Migrate spelling-0.0.21 changes from main

This reverts commit a4f661a91d.

.github/actions/spelling/README.md

@@ -0,0 +1,15 @@
+# check-spelling/check-spelling configuration
+
+File | Purpose | Format | Info
+-|-|-|-
+[allow/*.txt](allow/) | Add words to the dictionary | one word per line (only letters and `'`s allowed) | [allow](https://github.com/check-spelling/check-spelling/wiki/Configuration#allow)
+[reject.txt](reject.txt) | Remove words from the dictionary (after allow) | grep pattern matching whole dictionary words | [reject](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-reject)
+[excludes.txt](excludes.txt) | Files to ignore entirely | perl regular expression | [excludes](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-excludes)
+[patterns/*.txt](patterns/) | Patterns to ignore from checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
+[candidate.patterns](candidate.patterns) | Patterns that might be worth adding to [patterns.txt](patterns.txt) | perl regular expression with optional comment block introductions (all matches will be suggested) | [candidates](https://github.com/check-spelling/check-spelling/wiki/Feature:-Suggest-patterns)
+[line_forbidden.patterns](line_forbidden.patterns) | Patterns to flag in checked lines | perl regular expression (order matters, first match wins) | [patterns](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-patterns)
+[expect/*.txt](expect.txt) | Expected words that aren't in the dictionary | one word per line (sorted, alphabetically) | [expect](https://github.com/check-spelling/check-spelling/wiki/Configuration#expect)
+[advice.md](advice.md) | Supplement for GitHub comment when unrecognized words are found | GitHub Markdown | [advice](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice)
+
+Note: you can replace any of these files with a directory by the same name (minus the suffix)
+and then include multiple files inside that directory (with that suffix) to merge multiple files together.

.github/actions/spelling/advice.md

@@ -1,4 +1,4 @@
-<!-- markdownlint-disable MD033 MD041 -->
+<!-- See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples%3A-advice --> <!-- markdownlint-disable MD033 MD041 -->
 <details>
 <summary>
 :pencil2: Contributor please read this
@@ -6,7 +6,7 @@
 
 By default the command suggestion will generate a file named based on your commit. That's generally ok as long as you add the file to your commit. Someone can reorganize it later.
 
-:warning: The command is written for posix shells. You can copy the contents of each `perl` command excluding the outer `'` marks and dropping any `'"`/`"'` quotation mark pairs into a file and then run `perl file.pl` from the root of the repository to run the code. Alternatively, you can manually insert the items...
+:warning: The command is written for posix shells. If it doesn't work for you, you can manually _add_ (one word per line) / _remove_ items to `expect.txt` and the `excludes.txt` files.
 
 If the listed items are:
 
@@ -20,31 +20,29 @@ See the `README.md` in each directory for more information.
 
 :microscope: You can test your commits **without** *appending* to a PR by creating a new branch with that extra change and pushing it to your fork. The [check-spelling](https://github.com/marketplace/actions/check-spelling) action will run in response to your **push** -- it doesn't require an open pull request. By using such a branch, you can limit the number of typos your peers see you make. :wink:
 
-<details><summary>:clamp: If you see a bunch of garbage</summary>
 
-If it relates to a ...
+<details><summary>If the flagged items are :exploding_head: false positives</summary>
-<details><summary>well-formed pattern</summary>
 
-See if there's a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it.
+If items relate to a ...
+* binary file (or some other file you wouldn't want to check at all).
 
-If not, try writing one and adding it to a `patterns/{file}.txt`.
+  Please add a file path to the `excludes.txt` file matching the containing file.
 
-Patterns are Perl 5 Regular Expressions - you can [test](
+  File paths are Perl 5 Regular Expressions - you can [test](
-https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
-
-Note that patterns can't match multiline strings.
-</details>
-<details><summary>binary-ish string</summary>
-
-Please add a file path to the `excludes.txt` file instead of just accepting the garbage.
-
-File paths are Perl 5 Regular Expressions - you can [test](
 https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your files.
 
-`^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
+  `^` refers to the file's path from the root of the repository, so `^README\.md$` would exclude [README.md](
 ../tree/HEAD/README.md) (on whichever branch you're using).
-</details>
+
-
+* well-formed pattern.
+
+  If you can write a [pattern](https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns) that would match it,
+  try adding it to the `patterns.txt` file.
+
+  Patterns are Perl 5 Regular Expressions - you can [test](
+https://www.regexplanet.com/advanced/perl/) yours before committing to verify it will match your lines.
+
+  Note that patterns can't match multiline strings.
 </details>
 
 </details>

.github/actions/spelling/allow/allow.txt

@@ -1,20 +1,21 @@
 admins
-apc
+allcolors
 Apc
-bsd
+apc
 breadcrumb
 breadcrumbs
+bsd
 calt
-CMMI
 ccmp
 changelog
 clickable
 clig
+CMMI
 copyable
 cybersecurity
 dalet
-dcs
 Dcs
+dcs
 dialytika
 dje
 downside
@@ -26,36 +27,43 @@ EDDC
 Enum'd
 Fitt
 formattings
+FTCS
 ftp
 fvar
+gantt
 gcc
 geeksforgeeks
 ghe
+github
 gje
 godbolt
 hostname
 hostnames
+https
 hyperlink
 hyperlinking
 hyperlinks
+iconify
 img
 inlined
 It'd
 kje
 libfuzzer
+libuv
 liga
 lje
 Llast
 llvm
 Lmid
 locl
+lol
 lorem
 Lorigin
 maxed
+minimalistic
 mkmk
 mnt
 mru
-noreply
 nje
 noreply
 ogonek
@@ -76,13 +84,16 @@ runtimes
 shcha
 slnt
 Sos
+ssh
 timeline
 timelines
 timestamped
 TLDR
 tokenizes
 tonos
+toolset
 tshe
+ubuntu
 uiatextrange
 UIs
 und
@@ -91,6 +102,7 @@ versioned
 vsdevcmd
 We'd
 wildcards
+XBox
+YBox
 yeru
 zhe
-allcolors

.github/actions/spelling/allow/apis.txt

@@ -5,6 +5,7 @@ aclapi
 alignas
 alignof
 APPLYTOSUBMENUS
+appxrecipe
 bitfield
 bitfields
 BUILDBRANCH
@@ -14,6 +15,7 @@ BYCOMMAND
 BYPOSITION
 charconv
 CLASSNOTAVAILABLE
+CLOSEAPP
 cmdletbinding
 COLORPROPERTY
 colspan
@@ -28,9 +30,14 @@ dataobject
 dcomp
 DERR
 dlldata
+DNE
 DONTADDTORECENT
+DWMSBT
+DWMWA
+DWMWA
 DWORDLONG
 endfor
+ENDSESSION
 enumset
 environstrings
 EXPCMDFLAGS
@@ -70,6 +77,7 @@ IDirect
 IExplorer
 IFACEMETHOD
 IFile
+IGraphics
 IInheritable
 IMap
 IMonarch
@@ -84,6 +92,7 @@ istream
 IStringable
 ITab
 ITaskbar
+itow
 IUri
 IVirtual
 KEYSELECT
@@ -95,12 +104,15 @@ lround
 Lsa
 lsass
 LSHIFT
+LTGRAY
+MAINWINDOW
 memchr
 memicmp
 MENUCOMMAND
 MENUDATA
-MENUITEMINFOW
 MENUINFO
+MENUITEMINFOW
+mmeapi
 MOUSELEAVE
 mov
 mptt
@@ -136,14 +148,17 @@ OUTLINETEXTMETRICW
 overridable
 PACL
 PAGESCROLL
+PATINVERT
 PEXPLICIT
 PICKFOLDERS
 pmr
 ptstr
+QUERYENDSESSION
 rcx
 REGCLS
 RETURNCMD
 rfind
+ROOTOWNER
 roundf
 RSHIFT
 SACL
@@ -153,6 +168,7 @@ serializer
 SETVERSION
 SHELLEXECUTEINFOW
 shobjidl
+SHOWHIDE
 SHOWMINIMIZED
 SHOWTIP
 SINGLEUSE
@@ -173,6 +189,8 @@ Stubless
 Subheader
 Subpage
 syscall
+SYSTEMBACKDROP
+TABROW
 TASKBARCREATED
 TBPF
 THEMECHANGED
@@ -192,6 +210,8 @@ UOI
 UPDATEINIFILE
 userenv
 USEROBJECTFLAGS
+Viewbox
+virtualalloc
 wcsstr
 wcstoui
 winmain

