Add codespell support (CI to check, not to fix) and make it fix a few typos (#10297)

Another token of gratitude for a super useful tool and service.

More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already
and so far only positive feedback.

CI workflow has 'permissions' set only to 'read' so also should be safe.

---------

Signed-off-by: Yaroslav O. Halchenko <debian@onerussian.com>

certbot-apache/src/certbot_apache/_internal/augeas_lens/httpd.aug

@@ -157,7 +157,7 @@ let argv (l:lens) = l . (sep_spc . l)*
  * not need to have space between them, but bare arguments do.
  *
  * Apache apparently is also happy if the last argument starts with a double
- * quote, but has no corresponding closing duoble quote, which is what
+ * quote, but has no corresponding closing double quote, which is what
  * arg_dir_msg handles
  *)
 let dir_args =

certbot-apache/src/certbot_apache/_internal/parser.py

@@ -418,7 +418,7 @@ class ApacheParser:
     def add_dir(
         self, aug_conf_path: Optional[str], directive: Optional[str], args: Union[List[str], str]
     ) -> None:
-        """Appends directive to the end fo the file given by aug_conf_path.
+        """Appends directive to the end of the file given by aug_conf_path.
 
         .. note:: Not added to AugeasConfigurator because it may depend
             on the lens

certbot-apache/src/certbot_apache/_internal/tests/configurator_test.py

@@ -1091,7 +1091,7 @@ class MultipleVhostsTest(util.ApacheTest):
         # pylint: disable=protected-access
         http_vhost = self.config._get_http_vhost(ssl_vhost)
 
-        # Create an old (previously suppoorted) https redirectoin rewrite rule
+        # Create an old (previously supported) https redirectoin rewrite rule
         self.config.parser.add_dir(
             http_vhost.path, "RewriteRule",
             ["^",

certbot-apache/src/certbot_apache/_internal/tests/testdata/centos7_apache/apache/httpd/conf.d/ssl.conf

@@ -110,7 +110,7 @@ SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
 #   certificate chain for the server certificate. Alternatively
 #   the referenced file can be the same as SSLCertificateFile
 #   when the CA certificates are directly appended to the server
-#   certificate for convinience.
+#   certificate for convenience.
 #SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
 
 #   Certificate Authority (CA):

certbot-apache/src/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/apache2/vhosts.d/00_default_ssl_vhost.conf

@@ -58,7 +58,7 @@ Listen 443
 	# PEM encoded CA certificates which form the certificate chain for the
 	# server certificate. Alternatively the referenced file can be the same as
 	# SSLCertificateFile when the CA certificates are directly appended to the
-	# server certificate for convinience.
+	# server certificate for convenience.
 	#SSLCertificateChainFile /etc/ssl/apache2/ca.crt
 
 	## Certificate Authority (CA):

certbot-apache/src/certbot_apache/_internal/tests/testdata/gentoo_apache/apache/conf.d/apache2

@@ -26,7 +26,7 @@
 #
 # The following two options provide the default virtual host for the HTTP and
 # HTTPS protocol. YOU NEED TO ENABLE AT LEAST ONE OF THEM, otherwise apache
-# will not listen for incomming connections on the approriate port.
+# will not listen for incoming connections on the appropriate port.
 #
 #  DEFAULT_VHOST      Enables name-based virtual hosts, with the default
 #                     virtual host being in /var/www/localhost/htdocs

certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/reverse_proxy.conf

@@ -2,7 +2,7 @@
 
 ### Configuration for reverse proxy. Passing the necessary headers to
 ### the backend. Nginx doesn't tunnel the connection, it opens a new
-### one. Hence whe need to send these headers to the backend so that
+### one. Hence we need to send these headers to the backend so that
 ### the client(s) IP is available to them. The host is also sent.
 
 proxy_set_header X-Real-IP $remote_addr;

certbot-compatibility-test/nginx/nginx-roundtrip-testdata/chive/chive-nginx-master/win-utf

