Add translations 2026-04-10 (automation proposals) #1564
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Codespell | |
| # Limit permissions per OpenSSF Scorecard best practices. | |
| # Since we set "permissions", anything unset has access "none". | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| jobs: | |
| codespell: | |
| name: Check for spelling errors | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| # Pin to commit SHA to prevent supply chain attacks via tag mutation. | |
| # Verify: curl -s https://api.github.com/repos/actions/checkout/git/ref/tags/v5.0.0 | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| # OSPS-BR-01.02: Validate branch name before use in pipeline | |
| # This protects against potential future use of branch names in commands | |
| # GITHUB_REF_NAME is the short ref name (e.g., "main" not "refs/heads/main") | |
| - name: Validate branch name | |
| run: script/validate_branch_name "$GITHUB_REF_NAME" | |
| - name: Codespell | |
| # Pin to commit SHA to prevent supply chain attacks via tag mutation. | |
| # Verify: curl -s https://api.github.com/repos/codespell-project/actions-codespell/git/ref/tags/v2 | |
| uses: codespell-project/actions-codespell@406322ec52dd7b488e48c1c4b82e2a8b3a1bf630 # v2 | |
| with: | |
| ignore_words_file: .codespellignore |