.github/actions/spelling/allow/names.txt

@@ -1,8 +1,10 @@
 Anup
 austdi
+arkthur
 Ballmer
 bhoj
 Bhojwani
+Bluloco
 carlos
 dhowett
 Diviness
@@ -22,6 +24,7 @@ Hernan
 Howett
 Illhardt
 iquilezles
+italo
 jantari
 jerrysh
 Kaiyu
@@ -35,7 +38,9 @@ leonmsft
 Lepilleur
 lhecker
 lukesampson
+Macbook
 Manandhar
+masserano
 mbadolato
 Mehrain
 menger
@@ -64,10 +69,13 @@ Rincewind
 rprichard
 Schoonover
 shadertoy
+Shomnipotence
+simioni
 Somuah
 sonph
 sonpham
 stakx
+talo
 thereses
 Walisch
 WDX

.github/actions/spelling/candidate.patterns

@@ -0,0 +1,523 @@
+# marker to ignore all code on line
+^.*/\* #no-spell-check-line \*/.*$
+# marker for ignoring a comment to the end of the line
+// #no-spell-check.*$
+
+# patch hunk comments
+^\@\@ -\d+(?:,\d+|) \+\d+(?:,\d+|) \@\@ .*
+# git index header
+index [0-9a-z]{7,40}\.\.[0-9a-z]{7,40}
+
+# cid urls
+(['"])cid:.*?\g{-1}
+
+# data url in parens
+\(data:[^)]*?(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})[^)]*\)
+# data url in quotes
+([`'"])data:.*?(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,}).*\g{-1}
+# data url
+data:[-a-zA-Z=;:/0-9+]*,\S*
+
+# mailto urls
+mailto:[-a-zA-Z=;:/?%&0-9+@.]{3,}
+
+# magnet urls
+magnet:[?=:\w]+
+
+# magnet urls
+"magnet:[^"]+"
+
+# obs:
+"obs:[^"]*"
+
+# The `\b` here means a break, it's the fancy way to handle urls, but it makes things harder to read
+# In this examples content, I'm using a number of different ways to match things to show various approaches
+# asciinema
+\basciinema\.org/a/[0-9a-zA-Z]+
+
+# apple
+\bdeveloper\.apple\.com/[-\w?=/]+
+# Apple music
+\bembed\.music\.apple\.com/fr/playlist/usr-share/[-\w.]+
+
+# appveyor api
+\bci\.appveyor\.com/api/projects/status/[0-9a-z]+
+# appveyor project
+\bci\.appveyor\.com/project/(?:[^/\s"]*/){2}builds?/\d+/job/[0-9a-z]+
+
+# Amazon
+
+# Amazon
+\bamazon\.com/[-\w]+/(?:dp/[0-9A-Z]+|)
+# AWS S3
+\b\w*\.s3[^.]*\.amazonaws\.com/[-\w/&#%_?:=]*
+# AWS execute-api
+\b[0-9a-z]{10}\.execute-api\.[-0-9a-z]+\.amazonaws\.com\b
+# AWS ELB
+\b\w+\.[-0-9a-z]+\.elb\.amazonaws\.com\b
+# AWS SNS
+\bsns\.[-0-9a-z]+.amazonaws\.com/[-\w/&#%_?:=]*
+# AWS VPC
+vpc-\w+
+
+# While you could try to match `http://` and `https://` by using `s?` in `https?://`, sometimes there
+# YouTube url
+\b(?:(?:www\.|)youtube\.com|youtu.be)/(?:channel/|embed/|user/|playlist\?list=|watch\?v=|v/|)[-a-zA-Z0-9?&=_%]*
+# YouTube music
+\bmusic\.youtube\.com/youtubei/v1/browse(?:[?&]\w+=[-a-zA-Z0-9?&=_]*)
+# YouTube tag
+<\s*youtube\s+id=['"][-a-zA-Z0-9?_]*['"]
+# YouTube image
+\bimg\.youtube\.com/vi/[-a-zA-Z0-9?&=_]*
+# Google Accounts
+\baccounts.google.com/[-_/?=.:;+%&0-9a-zA-Z]*
+# Google Analytics
+\bgoogle-analytics\.com/collect.[-0-9a-zA-Z?%=&_.~]*
+# Google APIs
+\bgoogleapis\.(?:com|dev)/[a-z]+/(?:v\d+/|)[a-z]+/[-@:./?=\w+|&]+
+# Google Storage
+\b[-a-zA-Z0-9.]*\bstorage\d*\.googleapis\.com(?:/\S*|)
+# Google Calendar
+\bcalendar\.google\.com/calendar(?:/u/\d+|)/embed\?src=[@./?=\w&%]+
+\w+\@group\.calendar\.google\.com\b
+# Google DataStudio
+\bdatastudio\.google\.com/(?:(?:c/|)u/\d+/|)(?:embed/|)(?:open|reporting|datasources|s)/[-0-9a-zA-Z]+(?:/page/[-0-9a-zA-Z]+|)
+# The leading `/` here is as opposed to the `\b` above
+# ... a short way to match `https://` or `http://` since most urls have one of those prefixes
+# Google Docs
+/docs\.google\.com/[a-z]+/(?:ccc\?key=\w+|(?:u/\d+|d/(?:e/|)[0-9a-zA-Z_-]+/)?(?:edit\?[-\w=#.]*|/\?[\w=&]*|))
+# Google Drive
+\bdrive\.google\.com/(?:file/d/|open)[-0-9a-zA-Z_?=]*
+# Google Groups
+\bgroups\.google\.com/(?:(?:forum/#!|d/)(?:msg|topics?|searchin)|a)/[^/\s"]+/[-a-zA-Z0-9$]+(?:/[-a-zA-Z0-9]+)*
+# Google Maps
+\bmaps\.google\.com/maps\?[\w&;=]*
+# Google themes
+themes\.googleusercontent\.com/static/fonts/[^/\s"]+/v\d+/[^.]+.
+# Google CDN
+\bclients2\.google(?:usercontent|)\.com[-0-9a-zA-Z/.]*
+# Goo.gl
+/goo\.gl/[a-zA-Z0-9]+
+# Google Chrome Store
+\bchrome\.google\.com/webstore/detail/[-\w]*(?:/\w*|)
+# Google Books
+\bgoogle\.(?:\w{2,4})/books(?:/\w+)*\?[-\w\d=&#.]*
+# Google Fonts
+\bfonts\.(?:googleapis|gstatic)\.com/[-/?=:;+&0-9a-zA-Z]*
+# Google Forms
+\bforms\.gle/\w+
+# Google Scholar
+\bscholar\.google\.com/citations\?user=[A-Za-z0-9_]+
+# Google Colab Research Drive
+\bcolab\.research\.google\.com/drive/[-0-9a-zA-Z_?=]*
+
+# GitHub SHAs (api)
+\bapi.github\.com/repos(?:/[^/\s"]+){3}/[0-9a-f]+\b
+# GitHub SHAs (markdown)
+(?:\[`?[0-9a-f]+`?\]\(https:/|)/(?:www\.|)github\.com(?:/[^/\s"]+){2,}(?:/[^/\s")]+)(?:[0-9a-f]+(?:[-0-9a-zA-Z/#.]*|)\b|)
+# GitHub SHAs
+\bgithub\.com(?:/[^/\s"]+){2}[@#][0-9a-f]+\b
+# GitHub wiki
+\bgithub\.com/(?:[^/]+/){2}wiki/(?:(?:[^/]+/|)_history|[^/]+(?:/_compare|)/[0-9a-f.]{40,})\b
+# githubusercontent
+/[-a-z0-9]+\.githubusercontent\.com/[-a-zA-Z0-9?&=_\/.]*
+# githubassets
+\bgithubassets.com/[0-9a-f]+(?:[-/\w.]+)
+# gist github
+\bgist\.github\.com/[^/\s"]+/[0-9a-f]+
+# git.io
+\bgit\.io/[0-9a-zA-Z]+
+# GitHub JSON
+"node_id": "[-a-zA-Z=;:/0-9+]*"
+# Contributor
+\[[^\]]+\]\(https://github\.com/[^/\s"]+\)
+# GHSA
+GHSA(?:-[0-9a-z]{4}){3}
+
+# GitLab commit
+\bgitlab\.[^/\s"]*/\S+/\S+/commit/[0-9a-f]{7,16}#[0-9a-f]{40}\b
+# GitLab merge requests
+\bgitlab\.[^/\s"]*/\S+/\S+/-/merge_requests/\d+/diffs#[0-9a-f]{40}\b
+# GitLab uploads
+\bgitlab\.[^/\s"]*/uploads/[-a-zA-Z=;:/0-9+]*
+# GitLab commits
+\bgitlab\.[^/\s"]*/(?:[^/\s"]+/){2}commits?/[0-9a-f]+\b
+
+# binanace
+accounts.binance.com/[a-z/]*oauth/authorize\?[-0-9a-zA-Z&%]*
+
+# bitbucket diff
+\bapi\.bitbucket\.org/\d+\.\d+/repositories/(?:[^/\s"]+/){2}diff(?:stat|)(?:/[^/\s"]+){2}:[0-9a-f]+
+# bitbucket repositories commits
+\bapi\.bitbucket\.org/\d+\.\d+/repositories/(?:[^/\s"]+/){2}commits?/[0-9a-f]+
+# bitbucket commits
+\bbitbucket\.org/(?:[^/\s"]+/){2}commits?/[0-9a-f]+
+
+# bit.ly
+\bbit\.ly/\w+
+
+# bitrise
+\bapp\.bitrise\.io/app/[0-9a-f]*/[\w.?=&]*
+
+# bootstrapcdn.com
+\bbootstrapcdn\.com/[-./\w]+
+
+# cdn.cloudflare.com
+\bcdnjs\.cloudflare\.com/[./\w]+
+
+# circleci
+\bcircleci\.com/gh(?:/[^/\s"]+){1,5}.[a-z]+\?[-0-9a-zA-Z=&]+
+
+# gitter
+\bgitter\.im(?:/[^/\s"]+){2}\?at=[0-9a-f]+
+
+# gravatar
+\bgravatar\.com/avatar/[0-9a-f]+
+
+# ibm
+[a-z.]*ibm\.com/[-_#=:%!?~.\\/\d\w]*
+
+# imgur
+\bimgur\.com/[^.]+
+
+# Internet Archive
+\barchive\.org/web/\d+/(?:[-\w.?,'/\\+&%$#_:]*)
+
+# discord
+/discord(?:app\.com|\.gg)/(?:invite/)?[a-zA-Z0-9]{7,}
+
+# Disqus
+\bdisqus\.com/[-\w/%.()!?&=_]*
+
+# medium link
+\blink\.medium\.com/[a-zA-Z0-9]+
+# medium
+\bmedium\.com/\@?[^/\s"]+/[-\w]+
+
+# microsoft
+\b(?:https?://|)(?:(?:download\.visualstudio|docs|msdn2?|research)\.microsoft|blogs\.msdn)\.com/[-_a-zA-Z0-9()=./%]*
+# powerbi
+\bapp\.powerbi\.com/reportEmbed/[^"' ]*
+# vs devops
+\bvisualstudio.com(?::443|)/[-\w/?=%&.]*
+# microsoft store
+\bmicrosoft\.com/store/apps/\w+
+
+# mvnrepository.com
+\bmvnrepository\.com/[-0-9a-z./]+
+
+# now.sh
+/[0-9a-z-.]+\.now\.sh\b
+
+# oracle
+\bdocs\.oracle\.com/[-0-9a-zA-Z./_?#&=]*
+
+# chromatic.com
+/\S+.chromatic.com\S*[")]
+
+# codacy
+\bapi\.codacy\.com/project/badge/Grade/[0-9a-f]+
+
+# compai
+\bcompai\.pub/v1/png/[0-9a-f]+
+
+# mailgun api
+\.api\.mailgun\.net/v3/domains/[0-9a-z]+\.mailgun.org/messages/[0-9a-zA-Z=@]*
+# mailgun
+\b[0-9a-z]+.mailgun.org
+
+# /message-id/
+/message-id/[-\w@./%]+
+
+# Reddit
+\breddit\.com/r/[/\w_]*
+
+# requestb.in
+\brequestb\.in/[0-9a-z]+
+
+# sched
+\b[a-z0-9]+\.sched\.com\b
+
+# Slack url
+slack://[a-zA-Z0-9?&=]+
+# Slack
+\bslack\.com/[-0-9a-zA-Z/_~?&=.]*
+# Slack edge
+\bslack-edge\.com/[-a-zA-Z0-9?&=%./]+
+# Slack images
+\bslack-imgs\.com/[-a-zA-Z0-9?&=%.]+
+
+# shields.io
+\bshields\.io/[-\w/%?=&.:+;,]*
+
+# stackexchange -- https://stackexchange.com/feeds/sites
+\b(?:askubuntu|serverfault|stack(?:exchange|overflow)|superuser).com/(?:questions/\w+/[-\w]+|a/)
