directory: / + schedule: + interval: weekly + diff --git a/.github/workflows/spell-check.yaml b/.github/workflows/spell-check.yaml index e2ad32c..13c1d12 100644 --- a/.github/workflows/spell-check.yaml +++ b/.github/workflows/spell-check.yaml @@ -3,9 +3,7 @@ name: Spell Checking on: pull_request: - push: - branches: - - main + types: [opened, reopened, synchronize] jobs: spelling: @@ -25,12 +23,12 @@ jobs: steps: - name: check-spelling id: spelling - uses: check-spelling/check-spelling@v0.0.21 + uses: check-spelling/check-spelling@v0.0.22 with: suppress_push_for_open_pull_request: 1 checkout: true post_comment: 0 - dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20220816/dictionaries/"}' + dictionary_source_prefixes: '{"mondoo": "https://raw.githubusercontent.com/mondoohq/spellcheck-dictionary/main/", "cspell": "https://raw.githubusercontent.com/check-spelling/cspell-dicts/v20230509/dictionaries/"}' extra_dictionaries: cspell:aws/aws.txt cspell:filetypes/filetypes.txt @@ -49,7 +47,7 @@ jobs: if: (success() || failure()) && needs.spelling.outputs.followup steps: - name: comment - uses: check-spelling/check-spelling@v0.0.21 + uses: check-spelling/check-spelling@v0.0.22 with: checkout: true task: ${{ needs.spelling.outputs.followup }}