feat: support Chef community and Cinc installs

[damacus]

Summary

• default Chef installs to the Chef Community download API via a new chefDownloadUrl input
• add a license input for Chef Community/Commercial downloads
• keep omnitruckUrl as a compatibility override, which also preserves the Cinc install path
• document Cinc omnibus usage and clarify that Cinc packages do not require a license
• validate that the default Chef Community API is only used with the stable channel

Why

Omnitruck is no longer the right default path for Chef installs, but this action still needs to support Cinc and avoid breaking existing omnitruck-based consumers. This keeps the newer Chef download flow as the default while preserving omnitruckUrl precedence for backwards compatibility and Cinc.

Verification

• parsed action.yml with Ruby YAML
• ran git diff --check
• did not run the action on a live GitHub runner

Notes

• Chef Community/Commercial downloads require a license_id
• Cinc installs continue to work through omnitruck.cinc.sh without a license
• direct Cinc package downloads remain available at https://cinc.sh/download/
• this follows the direction of upstream PR Moves away from Omnitruck to Chef Community + adds License param needed for commercial endpoint #35 while keeping the compatibility concern raised in review

[Copilot]

Pull request overview

This PR updates the composite GitHub Action to support installing Chef via the Chef Community/Commercial download APIs (license-based) while also supporting Cinc installs via omnitruck-compatible endpoints, and updates the README accordingly.

Changes:

• Adds chefDownloadUrl + license inputs and uses the Chef download API flow when license is provided.
• Switches the non-license install path to download-and-validate the installer script before executing it (Linux/macOS + Windows).
• Updates documentation to include Chef Community/Commercial usage and Cinc omnibus usage.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File	Description
action.yml	Adds new inputs and implements conditional Chef-download vs omnitruck install flows across Linux/macOS and Windows.
README.md	Documents the new Chef download API flow (license-based) and the Cinc/omnitruck usage patterns and parameters.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

mktemp without a template is not portable to macOS/BSD (it errors with a usage message on many runners). Since this step targets Linux/macOS, use a portable form like mktemp -t <prefix>.XXXXXX (and/or place the temp files under $RUNNER_TEMP) to avoid failing on macOS.

Suggested change

	TEMP_SCRIPT="$(mktemp)"
	TEMP_HEADERS="$(mktemp)"
	TEMP_SCRIPT="$(mktemp -t chef-install-script.XXXXXX)"
	TEMP_HEADERS="$(mktemp -t chef-install-headers.XXXXXX)"

[Copilot]

The redirect validation only checks that the effective URL contains /${SCRIPT_SUFFIX}, but it does not ensure the redirect stays on the expected host ($CHEF_DOWNLOAD_URL / $OMNITRUCK_URL). A cross-domain redirect to a different host with the same path would pass this check.

Tighten the validation to require the effective URL to start with the expected base (e.g. https://${CHEF_DOWNLOAD_URL}/ or https://${OMNITRUCK_URL}/) in addition to the suffix/path check.

[Copilot]

The Windows redirect validation ($effectiveUrl -notlike "*/$scriptSuffix*") only checks the path segment and doesn't ensure the redirect stayed on the expected host ($env:CHEF_DOWNLOAD_URL / $env:OMNITRUCK_URL). Tighten this to validate the effective URL begins with the expected base URL as well, to avoid accepting cross-domain redirects.

[Copilot]

windowsPath is treated as an install root and the code appends bin via string concatenation ("$($installRoot)bin"). If a user supplies a path without a trailing \ (e.g. C:\opscode\chef-workstation), the resulting PATH entry becomes invalid (...chef-workstationbin). Prefer Join-Path $installRoot "bin" and/or normalize $installRoot to include a trailing separator.

Suggested change

	"$($installRoot)bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
	(Join-Path -Path $installRoot -ChildPath "bin") | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append

[Copilot]

Changing the defaults to project: cinc-workstation and omnitruckUrl: omnitruck.cinc.sh changes the action’s behavior for consumers who rely on defaults (it will install Cinc instead of Chef). Given the PR goal of avoiding breaking existing consumers, consider keeping the previous Chef defaults (or making the new behavior opt-in) and documenting the breaking change/versioning expectations if this is intentional.

[Copilot]

The README says Chef installs use the commercial API when you provide a license_id, but the action input is named license (and license_id is only the query parameter passed to the download endpoint). To avoid confusion for users, align the docs to the actual input name (e.g. “provide license (Chef license_id)”).

Suggested change

	when you provide a `license_id`.
	when you provide the `license` input (Chef license_id).