+
+# Sentry
+[0-9a-f]{32}\@o\d+\.ingest\.sentry\.io\b
+
+# Twitter markdown
+\[\@[^[/\]:]*?\]\(https://twitter.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)\)
+# Twitter hashtag
+\btwitter\.com/hashtag/[\w?_=&]*
+# Twitter status
+\btwitter\.com/[^/\s"')]*(?:/status/\d+(?:\?[-_0-9a-zA-Z&=]*|)|)
+# Twitter profile images
+\btwimg\.com/profile_images/[_\w./]*
+# Twitter media
+\btwimg\.com/media/[-_\w./?=]*
+# Twitter link shortened
+\bt\.co/\w+
+
+# facebook
+\bfburl\.com/[0-9a-z_]+
+# facebook CDN
+\bfbcdn\.net/[\w/.,]*
+# facebook watch
+\bfb\.watch/[0-9A-Za-z]+
+
+# dropbox
+\bdropbox\.com/sh?/[^/\s"]+/[-0-9A-Za-z_.%?=&;]+
+
+# ipfs protocol
+ipfs://[0-9a-z]*
+# ipfs url
+/ipfs/[0-9a-z]*
+
+# w3
+\bw3\.org/[-0-9a-zA-Z/#.]+
+
+# loom
+\bloom\.com/embed/[0-9a-f]+
+
+# regex101
+\bregex101\.com/r/[^/\s"]+/\d+
+
+# figma
+\bfigma\.com/file(?:/[0-9a-zA-Z]+/)+
+
+# freecodecamp.org
+\bfreecodecamp\.org/[-\w/.]+
+
+# image.tmdb.org
+\bimage\.tmdb\.org/[/\w.]+
+
+# mermaid
+\bmermaid\.ink/img/[-\w]+|\bmermaid-js\.github\.io/mermaid-live-editor/#/edit/[-\w]+
+
+# Wikipedia
+\ben\.wikipedia\.org/wiki/[-\w%.#]+
+
+# gitweb
+[^"\s]+/gitweb/\S+;h=[0-9a-f]+
+
+# HyperKitty lists
+/archives/list/[^@/]+\@[^/\s"]*/message/[^/\s"]*/
+
+# lists
+/thread\.html/[^"\s]+
+
+# list-management
+\blist-manage\.com/subscribe(?:[?&](?:u|id)=[0-9a-f]+)+
+
+# kubectl.kubernetes.io/last-applied-configuration
+"kubectl.kubernetes.io/last-applied-configuration": ".*"
+
+# pgp
+\bgnupg\.net/pks/lookup[?&=0-9a-zA-Z]*
+
+# Spotify
+\bopen\.spotify\.com/embed/playlist/\w+
+
+# Mastodon
+\bmastodon\.[-a-z.]*/(?:media/|\@)[?&=0-9a-zA-Z_]*
+
+# scastie
+\bscastie\.scala-lang\.org/[^/]+/\w+
+
+# images.unsplash.com
+\bimages\.unsplash\.com/(?:(?:flagged|reserve)/|)[-\w./%?=%&.;]+
+
+# pastebin
+\bpastebin\.com/[\w/]+
+
+# heroku
+\b\w+\.heroku\.com/source/archive/\w+
+
+# quip
+\b\w+\.quip\.com/\w+(?:(?:#|/issues/)\w+)?
+
+# badgen.net
+\bbadgen\.net/badge/[^")\]'\s]+
+
+# statuspage.io
+\w+\.statuspage\.io\b
+
+# media.giphy.com
+\bmedia\.giphy\.com/media/[^/]+/[\w.?&=]+
+
+# tinyurl
+\btinyurl\.com/\w+
+
+# getopts
+\bgetopts\s+(?:"[^"]+"|'[^']+')
+
+# ANSI color codes
+(?:\\(?:u00|x)1b|\x1b)\[\d+(?:;\d+|)m
+
+# URL escaped characters
+\%[0-9A-F][A-F]
+# IPv6
+\b(?:[0-9a-fA-F]{0,4}:){3,7}[0-9a-fA-F]{0,4}\b
+# c99 hex digits (not the full format, just one I've seen)
+0x[0-9a-fA-F](?:\.[0-9a-fA-F]*|)[pP]
+# Punycode
+\bxn--[-0-9a-z]+
+# sha
+sha\d+:[0-9]*[a-f]{3,}[0-9a-f]*
+# sha-... -- uses a fancy capture
+(['"]|&quot;)[0-9a-f]{40,}\g{-1}
+# hex runs
+\b[0-9a-fA-F]{16,}\b
+# hex in url queries
+=[0-9a-fA-F]*?(?:[A-F]{3,}|[a-f]{3,})[0-9a-fA-F]*?&
+# ssh
+(?:ssh-\S+|-nistp256) [-a-zA-Z=;:/0-9+]{12,}
+
+# PGP
+\b(?:[0-9A-F]{4} ){9}[0-9A-F]{4}\b
+# GPG keys
+\b(?:[0-9A-F]{4} ){5}(?: [0-9A-F]{4}){5}\b
+# Well known gpg keys
+.well-known/openpgpkey/[\w./]+
+
+# uuid:
+\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b
+# hex digits including css/html color classes:
+(?:[\\0][xX]|\\u|[uU]\+|#x?|\%23)[0-9_a-fA-FgGrR]*?[a-fA-FgGrR]{2,}[0-9_a-fA-FgGrR]*(?:[uUlL]{0,3}|u\d+)\b
+# integrity
+integrity="sha\d+-[-a-zA-Z=;:/0-9+]{40,}"
+
+# https://www.gnu.org/software/groff/manual/groff.html
+# man troff content
+\\f[BCIPR]
+# '
+\\\(aq
+
+# .desktop mime types
+^MimeTypes?=.*$
+# .desktop localized entries
+^[A-Z][a-z]+\[[a-z]+\]=.*$
+# Localized .desktop content
+Name\[[^\]]+\]=.*
+
+# IServiceProvider
+\bI(?=(?:[A-Z][a-z]{2,})+\b)
+
+# crypt
+"\$2[ayb]\$.{56}"
+
+# scrypt / argon
+\$(?:scrypt|argon\d+[di]*)\$\S+
+
+# Input to GitHub JSON
+content: "[-a-zA-Z=;:/0-9+]*="
+
+# Python stringprefix / binaryprefix
+# Note that there's a high false positive rate, remove the `?=` and search for the regex to see if the matches seem like reasonable strings
+(?<!')\b(?:B|BR|Br|F|FR|Fr|R|RB|RF|Rb|Rf|U|UR|Ur|b|bR|br|f|fR|fr|r|rB|rF|rb|rf|u|uR|ur)'(?:[A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})
+
+# Regular expressions for (P|p)assword
+\([A-Z]\|[a-z]\)[a-z]+
+
+# JavaScript regular expressions
+# javascript test regex
+/.*/[gim]*\.test\(
+# javascript match regex
+\.match\(/[^/\s"]*/[gim]*\s*
+# javascript match regex
+\.match\(/\\[b].*?/[gim]*\s*\)(?:;|$)
+# javascript regex
+^\s*/\\[b].*/[gim]*\s*(?:\)(?:;|$)|,$)
+# javascript replace regex
+\.replace\(/[^/\s"]*/[gim]*\s*,
+
+# Go regular expressions
+regexp?\.MustCompile\(`[^`]*`\)
+
+# sed regular expressions
+sed 's/(?:[^/]*?[a-zA-Z]{3,}[^/]*?/){2}
+
+# go install
+go install(?:\s+[a-z]+\.[-@\w/.]+)+
+
+# kubernetes pod status lists
+# https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#pod-phase
+\w+(?:-\w+)+\s+\d+/\d+\s+(?:Running|Pending|Succeeded|Failed|Unknown)\s+
+
+# kubectl - pods in CrashLoopBackOff
+\w+-[0-9a-f]+-\w+\s+\d+/\d+\s+CrashLoopBackOff\s+
+
+# kubernetes object suffix
+-[0-9a-f]{10}-\w{5}\s
+
+# posthog secrets
+posthog\.init\((['"])phc_[^"',]+\g{-1},
+
+# xcode
+
+# xcodeproject scenes
+(?:Controller|ID|id)="\w{3}-\w{2}-\w{3}"
+
+# xcode api botches
+customObjectInstantitationMethod
+
+# font awesome classes
+\.fa-[-a-z0-9]+
+
+# Update Lorem based on your content (requires `ge` and `w` from https://github.com/jsoref/spelling; and `review` from https://github.com/check-spelling/check-spelling/wiki/Looking-for-items-locally )
+# grep '^[^#].*lorem' .github/actions/spelling/patterns.txt|perl -pne 's/.*i..\?://;s/\).*//' |tr '|' "\n"|sort -f |xargs -n1 ge|perl -pne 's/^[^:]*://'|sort -u|w|sed -e 's/ .*//'|w|review -
+# Warning, while `(?i)` is very neat and fancy, if you have some binary files that aren't proper unicode, you might run into:
+## Operation "substitution (s///)" returns its argument for non-Unicode code point 0x1C19AE (the code point will vary).
+## You could manually change `(?i)X...` to use `[Xx]...`
+## or you could add the files to your `excludes` file (a version after 0.0.19 should identify the file path)
+# Lorem
+(?:\w|\s|[,.])*\b(?i)(?:amet|consectetur|cursus|dolor|eros|ipsum|lacus|libero|ligula|lorem|magna|neque|nulla|suscipit|tempus)\b(?:\w|\s|[,.])*
+
+# Non-English
+[a-zA-Z]*[ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3}[a-zA-ZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]*
+
+# French
+# This corpus only had capital letters, but you probably want lowercase ones as well.
+\b[LN]'+[a-z]{2,}\b
+
+# latex
+\\(?:n(?:ew|ormal|osub)|r(?:enew)|t(?:able(?:of|)|he|itle))(?=[a-z]+)
+
+# the negative lookahead here is to allow catching 'templatesz' as a misspelling
+# but to otherwise recognize a Windows path with \templates\foo.template or similar:
+\\(?:necessary|r(?:eport|esolve[dr]?|esult)|t(?:arget|emplates?))(?![a-z])
+# ignore long runs of a single character:
+\b([A-Za-z])\g{-1}{3,}\b
+# Note that the next example is no longer necessary if you are using
+# to match a string starting with a `#`, use a character-class:
+[#]backwards
+# version suffix <word>v#
+(?:(?<=[A-Z]{2})V|(?<=[a-z]{2}|[A-Z]{2})v)\d+(?:\b|(?=[a-zA-Z_]))
+# Compiler flags (Scala)
+(?:^|[\t ,>"'`=(])-J-[DPWXY](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})
+# Compiler flags
+#(?:^|[\t ,"'`=(])-[DPWXYLlf](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})
+
+# Compiler flags (linker)
+,-B
+# curl arguments
+\b(?:\\n|)curl(?:\s+-[a-zA-Z]{1,2}\b)*(?:\s+-[a-zA-Z]{3,})(?:\s+-[a-zA-Z]+)*
+# set arguments
+\bset(?:\s+-[abefimouxE]{1,2})*\s+-[abefimouxE]{3,}(?:\s+-[abefimouxE]+)*
+# tar arguments
+\b(?:\\n|)g?tar(?:\.exe|)(?:(?:\s+--[-a-zA-Z]+|\s+-[a-zA-Z]+|\s[ABGJMOPRSUWZacdfh-pr-xz]+\b)(?:=[^ ]*|))+
+# tput arguments -- https://man7.org/linux/man-pages/man5/terminfo.5.html -- technically they can be more than 5 chars long...
+\btput\s+(?:(?:-[SV]|-T\s*\w+)\s+)*\w{3,5}\b
+# macOS temp folders
+/var/folders/\w\w/[+\w]+/(?:T|-Caches-)/

