sous-chefs · damacus · May 5, 2026 · May 5, 2026 · May 5, 2026
@@ -9,7 +9,7 @@ name: ci
 
 jobs:
   lint-unit:
-    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@5.0.8
+    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@6.0.0
     permissions:
       actions: write
       checks: write
@@ -18,7 +18,7 @@ jobs:
       issues: write
 
   integration:
-    needs: "lint-unit"
+    needs: lint-unit
 
     runs-on: ubuntu-latest
     strategy:
@@ -33,8 +33,8 @@ jobs:
     steps:
       - name: Check out code
         uses: actions/checkout@v6
-      - name: Install Chef
-        uses: actionshub/chef-[email protected]
+      - name: Install Cinc Workstation
+        uses: sous-chefs/.github/.github/actions/install-workstation@6.0.0
       - name: Dokken
         uses: actionshub/[email protected]
         env:

@@ -16,12 +16,10 @@ permissions:
 
 jobs:
   release:
-<<<<<<< HEAD
     uses: sous-chefs/.github/.github/workflows/[email protected]
-=======
-    uses: sous-chefs/.github/.github/workflows/[email protected]
->>>>>>> e461a40 (ci: bump release workflow to 6.0.0)
     secrets:
       token: ${{ secrets.PORTER_GITHUB_TOKEN }}
       supermarket_user: ${{ secrets.CHEF_SUPERMARKET_USER }}
       supermarket_key: ${{ secrets.CHEF_SUPERMARKET_KEY }}
+      slack_bot_token: ${{ secrets.SLACK_BOT_TOKEN }}
+      slack_channel_id: ${{ secrets.SLACK_CHANNEL_ID }}
@@ -1,3 +1,4 @@
+---
 config:
   ul-indent: false # MD007
   line-length: false # MD013
@@ -7,3 +8,4 @@ config:
     maximum: 2
 ignores:
   - .github/copilot-instructions.md
+  - .windsurf/**
@@ -4,7 +4,10 @@ rules:
   line-length:
     max: 256
     level: warning
-  document-start: disable
+  truthy:
+    allowed-values: ['true', 'false', 'on']
+  document-start:
+    present: true
   braces:
     forbid: false
     min-spaces-inside: 0

@@ -1,3 +1,9 @@
+# frozen_string_literal: true
+
 source 'https://supermarket.chef.io'
 
 metadata
+
+group :integration do
+  cookbook 'test', path: 'test/cookbooks/test'
+end
@@ -0,0 +1,42 @@
+# Limitations
+
+## Package Availability
+
+### DNF/YUM (Fedora)
+
+This cookbook manages the Fedora repositories that ship with Fedora systems. It does not install
+third-party packages or compiled software.
+
+Fedora currently publishes repositories through MirrorManager metalinks such as:
+
+* `https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch`
+* `https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch`
+* `https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch`
+
+Fedora repository metadata is available for Fedora-supported architectures through the release
+repositories. The cookbook preserves the upstream `$releasever` and `$basearch` substitutions so
+Fedora resolves the correct release and architecture at runtime.
+
+## Architecture Limitations
+
+The cookbook does not hard-code an architecture. Fedora's `$basearch` variable is preserved in all
+default metalinks and GPG key paths.
+
+## Source/Compiled Installation
+
+No source or compiled installation path is used. This cookbook only manages `.repo` configuration
+through Chef Infra's built-in `yum_repository` resource.
+
+## Platform Support
+
+The cookbook supports Fedora only. Fedora Linux 44 was released on April 28, 2026, Fedora 43 remains
+supported, and Fedora 42 reaches end of life in May 2026. Kitchen uses `fedora-latest` so CI tracks
+the currently published Dokken Fedora image without pinning an EOL Fedora release.
+
+## Known Issues
+
+* The cookbook intentionally removes `/etc/yum.repos.d/fedora-updates.repo` and
+  `/etc/yum.repos.d/fedora-updates-testing.repo` before managing repositories, preserving the legacy
+  behavior of taking over stock Fedora repo file management.
+* Optional debug, source, and testing repositories remain unmanaged and disabled by default. Enable
+  them with resource properties when required.
@@ -6,7 +6,10 @@
 [![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
 [![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
 
-The yum-fedora cookbook takes over management of the default repositoryids that ship with Fedora systems. It allows attribute manipulation of `fedora`, `fedora-debuginfo`, `fedora-source`, `updates`, `updates-debuginfo`, `updates-source`, `updates-testing`, `updates-testing-debuginfo`, and `updates-testing-source`
+The yum-fedora cookbook takes over management of the default repository ids that ship with Fedora systems.
+It provides custom resources for `fedora`, `fedora-debuginfo`, `fedora-source`, `updates`,
+`updates-debuginfo`, `updates-source`, `updates-testing`, `updates-testing-debuginfo`, and
+`updates-testing-source`.
 
