ci: Check spelling with codespell

.codespellrc

@@ -0,0 +1,8 @@
+[codespell]
+check-hidden = true
+# Note that `-w` doesn't work when ignore-multiline-regex is set
+# https://github.com/codespell-project/codespell/issues/3642
+ignore-multiline-regex = codespell:ignore-begin.*codespell:ignore-end
+ignore-words = .codespell_ignores
+# skip-file is not available https://github.com/codespell-project/codespell/pull/2759
+skip = .pandoc_template.html5,.README.html

.github/workflows/codespell.yml

@@ -0,0 +1,17 @@
+# Codespell configuration is within .codespellrc
+---
+name: Codespell
+on:  # yamllint disable-line rule:truthy
+  - pull_request
+permissions:
+  contents: read
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2

.github/workflows/tft_citest_bad.yml

@@ -36,7 +36,7 @@ jobs:
           RUN_ID=$(gh api "repos/$REPO/actions/workflows/tft.yml/runs?event=issue_comment" \
             | jq -r "[.workflow_runs[] | select( .display_title == \"$PR_TITLE\" ) | select( .conclusion == \"failure\" ) | .id][0]")
           if [ "$RUN_ID" = "null" ]; then
-            echo "Failed workflow not found, exitting"
+            echo "Failed workflow not found, exiting"
             exit 1
           fi
           echo "Re-running workflow $RUN_ID"

CHANGELOG.md

@@ -161,7 +161,7 @@ Changelog
 
 ### Other Changes
 
-- tests: test_ping: fix compatability issues (#171)
+- tests: test_ping: fix compatibility issues (#171)
 
 [1.6.0] - 2023-08-08
 --------------------

README.md

@@ -1,6 +1,6 @@
 # firewall
 
-[![ansible-lint.yml](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/firewall/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/codeql.yml) [![markdownlint.yml](https://github.com/linux-system-roles/firewall/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/firewall/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/python-unit-test.yml) [![shellcheck.yml](https://github.com/linux-system-roles/firewall/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/firewall/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/firewall/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/firewall/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/woke.yml)
+[![ansible-lint.yml](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-lint.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-lint.yml) [![ansible-test.yml](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-test.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/ansible-test.yml) [![codeql.yml](https://github.com/linux-system-roles/firewall/actions/workflows/codeql.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/codeql.yml) [![codespell.yml](https://github.com/linux-system-roles/firewall/actions/workflows/codespell.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/codespell.yml) [![markdownlint.yml](https://github.com/linux-system-roles/firewall/actions/workflows/markdownlint.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/markdownlint.yml) [![python-unit-test.yml](https://github.com/linux-system-roles/firewall/actions/workflows/python-unit-test.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/python-unit-test.yml) [![shellcheck.yml](https://github.com/linux-system-roles/firewall/actions/workflows/shellcheck.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/shellcheck.yml) [![tft.yml](https://github.com/linux-system-roles/firewall/actions/workflows/tft.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/tft.yml) [![tft_citest_bad.yml](https://github.com/linux-system-roles/firewall/actions/workflows/tft_citest_bad.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/tft_citest_bad.yml) [![woke.yml](https://github.com/linux-system-roles/firewall/actions/workflows/woke.yml/badge.svg)](https://github.com/linux-system-roles/firewall/actions/workflows/woke.yml)
 
 This role configures the firewall on machines that are using firewalld.
 If firewalld is not in use, the role will install (if not already installed),
@@ -218,7 +218,7 @@ permanent change was made to each setting:
 ### firewall_disable_conflicting_services
 
 By default, the firewall role does not attempt to disable conflicting services due to the
-overhead associated with enumerating the services when disabling services is potentially unecessary.
+overhead associated with enumerating the services when disabling services is potentially unnecessary.
 To enable this feature, set the variable `firewall_disable_conflicting_services` to `true`:
 
 ```yaml
@@ -475,7 +475,7 @@ See `ipset` for more usage information
 List of addresses to add or remove from an ipset
 Used with `ipset`
 
-Entrys must be compatible with the ipset type of the `ipset`
+Entries must be compatible with the ipset type of the `ipset`
 being created or modified.
 