.github/actions/spelling/excludes.txt

@@ -1,28 +1,39 @@
+# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-excludes
 (?:(?i)\.png$)
+(?:^|/)(?i)COPYRIGHT
+(?:^|/)(?i)LICEN[CS]E
+(?:^|/)3rdparty/
 (?:^|/)dirs$
 (?:^|/)go\.mod$
 (?:^|/)go\.sum$
-(?:^|/)package-lock\.json$
+(?:^|/)package(?:-lock|)\.json$
 (?:^|/)sources(?:|\.dep)$
-SUMS$
+(?:^|/)vendor/
+\.a$
 \.ai$
+\.avi$
 \.bmp$
+\.bz2$
 \.cer$
 \.class$
 \.crl$
 \.crt$
 \.csr$
 \.dll$
+\.docx?$
+\.drawio$
 \.DS_Store$
 \.eot$
 \.eps$
 \.exe$
 \.gif$
+\.gitattributes$
 \.graffle$
 \.gz$
 \.icns$
 \.ico$
 \.jar$
+\.jks$
 \.jpeg$
 \.jpg$
 \.key$
@@ -30,28 +41,53 @@ SUMS$
 \.lock$
 \.map$
 \.min\..
+\.mod$
 \.mp3$
 \.mp4$
+\.o$
+\.ocf$
 \.otf$
 \.pbxproj$
 \.pdf$
 \.pem$
+\.png$
 \.psd$
+\.pyc$
 \.runsettings$
+\.s$
 \.sig$
 \.so$
 \.svg$
 \.svgz$
+\.svgz?$
 \.tar$
 \.tgz$
+\.tiff?$
 \.ttf$
 \.vsdx$
+\.wav$
+\.webm$
+\.webp$
 \.woff
+\.woff2?$
 \.xcf$
 \.xls
+\.xlsx?$
 \.xpm$
 \.yml$
 \.zip$
+^\.github/actions/spelling/
+^\.github/fabricbot.json$
+^\.gitignore$
+^\Q.git-blame-ignore-revs\E$
+^\Q.github/workflows/spelling.yml\E$
+^\Qdoc/reference/windows-terminal-logo.ans\E$
+^\Qsamples/ConPTY/EchoCon/EchoCon/EchoCon.vcxproj.filters\E$
+^\Qsrc/host/exe/Host.EXE.vcxproj.filters\E$
+^\Qsrc/host/ft_host/chafa.txt\E$
+^\Qsrc/tools/closetest/CloseTest.vcxproj.filters\E$
+^\XamlStyler.json$
+^build/config/
 ^consolegit2gitfilters\.json$
 ^dep/
 ^doc/reference/master-sequence-list.csv$
@@ -77,6 +113,5 @@ SUMS$
 ^src/tools/U8U16Test/(?:fr|ru|zh)\.txt$
 ^src/types/ut_types/UtilsTests.cpp$
 ^tools/ReleaseEngineering/ServicingPipeline.ps1$
-^\.github/actions/spelling/
+ignore$
-^\.gitignore$
+SUMS$
-^\XamlStyler.json$