 ## Maintainers
 
@@ -18,165 +21,72 @@ This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of
 
 - Fedora
 
-### Chef
+### Chef Infra
 
-- Chef 12.14+
+- Chef Infra 15.3+
 
 ### Cookbooks
 
 - none
 
-## Attributes
+## Resources
 
-The following attributes are set by default
+- [yum_fedora_repository](documentation/yum_fedora_repository.md)
+- [yum_fedora_repositories](documentation/yum_fedora_repositories.md)
 
-```ruby
-default['yum']['fedora']['repositoryid'] = 'fedora'
-default['yum']['fedora']['description'] = 'Fedora $releasever - $basearch'
-default['yum']['fedora']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch'
-default['yum']['fedora']['enabled'] = true
-default['yum']['fedora']['managed'] = true
-default['yum']['fedora']['metadata_expire'] = '7d'
-default['yum']['fedora']['gpgcheck'] = true
-default['yum']['fedora']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
-
-```ruby
-default['yum']['fedora-debuginfo']['repositoryid'] = 'fedora-debuginfo'
-default['yum']['fedora-debuginfo']['description'] = 'Fedora $releasever - $basearch - Debug'
-default['yum']['fedora-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-debug-$releasever&arch=$basearch'
-default['yum']['fedora-debuginfo']['enabled'] = false
-default['yum']['fedora-debuginfo']['managed'] = false
-default['yum']['fedora-debuginfo']['metadata_expire'] = '7d'
-default['yum']['fedora-debuginfo']['gpgcheck'] = true
-default['yum']['fedora-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
-
-```ruby
-default['yum']['fedora-source']['repositoryid'] = 'fedora-source'
-default['yum']['fedora-source']['description'] = 'Fedora $releasever - Source'
-default['yum']['fedora-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=fedora-source-$releasever&arch=$basearch'
-default['yum']['fedora-source']['enabled'] = false
-default['yum']['fedora-source']['managed'] = false
-default['yum']['fedora-source']['metadata_expire'] = '7d'
-default['yum']['fedora-source']['gpgcheck'] = true
-default['yum']['fedora-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
-
-```ruby
-default['yum']['updates']['repositoryid'] = 'updates'
-default['yum']['updates']['description'] = 'Fedora $releasever - $basearch - Updates'
-default['yum']['updates']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-f$releasever&arch=$basearch'
-default['yum']['updates']['enabled'] = true
-default['yum']['updates']['managed'] = true
-default['yum']['updates']['gpgcheck'] = true
-default['yum']['updates']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
-
-```ruby
-default['yum']['updates-debuginfo']['repositoryid'] = 'updates-debuginfo'
-default['yum']['updates-debuginfo']['description'] = 'Fedora $releasever - $basearch - Updates - Debug'
-default['yum']['updates-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-debug-f$releasever&arch=$basearch'
-default['yum']['updates-debuginfo']['enabled'] = false
-default['yum']['updates-debuginfo']['managed'] = false
-default['yum']['updates-debuginfo']['gpgcheck'] = true
-default['yum']['updates-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
+## Migration
 
-```ruby
-default['yum']['updates-source']['repositoryid'] = 'updates-source'
-default['yum']['updates-source']['description'] = 'Fedora $releasever - Updates Source'
-default['yum']['updates-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-released-source-f$releasever&arch=$basearch'
-default['yum']['updates-source']['enabled'] = true
-default['yum']['updates-source']['gpgcheck'] = true
-default['yum']['updates-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
+This cookbook no longer ships recipes or attributes. See [migration.md](migration.md) for the
+breaking change guide.
 
