feat!: migrate to custom resources (#196)

* refactor: migrate to custom resources

Replace the legacy recipe and attribute model with custom resources for WMF, WinRM, DSC, and LCM management. Align CI and kitchen config with the current Sous-Chefs workflow shape, refresh documentation, and add focused resource/unit and integration coverage for the migrated surface.

* test: relax Windows path assertion

* ci: fix reusable workflow startup

* ci: use cinc in kitchen configs

Author: damacus

.github/copilot-instructions.md

@@ -2,19 +2,19 @@
 
 ## Repository Overview
 
-**Chef cookbook** for managing software installation and configuration. Part of the Sous Chefs cookbook ecosystem.
+**Chef cookbook** for managing legacy Windows Management Framework installation and related
+WinRM / DSC configuration through custom resources. Part of the Sous Chefs cookbook ecosystem.
 
-**Key Facts:** Ruby-based, Chef >= 16 required, supports various OS platforms (check metadata.rb, kitchen.yml and .github/workflows/ci.yml for which platforms to specifically test)
+**Key Facts:** Ruby-based, Chef >= 15.3 required, Windows-focused, with CI centered on
+Windows Server 2019 (check `metadata.rb`, `kitchen.yml`, and `.github/workflows/ci.yml`).
 
 ## Project Structure
 
 **Critical Paths:**
-- `recipes/` - Chef recipes for cookbook functionality (if this is a recipe-driven cookbook)
-- `resources/` - Custom Chef resources with properties and actions (if this is a resource-driven cookbook)
+- `resources/` - Custom Chef resources with properties and actions
 - `spec/` - ChefSpec unit tests
-- `test/integration/` - InSpec integration tests (tests all platforms supported)
-- `test/cookbooks/` or `test/fixtures/` - Example cookbooks used during testing that show good examples of custom resource usage
-- `attributes/` - Configuration for recipe driven cookbooks (not applicable to resource cookbooks)
+- `test/integration/` - InSpec integration tests
+- `test/cookbooks/` - Example cookbook used during testing that shows custom resource usage
 - `libraries/` - Library helpers to assist with the cookbook. May contain multiple files depending on complexity of the cookbook.
 - `templates/` - ERB templates that may be used in the cookbook
 - `files/` - files that may be used in the cookbook
@@ -32,25 +32,24 @@ cookstyle                       # Ruby/Chef linting
 yamllint .                      # YAML linting
 markdownlint-cli2 '**/*.md'     # Markdown linting
 chef exec rspec                 # Unit tests (ChefSpec)
-# Integration tests will be done via the ci.yml action. Do not run these. Only check the action logs for issues after CI is done running.
+# Local integration can be exercised with kitchen.yml when a Windows Vagrant environment is available.
 ```
 
 ### Critical Testing Details
-- **Kitchen Matrix:** Multiple OS platforms × software versions (check kitchen.yml for specific combinations)
-- **Docker Required:** Integration tests use Dokken driver
-- **CI Environment:** Set `CHEF_LICENSE=accept-no-persist`
-- **Full CI Runtime:** 30+ minutes for complete matrix
+- **Kitchen Matrix:** Single Windows Server 2019 suite locally and in CI
+- **Local Integration:** `kitchen.yml` uses Vagrant + WinRM for Windows testing
+- **CI Environment:** `ci.yml` uses `actionshub/test-kitchen` with `KITCHEN_LOCAL_YAML=kitchen.exec.yml`
+- **License:** Set `CHEF_LICENSE=accept-no-persist`
 
 ### Common Issues and Solutions
 - **Always run `berks install` first** - most failures are dependency-related
-- **Docker must be running** for kitchen tests
 - **Chef Workstation required** - no workarounds, no alternatives
-- **Test data bags needed** (optional for some cookbooks) in `test/integration/data_bags/` for convergence
+- **Windows Vagrant provider availability matters** for local kitchen runs
 
 ## Development Workflow
 
 ### Making Changes
-1. Edit recipes/resources/attributes/templates/libraries
+1. Edit resources/libraries/templates/files as needed
 2. Update corresponding ChefSpec tests in `spec/`
 3. Also update any InSpec tests under test/integration
 4. Ensure cookstyle and rspec passes at least. You may run `cookstyle -a` to automatically fix issues if needed.
@@ -71,16 +70,16 @@ chef exec rspec                 # Unit tests (ChefSpec)
 - Include comprehensive ChefSpec tests for all actions
 - Follow Chef resource DSL patterns
 
-### Recipe Conventions
-- Use `include_recipe` for modularity
-- Handle platforms with `platform_family?` conditionals
-- Use encrypted data bags for secrets (passwords, SSL certs)
-- Leverage attributes for configuration with defaults
