Merge branch 'main' into copilot/fix-783

Author: damacus

.github/copilot-instructions.md

@@ -1 +1,95 @@
-We use Chef Cookstyle to lint our Chef cookbooks. We use Test Kitchen to integration test our cookbooks. Test cookbooks are in the test/cookbooks directory. We keep documentation in README.md and the documentation folder. When suggestion improvements ignore the test directory.
+# Copilot Instructions for Sous Chefs Cookbooks
+
+## Repository Overview
+
+**Chef cookbook** for managing software installation and configuration. Part of the Sous Chefs cookbook ecosystem.
+
+**Key Facts:** Ruby-based, Chef >= 16 required, supports various OS platforms (check metadata.rb, kitchen.yml and .github/workflows/ci.yml for which platforms to specifically test)
+
+## Project Structure
+
+**Critical Paths:**
+- `recipes/` - Chef recipes for cookbook functionality (if this is a recipe-driven cookbook)
+- `resources/` - Custom Chef resources with properties and actions (if this is a resource-driven cookbook)
+- `spec/` - ChefSpec unit tests
+- `test/integration/` - InSpec integration tests (tests all platforms supported)
+- `test/cookbooks/` or `test/fixtures/` - Example cookbooks used during testing that show good examples of custom resource usage
+- `attributes/` - Configuration for recipe driven cookbooks (not applicable to resource cookbooks)
+- `libraries/` - Library helpers to assist with the cookbook. May contain multiple files depending on complexity of the cookbook.
+- `templates/` - ERB templates that may be used in the cookbook
+- `files/` - files that may be used in the cookbook
+- `metadata.rb`, `Berksfile` - Cookbook metadata and dependencies
+
+## Build and Test System
+
+### Environment Setup
+**MANDATORY:** Install Chef Workstation first - provides chef, berks, cookstyle, kitchen tools.
+
+### Essential Commands (strict order)
+```bash
+berks install                   # Install dependencies (always first)
+cookstyle                       # Ruby/Chef linting
+yamllint .                      # YAML linting
+markdownlint-cli2 '**/*.md'     # Markdown linting
+chef exec rspec                 # Unit tests (ChefSpec)
+# Integration tests will be done via the ci.yml action. Do not run these. Only check the action logs for issues after CI is done running.
+```
+
+### Critical Testing Details
+- **Kitchen Matrix:** Multiple OS platforms × software versions (check kitchen.yml for specific combinations)
+- **Docker Required:** Integration tests use Dokken driver
+- **CI Environment:** Set `CHEF_LICENSE=accept-no-persist`
+- **Full CI Runtime:** 30+ minutes for complete matrix
+
+### Common Issues and Solutions
+- **Always run `berks install` first** - most failures are dependency-related
+- **Docker must be running** for kitchen tests
+- **Chef Workstation required** - no workarounds, no alternatives
+- **Test data bags needed** (optional for some cookbooks) in `test/integration/data_bags/` for convergence
+
+## Development Workflow
+
+### Making Changes
+1. Edit recipes/resources/attributes/templates/libraries
+2. Update corresponding ChefSpec tests in `spec/`
+3. Also update any InSpec tests under test/integration
+4. Ensure cookstyle and rspec passes at least. You may run `cookstyle -a` to automatically fix issues if needed.
+5. Also always update all documentation found in README.md and any files under documentation/*
+6. **Always update CHANGELOG.md** (required by Dangerfile) - Make sure this conforms with the Sous Chefs changelog standards.
+
+### Pull Request Requirements
+- **PR description >10 chars** (Danger enforced)
+- **CHANGELOG.md entry** for all code changes
+- **Version labels** (major/minor/patch) required
+- **All linters must pass** (cookstyle, yamllint, markdownlint)
+- **Test updates** needed for code changes >5 lines and parameter changes that affect the code logic
+
+## Chef Cookbook Patterns
+
+### Resource Development
+- Custom resources in `resources/` with properties and actions
+- Include comprehensive ChefSpec tests for all actions
+- Follow Chef resource DSL patterns
+
+### Recipe Conventions
+- Use `include_recipe` for modularity
+- Handle platforms with `platform_family?` conditionals
+- Use encrypted data bags for secrets (passwords, SSL certs)
+- Leverage attributes for configuration with defaults
+
+### Testing Approach
+- **ChefSpec (Unit):** Mock dependencies, test recipe logic in `spec/`
+- **InSpec (Integration):** Verify actual system state in `test/integration/inspec/` - InSpec files should contain proper inspec.yml and controls directories so that it could be used by other suites more easily.
+- One test file per recipe, use standard Chef testing patterns
+
+## Trust These Instructions
+
+These instructions are validated for Sous Chefs cookbooks. **Do not search for build instructions** unless information here fails.
+
+**Error Resolution Checklist:**
+1. Verify Chef Workstation installation
+2. Confirm `berks install` completed successfully
+3. Ensure Docker is running for integration tests
+4. Check for missing test data dependencies
+
+The CI system uses these exact commands - following them matches CI behavior precisely.