.github/actions/spelling/expect/alphabet.txt

@@ -5,26 +5,19 @@ AAAAAABBBBBBCCC
 AAAAABBBBBBCCC
 abcd
 abcd
-abcde
-abcdef
-ABCDEFG
-ABCDEFGH
 ABCDEFGHIJ
 abcdefghijk
 ABCDEFGHIJKLMNO
 abcdefghijklmnop
 ABCDEFGHIJKLMNOPQRST
-abcdefghijklmnopqrstuvwxyz
 ABCG
 ABE
 abf
 BBBBB
 BBBBBBBB
-BBBBBBBBBBBBBBDDDD
 BBBBBCCC
 BBBBCCCCC
 BBGGRR
-CCE
 EFG
 EFGh
 QQQQQQQQQQABCDEFGHIJ
@@ -33,7 +26,6 @@ QQQQQQQQQQABCDEFGHIJKLMNOPQRSTQQQQQQQQQQ
 QQQQQQQQQQABCDEFGHIJPQRSTQQQQQQQQQQ
 qrstuvwxyz
 qwerty
-QWERTYUIOP
 qwertyuiopasdfg
 YYYYYYYDDDDDDDDDDD
 ZAAZZ

.github/actions/spelling/expect/web.txt

@@ -1,29 +1,6 @@
-http
-www
-easyrgb
-php
-ecma
-rapidtables
 WCAG
-freedesktop
-ycombinator
-robertelder
-kovidgoyal
-leonerd
-fixterms
 winui
 appshellintegration
 mdtauk
-cppreference
 gfycat
 Guake
-azurewebsites
-askubuntu
-dostips
-viewtopic
-rosettacode
-Rexx
-tldp
-HOWTO
-uwspace
-uwaterloo

.github/actions/spelling/line_forbidden.patterns

@@ -0,0 +1,62 @@
+# reject `m_data` as there's a certain OS which has evil defines that break things if it's used elsewhere
+# \bm_data\b
+
+# If you have a framework that uses `it()` for testing and `fit()` for debugging a specific test,
+# you might not want to check in code where you were debugging w/ `fit()`, in which case, you might want
+# to use this:
+#\bfit\(
+
+# s.b. GitHub
+\bGithub\b
+
+# s.b. GitLab
+\bGitlab\b
+
+# s.b. JavaScript
+\bJavascript\b
+
+# s.b. Microsoft
+\bMicroSoft\b
+
+# s.b. another
+\ban[- ]other\b
+
+# s.b. greater than
+\bgreater then\b
+
+# s.b. into
+#\sin to\s
+
+# s.b. opt-in
+\sopt in\s
+
+# s.b. less than
+\bless then\b
+
+# s.b. otherwise
+\bother[- ]wise\b
+
+# s.b. nonexistent
+\bnon existing\b
+\b[Nn]o[nt][- ]existent\b
+
+# s.b. preexisting
+[Pp]re[- ]existing
+
+# s.b. preempt
+[Pp]re[- ]empt\b
+
+# s.b. preemptively
+[Pp]re[- ]emptively
+
+# s.b. reentrancy
+[Rr]e[- ]entrancy
+
+# s.b. reentrant
+[Rr]e[- ]entrant
+
+# s.b. workaround(s)
+#\bwork[- ]arounds?\b
+
+# Reject duplicate words
+\s([A-Z]{3,}|[A-Z][a-z]{2,}|[a-z]{3,})\s\g{-1}\s

.github/actions/spelling/patterns/patterns.txt

@@ -1,11 +1,6 @@
-https://(?:(?:[-a-zA-Z0-9?&=]*\.|)microsoft\.com)/[-a-zA-Z0-9?&=_#\/.]*
+# See https://github.com/check-spelling/check-spelling/wiki/Configuration-Examples:-patterns
-https://aka\.ms/[-a-zA-Z0-9?&=\/_]*
+
-https://www\.itscj\.ipsj\.or\.jp/iso-ir/[-0-9]+\.pdf
+https?://\S+
-https://www\.vt100\.net/docs/[-a-zA-Z0-9#_\/.]*
-https://www.w3.org/[-a-zA-Z0-9?&=\/_#]*
-https://(?:(?:www\.|)youtube\.com|youtu.be)/[-a-zA-Z0-9?&=]*
-https://(?:[a-z-]+\.|)github(?:usercontent|)\.com/[-a-zA-Z0-9?%&=_\/.+]*
-https://www.xfree86.org/[-a-zA-Z0-9?&=\/_#]*
 [Pp]ublicKeyToken="?[0-9a-fA-F]{16}"?
 (?:[{"]|UniqueIdentifier>)[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}(?:[}"]|</UniqueIdentifier)
 (?:0[Xx]|\\x|U\+|#)[a-f0-9A-FGgRr]{2,}[Uu]?[Ll]{0,2}\b
@@ -28,3 +23,74 @@ vcvars\w*
 ROY\sG\.\sBIV
 !(?:(?i)ESC)!\[
 !(?:(?i)CSI)!(?:\d+(?:;\d+|)m|[ABCDF])
+
+# Python stringprefix / binaryprefix
+\b(?:B|BR|Br|F|FR|Fr|R|RB|RF|Rb|Rf|U|UR|Ur|b|bR|br|f|fR|fr|r|rB|rF|rb|rf|u|uR|ur)'
+
+# Automatically suggested patterns
+# hit-count: 3831 file-count: 582
+# IServiceProvider
+\bI(?=(?:[A-Z][a-z]{2,})+\b)
+
+# hit-count: 71 file-count: 35
+# Compiler flags
+(?:^|[\t ,"'`=(])-[D](?=[A-Z]{2,}|[A-Z][a-z])
+(?:^|[\t ,"'`=(])-[X](?=[A-Z]{2,}|[A-Z][a-z]|[a-z]{2,})
+
+# hit-count: 41 file-count: 28
+# version suffix <word>v#
+(?:(?<=[A-Z]{2})V|(?<=[a-z]{2}|[A-Z]{2})v)\d+(?:\b|(?=[a-zA-Z_]))
+
+# hit-count: 20 file-count: 9
+# hex runs
+\b[0-9a-fA-F]{16,}\b
+
+# hit-count: 10 file-count: 7
+# uuid:
+\b[0-9a-fA-F]{8}-(?:[0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}\b
+
+# hit-count: 4 file-count: 4
+# mailto urls
+mailto:[-a-zA-Z=;:/?%&0-9+@.]{3,}
+
+# hit-count: 4 file-count: 1
+# ANSI color codes
+(?:\\(?:u00|x)1b|\x1b)\[\d+(?:;\d+|)m
+
+# hit-count: 2 file-count: 1
+# latex
+\\(?:n(?:ew|ormal|osub)|r(?:enew)|t(?:able(?:of|)|he|itle))(?=[a-z]+)
+
+# hit-count: 1 file-count: 1
+# hex digits including css/html color classes:
+(?:[\\0][xX]|\\u|[uU]\+|#x?|\%23)[0-9_a-fA-FgGrR]*?[a-fA-FgGrR]{2,}[0-9_a-fA-FgGrR]*(?:[uUlL]{0,3}|u\d+)\b
+
+# hit-count: 1 file-count: 1
+# Non-English
+[a-zA-Z]*[ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź][a-zA-Z]{3}[a-zA-ZÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖØÙÚÛÜÝßàáâãäåæçèéêëìíîïðñòóôõöøùúûüýÿĀāŁłŃńŅņŒœŚśŠšŜŝŸŽžź]*
+
+# hit-count: 1 file-count: 1
+# French
+# This corpus only had capital letters, but you probably want lowercase ones as well.
+\b[LN]'+[a-z]{2,}\b
+
+# acceptable duplicates
+# ls directory listings
+[-bcdlpsw](?:[-r][-w][-sx]){3}\s+\d+\s+(\S+)\s+\g{-1}\s+\d+\s+
+# C/idl types + English ...
+\s(Guid|long|LONG|that) \g{-1}\s
+
+# javadoc / .net
+(?:[\\@](?:groupname|param)|(?:public|private)(?:\s+static|\s+readonly)*)\s+(\w+)\s+\g{-1}\s
+
+# Commit message -- Signed-off-by and friends
+^\s*(?:(?:Based-on-patch|Co-authored|Helped|Mentored|Reported|Reviewed|Signed-off)-by|Thanks-to): (?:[^<]*<[^>]*>|[^<]*)\s*$
+
+# Autogenerated revert commit message
+^This reverts commit [0-9a-f]{40}\.$
+
+# vtmode
+--vtmode\s+(\w+)\s+\g{-1}\s
+
+# ignore long runs of a single character:
+\b([A-Za-z])\g{-1}{3,}\b