+### Resource Conventions
+- Prefer custom resources over recipes for cookbook behavior
+- Handle Windows platform/version branching inside the resource actions or helpers
+- Keep reusable installer and OS-matrix logic in `libraries/`
+- Document each public resource under `documentation/`
 
 ### Testing Approach
-- **ChefSpec (Unit):** Mock dependencies, test recipe logic in `spec/`
-- **InSpec (Integration):** Verify actual system state in `test/integration/inspec/` - InSpec files should contain proper inspec.yml and controls directories so that it could be used by other suites more easily.
-- One test file per recipe, use standard Chef testing patterns
+- **ChefSpec (Unit):** Mock dependencies and step into custom resources in `spec/unit/`
+- **InSpec (Integration):** Verify actual system state in `test/integration/default/`
+- Keep the test cookbook focused on exercising the public resources
 
 ## Trust These Instructions
 
@@ -89,7 +88,7 @@ These instructions are validated for Sous Chefs cookbooks. **Do not search for b
 **Error Resolution Checklist:**
 1. Verify Chef Workstation installation
 2. Confirm `berks install` completed successfully
-3. Ensure Docker is running for integration tests
+3. Ensure the local Windows Vagrant provider can boot and expose WinRM before blaming cookbook code
 4. Check for missing test data dependencies
 
 The CI system uses these exact commands - following them matches CI behavior precisely.

.github/workflows/ci.yml

@@ -19,30 +19,27 @@ jobs:
       statuses: write
       issues: write
 
-  # This needs to run on vagrant due to the fact these nodes reboot during their
-  # runs
-  integration:
+  integration-windows:
     needs: lint-unit
-    runs-on: macos-latest
+    runs-on: windows-latest
     strategy:
       fail-fast: false
       matrix:
         os:
-          - "windows-2012r2"
-          - "windows-2016"
           - "windows-2019"
         suite:
-          - "powershell5"
+          - "default"
 
     steps:
       - name: Check out code
         uses: actions/checkout@v6
-      - name: Install Chef
-        uses: actionshub/chef-install@6.0.0
+      - name: Install Cinc Workstation
+        uses: sous-chefs/.github/.github/actions/install-workstation@main
       - name: test-kitchen
-        uses: actionshub/test-kitchen@3.0.0
+        uses: actionshub/test-kitchen@main
         env:
           CHEF_LICENSE: accept-no-persist
+          KITCHEN_LOCAL_YAML: kitchen.exec.yml
         with:
           suite: ${{ matrix.suite }}
           os: ${{ matrix.os }}

.github/workflows/conventional-commits.yml

@@ -1,14 +1,13 @@
 ---
-name: conventional-commits
+name: 'Validate PR'
 
 "on":
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - edited
-      - synchronize
+  pull_request_target:
+    types: [opened, edited, reopened]
 
 jobs:
   conventional-commits:
     uses: sous-chefs/.github/.github/workflows/conventional-commits.yml@5.0.8
+    permissions:
+      pull-requests: read
+    secrets: inherit

.github/workflows/copilot-setup-steps.yml

@@ -18,7 +18,7 @@ jobs:
     steps:
       - name: Check out code
         uses: actions/checkout@v6
-      - name: Install Chef
-        uses: actionshub/chef-install@main
+      - name: Install Cinc Workstation
+        uses: sous-chefs/.github/.github/actions/install-workstation@main
       - name: Install cookbooks
         run: berks install

.github/workflows/prevent-file-change.yml

@@ -1,16 +1,14 @@
 ---
-name: prevent-file-change
+name: 'Prevent file change'
 
 "on":
-  pull_request:
-    types:
-      - opened
-      - reopened
-      - edited
-      - synchronize
+  pull_request_target:
+    branches: [main]
 
 jobs:
   prevent-file-change:
     uses: sous-chefs/.github/.github/workflows/prevent-file-change.yml@5.0.8
+    permissions:
+      pull-requests: write
     secrets:
       token: ${{ secrets.GITHUB_TOKEN }}

Berksfile

@@ -1,3 +1,9 @@
+# frozen_string_literal: true
+
 source 'https://supermarket.chef.io'
 
 metadata
+
+group :integration do
+  cookbook 'test', path: 'test/cookbooks/test'
+end

CHANGELOG.md

@@ -5,6 +5,10 @@ This file is used to list changes made in each version of the powershell cookboo
 Standardise files with files in sous-chefs/repo-management
 Standardise files with files in sous-chefs/repo-management
 
+## Unreleased
+
+* Migrate the cookbook to custom resources and modernize Windows CI/test coverage
+
 ## [6.4.21](https://github.com/sous-chefs/powershell/compare/v6.4.20...v6.4.21) (2025-10-16)
 
 

Dangerfile

@@ -18,7 +18,7 @@ def code_changes?
 end
 
 def test_changes?
