chore: use latest and centrally manage Go version (#724)

Author: mbevc1

.github/workflows/docker.yml

@@ -33,7 +33,7 @@ on:
       kosli_api_token:
         required: true
       snyk_token:
-        required: true         
+        required: true
 
 
 env:
@@ -43,7 +43,7 @@ env:
   # this interferes with the CLI integration tests
 
 
-jobs:  
+jobs:
   docker:
     name: Docker Build
     runs-on: ubuntu-latest
@@ -61,7 +61,8 @@ jobs:
 
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.25.0'
+        go-version-file: '.go-version'
+        check-latest: true
 
     # Set up QEMU emulator to allow building multi-arch images
     - name: Set up QEMU
@@ -76,15 +77,15 @@ jobs:
       with:
         version:
           ${{ vars.KOSLI_CLI_VERSION }}
-    
+
     - name: Login to GitHub Container Registry
       uses: docker/login-action@v3
       with:
         registry: ghcr.io
         username: ${{ github.actor }}
         password: ${{ secrets.GITHUB_TOKEN }}
 
-    # Push image to the GHCR 
+    # Push image to the GHCR
     - name: Build and push Docker image
       id: docker_build
       uses: docker/build-push-action@v5
@@ -127,7 +128,7 @@ jobs:
         subject-digest: ${{ steps.docker_build.outputs.digest }}
         push-to-registry: true
 
-    
+
     - name: setup Snyk
       uses: snyk/actions/setup@master
 
@@ -136,36 +137,36 @@ jobs:
       if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
-      run: 
+      run:
         kosli attest artifact
            ${{ env.IMAGE }}:${{ inputs.tag }}
-           --flow ${{ inputs.flow_name }} 
-           --trail ${{ inputs.trail_name }} 
+           --flow ${{ inputs.flow_name }}
+           --trail ${{ inputs.trail_name }}
            --name cli-docker
            --fingerprint ${{ env.FINGERPRINT }}
            --external-url sigstore=https://search.sigstore.dev/?hash=${{ env.FINGERPRINT }}
            --org ${{ inputs.kosli_org }}
 
-           
+
     - name: Report SBOM to Kosli
       if: ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
-      run: 
+      run:
         kosli attest generic
           --flow ${{ inputs.flow_name }}
-          --trail ${{ inputs.trail_name }} 
+          --trail ${{ inputs.trail_name }}
           --name container-sbom
           --fingerprint ${{ env.FINGERPRINT }}
           --attachments  sbom.spdx.json
           --org ${{ inputs.kosli_org }}
 
-    
+
     - name: Run Snyk Container Test to scan the Docker image for vulnerabilities
       env:
         SNYK_TOKEN: ${{ secrets.snyk_token }}
-      run: 
-          snyk container test ${{ env.IMAGE }}:${{ inputs.tag }} 
+      run:
+          snyk container test ${{ env.IMAGE }}:${{ inputs.tag }}
              --file=Dockerfile
              --sarif
              --policy-path=.snyk
@@ -176,11 +177,11 @@ jobs:
       if:  ${{ github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/') && (success() || failure()) }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
-      run: 
-        kosli attest snyk 
+      run:
+        kosli attest snyk
             --flow ${{ inputs.flow_name }}
-            --trail ${{ inputs.trail_name }} 
-            --fingerprint ${{ env.FINGERPRINT }} 
+            --trail ${{ inputs.trail_name }}
+            --fingerprint ${{ env.FINGERPRINT }}
             --name snyk-container-test
             --scan-results snyk-docker.json
             --org ${{ inputs.kosli_org }}
@@ -191,7 +192,7 @@ jobs:
       env:
         KOSLI_ORG: cyber-dojo
         KOSLI_API_TOKEN: any-token-will-do
-      run: 
+      run:
         docker run -e KOSLI_API_TOKEN
           -e KOSLI_ORG --rm ${{ env.IMAGE }}:${{ inputs.tag }}
           list environments
@@ -201,12 +202,12 @@ jobs:
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_api_token }}
         SMOKE_TEST_OUTCOME: ${{ steps.smoke-test.outcome}}
-      run: 
-        kosli attest generic 
+      run:
+        kosli attest generic
             --flow ${{ inputs.flow_name }}
-            --trail ${{ inputs.trail_name }} 
-            --fingerprint ${{ env.FINGERPRINT }} 
+            --trail ${{ inputs.trail_name }}
+            --fingerprint ${{ env.FINGERPRINT }}
             --name smoke-test
-            --compliant=${{ steps.smoke-test.outcome == 'success' }} 
+            --compliant=${{ steps.smoke-test.outcome == 'success' }}
             --org ${{ inputs.kosli_org }}
 

.github/workflows/release.yml

@@ -5,9 +5,6 @@ on:
     tags:
       - "v*"
 
-env:
-  GO_VERSION: 1.25.0
-
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
 
@@ -121,7 +118,8 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: '.go-version'
+          check-latest: true
 
       # Use release notes from the tag body when present (set by interactive `make release` or `make release tag=vX.Y.Z` with dist/release_notes.md). Otherwise GoReleaser uses its default changelog.
       # Write to repo root so GoReleaser's --clean (which removes dist/) does not delete the file before it is read.
@@ -207,14 +205,15 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v5
         with:
-          go-version: ${{ env.GO_VERSION }}
+          go-version-file: '.go-version'
+          check-latest: true
 
