diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 0dcdc83..3bd76ee 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -34,7 +34,7 @@ jobs:
       - name: get the new tag
         id: new_tag
         run: echo "tag=v${{ github.event.inputs.version }}" >> $GITHUB_OUTPUT
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0
       - name: get last tag information
@@ -90,7 +90,7 @@ jobs:
       GITHUB_TOKEN: ${{ secrets.BOT_PAT }}
     steps:
       - name: Check out code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - uses: actions/download-artifact@v3
         with:
           name: CHANGELOG.md
@@ -153,7 +153,7 @@ jobs:
           ${{ secrets.SUPERMARKET_KEY }}
           EOF
       - name: checkout cookbook
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           path: cookbooks/${{ env.cookbook_name }}
           ref: ${{ needs.version-info.outputs.new_tag }}
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index afa95ea..6f86a4e 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -9,8 +9,6 @@ on:
     branches:
       - '*'
   pull_request:
-    types:
-      - opened
     branches:
       - master
 
@@ -18,7 +16,7 @@ jobs:
   cookstyle:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/cache@v3
         with:
           path: |
@@ -30,7 +28,7 @@ jobs:
           curl -L https://omnitruck.cinc.sh/install.sh | sudo bash -s -- -P cinc-workstation -d .cache -v ${{ env.cinc_workstation_version }}
       - name: cookstyle
         run: |
-          cinc exec rake cookstyle
+          cinc exec cookstyle --fail-level r
 
   kitchen-dokken:
     runs-on: ubuntu-latest
@@ -56,10 +54,9 @@ jobs:
           - fedora-37
           - fedora-38
 #          - opensuse-42 # something is broken here
-          - ubuntu-18-04
           - ubuntu-20-04
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/cache@v3
         with:
           path: |
@@ -93,13 +90,11 @@ jobs:
           - default-almalinux-9
           - default-rockylinux-8
           - default-rockylinux-9
-          - default-ubuntu-18-04
           - default-ubuntu-20-04
           - default-debian-10
           - default-debian-11
-          - default-fedora-38
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - uses: actions/cache@v3
         with:
           path: |
diff --git a/.kitchen.do.yml b/.kitchen.do.yml
index 7c3939f..a5b84a7 100644
--- a/.kitchen.do.yml
+++ b/.kitchen.do.yml
@@ -47,12 +47,6 @@ platforms:
   lifecycle:
     post_create:
       - remote: sleep 10; while pgrep apt-get >/dev/null; do echo "Waiting for apt-get..."; sleep 5; done # let the installation of DO droplet-agent to finish and unlock dpkg
-- name: ubuntu-18-04
-  driver_config:
-    image: ubuntu-18-04-x64
-  lifecycle:
-    post_create:
-      - remote: sleep 10; while pgrep apt-get >/dev/null; do echo "Waiting for apt-get..."; sleep 5; done # let the installation of DO droplet-agent to finish and unlock dpkg
 - name: ubuntu-20-04
   driver_config:
     image: ubuntu-20-04-x64
diff --git a/.kitchen.dokken.yml b/.kitchen.dokken.yml
index 70ca854..5d5428b 100644
--- a/.kitchen.dokken.yml
+++ b/.kitchen.dokken.yml
@@ -92,12 +92,6 @@ platforms:
   driver:
     image: dokken/opensuse-leap
     pid_one_command: /bin/systemd
-- name: ubuntu-18-04
-  driver:
-    image: dokken/ubuntu-18.04
-    pid_one_command: /bin/systemd
-    intermediate_instructions:
-      - RUN /usr/bin/apt-get update
 - name: ubuntu-20-04
   driver:
     image: dokken/ubuntu-20.04
diff --git a/.kitchen.yml b/.kitchen.yml
index 178ee30..89b8149 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -3,9 +3,6 @@ driver:
   name: vagrant
 
