Skip to content

feat: add cspell configuration and CI spell-check #34

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 11 commits into from
Closed

feat: add cspell configuration and CI spell-check #34

Show file tree
Hide file tree
Changes from 5 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
0dbbd1c
feat: add cspell configuration and CI spell-check
devin-ai-integration[bot] Oct 9, 2025
7fcc17f
chore: update package-lock.json for cspell dependency
devin-ai-integration[bot] Oct 9, 2025
b74b151
style: format cspell.json with prettier
devin-ai-integration[bot] Oct 9, 2025
16d2f72
fix: resolve merge conflicts and exclude problematic cspell dictionar…
devin-ai-integration[bot] Oct 10, 2025
adeec40
fix: add 1773 technical terms to cspell.json to resolve spell check e…
devin-ai-integration[bot] Oct 10, 2025
5fe4269
fix: restrict spell-check to Deepnote-specific code only
devin-ai-integration[bot] Oct 14, 2025
8a35e2e
style: format cspell.json with Prettier
devin-ai-integration[bot] Oct 14, 2025
a3c409b
Merge branch 'main' into devin/1760032126-add-cspell-config
jamesbhobbs Oct 14, 2025
fda0a3f
chore: merge main to sync lockfile with latest dependencies
devin-ai-integration[bot] Oct 17, 2025
3f9173b
Revert "chore: merge main to sync lockfile with latest dependencies"
devin-ai-integration[bot] Oct 17, 2025
d57e3b7
fix: resolve merge conflicts with main
devin-ai-integration[bot] Oct 20, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -139,6 +139,30 @@ jobs:
- name: Check Licenses
run: npm run check-licenses

spell-check:
name: Spell Check
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- name: Checkout
uses: actions/checkout@v5

- name: Setup Node.js
uses: actions/setup-node@v5
with:
cache: 'npm'
node-version: ${{ env.NODE_VERSION }}
registry-url: 'https://npm.pkg.github.com'
scope: '@deepnote'

- name: Install dependencies
run: npm ci --prefer-offline --no-audit
Comment on lines +175 to +186
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Re-pin GitHub Actions to SHAs.

Every other job pins actions/checkout and actions/setup-node to vetted SHAs; this job drops back to floating @v5, undermining the supply-chain hardening we already enforce. Please use the same commit SHAs as the rest of the workflow.

-      - name: Checkout
-        uses: actions/checkout@v5
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
@@
-      - name: Setup Node.js
-        uses: actions/setup-node@v5
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
.github/workflows/ci.yml lines 175-186: the job uses floating action tags
actions/checkout@v5 and actions/setup-node@v5 which weakens the repository's
supply-chain hardening; replace both with the exact commit SHAs used elsewhere
in this workflow (or the vetted SHAs used in other jobs) so they are pinned to
specific commits, i.e. locate the SHA entries for actions/checkout and
actions/setup-node in the other jobs and substitute @v5 with the corresponding
@<full-commit-sha> for each action.

env:
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Comment on lines +175 to +188
Copy link
Contributor

@coderabbitai coderabbitai bot Oct 14, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Pin actions to commit SHAs.
Other jobs lock actions/checkout and actions/setup-node to specific SHAs; this job floats on the v5 tag, reopening a supply-chain risk. Please pin both actions to the same commits used elsewhere in the workflow.

-      - name: Checkout
-        uses: actions/checkout@v5
+      - name: Checkout
+        uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5
@@
-      - name: Setup Node.js
-        uses: actions/setup-node@v5
+      - name: Setup Node.js
+        uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5

Committable suggestion skipped: line range outside the PR's diff.

🤖 Prompt for AI Agents 
.github/workflows/ci.yml lines 175-188: the workflow uses floating tags for
actions/checkout@v5 and actions/setup-node@v5; replace both with the exact
commit SHAs used by the other jobs in this workflow (match the same commit SHAs
already pinned elsewhere) to eliminate the supply-chain risk — update the two
"uses:" lines to reference the exact SHA commits, run a quick lint/test of the
workflow, and commit the change.


- name: Run spell check
run: npm run spell-check

audit-prod:
name: Audit - Production
runs-on: ubuntu-latest
Expand Down
Loading