zenodo · yarikoptic · Sep 4, 2025 · Sep 4, 2025 · Sep 4, 2025
diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml
@@ -0,0 +1,25 @@
+# Codespell configuration is within pyproject.toml
+---
+name: Codespell
+
+on:
+  push:
+    branches: [master]
+  pull_request:
+    branches: [master]
+
+permissions:
+  contents: read
+
+jobs:
+  codespell:
+    name: Check for spelling errors
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+      - name: Annotate locations with typos
+        uses: codespell-project/codespell-problem-matcher@v1
+      - name: Codespell
+        uses: codespell-project/actions-codespell@v2
diff --git a/app_data/vocabularies/licenses.csv b/app_data/vocabularies/licenses.csv
@@ -139,7 +139,7 @@ epics,EPICS Open License,,,all,https://epics.anl.gov/license/open.php,spdx,
 epl-1.0,Eclipse Public License 1.0,,,"all,software",http://www.eclipse.org/legal/epl-v10.html,spdx,y
 epl-2.0,Eclipse Public License 2.0,,,"all,software",https://www.eclipse.org/legal/epl-2.0,spdx,y
 eudatagrid,EU DataGrid Software License,,,"all,software",http://eu-datagrid.web.cern.ch/eu-datagrid/license.html,spdx,y
-eupl-1.0,European Union Public License 1.0,,,"all,sofware",http://ec.europa.eu/idabc/en/document/7330.html,spdx,
+eupl-1.0,European Union Public License 1.0,,,"all,software",http://ec.europa.eu/idabc/en/document/7330.html,spdx,
 eupl-1.1,European Union Public License 1.1,,,"all,software",https://joinup.ec.europa.eu/software/page/eupl/licence-eupl,spdx,y
 eupl-1.2,European Union Public License 1.2,,,"all,software",https://joinup.ec.europa.eu/page/eupl-text-11-12,spdx,y
 entessa,Entessa Public License v1.0,,,"all,software",https://opensource.org/licenses/Entessa,spdx,y

diff --git a/migrator/tests/actions/oauth/test_oauth_actions.py b/migrator/tests/actions/oauth/test_oauth_actions.py
@@ -1000,7 +1000,7 @@ def disconnect_orcid_oauth_application_tx():
 
 
 class TestOAuthLinkedAccountDisconnectAction:
-    """Disonnect an OAuth account action tests."""
+    """Disconnect an OAuth account action tests."""
 
     def test_matches_with_valid_data(self):
         full = [
@@ -1160,7 +1160,7 @@ def disconnect_gh_token_oauth_app_tx():
 
 
 class TestOAuthGHDisconnectToken:
-    """Disonnect an OAuth account action tests."""
+    """Disconnect an OAuth account action tests."""
 
     def test_matches_with_valid_data(self):
         assert (

diff --git a/migrator/tests/actions/oauth/testdata/linked_accounts/connect_gh.jsonl b/migrator/tests/actions/oauth/testdata/linked_accounts/connect_gh.jsonl
diff --git a/migrator/tests/actions/oauth/testdata/linked_accounts/disconnect_gh_client.jsonl b/migrator/tests/actions/oauth/testdata/linked_accounts/disconnect_gh_client.jsonl
diff --git a/migrator/tests/transform/test_featured_community_transform.py b/migrator/tests/transform/test_featured_community_transform.py
@@ -60,7 +60,7 @@ def zenodo_non_featured_community_data():
 
 @pytest.fixture(scope="module")
 def expected_rdm_featured_community():
-    """Expected featured community in zenodo-rdm. Community id is programatically added when loading."""
+    """Expected featured community in zenodo-rdm. Community id is programmatically added when loading."""
     return {
         "created": "2023-01-01 12:00:00.00000",
         "updated": "2023-01-01 12:00:00.00000",

diff --git a/migrator/zenodo_rdm_migrator/actions/transform/users.py b/migrator/zenodo_rdm_migrator/actions/transform/users.py
@@ -45,7 +45,7 @@ def _transform_data(self):
         for operation in self.tx.operations:
             payload = {**payload, **operation["after"]}
 
-        # it comes in milliseonds
+        # it comes in milliseconds
         ts = self.tx.operations[0]["source"]["ts_ms"]
         payload["created"] = ts
         payload["updated"] = ts

diff --git a/migrator/zenodo_rdm_migrator/extract/kafka.py b/migrator/zenodo_rdm_migrator/extract/kafka.py
@@ -124,7 +124,7 @@ class KafkaExtract(Extract):
         "key_deserializer": _load_json,
         # If we don't receive messages after 3sec, we stop (to try again later)
         "consumer_timeout_ms": 3000,
-        # We will handle commiting offsets ourselves
+        # We will handle committing offsets ourselves
         "enable_auto_commit": False,
         # We want to explicitly set the offsets we're starting from
         "auto_offset_reset": "none",
@@ -238,7 +238,7 @@ def _ops_consumer(self):
         )
 
     def iter_tx_info(self):
-        """Yield commited transactions info."""
+        """Yield committed transactions info."""
         consumer = self._tx_consumer
         for tx_msg in consumer:
             self._dump_msg(self.tx_topic, tx_msg)
@@ -287,7 +287,7 @@ def iter_ops(self):
     def _yield_completed_tx(self, min_batch=None, max_batch=None):
         """Yields completed transactions.
 