 ```yaml

library/firewall_lib.py

@@ -119,7 +119,7 @@
     default: []
   interface_pci_id:
     description:
-      List of inteface PCI device ID strings.
+      List of interface PCI device ID strings.
       PCI device ID needs to correspond to a named network interface.
     required: false
     type: list

pylintrc

@@ -52,7 +52,7 @@ confidence=
 # can either give multiple identifiers separated by comma (,) or put this
 # option multiple times (only on the command line, not in the configuration
 # file where it should appear only once).You can also use "--disable=all" to
-# disable everything first and then reenable specific checks. For example, if
+# disable everything first and then re-enable specific checks. For example, if
 # you want to run only the similarities checker, you can use "--disable=all
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use"--disable=all --enable=classes

tests/files/test_ping.sh

@@ -47,7 +47,7 @@ TIMEOUT=2
 # The following ping should have 100% packet loss
 ping -c "$NUM_PINGS" -W "$TIMEOUT" -i 0.01 "$ip" 1>/tmp/ping0 || :
 
-# Begin downtime comparision #
+# Begin downtime comparison #
 ping -c "$NUM_PINGS" -W "$TIMEOUT" -i 0.01 "$ip" 1>/tmp/ping1 || : &
 pid="$!"
 podman exec test-firewalld systemctl reload firewalld.service

tests/tests_ansible.yml

@@ -249,15 +249,15 @@
           register: result
           failed_when: result.failed or result.changed
 
-        - name: Allow masquerading in permament dmz zone
+        - name: Allow masquerading in permanent dmz zone
           firewall_lib:
             masquerade: true
             permanent: true
             zone: dmz
           register: result
           failed_when: result.failed or not result.changed
 
-        - name: Allow masquerading in permament dmz zone, again
+        - name: Allow masquerading in permanent dmz zone, again
           firewall_lib:
             masquerade: true
             permanent: true

tests/tests_interface_pci.yml

@@ -68,7 +68,7 @@
               zone: internal
               interface_pci_id: 1af4:0001
               state: disabled
-              permament: true
+              permanent: true
       always:
         - name: Cleanup
           tags:

tests/tests_ipsets.yml

@@ -38,7 +38,7 @@
                   - 127.0.0.1
                   - 8.8.8.8
                 short: Custom
-                desciption: Custom IPSet for testing purposes
+                description: Custom IPSet for testing purposes
                 state: present
                 permanent: true
 
@@ -63,7 +63,7 @@
             firewall:
               - ipset: customipset
                 short: Custom
-                desciption: Custom IPSet for testing purposes
+                description: Custom IPSet for testing purposes
                 state: present
                 permanent: true
           register: result

tests/tests_service.yml

@@ -31,7 +31,7 @@
 
         - name: Fail if systemroletest present prior to test run
           fail:
-            msg: test service present after reseting defaults
+            msg: test service present after resetting defaults
           when: result.stdout.find("systemroletest") != -1
 
         - name: Ensure http has default configuration
@@ -233,7 +233,7 @@
                   - 1::1
                 helper_module: ftp
                 protocol: icmp
-                permament: true
+                permanent: true
                 state: absent
 
         # Verify nothing is removed in this case
@@ -256,7 +256,7 @@
                   - 1::1
                 helper_module: ftp
                 protocol: icmp
-                permament: true
+                permanent: true
                 state: absent
 
         - name: Fail if custom service elements changed
@@ -284,7 +284,7 @@
           vars:
             firewall:
               - service: systemroletest
-                permament: true
+                permanent: true
                 state: absent
 
         - name: Get all services
@@ -303,7 +303,7 @@
           vars:
             firewall:
               - service: systemroletest
-                permament: true
+                permanent: true
                 state: absent
 
         - name: Fail if second removal changes anything