.github/actions/spelling/reject.txt

@@ -1,22 +1,12 @@
 ^attache$
 ^attacher$
 ^attachers$
-^spae$
+benefitting
-^spaebook$
+occurences?
-^spaecraft$
+^dependan.*
-^spaed$
+^oer$
-^spaedom$
+Sorce
-^spaeing$
+^[Ss]pae.*
-^spaeings$
+^untill$
-^spae-man$
+^untilling$
-^spaeman$
+^wether.*
-^spaer$
-^Spaerobee$
-^spaes$
-^spaewife$
-^spaewoman$
-^spaework$
-^spaewright$
-^wether$
-^wethers$
-^wetherteg$

.github/workflows/spelling2.yml

@@ -1,20 +1,134 @@
 # spelling.yml is blocked per https://github.com/check-spelling/check-spelling/security/advisories/GHSA-g86g-chm8-7r2p
 name: Spell checking
+
+# Comment management is handled through a secondary job, for details see:
+# https://github.com/check-spelling/check-spelling/wiki/Feature%3A-Restricted-Permissions
+#
+# `jobs.comment-push` runs when a push is made to a repository and the `jobs.spelling` job needs to make a comment
+#   (in odd cases, it might actually run just to collapse a commment, but that's fairly rare)
+#   it needs `contents: write` in order to add a comment.
+#
+# `jobs.comment-pr` runs when a pull_request is made to a repository and the `jobs.spelling` job needs to make a comment
+#   or collapse a comment (in the case where it had previously made a comment and now no longer needs to show a comment)
+#   it needs `pull-requests: write` in order to manipulate those comments.
+
+# Updating pull request branches is managed via comment handling.
+# For details, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-expect-list
+#
+# These elements work together to make it happen:
+#
+# `on.issue_comment`
+#   This event listens to comments by users asking to update the metadata.
+#
+# `jobs.update`
+#   This job runs in response to an issue_comment and will push a new commit
+#   to update the spelling metadata.
+#
+# `with.experimental_apply_changes_via_bot`
+#   Tells the action to support and generate messages that enable it
+#   to make a commit to update the spelling metadata.
+#
+# `with.ssh_key`
+#   In order to trigger workflows when the commit is made, you can provide a
+#   secret (typically, a write-enabled github deploy key).
+#
+#   For background, see: https://github.com/check-spelling/check-spelling/wiki/Feature:-Update-with-deploy-key
+
 on:
-  pull_request_target:
   push:
+    branches:
+    - "**"
+    tags-ignore:
+    - "**"
+  pull_request_target:
+    branches:
+    - "**"
+    tags-ignore:
+    - "**"
+    types:
+    - 'opened'
+    - 'reopened'
+    - 'synchronize'
+  issue_comment:
+    types:
+    - 'created'
 
 jobs:
   spelling:
     name: Spell checking
+    permissions:
+      contents: read
+      pull-requests: read
+      actions: read
+    outputs:
+      followup: ${{ steps.spelling.outputs.followup }}
     runs-on: ubuntu-latest
+    if: "contains(github.event_name, 'pull_request') || github.event_name == 'push'"
+    concurrency:
+      group: spelling-${{ github.event.pull_request.number || github.ref }}
+      # note: If you use only_check_changed_files, you do not want cancel-in-progress
+      cancel-in-progress: true
     steps:
-    - name: checkout-merge
+    - name: check-spelling
-      if: "contains(github.event_name, 'pull_request')"
+      id: spelling
-      uses: actions/checkout@v2
+      uses: check-spelling/check-spelling@v0.0.21
       with:
-        ref: refs/pull/${{github.event.pull_request.number}}/merge
+        suppress_push_for_open_pull_request: 1
-    - name: checkout
+        checkout: true
-      if: "!contains(github.event_name, 'pull_request')"
+        check_file_names: 1
-      uses: actions/checkout@v2
+        spell_check_this: check-spelling/spell-check-this@prerelease
-    - uses: check-spelling/check-spelling@v0.0.19
+        post_comment: 0
+        use_magic_file: 1
+        extra_dictionary_limit: 10
+        extra_dictionaries:
+          cspell:software-terms/src/software-terms.txt
+          cspell:python/src/python/python-lib.txt
+          cspell:node/node.txt
+          cspell:cpp/src/stdlib-c.txt
+          cspell:cpp/src/stdlib-cpp.txt
+          cspell:fullstack/fullstack.txt
+          cspell:filetypes/filetypes.txt
+          cspell:html/html.txt
+          cspell:cpp/src/compiler-msvc.txt
+          cspell:python/src/common/extra.txt
+          cspell:powershell/powershell.txt
+          cspell:aws/aws.txt
+          cspell:cpp/src/lang-keywords.txt
+          cspell:npm/npm.txt
+          cspell:dotnet/dotnet.txt
+          cspell:python/src/python/python.txt
+          cspell:css/css.txt
+          cspell:cpp/src/stdlib-cmath.txt
+        check_extra_dictionaries: ''
+
+  comment-push:
+    name: Report (Push)
+    # If your workflow isn't running on push, you can remove this job
+    runs-on: ubuntu-latest
+    needs: spelling
+    permissions:
+      contents: write
+    if: (success() || failure()) && needs.spelling.outputs.followup && github.event_name == 'push'
+    steps:
+    - name: comment
+      uses: check-spelling/check-spelling@v0.0.21
+      with:
+        checkout: true
+        spell_check_this: check-spelling/spell-check-this@prerelease
+        task: ${{ needs.spelling.outputs.followup }}
+
+  comment-pr:
+    name: Report (PR)
+    # If you workflow isn't running on pull_request*, you can remove this job
+    runs-on: ubuntu-latest
+    needs: spelling
+    permissions:
+      pull-requests: write
+    if: (success() || failure()) && needs.spelling.outputs.followup && contains(github.event_name, 'pull_request')
+    steps:
+    - name: comment
+      uses: check-spelling/check-spelling@v0.0.21
+      with:
+        checkout: true
+        spell_check_this: check-spelling/spell-check-this@prerelease
+        task: ${{ needs.spelling.outputs.followup }}

build/config/tsaoptions.json

@@ -0,0 +1,8 @@
+{
+    "instanceUrl": "https://microsoft.visualstudio.com",
+    "projectName": "os",
+    "areaPath": "OS\\WDX\\DXP\\WinDev\\Terminal",
+    "iterationPath": "OS\\Future",
+    "notificationAliases": [ "condev@microsoft.com;" ],
+    "ignoreBranchName": true
+  }

build/pipelines/release.yml

@@ -65,8 +65,13 @@ name: $(BuildDefinitionName)_$(date:yyMM).$(date:dd)$(rev:rrr)
 resources:
   repositories:
   - repository: self
+    path: 's' # Now that there are two checkouts, specify 's' to ensure this one still sits at the $(Build.SourcesDirectory) root so other things don't break with the implicit subdirectory normally created for >1 checkout.
     type: git
     ref: main
+  - repository: templates_onebranch
+    type: git
+    name: OneBranch.Pipelines/GovernedTemplates
+    ref: refs/heads/main
 jobs:
 - job: Build
   strategy:

build/pipelines/templates/build-console-compliance-job.yml

@@ -13,6 +13,7 @@ jobs:
   timeoutInMinutes: 240
   steps:
   - checkout: self
+    path: 's' # Now that there are two checkouts, specify 's' to ensure this one still sits at the $(Build.SourcesDirectory) root so other things don't break with the implicit subdirectory normally created for >1 checkout.
     clean: true
     submodules: true
     persistCredentials: True
@@ -30,7 +31,7 @@ jobs:
         If ($Arch -Eq "x86") { $Arch = "Win32" }
 
         Write-Host "##vso[task.setvariable variable=RationalizedBuildPlatform]${Arch}"
-  - steps: restore-nuget-steps.yml
+  - template: restore-nuget-steps.yml
   - task: UniversalPackages@0
     displayName: Download terminal-internal Universal Package
     inputs:
@@ -68,12 +69,76 @@ jobs:
         $Files | % { Move-Item -Verbose $_.Directory $_.Directory.Parent.Parent -EA:Ignore }
       pwsh: true
 
