Verify spelling fixes pass check-spelling

.github/workflows/docker.yml

@@ -65,7 +65,7 @@ jobs:
     permissions:
       contents: read
     needs: docs_only_check
-    # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each each step
+    # ideally we put one "if" here, but due to how skipped matrix jobs work, we need one for each step
     # https://github.com/orgs/community/discussions/9141
     steps:
      - name: Harden Runner

.github/workflows/scdiff.yml

@@ -30,7 +30,7 @@ jobs:
     if: ${{ (github.event.issue.pull_request) && (contains(github.event.comment.body, '/scdiff generate')) }}
     runs-on: [ubuntu-latest]
     steps:
-      - name: create file of repos to anlayze
+      - name: create file of repos to analyze
         run: |
           cat <<EOF > $HOME/repos.txt
           https://github.com/airbnb/lottie-web

Makefile

@@ -108,7 +108,7 @@ validate-projects: ./cron/internal/data/projects.csv | build-validate-script
 	./cron/internal/data/validate/validate ./cron/internal/data/gitlab-projects-releasetest.csv
 
 tree-status: | all-targets-update-dependencies ## Verify tree is clean and all changes are committed
-	# Verify the tree is clean and all changes are commited
+	# Verify the tree is clean and all changes are committed
 	./scripts/tree-status
 
 ###############################################################################
@@ -247,7 +247,7 @@ build-attestor-docker: ## Build scorecard-attestor Docker image
 build-attestor-docker:
 	DOCKER_BUILDKIT=1 docker build . --file attestor/Dockerfile \
 		--tag scorecard-attestor:latest \
-		--tag scorecard-atttestor:$(GIT_HASH)
+		--tag scorecard-attestor:$(GIT_HASH)
 
 TOKEN_SERVER_DEPS = $(shell find clients/githubrepo/roundtripper/tokens/ -iname "*.go")
 build-github-server: ## Build GitHub token server

README.md

@@ -413,7 +413,7 @@ RESULTS
 |         |                        |                                | review dismissal enabled on    |                                                                           |
 |         |                        |                                | branch 'main' Info: Owner      |                                                                           |
 |         |                        |                                | review required on branch      |                                                                           |
-|         |                        |                                | 'main' Info: 'admininistrator' |                                                                           |
+|         |                        |                                | 'main' Info: 'administrator'   |                                                                           |
 |         |                        |                                | PRs need reviews before being  |                                                                           |
 |         |                        |                                | merged on branch 'main'        |                                                                           |
 |---------|------------------------|--------------------------------|--------------------------------|---------------------------------------------------------------------------|
@@ -559,7 +559,7 @@ risk level.
 ### Report Problems
 
 If you have what looks like a bug, please use the
-[Github issue tracking system.](https://github.com/ossf/scorecard/issues) Before
+[GitHub issue tracking system.](https://github.com/ossf/scorecard/issues) Before
 you file an issue, please search existing issues to see if your issue is already
 covered.
 

attestor/policy/attestation_policy.go

@@ -120,7 +120,7 @@ func (ap *AttestationPolicy) EvaluateResults(raw *checker.RawResults) (PolicyRes
 
 	if ap.EnsureCodeReviewed {
 		// By default, if code review reqs. aren't specified, we assume
-		// the user wants there to be atleast one reviewer
+		// the user wants there to be at least one reviewer
 		if len(ap.CodeReviewRequirements.RequiredApprovers) == 0 &&
 			ap.CodeReviewRequirements.MinReviewers == 0 {
 			ap.CodeReviewRequirements.MinReviewers = 1

checker/raw_result.go

@@ -331,7 +331,7 @@ type Run struct {
 	URL string
 }
 
-// ArchivedStatus definess the archived status.
+// ArchivedStatus defines the archived status.
 type ArchivedStatus struct {
 	Status bool
 	// TODO: add fields, e.g., date of archival.
@@ -348,7 +348,7 @@ type File struct {
 	// TODO: add hash.
 }
 
-// CIIBestPracticesData contains data foor CIIBestPractices check.
+// CIIBestPracticesData contains data for CIIBestPractices check.
 type CIIBestPracticesData struct {
 	Badge clients.BadgeLevel
 }

checks/dependency_update_tool.go

@@ -23,7 +23,7 @@ import (
 	"github.com/ossf/scorecard/v4/probes/zrunner"
 )
 
-// CheckDependencyUpdateTool is the exported name for Automatic-Depdendency-Update.
+// CheckDependencyUpdateTool is the exported name for Automatic-Dependency-Update.
 const CheckDependencyUpdateTool = "Dependency-Update-Tool"
 
 //nolint:gochecknoinits

checks/evaluation/branch_protection.go

@@ -70,7 +70,7 @@ func BranchProtection(name string, dl checker.DetailLogger,
 		var score levelScore
 		b := r.Branches[i]
 