-  tests = %w(spec test kitchen.yml kitchen.dokken.yml)
+  tests = %w(spec test kitchen.yml kitchen.exec.yml)
   tests.each do |location|
     return true unless git.modified_files.grep(/#{location}/).empty?
   end

LIMITATIONS.md

@@ -0,0 +1,38 @@
+# Limitations
+
+## Package Availability
+
+### APT (Debian/Ubuntu)
+
+- Not applicable. This cookbook manages Microsoft Windows Management Framework installers on Windows only.
+
+### DNF/YUM (RHEL family)
+
+- Not applicable. This cookbook manages Microsoft Windows Management Framework installers on Windows only.
+
+### Windows
+
+- Windows PowerShell 2.0 is enabled through built-in Windows features on Windows Server 2008 R2 / Windows 7 and Windows Server 2012 / Windows 8.
+- Windows Management Framework 3.0 packages are published for Windows 7 SP1 and Windows Server 2008 R2 SP1 only.
+- Windows Management Framework 4.0 packages are published for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2012.
+- Windows Management Framework 5.1 packages are published for Windows 7 SP1 / Windows Server 2008 R2 SP1, Windows Server 2012, and Windows Server 2012 R2 / Windows 8.1.
+- Windows Server 2016 and newer ship with Windows PowerShell 5.1, so the cookbook treats WMF 5.1 as built in on those releases.
+
+## Architecture Limitations
+
+- WMF 3.0 and WMF 4.0 provide both `x86` and `x64` packages for Windows 7 SP1 / Windows Server 2008 R2 SP1.
+- WMF 4.0 on Windows Server 2012 is `x64` only.
+- WMF 5.1 on Windows Server 2012 is `x64` only.
+- WMF 5.1 on Windows 8.1 / Windows Server 2012 R2 is available for `x86` and `x64`.
+
+## Source/Compiled Installation
+
+- Not applicable. Microsoft distributes WMF through signed Windows features, `.msu`, and `.zip` archives.
+- WMF 3.0 requires .NET Framework 4.0.
+- WMF 4.0 and WMF 5.1 require .NET Framework 4.5 or newer.
+
+## Known Issues
+
+- WMF 2.0, 3.0, and 4.0 are tied to operating systems that are beyond mainstream support; keep them for legacy compatibility only.
+- Windows Server 2012 and Windows Server 2012 R2 are past extended support and only available under Microsoft ESU.
+- The active test surface in this cookbook is limited to Windows Server 2019 because it has a stable local Vagrant box and a matching CI exec target.

README.md

@@ -2,103 +2,68 @@
 
 [![Cookbook Version](https://img.shields.io/cookbook/v/powershell.svg)](https://supermarket.chef.io/cookbooks/powershell)
 [![CI State](https://github.com/sous-chefs/powershell/workflows/ci/badge.svg)](https://github.com/sous-chefs/powershell/actions?query=workflow%3Aci)
-[![OpenCollective](https://opencollective.com/sous-chefs/backers/badge.svg)](#backers)
-[![OpenCollective](https://opencollective.com/sous-chefs/sponsors/badge.svg)](#sponsors)
-[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](https://opensource.org/licenses/Apache-2.0)
 
-Installs and configures PowerShell 2.0, 3.0, 4.0 or 5.0.
+This cookbook provides custom resources for managing legacy Windows Management Framework
+(WMF) installers and the supporting WinRM / DSC configuration required by older Windows
+platforms.
 
 ## Maintainers
 
-This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef cookbook maintainers working together to maintain important cookbooks. If you’d like to know more please visit [sous-chefs.org](https://sous-chefs.org/) or come chat with us on the Chef Community Slack in [#sous-chefs](https://chefcommunity.slack.com/messages/C2V7B88SF).
+This cookbook is maintained by the Sous Chefs. The Sous Chefs are a community of Chef
+cookbook maintainers working together to maintain important cookbooks. If you would like to
+know more, visit [sous-chefs.org](https://sous-chefs.org/).
 
 ## Requirements
 
-### Platforms
-
-Not every version of Windows supports every version of Powershell. The following table illustrates Powershell support across the Windows family. **Included** means that the base installation of the operating system includes the indicated version of Powershell.
-
-Windows Version                     | PowerShell 2.0 | PowerShell 3.0 | PowerShell 4.0 | PowerShell 5.0
------------------------------------ | -------------- | -------------- | -------------- | --------------
-Windows Server 2008 R2              | Included       | Supported      | Supported      | Supported
-Windows Server 2012 / Windows 8     | Included       | Included       | Supported      | Supported
-Windows Server 2012R2 / Windows 8.1 | Included       | Not Available  | Included       | Supported
-
-### Chef
-
-- Chef 13+
-
-### Cookbooks
-
-- windows 3.0+
-
