Merge pull request #4358 from menahyouyeah/upgrade-go-version

security: upgrade golang to 1.25.6 to fix CVE-2025-61729

Author: efiacor

.github/workflows/e2eEnvironment.yml

@@ -35,11 +35,15 @@ jobs:
       matrix:
         version: ["1.33", "1.34"]
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v5
+        with:
+          path: go/src/github.com/kptdev/kpt
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '>=1.24'
-      - uses: actions/checkout@v5
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
       # Pinned to Commit to ensure action is consistent: https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
       # If you upgrade this version confirm the changes match your expectations
       - name: Install KinD
@@ -49,6 +53,7 @@ jobs:
           skipClusterCreation: true
           skipClusterLogsExport: true
       - name: Run Tests
+        working-directory: go/src/github.com/kptdev/kpt
         env:
           K8S_VERSION: ${{ matrix.version }}
         run: |

.github/workflows/go.yml

@@ -49,15 +49,15 @@ jobs:
         run: |
           which podman
           podman version
-      - name: Set up Go
-        uses: actions/setup-go@v6
-        with:
-          go-version: '>=1.24'
-        id: go
       - name: Check out code into the Go module directory
         uses: actions/checkout@v5
         with:
           path: ${{ env.GOPATH }}/src/github.com/kptdev/kpt
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
       - name: Build, Test, Lint
         working-directory: ${{ env.GOPATH }}/src/github.com/kptdev/kpt
         run: |
@@ -71,15 +71,15 @@ jobs:
   build-macos:
     runs-on: macos-latest
     steps:
-      - name: Set up Go
-        uses: actions/setup-go@v6
-        with:
-          go-version: '>=1.24'
-        id: go
       - name: Check out code into the Go module directory
         uses: actions/checkout@v5
         with:
           path: ${{ env.GOPATH }}/src/github.com/kptdev/kpt
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
       - name: Build
         working-directory: ${{ env.GOPATH }}/src/github.com/kptdev/kpt
         run: |

.github/workflows/live-e2e.yml

@@ -34,10 +34,15 @@ jobs:
       matrix:
         version: ["1.33.4@sha256:25a6018e48dfcaee478f4a59af81157a437f15e6e140bf103f85a2e7cd0cbbf2", "1.34.0@sha256:7416a61b42b1662ca6ca89f02028ac133a309a2a30ba309614e8ec94d976dc5a"]
     steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+        with:
+          path: go/src/github.com/kptdev/kpt
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '>=1.24'
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
       - uses: actions/checkout@v5
       # Pinned to Commit to ensure action is consistent: https://docs.github.com/en/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actions
       # If you upgrade this version confirm the changes match your expectations

.github/workflows/release.yml

@@ -27,15 +27,18 @@ jobs:
     outputs:
       hashes: ${{ steps.hash.outputs.hashes }}
     steps:
-      - name: Set up Go
-        uses: actions/setup-go@v6
-        with:
-          go-version: '>=1.24'
       - name: Checkout
         uses: actions/checkout@v5
         with:
           fetch-depth: 0
+          path: go/src/github.com/kptdev/kpt
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
       - name: Build, Test, Lint
+        working-directory: go/src/github.com/kptdev/kpt
         run: |
           git config --global user.email you@example.com
           git config --global user.name Your Name
@@ -57,6 +60,7 @@ jobs:
         with:
           distribution: goreleaser
           version: "~> v2"
+          workdir: go/src/github.com/kptdev/kpt
           args: release --skip=validate -f release/tag/goreleaser.yaml
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/verifyContent.yml

@@ -30,15 +30,24 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/setup-go@v6
+      - name: Checkout
+        uses: actions/checkout@v5
         with:
-          go-version: '>=1.24'
-      - uses: actions/checkout@v5
-      - run: |
+          path: go/src/github.com/kptdev/kpt
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version-file: go/src/github.com/kptdev/kpt/go.mod
+          cache: true
+      - name: Build
+        working-directory: go/src/github.com/kptdev/kpt
+        run: |
           make build
       - name: Get dependencies
+        working-directory: go/src/github.com/kptdev/kpt
         run: |
           make install-mdrip
           make install-kind
       - name: Verify Examples
+        working-directory: go/src/github.com/kptdev/kpt
         run: make site-verify-examples

Makefile

@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-GOLANG_VERSION    := 1.24.7
+GOLANG_VERSION    := 1.25.6
 GORELEASER_CONFIG = release/tag/goreleaser.yaml
 GORELEASER_IMAGE  := ghcr.io/goreleaser/goreleaser-cross:v$(GOLANG_VERSION)
 

documentation/go.mod

@@ -1,5 +1,5 @@
 module github.com/kptdev/docs
 
-go 1.24.7
+go 1.25.6
 
 require github.com/google/docsy v0.12.0 // indirect

go.mod

@@ -1,6 +1,6 @@
 module github.com/kptdev/kpt
 
-go 1.24.7
+go 1.25.6
 
 require (
 	github.com/bytecodealliance/wasmtime-go v1.0.0

healthcheck/go.mod

@@ -1,6 +1,6 @@
 module github.com/kptdev/kpt/healthcheck
 
-go 1.24.7
+go 1.25.6
 
 require (
 	k8s.io/apimachinery v0.34.1

rollouts/go.mod

@@ -1,6 +1,6 @@
 module github.com/kptdev/kpt/rollouts
 
-go 1.24.7
+go 1.25.6
 
 require (
 	cloud.google.com/go/iam v0.13.0