@@ -30,7 +30,7 @@ charset_map  windows-1251  utf-8 {
 
     A4  C2A4 ;   # currency sign
     A5  D290 ;   # capital Ukrainian soft G
-    A6  C2A6 ;   # borken bar
+    A6  C2A6 ;   # broken bar
     A7  C2A7 ;   # section sign
     A8  D081 ;   # capital YO
     A9  C2A9 ;   # (C)

certbot-compatibility-test/nginx/nginx-roundtrip-testdata/piwik/nginx.conf

@@ -24,7 +24,7 @@ server {
 
     # Disallow any usage of piwik assets if referer is non valid.
     location ~* ^.+\.(?:jpg|png|css|gif|jpeg|js|swf)$ {
-             # Defining the valid referers.
+             # Defining the valid referrers.
              valid_referers none blocked *.mysite.com othersite.com;
              if ($invalid_referer)  {
                 return 444;

certbot-dns-rfc2136/src/certbot_dns_rfc2136/__init__.py

@@ -147,8 +147,8 @@ Special considerations for multiple views in BIND
 
 If your BIND configuration leverages multiple views, Certbot may fail with an
 ``Unable to determine base domain for _acme-challenge.example.com`` error.
-This error occurs when Certbot isn't able to communicate with an authorative
-nameserver for the zone, one that answers with the AA (Authorative Answer) flag
+This error occurs when Certbot isn't able to communicate with an authoritative
+nameserver for the zone, one that answers with the AA (Authoritative Answer) flag
 set in the response.
 
 A common multiple view configuration with two views, external and internal,
@@ -165,7 +165,7 @@ zone option.  The zone will be then visible in both zones with exactly the same
 
 .. note::
    Order matters in BIND views: the ``in-view`` zone option must refer to a
-   view defined preceeding it.  It cannot refer to a view defined later in the configuration file.
+   view defined preceding it.  It cannot refer to a view defined later in the configuration file.
 
 .. code-block:: none
    :caption: Split-view BIND configuration

certbot-dns-route53/src/certbot_dns_route53/__init__.py

@@ -10,7 +10,7 @@ subsequently removing, TXT records using the Amazon Web Services Route 53 API.
 
 Credentials
 -----------
-Use of this plugin requires a configuration file containing Amazon Web Sevices
+Use of this plugin requires a configuration file containing Amazon Web Services
 API credentials for an account with the following permissions:
 
 * ``route53:ListHostedZones``

certbot-nginx/src/certbot_nginx/_internal/parser_obj.py

@@ -38,7 +38,7 @@ class Parsable:
 
     @classmethod
     def parsing_hooks(cls) -> Tuple[Type["Block"], Type["Sentence"], Type["Statements"]]:
-        """Returns object types that this class should be able to `parse` recusrively.
+        """Returns object types that this class should be able to `parse` recursively.
         The order of the objects indicates the order in which the parser should
         try to parse each subitem.
         :returns: A list of Parsable classes.

certbot-nginx/src/certbot_nginx/_internal/tests/testdata/etc_nginx/ubuntu_nginx_1_4_6/default_vhost/nginx/win-utf

@@ -29,7 +29,7 @@ charset_map	windows-1251	utf-8 {
 
 	A4	C2A4;   # currency sign
 	A5	D290;   # capital Ukrainian soft G
-	A6	C2A6;   # borken bar
+	A6	C2A6;   # broken bar
 	A7	C2A7;   # section sign
 	A8	D081;   # capital YO
 	A9	C2A9;   # (C)

certbot/CHANGELOG.md

@@ -1150,7 +1150,7 @@ More details about these changes can be found on our GitHub repo.
 * CLI flag `--key-type` has been added to specify 'rsa' or 'ecdsa' (default 'rsa').
 * CLI flag `--elliptic-curve` has been added which takes an NIST/SECG elliptic curve. Any of
   `secp256r1`, `secp384r1` and `secp521r1` are accepted values.
-* The command `certbot certficates` lists the which type of the private key that was used
+* The command `certbot certificates` lists the which type of the private key that was used
   for the private key.
 * Support for Python 3.9 was added to Certbot and all of its components.
 

certbot/docs/cli-help.txt

@@ -263,7 +263,7 @@ testing:
   --debug               Show tracebacks in case of errors (default: False)
   --no-verify-ssl       Disable verification of the ACME server's certificate.
                         The root certificates trusted by Certbot can be
-                        overriden by setting the REQUESTS_CA_BUNDLE
+                        overridden by setting the REQUESTS_CA_BUNDLE
                         environment variable. (default: False)
   --http-01-port HTTP01_PORT
                         Port used in the http-01 challenge. This only affects

certbot/docs/using.rst

@@ -860,7 +860,7 @@ whether your system has a pre-installed scheduled task for Certbot, it is safe t
 instructions to create one.
 