-  # 1ES Component Governance onboarding (Detects open source components). See https://docs.opensource.microsoft.com/tools/cg.html
+  # Run compliance activities. 
-  - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+  # These are specified at https://www.osgwiki.com/wiki/Package_ES_SDL_Templates
-    displayName: Component Detection
+  # We use Option 3.
-    
+  # Option 1 isn't feasible because we don't run in Stages and it hides many/most of the override options we need.
-  # # PREfast and PoliCheck need Node. Install that first.
+  # Option 2 isn't feasible because we don't use OneBranch and it doesn't make sense to migrate to it since this isn't an Azure product.
+
+  ### PREfast and PoliCheck need Node. Install that first.
   - task: NodeTool@0
+    inputs:
+      versionSpec: '>=8.10.0'
+  
+  # This is the Package ES simplified SDL sources template. 
+  # To figure out which parameters to use, go read the source: https://microsoft.visualstudio.com/OneBranch.Pipelines/_git/GovernedTemplates?path=/v2/Steps/PackageES/Windows.SDL.Sources.Analysis.OS.Undocked.yml
+  - template: v2/Steps/PackageES/Windows.SDL.Sources.Analysis.OS.Undocked.yml@templates_onebranch
+    parameters:
+      globalSdl:
+          codeql:
+            eslint:
+              enabled: true
+            tsandjs:
+              enabled: true
+            python:
+              enabled: false
+            psscriptanalyzer:
+              enable: true
+          policheck:
+            exclusionsFile: $(Build.SourcesDirectory)\build\config\PolicheckExclusions.xml
+          tsa:
+            enabled: false
+            configFile: $(Build.SourcesDirectory)\build\config\tsaoptions.json
+    
+  # We need to run the v3 version of PREfast to be able to have the x64 toolset and specify the correct paths to avoid the WAPPROJ.
+  # Also, we run this prior to the rest of the binary analysis rules because PREfast will build all our binaries as a part of its checks.
+  # https://www.1eswiki.com/wiki/PREfast_Build_Task
+  # Builds the project with C/C++ static analysis tools to find coding flaws and vulnerabilities
+  # !!! WARNING !!! It doesn't work with WAPPROJ packaging projects. Build the sub-projects instead.
+  - task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@3
+    displayName: 'Run the PREfast SDL Native Rules for MSBuild'
+    condition: succeededOrFailed()
+    inputs:
+      msBuildCommandline: msbuild.exe /nologo /m /p:WindowsTerminalOfficialBuild=true /p:WindowsTerminalBranding=${{ parameters.branding }} /p:WindowsTerminalReleaseBuild=true /p:platform=$(BuildPlatform) /p:configuration=$(BuildConfiguration) /t:Terminal\Window\WindowsTerminal /p:VisualStudioVersion=16.0 $(Build.SourcesDirectory)\OpenConsole.sln
+
+  # Copies output from PREfast SDL Native Rules task to expected location for consumption by PkgESSecComp
+  - task: CopyFiles@1
+    displayName: 'Copy PREfast xml files to SDLNativeRulesDir'
+    inputs:
+      SourceFolder: '$(Agent.BuildDirectory)'
+      Contents: |
+        **\*.nativecodeanalysis.xml
+      TargetFolder: '$(Agent.BuildDirectory)\_sdt\logs\SDLNativeRules'
+
+  # This is the Package ES simplified SDL binary template. 
+  # To figure out which parameters to use, go read the source: https://microsoft.visualstudio.com/OneBranch.Pipelines/_git/GovernedTemplates?path=/v2/Steps/PackageES/Windows.SDL.Binary.Analysis.OS.Undocked.yml
+  - template: v2/Steps/PackageES/Windows.SDL.Binary.Analysis.OS.Undocked.yml@templates_onebranch
+    parameters:
+      globalSdl:
+        binskim:
+          analyzeTargetGlob: $(Build.SourcesDirectory)\bin\**\*.dll;$(Build.SourcesDirectory)\bin\**\*.exe;-:file|**\Microsoft.UI.Xaml.dll;-:file|**\Microsoft.Toolkit.Win32.UI.XamlHost.dll;-:file|**\vcruntime*.dll;-:file|**\vcomp*.dll;-:file|**\vccorlib*.dll;-:file|**\vcamp*.dll;-:file|**\msvcp*.dll;-:file|**\concrt*.dll;-:file|**\TerminalThemeHelpers*.dll;-:file|**\cpprest*.dll
+        prefast:
+          enabled: false # See above, we run the v3 variant of this task.
+        tsa:
+          enabled: false
+          configFile: $(Build.SourcesDirectory)\build\config\tsaoptions.json
+      variables:
+          ob_outputDirectory: $(Build.SourcesDirectory)\bin\
+
+  # # 1ES Component Governance onboarding (Detects open source components). See https://docs.opensource.microsoft.com/tools/cg.html
+  # - task: ms.vss-governance-buildtask.governance-build-task-component-detection.ComponentGovernanceComponentDetection@0
+  #   displayName: Component Detection
+    
 
   # !!! NOTE !!! Run PREfast first. Some of the other tasks are going to run on a completed build.
   # PREfast is going to build the code as a part of its analysis and the generated sources
@@ -94,108 +159,108 @@ jobs:
   # https://www.1eswiki.com/wiki/PREfast_Build_Task
   # Builds the project with C/C++ static analysis tools to find coding flaws and vulnerabilities
   # !!! WARNING !!! It doesn't work with WAPPROJ packaging projects. Build the sub-projects instead.
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@3
+  # - task: securedevelopmentteam.vss-secure-development-tools.build-task-prefast.SDLNativeRules@3
-    displayName: 'Run the PREfast SDL Native Rules for MSBuild'
+  #   displayName: 'Run the PREfast SDL Native Rules for MSBuild'
-    condition: succeededOrFailed()
+  #   condition: succeededOrFailed()
-    inputs:
+  #   inputs:
-      msBuildCommandline: msbuild.exe /nologo /m /p:WindowsTerminalOfficialBuild=true /p:WindowsTerminalBranding=${{ parameters.branding }} /p:WindowsTerminalReleaseBuild=true /p:platform=$(BuildPlatform) /p:configuration=$(BuildConfiguration) /t:Terminal\Window\WindowsTerminal /p:VisualStudioVersion=16.0 $(Build.SourcesDirectory)\OpenConsole.sln
+  #     msBuildCommandline: msbuild.exe /nologo /m /p:WindowsTerminalOfficialBuild=true /p:WindowsTerminalBranding=${{ parameters.branding }} /p:WindowsTerminalReleaseBuild=true /p:platform=$(BuildPlatform) /p:configuration=$(BuildConfiguration) /t:Terminal\Window\WindowsTerminal /p:VisualStudioVersion=16.0 $(Build.SourcesDirectory)\OpenConsole.sln
 
-  # Copies output from PREfast SDL Native Rules task to expected location for consumption by PkgESSecComp
+  # # Copies output from PREfast SDL Native Rules task to expected location for consumption by PkgESSecComp
-  - task: CopyFiles@1
+  # - task: CopyFiles@1
-    displayName: 'Copy PREfast xml files to SDLNativeRulesDir'
+  #   displayName: 'Copy PREfast xml files to SDLNativeRulesDir'
-    inputs:
+  #   inputs:
-      SourceFolder: '$(Agent.BuildDirectory)'
+  #     SourceFolder: '$(Agent.BuildDirectory)'
-      Contents: |
+  #     Contents: |
-        **\*.nativecodeanalysis.xml
+  #       **\*.nativecodeanalysis.xml
-      TargetFolder: '$(Agent.BuildDirectory)\_sdt\logs\SDLNativeRules'
+  #     TargetFolder: '$(Agent.BuildDirectory)\_sdt\logs\SDLNativeRules'
 
-  # https://www.1eswiki.com/index.php?title=PoliCheck_Build_Task
+  # # https://www.1eswiki.com/index.php?title=PoliCheck_Build_Task
-  # Scans the text of source code, comments, and content for terminology that could be sensitive for legal, cultural, or geopolitical reasons.
+  # # Scans the text of source code, comments, and content for terminology that could be sensitive for legal, cultural, or geopolitical reasons.
-  # (Also finds vulgarities... takes all the fun out of everything.)
+  # # (Also finds vulgarities... takes all the fun out of everything.)
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
+  # - task: securedevelopmentteam.vss-secure-development-tools.build-task-policheck.PoliCheck@2
-    displayName: 'Run PoliCheck'
+  #   displayName: 'Run PoliCheck'
-    inputs:
+  #   inputs:
-      targetType: F
+  #     targetType: F
-      targetArgument: $(Build.SourcesDirectory)
+  #     targetArgument: $(Build.SourcesDirectory)
-      result: PoliCheck.xml
+  #     result: PoliCheck.xml
-      optionsFC: 1
+  #     optionsFC: 1
-      optionsXS: 1
+  #     optionsXS: 1
-      optionsUEPath: $(Build.SourcesDirectory)\build\config\PolicheckExclusions.xml
+  #     optionsUEPath: $(Build.SourcesDirectory)\build\config\PolicheckExclusions.xml
-      optionsHMENABLE: 0
+  #     optionsHMENABLE: 0
-    continueOnError: true
+  #   continueOnError: true
 
