ci: Add spell checker in pre-commit (#4859)

* Added codespell to precommit, fixes #2971

* added documentation and codespell to dev-requirements

* chore: add explicit version for codespell

---------

Co-authored-by: Ved <[email protected]>
Co-authored-by: Terri Oda <[email protected]>

Author: 3 people

.pre-commit-config.yaml

@@ -1,5 +1,5 @@
 repos:
--   repo: https://github.com/econchick/interrogate
+  - repo: https://github.com/econchick/interrogate
     rev: 1.7.0
     hooks:
       - id: interrogate
@@ -8,77 +8,92 @@ repos:
         args: ["-vv", "-i", "-I", "-M", "-C", "-n", "-p", "-f", "60.0"]
         # args for cut and paste: interrogate -vv -i -I -M -C -n -p -f 60.0
 
--   repo: https://github.com/pycqa/isort
+  - repo: https://github.com/pycqa/isort
     rev: 5.13.2
     hooks:
-    - id: isort
-      stages: [pre-commit, pre-merge-commit]
-      exclude: ^fuzz/generated/
+      - id: isort
+        stages: [pre-commit, pre-merge-commit]
+        exclude: ^fuzz/generated/
 
--   repo: https://github.com/psf/black-pre-commit-mirror
+  - repo: https://github.com/psf/black-pre-commit-mirror
     rev: 24.10.0
     hooks:
-    - id: black
-      exclude: ^fuzz/generated/
+      - id: black
+        exclude: ^fuzz/generated/
 
--   repo: https://github.com/asottile/pyupgrade
+  - repo: https://github.com/asottile/pyupgrade
     rev: v3.19.1
     hooks:
-    - id: pyupgrade
-      exclude: ^fuzz/generated/
-      args: ["--py38-plus"]
+      - id: pyupgrade
+        exclude: ^fuzz/generated/
+        args: ["--py38-plus"]
 
--   repo: https://github.com/pycqa/flake8
+  - repo: https://github.com/pycqa/flake8
     rev: 7.1.1
     hooks:
-    - id: flake8
-      exclude: ^fuzz/generated/|bandit\.conf$
+      - id: flake8
+        exclude: ^fuzz/generated/|bandit\.conf$
 
--   repo: https://github.com/PyCQA/bandit
+  - repo: https://github.com/PyCQA/bandit
     rev: 1.8.0
     hooks:
-    - id: bandit
-      exclude: ^fuzz/generated/
-      args: ["-c", "bandit.conf"]
+      - id: bandit
+        exclude: ^fuzz/generated/
+        args: ["-c", "bandit.conf"]
 
--   repo: https://github.com/jorisroovers/gitlint
+  - repo: https://github.com/jorisroovers/gitlint
     rev: v0.19.1
     hooks:
-    - id: gitlint
+      - id: gitlint
 
--   repo: https://github.com/pre-commit/mirrors-mypy
+  - repo: https://github.com/pre-commit/mirrors-mypy
     rev: v1.14.1
     hooks:
-    - id: mypy
-      additional_dependencies:
-        - types-beautifulsoup4
-        - types-jsonschema
-        - types-PyYAML
-        - types-requests
-        - types-setuptools
-        - types-toml
-      files: |
-        (?x)^(
-            cve_bin_tool/parsers/.*|
-            cve_bin_tool/__init__.py|
-            cve_bin_tool/async_utils.py|
-            cve_bin_tool/file.py|
-            cve_bin_tool/linkify.py|
-            cve_bin_tool/log.py|
-            cve_bin_tool/strings.py|
-            cve_bin_tool/theme.py|
-            cve_bin_tool/util.py|
-            cve_bin_tool/validator.py|
-            cve_bin_tool/version.py|
-            doc/.*|
-            test/test_data/.*|
-            test/__init__.py|
-            test/test_file.py|s
-            test/test_requirements.py|
-            test/test_strings.py|
-            test/test_triage.py|
-            test/test_version.py|
-            test/utils.py|
-        )$
-
+      - id: mypy
+        additional_dependencies:
+          - types-beautifulsoup4
+          - types-jsonschema
+          - types-PyYAML
+          - types-requests
+          - types-setuptools
+          - types-toml
+        files: |
+          (?x)^(
+              cve_bin_tool/parsers/.*|
+              cve_bin_tool/__init__.py|
+              cve_bin_tool/async_utils.py|
+              cve_bin_tool/file.py|
+              cve_bin_tool/linkify.py|
+              cve_bin_tool/log.py|
+              cve_bin_tool/strings.py|
+              cve_bin_tool/theme.py|
+              cve_bin_tool/util.py|
+              cve_bin_tool/validator.py|
+              cve_bin_tool/version.py|
+              doc/.*|
+              test/test_data/.*|
+              test/__init__.py|
+              test/test_file.py|s
+              test/test_requirements.py|
+              test/test_strings.py|
+              test/test_triage.py|
+              test/test_version.py|
+              test/utils.py|
+          )$
 
+  - repo: https://github.com/codespell-project/codespell
+    rev: v1.16.0
+    hooks:
+      - id: codespell
+        name: codespell
+        description: Checks for common misspellings in text files.
+        args:
+          [
+            "-I",
+            ".github/actions/spelling/allow.txt",
+            ".github/actions/spelling/only.txt",
+            ".github/actions/spelling/expect.txt",
+            ".github/actions/spelling/excludes.txt",
+          ]
+        language: python
+        types: [text]

CONTRIBUTING.md

@@ -209,6 +209,7 @@ CVE Binary Tool uses a few tools to improve code quality and readability:
 - `gitlint` helps ensure that the commit messages follow [Conventional Commits](https://conventionalcommits.org).
 - `mypy` helps ensure type definitions are correct when provided.
 - `interrogate` checks your code base for missing docstrings.
+- `codespell` Detects common misspellings in text files.
 
 We provide a `dev-requirements.txt` file which includes all the precise versions of tools as they'll be used in GitHub Actions.  You an install them all using pip:
 
@@ -317,6 +318,22 @@ You can specify a file or directory if you just want to check the files you chan
 
 Interrogate shows some [report examples in their docs](https://interrogate.readthedocs.io/en/latest/#usage) or you can look at the [current cve-bin-tool reports in our linter runs on GitHub Actions](https://github.com/intel/cve-bin-tool/actions/workflows/linting.yml)
 
+### Running codespell by itself
+
+`codespell` is a spell checker designed to detect and correct common misspellings in text files, including code comments and documentation.
+
+Run `codespell` in all files of the current directory:
+```
+codespell
+```
+
+Run `codespell` in specific files or directories (specified via their names or glob patterns):
+```
+codespell filename some_dir/ *.ext
+```
+
+for more detailed explanation you can checkout [codespell documentation](https://github.com/codespell-project/codespell)
+
 ### Other linting tools
 
 As well as `black` for automatically making sure code adheres to the style guide, we use `flake8` to help us find things like unused imports.  The [flake8 documentation](https://flake8.pycqa.org/en/latest/user/index.html) covers what you need to know about running it.

dev-requirements.txt

@@ -4,6 +4,7 @@ isort; python_version < "3.8"
 isort==5.13.2; python_version >= "3.8"
 pre-commit; python_version <= "3.8"
 pre-commit==4.1.0; python_version > "3.8"
+codespell==1.16.0
 flake8; python_version < "3.8"
 flake8==7.1.1; python_version >= "3.8"
 bandit==1.7.10; python_version <= "3.8"