 .. note::
-   If you're using Windows, these instructions are not neccessary as Certbot on Windows comes with
+   If you're using Windows, these instructions are not necessary as Certbot on Windows comes with
    a scheduled task for automated renewal pre-installed.
 
    If you are using macOS and installed Certbot using Homebrew, follow the instructions at

certbot/src/certbot/_internal/auth_handler.py

@@ -119,7 +119,7 @@ class AuthHandler:
 
     def deactivate_valid_authorizations(self, orderr: messages.OrderResource) -> Tuple[List, List]:
         """
-        Deactivate all `valid` authorizations in the order, so that they cannot be re-used
+        Deactivate all `valid` authorizations in the order, so that they cannot be reused
         in subsequent orders.
         :param messages.OrderResource orderr: must have authorizations filled in
         :returns: tuple of list of successfully deactivated authorizations, and

certbot/src/certbot/_internal/cli/helpful.py

@@ -241,7 +241,7 @@ class HelpfulArgumentParser:
         # can either be preceded by hyphens (as on the command line) or not (as
         # in config files)
 
-        # if the argument doesn't have leading hypens, prefix it so it can be
+        # if the argument doesn't have leading hyphens, prefix it so it can be
         # compared directly w/ action option strings
         if arg[0] != '-':
             arg = '--' + arg

certbot/src/certbot/_internal/display/obj.py

@@ -328,7 +328,7 @@ class FileDisplay:
         except ValueError:
             return []
 
-        # Remove duplicates. dict is used instead of set, since dict perserves
+        # Remove duplicates. dict is used instead of set, since dict preserves
         # insertion order as of Python 3.7
         indices_int = list(dict.fromkeys(indices_int).keys())
 

certbot/src/certbot/_internal/error_handler.py

@@ -33,7 +33,7 @@ if os.name != "nt":
             _SIGNALS.append(signal_code)
 else:
     # POSIX signals are not implemented natively in Windows, but emulated from the C runtime.
-    # As consumed by CPython, most of handlers on theses signals are useless, in particular
+    # As consumed by CPython, most of handlers on these signals are useless, in particular
     # SIGTERM: for instance, os.kill(pid, signal.SIGTERM) will call TerminateProcess, that stops
     # immediately the process without calling the attached handler. Besides, non-POSIX signals
     # (CTRL_C_EVENT and CTRL_BREAK_EVENT) are implemented in a console context to handle the

certbot/src/certbot/_internal/main.py

@@ -1097,7 +1097,7 @@ def install(config: configuration.NamespaceConfig,
             custom_prompt=certname_question)[0]
 
     if not enhancements.are_supported(config, installer):
-        raise errors.NotSupportedError("One ore more of the requested enhancements "
+        raise errors.NotSupportedError("One or more of the requested enhancements "
                                        "are not supported by the selected installer")
     # If cert-path is defined, populate missing (ie. not overridden) values.
     # Unfortunately this can't be done in argument parser, as certificate
@@ -1221,7 +1221,7 @@ def enhance(config: configuration.NamespaceConfig,
         return str(e)
 
     if not enhancements.are_supported(config, installer):
-        raise errors.NotSupportedError("One ore more of the requested enhancements "
+        raise errors.NotSupportedError("One or more of the requested enhancements "
                                        "are not supported by the selected installer")
 
     certname_question = ("Which certificate would you like to use to enhance "
@@ -1421,7 +1421,7 @@ def run(config: configuration.NamespaceConfig,
 
     # Preflight check for enhancement support by the selected installer
     if not enhancements.are_supported(config, installer):
-        raise errors.NotSupportedError("One ore more of the requested enhancements "
+        raise errors.NotSupportedError("One or more of the requested enhancements "
                                        "are not supported by the selected installer")
 
