diff --git a/.github/actions/spelling/expect.txt b/.github/actions/spelling/expect.txt index 4707980e68c..bd1b84c5ff7 100644 --- a/.github/actions/spelling/expect.txt +++ b/.github/actions/spelling/expect.txt @@ -149,6 +149,8 @@ coredns corejs corepack coreutils +cpanm +cpanminus crds credfwd CREDHELPER @@ -209,6 +211,7 @@ doclink dompurify donotuse dotfile +dotnet dport dri DSL diff --git a/.github/workflows/spelling.yml b/.github/workflows/spelling.yml index 9d8e4cf7a9b..13702d4c753 100644 --- a/.github/workflows/spelling.yml +++ b/.github/workflows/spelling.yml @@ -1,154 +1,53 @@ name: Check Spelling -# Comment management is handled through a secondary job, for details see: -# https://github.com/check-spelling/check-spelling/wiki/Feature%3A-Restricted-Permissions -# -# `jobs.comment-push` runs when a push is made to a repository and the `jobs.spelling` job needs to make a comment -# (in odd cases, it might actually run just to collapse a comment, but that's fairly rare) -# it needs `contents: write` in order to add a comment. -# -# `jobs.comment-pr` runs when a pull_request is made to a repository and the `jobs.spelling` job needs to make a comment -# or collapse a comment (in the case where it had previously made a comment and now no longer needs to show a comment) -# it needs `pull-requests: write` in order to manipulate those comments. - -# Updating pull request branches is managed via comment handling. -# For details, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-expect-list -# -# These elements work together to make it happen: -# -# `on.issue_comment` -# This event listens to comments by users asking to update the metadata. -# -# `jobs.update` -# This job runs in response to an issue_comment and will push a new commit -# to update the spelling metadata. -# -# `with.experimental_apply_changes_via_bot` -# Tells the action to support and generate messages that enable it -# to make a commit to update the spelling metadata. -# -# `with.ssh_key` -# In order to trigger workflows when the commit is made, you can provide a -# secret (typically, a write-enabled github deploy key). -# -# For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key - -# Sarif reporting -# -# Access to Sarif reports is generally restricted (by GitHub) to members of the repository. -# -# Requires enabling `security-events: write` -# and configuring the action with `use_sarif: 1` -# -# For information on the feature, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Sarif-output - -# Minimal workflow structure: -# -# on: -# push: -# ... -# pull_request_target: -# ... -# jobs: -# # you only want the spelling job, all others should be omitted -# spelling: -# # remove `security-events: write` and `use_sarif: 1` -# # remove `experimental_apply_changes_via_bot: 1` -# ... otherwise adjust the `with:` as you wish - on: push: branches: - "**" tags-ignore: - "**" - pull_request_target: + pull_request: branches: - "**" types: - 'opened' - 'reopened' - 'synchronize' - issue_comment: - types: - - 'created' jobs: spelling: name: Check Spelling permissions: contents: read - pull-requests: read - actions: read - security-events: write - outputs: - followup: ${{ steps.spelling.outputs.followup }} + security-events: write # To be able to write SARIF events runs-on: ubuntu-latest - if: ${{ contains(github.event_name, 'pull_request') || github.event_name == 'push' }} concurrency: group: spelling-${{ github.event.pull_request.number || github.ref }} # note: If you use only_check_changed_files, you do not want cancel-in-progress cancel-in-progress: true + env: + UPLOAD_SARIF_LIMITED: '' # Set by `yarn lint:spelling`. steps: - - name: check-spelling - id: spelling - uses: check-spelling/check-spelling@2c9e4a85102fa9b6df3cb8bb5a8dc8bdc2fb2fea # v0.0.23 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: - suppress_push_for_open_pull_request: 1 - checkout: true - check_file_names: 1 - spell_check_this: rancher-sandbox/rancher-desktop@main - post_comment: 0 - use_magic_file: 1 - experimental_apply_changes_via_bot: ${{ github.repository_owner != 'rancher-sandbox' && 1 }} - report-timing: 1 - warnings: bad-regex,binary-file,deprecated-feature,large-file,limited-references,no-newline-at-eof,noisy-file,non-alpha-in-dictionary,token-is-substring,unexpected-line-ending,whitespace-in-dictionary,minified-file,unsupported-configuration,no-files-to-check - use_sarif: ${{ (!github.event.pull_request || (github.event.pull_request.head.repo.full_name == github.repository)) && 1 }} - extra_dictionary_limit: 20 - extra_dictionaries: - cspell:software-terms/dict/softwareTerms.txt - cspell:k8s/dict/k8s.txt - cspell:node/dict/node.txt - cspell:aws/aws.txt - cspell:golang/dict/go.txt - cspell:php/dict/php.txt - cspell:python/src/python/python-lib.txt - cspell:typescript/dict/typescript.txt - cspell:npm/dict/npm.txt - cspell:shell/dict/shell-all-words.txt - cspell:html/dict/html.txt - cspell:filetypes/filetypes.txt - cspell:fullstack/dict/fullstack.txt - cspell:python/src/common/extra.txt - cspell:java/src/java.txt - cspell:dotnet/dict/dotnet.txt - cspell:css/dict/css.txt - cspell:django/dict/django.txt - cspell:docker/src/docker-words.txt - cspell:cpp/src/stdlib-cmath.txt - cspell:python/src/python/python.txt - cspell:powershell/dict/powershell.txt + persist-credentials: false - update: - name: Update PR - permissions: - contents: write - pull-requests: write - actions: read - runs-on: ubuntu-latest - if: ${{ - github.repository_owner != 'rancher-sandbox' && - github.event_name == 'issue_comment' && - github.event.issue.pull_request && - contains(github.event.comment.body, '@check-spelling-bot apply') - }} - concurrency: - group: spelling-update-${{ github.event.issue.number }} - cancel-in-progress: false - steps: - - name: apply spelling updates - uses: check-spelling/check-spelling@2c9e4a85102fa9b6df3cb8bb5a8dc8bdc2fb2fea # v0.0.23 + - uses: ./.github/actions/yarn-install + - uses: ./.github/actions/setup-environment + - run: sudo apt-get install cpanminus + + - name: Check Spelling + run: yarn lint:spelling + env: + GITHUB_TOKEN: ${{ github.token }} # Needed to generate SARIF reports. + RD_LINT_SPELLING: 1 + + - name: Upload SARIF report + # Use the limited report since if we have more than 25k errors nobody is + # going read through it all anyway. + if: always() && env.UPLOAD_SARIF_LIMITED != '' + continue-on-error: true + uses: github/codeql-action/upload-sarif@v3 with: - experimental_apply_changes_via_bot: 1 - checkout: true - ssh_key: "${{ secrets.CHECK_SPELLING }}" + category: check-spelling + sarif_file: ${{ env.UPLOAD_SARIF_LIMITED }} diff --git a/package.json b/package.json index f34065df5a7..6fae1c36263 100644 --- a/package.json +++ b/package.json @@ -24,7 +24,7 @@ "lint:typescript:nofix": "cross-env BROWSERSLIST_IGNORE_OLD_DATA=1 NODE_OPTIONS=--max_old_space_size=4096 eslint --ignore-path=.gitignore --ext mjs,js,ts,tsx,vue --report-unused-disable-directives --max-warnings=0 .", "lint:go:fix": "node scripts/ts-wrapper.js scripts/lint-go.ts --fix", "lint:go:nofix": "node scripts/ts-wrapper.js scripts/lint-go.ts", - "lint:spelling": "node scripts/ts-wrapper.js scripts/spelling.ts", + "lint:spelling": "bash scripts/spelling.sh", "generate:nerdctl-stub": "powershell scripts/windows/generate-nerdctl-stub.ps1", "build": "cross-env NODE_OPTIONS=--max_old_space_size=4096 node --stack-size=16384 scripts/ts-wrapper.js scripts/build.ts", "package": "node scripts/ts-wrapper.js scripts/package.ts", diff --git a/pkg/rancher-desktop/assets/dependencies.yaml b/pkg/rancher-desktop/assets/dependencies.yaml index dd210417fe3..d9d814e5aa6 100644 --- a/pkg/rancher-desktop/assets/dependencies.yaml +++ b/pkg/rancher-desktop/assets/dependencies.yaml @@ -25,3 +25,4 @@ spinOperator: 0.4.0 certManager: 1.16.2 spinCLI: 3.1.1 spinKubePlugin: 0.3.1 +check-spelling: v0.0.24 diff --git a/pkg/rancher-desktop/generated/README.md b/pkg/rancher-desktop/generated/README.md deleted file mode 100644 index 725dabe93c5..00000000000 --- a/pkg/rancher-desktop/generated/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Generated Files - -The files in this directory should not be manually edited. They are generated. \ No newline at end of file diff --git a/pkg/rancher-desktop/generated/versions.json b/pkg/rancher-desktop/generated/versions.json deleted file mode 100644 index aaa53b77337..00000000000 --- a/pkg/rancher-desktop/generated/versions.json +++ /dev/null @@ -1 +0,0 @@ -["v1.20.2","v1.20.1","v1.20.0","v1.19.7","v1.19.6","v1.19.5","v1.19.4","v1.19.3","v1.19.2","v1.19.1","v1.19.0","v1.18.15","v1.18.14","v1.18.13","v1.18.12","v1.18.10","v1.18.9","v1.18.8","v1.18.6","v1.18.5","v1.18.4","v1.18.3","v1.18.2","v1.18.1","v1.18.0","v1.17.17","v1.17.16","v1.17.15","v1.17.14","v1.17.13","v1.17.12","v1.17.11","v1.17.9","v1.17.8","v1.17.7","v1.17.6","v1.17.5","v1.17.4","v1.17.3","v1.17.2","v1.17.1","v1.17.0","v1.16.15","v1.16.14","v1.16.13","v1.16.12","v1.16.11","v1.16.10","v1.16.9","v1.16.8","v1.16.7","v1.16.6","v1.16.5","v1.16.4","v1.16.3","v1.16.2","v1.16.1","v1.16.0","v1.15.12","v1.15.11","v1.15.10","v1.15.9","v1.15.8","v1.15.7","v1.15.6","v1.15.5","v1.15.4","v1.15.3","v1.15.2","v1.15.1","v1.15.0","v1.14.10","v1.14.9","v1.14.8","v1.14.7","v1.14.6","v1.14.5","v1.14.4","v1.14.3","v1.14.2","v1.14.1","v1.14.0","v1.13.12","v1.13.11","v1.13.10","v1.13.9","v1.13.8","v1.13.7","v1.13.6","v1.13.5","v1.13.4","v1.13.3","v1.13.2","v1.13.1","v1.13.0"] \ No newline at end of file diff --git a/scripts/dependencies/tools.ts b/scripts/dependencies/tools.ts index e0261fdaa01..502464d3206 100644 --- a/scripts/dependencies/tools.ts +++ b/scripts/dependencies/tools.ts @@ -229,6 +229,31 @@ export class GoLangCILint implements Dependency, GitHubDependency { } } +export class CheckSpelling implements Dependency, GitHubDependency { + name = 'check-spelling'; + githubOwner = 'check-spelling'; + githubRepo = 'check-spelling'; + + download(context: DownloadContext): Promise { + // We don't download anything there; `scripts/spelling.sh` does the cloning. + return Promise.resolve(); + } + + async getAvailableVersions(includePrerelease = false): Promise { + const versions = await getPublishedVersions(this.githubOwner, this.githubRepo, includePrerelease); + + return versions.map(v => `v${ v }`); + } + + versionToTagName(version: string): string { + return version; + } + + rcompareVersions(version1: string, version2: string): -1 | 0 | 1 { + return semver.rcompare(version1.replace(/^v/, ''), version2.replace(/^v/, '')); + } +} + export class Trivy implements Dependency, GitHubDependency { name = 'trivy'; githubOwner = 'aquasecurity'; diff --git a/scripts/rddepman.ts b/scripts/rddepman.ts index 6eb7eba1fb0..73f155d98ad 100644 --- a/scripts/rddepman.ts +++ b/scripts/rddepman.ts @@ -33,6 +33,7 @@ const dependencies: Dependency[] = [ new tools.DockerCompose(), new tools.DockerProvidedCredHelpers(), new tools.GoLangCILint(), + new tools.CheckSpelling(), new tools.Trivy(), new tools.Steve(), new tools.RancherDashboard(), diff --git a/scripts/spelling.sh b/scripts/spelling.sh new file mode 100755 index 00000000000..826ad389830 --- /dev/null +++ b/scripts/spelling.sh @@ -0,0 +1,125 @@ +#!