feat!: migrate bind to custom resources

[damacus]

Summary

• Migrate bind to a full custom-resource-only public API.
• Remove the public recipes/default.rb entry point and move usage examples into test/cookbooks/test/recipes.
• Add explicit provides declarations and frozen-string headers to all resources.
• Move bundled static BIND files from cookbook files/ to templates and remove the cookbook-level files/ tree.
• Modernize Kitchen/CI platform coverage to current non-EOL platforms and add LIMITATIONS.md.

Selected cookbook

bind

Scope

Full Migration. Legacy public recipes and node attributes are removed; wrapper cookbooks should declare bind_* custom resources directly.

Verification

• berks install
  • Passed: resolved apt, bind, and test.
• chef exec ruby -c resources/*.rb
  • Passed: all resource files reported Syntax OK.
• cookstyle
  • Passed: 62 files inspected, no offenses detected.
• chef exec rspec --format documentation
  • Passed: 178 examples, 0 failures.
• KITCHEN_LOCAL_YAML=kitchen.dokken.yml kitchen test default-ubuntu-2404 --destroy=always
  • Passed: second converge idempotent with 0/40 resources updated.
  • Passed: InSpec 1 successful control, 7 successful, 0 failures.
• Final structural audit with ls -R
  • Confirmed recipes/ is absent.
  • Confirmed attributes/ is absent.
  • Confirmed test/cookbooks/test/recipes and test/integration/default are present.

Platform/support evidence

• ISC supported-platforms documentation, updated 2026-02-19, lists current BIND 9 support for Debian 12, Fedora latest, RHEL 8/9/10, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS, with CentOS Stream 9 community-maintained.
• ISC package documentation, updated 2026-03-23, states ISC only provides packages for currently supported operating system versions.
• Kitchen and CI were updated to remove EOL platforms such as CentOS 7, CentOS Stream 8, Debian 9/10/11, Oracle Linux 7, Ubuntu 18.04/20.04/23.04, and openSUSE Leap 15.
• Existing compatible distro coverage was preserved for AlmaLinux 8/9, Amazon Linux 2023, Oracle Linux 8/9, and Rocky Linux 8/9.

Workflow permission sources checked

Checked exact upstream files at the refs used in this PR before editing caller permissions:

• sous-chefs/.github/.github/workflows/lint-unit.yml@6.0.0
  • check-metadata requires checks: write, pull-requests: write, and statuses: write; caller grants those permissions.
• sous-chefs/.github/.github/workflows/prevent-file-change.yml@6.0.0
  • nested jobs require pull-requests: write; caller grants pull-requests: write.
• sous-chefs/.github/.github/workflows/release-cookbook.yml@6.0.0
  • requires secrets token, supermarket_user, supermarket_key, slack_bot_token, and slack_channel_id; release workflow passes all five.
• sous-chefs/.github/.github/actions/install-workstation/action.yml@6.0.0
  • inspected before replacing actionshub/chef-install; no additional caller permissions required.

BREAKING CHANGE: bind::default has been removed. Consumers must declare bind_service, bind_config, bind_acl, and other bind_* resources directly.

[github-actions]

🚫 [linkspector] _{reported by reviewdog 🐶}
Cannot reach https://bind9.readthedocs.io/en/v9_16_23/reference.html?highlight=primaries#primaries-statement-definition-and-usage Status: 404

[github-actions]

Slowest examples

Top 10 slowest examples (1.5 seconds, 12.83% of total time)

Example	Description	Time in seconds
spec/resources/view_spec.rb:28	adding a single view will place the config in the named config	0.32254
spec/resources/linked_zones_spec.rb:31	adding linked zone will configure internal zone in the internal view	0.24396
spec/default_spec.rb:59	test::default on unspecified platform (EL 5/6 as reference) creates subdirectory /var/named/primary	0.18948
spec/chroot_spec.rb:183	test::chroot on Ubuntu 18.04 creates /var/bind9/chroot/var/cache/bind with mode 750 and owner bind	0.16851
spec/chroot_spec.rb:30	test::chroot on CentOS 7 creates /var/named/chroot/var/log with mode 750 and owner named	0.12471
spec/chroot_spec.rb:212	test::chroot on Ubuntu 18.04 renders file /var/bind9/chroot/etc/bind/named.conf with included files	0.09681
spec/chroot_spec.rb:111	test::chroot on CentOS 8 will render secondary with no options	0.09071
spec/resources/stub_zone_spec.rb:19	adding stub zones will render stub with no options	0.08972
spec/resources/server_spec.rb:19	set server options a single server with multiple free-form options render the server stanza containing the option	0.08949
spec/resources/view_spec.rb:99	adding multiple views render view based filenames	0.08929