-        Important: we only yield the "earliest" commited transactions for which we have
+        Important: we only yield the "earliest" committed transactions for which we have
         complete data/ops. The commit order of transactions is defined by the COMMIT
         operation's LSN. For example:
 

diff --git a/pyproject.toml b/pyproject.toml
@@ -52,3 +52,10 @@ xrootd = [
     "invenio-xrootd==2.0.0a2",
     "requests-kerberos==0.14.0",
 ]
+
+[tool.codespell]
+# Ref: https://github.com/codespell-project/codespell#using-a-config-file
+skip = '.git*,*.svg,*.lock,*.css,static'
+check-hidden = true
+# ignore-regex = ''
+# ignore-words-list = ''
diff --git a/site/tests/legacy/deposits/test_rest_api_simpleflow.py b/site/tests/legacy/deposits/test_rest_api_simpleflow.py
@@ -250,7 +250,7 @@ def test_update_deposit_not_owner(
     deposit_url = response.json["links"]["self"]
     owner.api_logout(client)
 
-    # Try to udpate a draft with another user
+    # Try to update a draft with another user
 
     client = not_owner.api_login(client)
     res = client.put(deposit_url, json=update_metadata, headers=headers)
@@ -280,7 +280,7 @@ def test_update_deposit_anonymous(
     deposit_url = response.json["links"]["self"]
     client = owner.api_logout(client)
 
-    # Try to udpate a draft with anonymous user
+    # Try to update a draft with anonymous user
     res = client.put(deposit_url, json=update_metadata, headers=headers)
     # TODO: Should be: 401
     assert res.status_code == 403
@@ -310,7 +310,7 @@ def test_update_deposit_superuser(
     deposit_url = response.json["links"]["self"]
     owner.api_logout(client)
 
-    # Try to udpate a draft with a super user
+    # Try to update a draft with a super user
     client = superuser.api_login(client)
     res = client.put(deposit_url, json=update_metadata, headers=headers)
     assert res.status_code == 200

diff --git a/site/tests/legacy/test_quickstart.py b/site/tests/legacy/test_quickstart.py
@@ -87,7 +87,7 @@ def test_quickstart_workflow(
     assert data["filesize"] == 7
     assert {"self", "download"} <= data["links"].keys()
 
-    # Upload another file, without the "name" paramter
+    # Upload another file, without the "name" parameter
     res = client.post(
         deposit_links["files"],
         headers=headers,

diff --git a/site/tests/openaire/test_tasks.py b/site/tests/openaire/test_tasks.py
@@ -120,7 +120,7 @@ def test_openaire_retries_task(
     # After failing, the cache has is populated with ``openaire_direct_index:<record.id>`` that is picked up by the task ``retry_openaire_failures``
     mocked_session.post.side_effect = None
 
-    # Reset number of calls on ``post`` - this can be used to assess whether openaire indexing executed succesfully
+    # Reset number of calls on ``post`` - this can be used to assess whether openaire indexing executed successfully
     mocked_session.post.reset_mock()
 
     # Execute retry task and validate that the direct indexing succeeded

diff --git a/site/zenodo_rdm/legacy/services.py b/site/zenodo_rdm/legacy/services.py
@@ -363,7 +363,7 @@ def _get_record(self, id_, identity, action, file_key=None):
                 id_, registered_only=True
             )
             # FIXME: This is a horrible hack to make sure that we can check permissions
-            # based on the published record. We "unset" this everytime at the top of
+            # based on the published record. We "unset" this every time at the top of
             # this method.
             self.config.permission_action_prefix = ""
 

diff --git a/site/zenodo_rdm/moderation/tasks.py b/site/zenodo_rdm/moderation/tasks.py
@@ -51,7 +51,7 @@ def update_moderation_request(user_id, action_ctx):
     )
     request_id = next(results.hits)["id"] if results.total > 0 else None
 
-    # NOTE: We only need the unit of work becase we might need to create a new request
+    # NOTE: We only need the unit of work because we might need to create a new request
     with UnitOfWork() as uow:
         # If no request exists, create a new one
         if request_id is None:

diff --git a/site/zenodo_rdm/moderation/uow.py b/site/zenodo_rdm/moderation/uow.py
@@ -14,7 +14,7 @@
 class ExceptionOp(Operation):
     """Operation to perform cleanup logic for exceptions.
 
-    This unit of work operation is initialied using another regular operation and maps
+    This unit of work operation is initialized using another regular operation and maps
     the following methods to the associated "clean-up" unit of work lifecycle methods:
 
     - ``on_exception``: ``on_register``

diff --git a/site/zenodo_rdm/profiler.py b/site/zenodo_rdm/profiler.py
@@ -260,7 +260,7 @@ def profiler_sessions(self):
         return {}
 
     def clear_sessions(self):
-        """Delete all profiling sesions files from storage."""
+        """Delete all profiling sessions files from storage."""
         for sess_db in self.storage_dir.iterdir():
             if sess_db.is_file() and sess_db.suffix == ".db":
                 sess_db.unlink(missing_ok=True)