/usr/bin/env bash + +set -o errexit -o nounset + +check_prerequisites() { + if [[ -n ${CI:-} && -z ${RD_LINT_SPELLING:-} ]]; then + echo "Skipping spell checking in CI." + exit + fi + + case $(uname -s) in # BSD uname doesn't support long option `--kernel-name` + Darwin) check_prerequisites_darwin;; + Linux) check_prerequisites_linux;; + CYGWIN*|MINGW*|MSYS*) check_prerequisites_windows;; + *) printf "Prerequisites not checked on %s\n" "$(uname -s)" >&2 ;; + esac +} + +check_prerequisites_darwin() { + if ! command -v cpanm &>/dev/null; then + echo "Please install cpanminus first:" >&2 + if command -v brew &>/dev/null; then + echo "brew install cpanminus" >&2 + fi + exit 1 + fi + # On macOS, the spell checker fails to skip expected long words. + # Disable spell checking there until check-spelling releases v0.0.25. + # https://github.com/check-spelling/check-spelling/issues/84 + echo "Skipping spell checking, macOS has false positives." + exit +} + +check_prerequisites_linux() { + if command -v wslpath >&/dev/null; then + check_prerequisites_windows + return + fi + if [[ -z "${PERL5LIB:-}" ]]; then + export PERL5LIB=$HOME/perl5/lib/perl5 + fi + if command -v cpanm &>/dev/null; then + return + fi + echo "Please install cpanminus first:" >&2 + if command -v zypper &>/dev/null; then + echo "zypper install perl-App-cpanminus" >&2 + elif command -v apt &>/dev/null; then + echo "apt install cpanminus" >&2 + fi + exit 1 +} + +check_prerequisites_windows() { + # cygwin, mingw, msys, or WSL2. + echo "Skipping spell checking, Windows is not supported." + exit +} + +# Locate the spell checking script, cloning the GitHub repository if necessary. +find_script() { + # Put the check-spelling files in `$PWD/resources/host/check-spelling` + local checkout=$PWD/resources/host/check-spelling + local script=$checkout/unknown-words.sh + local repo=https://github.com/check-spelling/check-spelling + local version + version=$(yq --exit-status .check-spelling pkg/rancher-desktop/assets/dependencies.yaml) + + if [[ ! -d "$checkout" ]]; then + git clone --branch "$version" --depth 1 "$repo" "$checkout" >&2 + else + git -C "$checkout" fetch origin "$version" >&2 + git -C "$checkout" checkout "$version" >&2 + fi + + if [[ ! -x "$script" ]]; then + printf "Failed to checkout check-spelling@%s: %s not found.\n" "$version" "$script" >&2 + exit 1 + fi + + echo "$script" +} + +check_prerequisites +script=$(find_script) + +INPUTS=$(yq --output-format=json < { - // Put the check-spelling files in `$PWD/resources/host/check-spelling - const checkout = path.join(process.cwd(), 'resources', 'host', 'check-spelling'); - const script = path.join(checkout, 'unknown-words.sh'); - const [repo, hash] = step.uses?.split('@') ?? []; - - if (!repo) { - throw new Error('Failed to find check-spelling repository from GitHub Actions workflow'); - } - if (!hash) { - throw new Error('Failed to find commit/branch to use for check-spelling'); - } - - try { - await fs.stat(script); - // Update the checkout. - await simpleSpawn('git', ['-C', checkout, 'fetch']); - } catch (ex) { - // Assume file not found. - await simpleSpawn('git', ['clone', '--no-checkout', `https://github.com/${ repo }.git`, checkout]); - } - await simpleSpawn('git', ['-C', checkout, 'checkout', hash]); - - return script; -} - -(async function() { - // Locate the GitHub Actions workflow and locate the check spelling step. - const configPath = path.join(process.cwd(), '.github', 'workflows', 'spelling.yml'); - const config = yaml.parse(await fs.readFile(configPath, { encoding: 'utf-8' })); - const step = config.jobs?.spelling?.steps?.find((step: any) => step?.id === 'spelling'); - const stepConfig = step?.with; - - if (!stepConfig) { - throw new Error('Failed to locate check-spelling CI configuration'); - } - // Remove configuration that does not make sense outside of CI. - delete stepConfig.experimental_apply_changes_via_bot; - delete stepConfig.use_sarif; - - // Set up configuration for the script. - process.env.INPUTS = JSON.stringify(stepConfig); - - // Find the check spelling script and run it. - const script = await findScript(step); - - await simpleSpawn(script); -})().catch((err) => { - console.error(err); - process.exit(1); -});