     # TODO: Handle errors from _init_le_client?

certbot/src/certbot/_internal/tests/cli_test.py

@@ -555,7 +555,7 @@ class ParseTest(unittest.TestCase):
     def test_abbreviated_arguments(self):
         # Argparse's "allow_abbrev" option (which is True by default) allows
         # for unambiguous partial arguments (e.g. "--preferred-chal dns" will be
-        # interepreted the same as "--preferred-challenges dns")
+        # interpreted the same as "--preferred-challenges dns")
         namespace = self.parse('--preferred-chal dns --no-dir')
         assert_set_by_user_with_value(namespace, 'pref_challs', ['dns-01'])
         assert_set_by_user_with_value(namespace, 'directory_hooks', False)

certbot/src/certbot/_internal/tests/client_test.py

@@ -946,7 +946,7 @@ class ClientTest(ClientTestCommon):
             self.client._choose_lineagename(valid_domains, invalid_certname)
         with pytest.raises(errors.Error):
             self.client._choose_lineagename(invalid_wildcard_domain, None)
-        # Verify no error is raised when invalid domain is overriden by valid certname.
+        # Verify no error is raised when invalid domain is overridden by valid certname.
         self.client._choose_lineagename(invalid_domains, valid_certname)
 
 

certbot/src/certbot/configuration.py

@@ -297,7 +297,7 @@ class NamespaceConfig:
     def no_verify_ssl(self) -> bool:
         """Disable verification of the ACME server's certificate.
 
-        The root certificates trusted by Certbot can be overriden by setting the
+        The root certificates trusted by Certbot can be overridden by setting the
         REQUESTS_CA_BUNDLE environment variable.
         """
         return self.namespace.no_verify_ssl

certbot/src/certbot/tests/testdata/README

@@ -25,7 +25,7 @@ and for the certificate:
 	)
 	csr = (
 	    x509.CertificateSigningRequestBuilder().add_extension(
-	        x509.SubjectAlternativeName([x509.DNSName('a.exemple.com'), x509.IPAddress(ipaddress.ipaddr('192.0.2.111'))]),
+	        x509.SubjectAlternativeName([x509.DNSName('a.example.com'), x509.IPAddress(ipaddress.ipaddr('192.0.2.111'))]),
 	        critical=False
 	    ).subject_name(
 	        x509.Name([])

certbot/src/certbot/util.py

@@ -86,13 +86,13 @@ class LooseVersion:
         an exception is raised.
 
         Comparison is performed element-wise. If the version components being compared are of
-        different types, the two versions are considered incomparible. Otherwise, if either of the
+        different types, the two versions are considered incompatible. Otherwise, if either of the
         components is not equal to the other, less or greater is returned based on the comparison's
         result. In case the two versions are of different lengths, some elements in the longer
         version have not yet been compared. If these are all equal to zero, the two versions are
         equal. Otherwise, the longer version is greater.
 
-        If the two versions are incomparible, an exception is raised. Otherwise, the returned
+        If the two versions are incompatible, an exception is raised. Otherwise, the returned
         integer indicates the result of the comparison. If self == other, 0 is returned.
         If self > other, 1 is returned. If self < other -1 is returned.
 

letsencrypt-auto-source/letsencrypt-auto

@@ -162,7 +162,7 @@ SuSudo() {
 }
 
 # Sets the environment variable SUDO to be the name of the program or function
-# to call to get root access. If this script already has root privleges, SUDO
+# to call to get root access. If this script already has root privileges, SUDO
 # is set to an empty string. The value in SUDO should be run with the command
 # to called with root privileges as arguments.
 SetRootAuthMechanism() {

tools/docker/lib/common

@@ -103,7 +103,7 @@ InstallMultiarchSupport() {
 # Function to create a docker builder using the buildkit docker-container
 # driver
 CreateBuilder() {
-    # just incase the env is not perfectly clean, remove any old instance of the builder
+    # just in case the env is not perfectly clean, remove any old instance of the builder
     docker buildx rm certbot_builder || true
     # create the builder instance
     #