       - name: Generate docs
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         # legacy-ref should happen first as it has the side effect of deleting generated files outside the legacy_ref
         run: |
-          make legacy-ref-docs 
+          make legacy-ref-docs
           make cli-docs
 
       - name: Generate json
@@ -302,4 +301,4 @@ jobs:
         uses: kosli-dev/reusable-actions/.github/actions/send-ci-failure-slack-message@main
         with:
           slack_url: ${{ secrets.MERKELY_SLACK_CI_FAILURES_WEBHOOK }}
-          github_token: ${{ secrets.GITHUB_TOKEN }}
+          github_token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/test.yml

@@ -42,17 +42,17 @@ on:
       github_access_token:
         required: true
       gitlab_access_token:
-        required: true 
+        required: true
       azure_access_token:
-        required: true 
+        required: true
       azure_client_id:
         required: true
       azure_client_secret:
         required: true
       bitbucket_access_token:
         required: true
       jira_api_token:
-        required: true 
+        required: true
       snyk_token:
         required: true
       kosli_reporting_api_token:
@@ -79,7 +79,8 @@ jobs:
 
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.25.0'
+        go-version-file: '.go-version'
+        check-latest: true
 
     - name: setup-kosli-cli
       uses: kosli-dev/setup-cli-action@v2
@@ -98,10 +99,10 @@ jobs:
       if:  ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) &&  (success() || failure()) && inputs.report_results }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_reporting_api_token }}
-      run: kosli attest generic 
-           --name lint 
-           --flow ${{ inputs.FLOW_NAME }} 
-           --trail ${{ inputs.TRAIL_NAME }}  
+      run: kosli attest generic
+           --name lint
+           --flow ${{ inputs.FLOW_NAME }}
+           --trail ${{ inputs.TRAIL_NAME }}
            --org ${{ inputs.KOSLI_ORG }}
            --compliant=${{ steps.lint.outcome == 'success' }}
 
@@ -112,15 +113,16 @@ jobs:
       id-token: write
       contents: write
     steps:
-      
+
     - uses: actions/checkout@v6
       with:
         fetch-depth: 0 # needed for some tests referencing older commits
         ref: ${{ inputs.checkout_ref || github.sha }}
-    
+
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.25.0'
+        go-version-file: '.go-version'
+        check-latest: true
 
     - name: setup-kosli-cli
       uses: kosli-dev/setup-cli-action@v2
@@ -163,10 +165,10 @@ jobs:
       if:  ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) && (success() || failure()) && inputs.report_results }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_reporting_api_token }}
-      run: kosli attest junit 
-           --name test 
-           --flow ${{ inputs.FLOW_NAME }}  
-           --trail ${{ inputs.TRAIL_NAME }} 
+      run: kosli attest junit
+           --name test
+           --flow ${{ inputs.FLOW_NAME }}
+           --trail ${{ inputs.TRAIL_NAME }}
            --results-dir junit-test-results
            --org ${{ inputs.KOSLI_ORG }}
 
@@ -199,17 +201,17 @@ jobs:
     - name: Run Snyk to check source code for vulnerabilities
       env:
         SNYK_TOKEN: ${{ secrets.snyk_token }}
-      run: 
+      run:
           snyk code test --sarif --policy-path=.snyk  --sarif-file-output=snyk-code.json --prune-repeated-subdependencies
-    
+
     - name: Report Snyk Code to Kosli
       if:  ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) &&  (success() || failure()) && inputs.report_results }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_reporting_api_token }}
-      run: kosli attest snyk 
-           --name snyk-code-test 
-           --flow ${{ inputs.FLOW_NAME }}  
-           --trail ${{ inputs.TRAIL_NAME }} 
+      run: kosli attest snyk
+           --name snyk-code-test
+           --flow ${{ inputs.FLOW_NAME }}
+           --trail ${{ inputs.TRAIL_NAME }}
            --scan-results  snyk-code.json
            --org ${{ inputs.KOSLI_ORG }}
 
@@ -238,17 +240,17 @@ jobs:
     - name: Run Snyk to check dependencies for vulnerabilities
       env:
         SNYK_TOKEN: ${{ secrets.snyk_token }}
-      run: 
+      run:
           snyk test --sarif --policy-path=.snyk  --sarif-file-output=snyk-dependency.json --prune-repeated-subdependencies
-    
+
     - name: Report Snyk Test to Kosli
       if:  ${{ (github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/')) &&  (success() || failure()) && inputs.report_results }}
       env:
         KOSLI_API_TOKEN: ${{ secrets.kosli_reporting_api_token }}
-      run: kosli attest snyk 
-           --name snyk-dependency-test 
-           --flow ${{ inputs.FLOW_NAME }}  
-           --trail ${{ inputs.TRAIL_NAME }} 
+      run: kosli attest snyk
+           --name snyk-dependency-test
+           --flow ${{ inputs.FLOW_NAME }}
+           --trail ${{ inputs.TRAIL_NAME }}
            --scan-results  snyk-dependency.json
            --org ${{ inputs.KOSLI_ORG }}
 

.go-version

@@ -0,0 +1 @@
+1.25