-  # https://www.1eswiki.com/wiki/CredScan_Azure_DevOps_Build_Task
+  # # https://www.1eswiki.com/wiki/CredScan_Azure_DevOps_Build_Task
-  # Searches through source code and build outputs for a credential left behind in the open
+  # # Searches through source code and build outputs for a credential left behind in the open
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
+  # - task: securedevelopmentteam.vss-secure-development-tools.build-task-credscan.CredScan@3
-    displayName: 'Run CredScan'
+  #   displayName: 'Run CredScan'
-    inputs:
+  #   inputs:
-      outputFormat: pre
+  #     outputFormat: pre
-      # suppressionsFile: LocalSuppressions.json
+  #     # suppressionsFile: LocalSuppressions.json
-      batchSize: 20
+  #     batchSize: 20
-      debugMode: false
+  #     debugMode: false
-    continueOnError: true
+  #   continueOnError: true
 
-  # https://www.1eswiki.com/wiki/BinSkim_Build_Task
+  # # https://www.1eswiki.com/wiki/BinSkim_Build_Task
-  # Searches managed and unmanaged binaries for known security vulnerabilities.
+  # # Searches managed and unmanaged binaries for known security vulnerabilities.
-  - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
+  # - task: securedevelopmentteam.vss-secure-development-tools.build-task-binskim.BinSkim@4
-    displayName: 'Run BinSkim'
+  #   displayName: 'Run BinSkim'
-    inputs:
+  #   inputs:
-      TargetPattern: guardianGlob
+  #     TargetPattern: guardianGlob
-      # See https://aka.ms/gdn-globs for how to do match patterns
+  #     # See https://aka.ms/gdn-globs for how to do match patterns
-      AnalyzeTargetGlob: $(Build.SourcesDirectory)\bin\**\*.dll;$(Build.SourcesDirectory)\bin\**\*.exe;-:file|**\Microsoft.UI.Xaml.dll;-:file|**\Microsoft.Toolkit.Win32.UI.XamlHost.dll;-:file|**\vcruntime*.dll;-:file|**\vcomp*.dll;-:file|**\vccorlib*.dll;-:file|**\vcamp*.dll;-:file|**\msvcp*.dll;-:file|**\concrt*.dll;-:file|**\TerminalThemeHelpers*.dll;-:file|**\cpprest*.dll
+  #     AnalyzeTargetGlob: $(Build.SourcesDirectory)\bin\**\*.dll;$(Build.SourcesDirectory)\bin\**\*.exe;-:file|**\Microsoft.UI.Xaml.dll;-:file|**\Microsoft.Toolkit.Win32.UI.XamlHost.dll;-:file|**\vcruntime*.dll;-:file|**\vcomp*.dll;-:file|**\vccorlib*.dll;-:file|**\vcamp*.dll;-:file|**\msvcp*.dll;-:file|**\concrt*.dll;-:file|**\TerminalThemeHelpers*.dll;-:file|**\cpprest*.dll
-    continueOnError: true
+  #   continueOnError: true
 
-  # Set XES_SERIALPOSTBUILDREADY to run Security and Compliance task once per build
+  # # Set XES_SERIALPOSTBUILDREADY to run Security and Compliance task once per build
-  - powershell: Write-Host “##vso[task.setvariable variable=XES_SERIALPOSTBUILDREADY;]true”  
+  # - powershell: Write-Host “##vso[task.setvariable variable=XES_SERIALPOSTBUILDREADY;]true”  
-    displayName: 'Set XES_SERIALPOSTBUILDREADY Vars'
+  #   displayName: 'Set XES_SERIALPOSTBUILDREADY Vars'
 
-  # https://www.osgwiki.com/wiki/Package_ES_Security_and_Compliance
+  # # https://www.osgwiki.com/wiki/Package_ES_Security_and_Compliance
-  # Does a few things:
+  # # Does a few things:
-  # - Ensures that Windows-required compliance tasks are run either inside this task
+  # # - Ensures that Windows-required compliance tasks are run either inside this task
-  #   or were run as a previous step prior to this one
+  # #   or were run as a previous step prior to this one
-  #   (PREfast, PoliCheck, Credscan)
+  # #   (PREfast, PoliCheck, Credscan)
-  # - Runs Windows-specific compliance tasks inside the task
+  # # - Runs Windows-specific compliance tasks inside the task
-  #   + CheckCFlags - ensures that compiler and linker flags meet Windows standards
+  # #   + CheckCFlags - ensures that compiler and linker flags meet Windows standards
-  #   + CFGCheck/XFGCheck - ensures that Control Flow Guard (CFG) or 
+  # #   + CFGCheck/XFGCheck - ensures that Control Flow Guard (CFG) or 
-  #                         eXtended Flow Guard (XFG) are enabled on binaries
+  # #                         eXtended Flow Guard (XFG) are enabled on binaries
-  #                         NOTE: CFG is deprecated and XFG isn't fully ready yet.
+  # #                         NOTE: CFG is deprecated and XFG isn't fully ready yet.
-  #                         NOTE2: CFG fails on an XFG'd binary
+  # #                         NOTE2: CFG fails on an XFG'd binary
-  # - Brokers all security/compliance task logs to "Trust Services Automation (TSA)" (https://aka.ms/tsa)
+  # # - Brokers all security/compliance task logs to "Trust Services Automation (TSA)" (https://aka.ms/tsa)
-  #   which is a system that maps all errors into the appropriate bug database 
+  # #   which is a system that maps all errors into the appropriate bug database 
-  #   template for each organization since they all vary. It should also suppress
+  # #   template for each organization since they all vary. It should also suppress
-  #   new bugs when one already exists for the product.
+  # #   new bugs when one already exists for the product.
-  #   This one is set up to go to the OS repository and use the given parameters
+  # #   This one is set up to go to the OS repository and use the given parameters
-  #   to file bugs to our AzDO product path.
+  # #   to file bugs to our AzDO product path.
-  #   If we don't use PkgESSecComp to do this for us, we need to install the TSA task
+  # #   If we don't use PkgESSecComp to do this for us, we need to install the TSA task
-  #   ourselves in this pipeline to finalize data upload and bug creation.
+  # #   ourselves in this pipeline to finalize data upload and bug creation.
-  # !!! NOTE !!! This task goes *LAST* after any other compliance tasks so it catches their logs
+  # # !!! NOTE !!! This task goes *LAST* after any other compliance tasks so it catches their logs
-  - task: PkgESSecComp@10
+  # - task: PkgESSecComp@10
-    displayName: 'Security and Compliance tasks'
+  #   displayName: 'Security and Compliance tasks'
-    inputs:
+  #   inputs:
-      fileNewBugs: false
+  #     fileNewBugs: false
-      areaPath: 'OS\WDX\DXP\WinDev\Terminal'
+  #     areaPath: 'OS\WDX\DXP\WinDev\Terminal'
-      teamProject: 'OS'
+  #     teamProject: 'OS'
-      iterationPath: 'OS\Future'
+  #     iterationPath: 'OS\Future'
-      bugTags: 'TerminalReleaseCompliance'
+  #     bugTags: 'TerminalReleaseCompliance'
-      scanAll: true
+  #     scanAll: true
-      errOnBugs: false
+  #     errOnBugs: false
-      failOnStdErr: true
+  #     failOnStdErr: true
-      taskLogVerbosity: Diagnostic
+  #     taskLogVerbosity: Diagnostic
-      secCompConfigFromTask: |
+  #     secCompConfigFromTask: |
-        # Overrides default build sources directory
+  #       # Overrides default build sources directory
-        sourceTargetOverrideAll: $(Build.SourcesDirectory)
+  #       sourceTargetOverrideAll: $(Build.SourcesDirectory)
-        # Overrides default build binaries directory when "Scan all" option is specified
+  #       # Overrides default build binaries directory when "Scan all" option is specified
-        binariesTargetOverrideAll: $(Build.SourcesDirectory)\bin
+  #       binariesTargetOverrideAll: $(Build.SourcesDirectory)\bin
 
-        # Set the tools to false if they should not run in the build
+  #       # Set the tools to false if they should not run in the build
-        tools:
+  #       tools:
-            - toolName: CheckCFlags
+  #           - toolName: CheckCFlags
-              enable: true
+  #             enable: true
-            - toolName: CFGCheck
+  #           - toolName: CFGCheck
-              enable: true
+  #             enable: true
-            - toolName: Policheck
+  #           - toolName: Policheck
-              enable: false
+  #             enable: false
-            - toolName: CredScan
+  #           - toolName: CredScan
-              enable: false
+  #             enable: false
-            - toolName: XFGCheck
+  #           - toolName: XFGCheck
-              enable: false
+  #             enable: false