-PowerShell also requires the appropriate version of the Microsoft .NET Framework to be installed, if the operating system does not ship with that version. The following community cookbooks are used to install the correct version of the .NET Framework:
-
-- ms_dotnet
+- Chef Infra Client `>= 15.3`
+- Windows
+- `ms_dotnet` `>= 3.2.1`
 
 ## Resources
 
-### `powershell_module`
-
-#### Deprecated
+- `powershell_wmf`
+- `powershell_winrm`
+- `powershell_dsc`
+- `powershell_lcm`
 
-The `powershell_module` has been removed from this cookbook as it was non-functional for most needs and has been replaced with built in resources in chef:
-
-- [powershell_package_source](https://docs.chef.io/resource_powershell_package_source.html)
-- [powershell_package](https://docs.chef.io/resource_powershell_package.html)
+See [`LIMITATIONS.md`](LIMITATIONS.md) for the supported Microsoft download matrix and
+lifecycle notes.
 
 ## Usage
 
-**Note**: The installation may require a restart of the node being configured before PowerShell can be used.
-
-### default
-
-The default recipe contains no resources and will do nothing if included on a run_list.
-
-### powershell2
-
-Include the `powershell2` recipe in a run list, to ensure PowerShell 2.0 is installed. If the platform is not supported, a warning will be logged.
-
-### powershell3
-
-Include the `powershell3` recipe in a run list, to install PowerShell 3.0 is installed on applicable platforms. If the platform is not supported, a warning will be logged.
-
-### powershell4
-
-Include the `powershell4` recipe in a run list, to install PowerShell 4.0 is installed on applicable platforms. If the platform is not supported, a warning will be logged.
-
-### powershell5
-
-Include the `powershell5` recipe in a run list, to install PowerShell 5.0 is installed on applicable platforms. If the platform is not supported, a warning will be logged.
-
-## References
+Install WMF 5.1 when the target platform needs it:
 
-- Installing [Windows Management Framework 2.0](http://support.microsoft.com/kb/968929)
-- Installing [Windows Management Framework 3.0](http://www.microsoft.com/en-us/download/details.aspx?id=34595)
-- Installing [Windows Management Framework 4.0](http://www.microsoft.com/en-us/download/details.aspx?id=40855)
-- Installing [Windows Management Framework 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=50395)
+```ruby
+powershell_wmf '5.1'
+```
 
-## Contributors
+Prepare WinRM for DSC with an HTTPS listener:
 
-This project exists thanks to all the people who [contribute.](https://opencollective.com/sous-chefs/contributors.svg?width=890&button=false)
+```ruby
+powershell_dsc 'default' do
+  enable_https_transport true
+  hostname 'node.example.com'
+  thumbprint 'ABCDEF1234567890'
+end
+```
 
-### Backers
+Enable or disable the Local Configuration Manager:
 
-Thank you to all our backers!
+```ruby
+powershell_lcm 'default'
 
-![https://opencollective.com/sous-chefs#backers](https://opencollective.com/sous-chefs/backers.svg?width=600&avatarHeight=40)
+powershell_lcm 'default' do
+  action :disable
+end
+```
 
-### Sponsors
+## Testing
 
-Support this project by becoming a sponsor. Your logo will show up here with a link to your website.
+Local Vagrant runs use `kitchen.yml`. CI uses the exec driver with `kitchen.exec.yml`.
 
-![https://opencollective.com/sous-chefs/sponsor/0/website](https://opencollective.com/sous-chefs/sponsor/0/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/1/website](https://opencollective.com/sous-chefs/sponsor/1/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/2/website](https://opencollective.com/sous-chefs/sponsor/2/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/3/website](https://opencollective.com/sous-chefs/sponsor/3/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/4/website](https://opencollective.com/sous-chefs/sponsor/4/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/5/website](https://opencollective.com/sous-chefs/sponsor/5/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/6/website](https://opencollective.com/sous-chefs/sponsor/6/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/7/website](https://opencollective.com/sous-chefs/sponsor/7/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/8/website](https://opencollective.com/sous-chefs/sponsor/8/avatar.svg?avatarHeight=100)
-![https://opencollective.com/sous-chefs/sponsor/9/website](https://opencollective.com/sous-chefs/sponsor/9/avatar.svg?avatarHeight=100)
+```shell
+berks install
+cookstyle
+chef exec rspec --format documentation
+kitchen test default-windows-2019 --destroy=always
+```