-		// Protected field only indates that the branch matches
+		// Protected field only indicates that the branch matches
 		// one `Branch protection rules`. All settings may be disabled,
 		// so it does not provide any guarantees.
 		protected := !(b.Protected != nil && !*b.Protected)
@@ -361,7 +361,7 @@ func adminThoroughReviewProtection(branch *clients.BranchRef, dl checker.DetailL
 
 	// nil typically means we do not have access to the value.
 	if branch.BranchProtectionRule.EnforceAdmins != nil {
-		// Note: we don't inrecase max possible score for non-admin viewers.
+		// Note: we don't increase max possible score for non-admin viewers.
 		max++
 		switch *branch.BranchProtectionRule.EnforceAdmins {
 		case true:

checks/evaluation/branch_protection_test.go

@@ -189,7 +189,7 @@ func TestIsBranchProtected(t *testing.T) {
 			name: "Admin run with all tier 2 requirements except require PRs and reviewers",
 			expected: scut.TestReturn{
 				Error:         nil,
-				Score:         4, // Should be 4.2 if we allow decimal puctuation
+				Score:         4, // Should be 4.2 if we allow decimal punctuation
 				NumberOfWarn:  2,
 				NumberOfInfo:  6,
 				NumberOfDebug: 1,

checks/evaluation/dangerous_workflow_test.go

@@ -56,7 +56,7 @@ func TestDangerousWorkflow(t *testing.T) {
 			},
 		},
 		{
-			name: "DangerousWorkflow - no worklflows",
+			name: "DangerousWorkflow - no workflows",
 			findings: []finding.Finding{
 				{
 					Probe:   "hasDangerousWorkflowScriptInjection",

checks/evaluation/pinned_dependencies.go

@@ -32,7 +32,7 @@ type pinnedResult struct {
 
 // Structure to host information about pinned github
 // or third party dependencies.
-type worklowPinningResult struct {
+type workflowPinningResult struct {
 	thirdParties pinnedResult
 	gitHubOwned  pinnedResult
 }
@@ -209,7 +209,7 @@ func PinningDependencies(name string, c *checker.CheckRequest,
 		return checker.CreateRuntimeErrorResult(name, e)
 	}
 
-	var wp worklowPinningResult
+	var wp workflowPinningResult
 	pr := make(map[checker.DependencyUseType]pinnedResult)
 	dl := c.Dlogger
 
@@ -269,7 +269,7 @@ func PinningDependencies(name string, c *checker.CheckRequest,
 	// Go through all dependency types
 	// GitHub Actions need to be handled separately since they are not in pr
 	scores = append(scores, createScoreForGitHubActionsWorkflow(&wp, dl)...)
-	// Only exisiting dependencies will be found in pr
+	// Only existing dependencies will be found in pr
 	// We will only score the ecosystem if there are dependencies
 	// This results in only existing ecosystems being included in the final score
 	for t := range pr {
@@ -300,10 +300,10 @@ func PinningDependencies(name string, c *checker.CheckRequest,
 
 func updatePinningResults(dependencyType checker.DependencyUseType,
 	outcome finding.Outcome, snippet *string,
-	wp *worklowPinningResult, pr map[checker.DependencyUseType]pinnedResult,
+	wp *workflowPinningResult, pr map[checker.DependencyUseType]pinnedResult,
 ) {
 	if dependencyType == checker.DependencyUseTypeGHAction {
-		// Note: `Snippet` contains `action/name@xxx`, so we cna use it to infer
+		// Note: `Snippet` contains `action/name@xxx`, so we can use it to infer
 		// if it's a GitHub-owned action or not.
 		gitHubOwned := fileparser.IsGitHubOwnedAction(*snippet)
 		addWorkflowPinnedResult(outcome, wp, gitHubOwned)
@@ -345,7 +345,7 @@ func addPinnedResult(outcome finding.Outcome, r *pinnedResult) {
 	r.total += 1
 }
 
-func addWorkflowPinnedResult(outcome finding.Outcome, w *worklowPinningResult, isGitHub bool) {
+func addWorkflowPinnedResult(outcome finding.Outcome, w *workflowPinningResult, isGitHub bool) {
 	if isGitHub {
 		addPinnedResult(outcome, &w.gitHubOwned)
 	} else {
@@ -359,7 +359,7 @@ func logPinnedResult(dl checker.DetailLogger, p pinnedResult, name string) {
 	})
 }
 
-func createScoreForGitHubActionsWorkflow(wp *worklowPinningResult, dl checker.DetailLogger,
+func createScoreForGitHubActionsWorkflow(wp *workflowPinningResult, dl checker.DetailLogger,
 ) []checker.ProportionalScoreWeighted {
 	if wp.gitHubOwned.total == 0 && wp.thirdParties.total == 0 {
 		return []checker.ProportionalScoreWeighted{}