.github/instructions/project.instructions.md

@@ -0,0 +1,43 @@
+# Copilot Project Instructions: postgresql Cookbook (Specific)
+
+This file provides cookbook-specific instructions for Copilot and other AI coding assistants. It supplements, but does not duplicate, the general instructions in `.github/copilot-instructions.md`.
+
+## Cookbook Purpose
+
+- The `postgresql` cookbook manages installation, configuration, and access control for PostgreSQL database servers.
+- It provides custom Chef resources for PostgreSQL installation, service management, user/database creation, access control, and configuration.
+- Supports multiple PostgreSQL versions and major Linux distributions (see `metadata.rb`, `kitchen.yml`).
+
+## Key Custom Resources
+
+- `postgresql_install`: Installs and initializes PostgreSQL server.
+- `postgresql_service`: Manages the PostgreSQL system service (start, stop, restart, enable, etc.).
+- `postgresql_access`: Manages entries in `pg_hba.conf` for access control.
+- `postgresql_user`: Creates, updates, and manages PostgreSQL users and roles.
+- `postgresql_database`: Creates and manages databases.
+- `postgresql_config`: Manages configuration files.
+- `postgresql_extension`, `postgresql_ident`, `postgresql_role`: Additional resources for advanced PostgreSQL features.
+
+## Cookbook-Specific Patterns
+
+- All access control changes (`postgresql_access`) must ensure the config file is written before triggering a service restart.
+- Helper modules in `libraries/` are used for parsing and manipulating PostgreSQL config files.
+- Example usage and test coverage for all resources is found in `test/cookbooks/test/recipes/`.
+- Templates for configuration files are located in `templates/default/`.
+
+## Testing and Validation
+
+- Integration tests cover multiple OS and PostgreSQL versions (see `.kitchen/logs/` for matrix).
+- Example test recipes demonstrate resource usage and edge cases (e.g., usernames with dashes, multiple databases/users, LDAP auth).
+
+## Documentation
+
+- Resource documentation is in `documentation/` and includes usage examples and property details for each resource.
+
+## Special Notes
+
+- This cookbook is resource-driven; recipes are only used for testing and examples.
+- All changes must maintain idempotency and proper notification sequencing for service restarts.
+- Do not bypass resource logic—always use the provided custom resources for PostgreSQL management.
+
+For general build, test, and workflow instructions, refer to `.github/copilot-instructions.md`.

.github/workflows/ci.yml

@@ -8,7 +8,7 @@ name: ci
 
 jobs:
   lint-unit:
-    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@4.0.0
+    uses: sous-chefs/.github/.github/workflows/lint-unit.yml@5.0.3
     permissions:
       actions: write
       checks: write

.github/workflows/conventional-commits.yml

@@ -0,0 +1,14 @@
+---
+name: conventional-commits
+
+"on":
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  conventional-commits:
+    uses: sous-chefs/.github/.github/workflows/[email protected]

.github/workflows/copilot-setup-steps.yml

@@ -0,0 +1,24 @@
+---
+name: 'Copilot Setup Steps'
+
+"on":
+  workflow_dispatch:
+  push:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+  pull_request:
+    paths:
+      - .github/workflows/copilot-setup-steps.yml
+
+jobs:
+  copilot-setup-steps:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+      - name: Install Chef
+        uses: actionshub/chef-install@main
+      - name: Install cookbooks
+        run: berks install

.github/workflows/prevent-file-change.yml

@@ -0,0 +1,16 @@
+---
+name: prevent-file-change
+
+"on":
+  pull_request:
+    types:
+      - opened
+      - reopened
+      - edited
+      - synchronize
+
+jobs:
+  prevent-file-change:
+    uses: sous-chefs/.github/.github/workflows/[email protected]
+    secrets:
+      token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -0,0 +1,23 @@
+---
+name: release
+
+"on":
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+  issues: write
+  pull-requests: write
+  packages: write
+  attestations: write
+  id-token: write
+
+jobs:
+  release:
+    uses: sous-chefs/.github/.github/workflows/[email protected]
+    secrets:
+      token: ${{ secrets.PORTER_GITHUB_TOKEN }}
+      supermarket_user: ${{ secrets.CHEF_SUPERMARKET_USER }}
+      supermarket_key: ${{ secrets.CHEF_SUPERMARKET_KEY }}

.markdownlint-cli2.yaml

@@ -3,5 +3,7 @@ config:
   line-length: false # MD013
   no-duplicate-heading: false # MD024
   reference-links-images: false # MD052
+  no-multiple-blanks:
+    maximum: 2
 ignores:
   - .github/copilot-instructions.md

.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "12.4.0"
+}