-```ruby
-default['yum']['updates-testing']['repositoryid'] = 'updates-testing'
-default['yum']['updates-testing']['description'] = 'Fedora $releasever - $basearch - Test Updates'
-default['yum']['updates-testing']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-f$releasever&arch=$basearch'
-default['yum']['updates-testing']['enabled'] = false
-default['yum']['updates-testing']['managed'] = false
-default['yum']['updates-testing']['gpgcheck'] = true
-default['yum']['updates-testing']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
+## Usage
 
-```ruby
-default['yum']['updates-testing-debuginfo']['repositoryid'] = 'updates-testing-debuginfo'
-default['yum']['updates-testing-debuginfo']['description'] = 'Fedora $releasever - $basearch - Test Updates Debug'
-default['yum']['updates-testing-debuginfo']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-debug-f$releasever&arch=$basearch'
-default['yum']['updates-testing-debuginfo']['enabled'] = false
-default['yum']['updates-testing-debuginfo']['managed'] = false
-default['yum']['updates-testing-debuginfo']['gpgcheck'] = true
-default['yum']['updates-testing-debuginfo']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-```
+Manage the default Fedora repositories:
 
 ```ruby
-default['yum']['updates-testing-source']['repositoryid'] = 'updates-testing-source'
-default['yum']['updates-testing-source']['description'] = 'Fedora $releasever - Test Updates Source'
-default['yum']['updates-testing-source']['mirrorlist'] = 'https://mirrors.fedoraproject.org/metalink?repo=updates-testing-source-f$releasever&arch=$basearch'
-default['yum']['updates-testing-source']['enabled'] = false
-default['yum']['updates-testing-source']['managed'] = false
-default['yum']['updates-testing-source']['gpgcheck'] = true
-default['yum']['updates-testing-source']['gpgkey'] = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
+yum_fedora_repositories 'default'
 ```
 
-## Recipes
-
-- default - Walks through node attributes and feeds a yum_resource
-- parameters. The following is an example a resource generated by the
-- recipe during compilation.
-
-```ruby
-  yum_repository 'fedora' do
-    mirrorlist 'https://mirrors.fedoraproject.org/metalink?repo=fedora-$releasever&arch=$basearch'
-    description 'Fedora $releasever - $basearch'
-    enabled true
-    gpgcheck true
-    gpgkey 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-$basearch'
-  end
-```
-
-## Usage Example
-
-To disable the Fedora Updates repository through a Role or Environment definition
+Manage and enable an optional repository:
 
 ```ruby
-default_attributes(
-  :yum => {
-    :updates => {
-      :enabled => {
-        false
-       }
-     }
-   }
- )
+yum_fedora_repository 'updates-testing' do
+  managed true
+  enabled true
+end
 ```
 
-Uncommonly used repositoryids are not managed by default. This is speeds up integration testing pipelines by avoiding yum-cache builds that nobody cares about. To enable the Fedora Debuginfo repository with a wrapper cookbook, place the following in a recipe:
+Uncommonly used repository ids are not managed by default. This speeds up integration testing
+pipelines by avoiding yum-cache builds for repositories that are rarely used. To manage and enable
+every Fedora repository:
 
 ```ruby
-node.default['yum']['fedora-debuginfo']['managed'] = true
-node.default['yum']['fedora-debuginfo']['enabled'] = true
-include_recipe 'yum-fedora'
+yum_fedora_repositories 'all' do
+  manage_debuginfo true
+  manage_source true
+  manage_testing true
+  enable_debuginfo true
+  enable_source true
+  enable_testing true
+end
 ```
 
 ## More Examples
 
 Point the fedora and updates repositories at an internally hosted server.
 
 ```ruby
-node.default['yum']['fedora']['enabled'] = true
-node.default['yum']['fedora']['mirrorlist'] = nil
-node.default['yum']['fedora']['baseurl'] = 'https://internal.example.com/fedora/19/os/x86_64'
-node.default['yum']['fedora']['sslverify'] = false
-node.default['yum']['updates']['enabled'] = true
-node.default['yum']['updates']['mirrorlist'] = nil
-node.default['yum']['updates']['baseurl'] = 'https://internal.example.com/fedora/19/updates/x86_64'
-node.default['yum']['updates']['sslverify'] = false
-
-include_recipe 'yum-fedora'
+yum_fedora_repository 'fedora' do
+  mirrorlist nil
+  baseurl 'https://internal.example.com/fedora/$releasever/os/$basearch'
+  sslverify false
+end
+
+yum_fedora_repository 'updates' do
+  mirrorlist nil
+  baseurl 'https://internal.example.com/fedora/$releasever/updates/$basearch'
+  sslverify false
+end
 ```
 
 ## Contributors