 platforms:
-- name: ubuntu-18-04
-  driver_config:
-    box: bento/ubuntu-18.04
 - name: ubuntu-20-04
   driver_config:
     box: bento/ubuntu-20.04
diff --git a/Gemfile b/Gemfile
deleted file mode 100644
index 13d58ef..0000000
--- a/Gemfile
+++ /dev/null
@@ -1,7 +0,0 @@
-# frozen_string_literal: true
-
-source 'https://rubygems.org'
-
-group :tools do
-  gem 'github_changelog_generator', '~> 1.14'
-end
diff --git a/Rakefile b/Rakefile
deleted file mode 100644
index 8919d54..0000000
--- a/Rakefile
+++ /dev/null
@@ -1,82 +0,0 @@
-# frozen_string_literal: true
-
-# rubocop:disable Style/SymbolArray
-
-require 'rspec/core/rake_task'
-require 'base64'
-require 'chef/cookbook/metadata'
-
-# General tasks
-
-# Rubocop before rspec so we don't lint vendored cookbooks
-desc 'Run all tests except Kitchen (default task)'
-task default: [:lint, :spec]
-
-# Lint the cookbook
-desc 'Run all linters: rubocop and foodcritic'
-task lint: [:cookstyle]
-
-# Run the whole shebang
-desc 'Run all tests'
-task test: [:lint, :kitchen, :spec]
-
-# RSpec
-desc 'Run chefspec tests'
-task :spec do
-  puts 'Running Chefspec tests'
-  RSpec::Core::RakeTask.new(:spec)
-end
-
-desc 'Run cookstyle on cookbooks in this repository'
-task :cookstyle do
-  sh 'cookstyle --fail-level r'
-end
-
-# Automatically generate a changelog for this project. Only loaded if
-# the necessary gem is installed.
-begin
-  # read version from metadata
-  metadata = Chef::Cookbook::Metadata.new
-  metadata.instance_eval(File.read('metadata.rb'))
-
-  # build changelog
-  require 'github_changelog_generator/task'
-  GitHubChangelogGenerator::RakeTask.new :changelog do |config|
-    config.future_release = "v#{metadata.version}"
-    config.user = 'dev-sec'
-    config.project = 'chef-os-hardening'
-  end
-rescue LoadError
-  puts '>>>>> GitHub Changelog Generator not loaded, omitting tasks'
-end
-
-desc 'Run kitchen integration tests'
-task :kitchen do
-  SSH_KEY_FILE = '~/.ssh/ci_id_rsa'
-  SSH_KEY_ENV_VAR_NAME = 'CI_SSH_KEY'
-  concurrency = ENV['CONCURRENCY'] || 1
-  instance = ENV['INSTANCE'] || ''
-  args = ENV['CI'] ? '--destroy=always' : ''
-
-  if ENV['CI'] && ENV['KITCHEN_LOCAL_YAML'] == '.kitchen.do.yml'
-    puts 'Preparing CI environment for DigitalOcean...'
-
-    ['DIGITALOCEAN_ACCESS_TOKEN', 'DIGITALOCEAN_SSH_KEY_IDS', SSH_KEY_ENV_VAR_NAME].each do |var|
-      unless ENV[var] # rubocop:disable Style/Next
-        puts "#{var} isn't defined. Skipping the task"
-        # We are not raising exit 1 as we want our CI tests in the forks to succeed.
-        # Our forks usually do not have the DO environment variables and are tested via dokken
-        exit
-      end
-    end
-
-    ssh_file = File.expand_path(SSH_KEY_FILE)
-    dir = File.dirname(ssh_file)
-    Dir.mkdir(dir, 0o700) unless Dir.exist?(dir)
-    File.open(ssh_file, 'w') { |f| f.puts Base64.decode64(ENV[SSH_KEY_ENV_VAR_NAME]) }
-    File.chmod(0o600, ssh_file)
-  end
-
-  sh('sh', '-c', "bundle exec kitchen test -c #{concurrency} #{args} #{instance}")
-end
-# rubocop:enable Style/SymbolArray