bump k8s to 1.35.0 and Golang to 1.25

.github/workflows/docker.yml

@@ -56,7 +56,7 @@ jobs:
 
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.22.0'
+        go-version: '1.25.0'
 
     # Set up QEMU emulator to allow building multi-arch images
     - name: Set up QEMU

.github/workflows/release.yml

@@ -6,7 +6,7 @@ on:
       - "v*"
 
 env:
-  GO_VERSION: 1.24.4
+  GO_VERSION: 1.25.0
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/test.yml

@@ -73,7 +73,7 @@ jobs:
 
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.24.4'
+        go-version: '1.25.0'
 
     - name: setup-kosli-cli
       uses: kosli-dev/setup-cli-action@v2
@@ -83,7 +83,7 @@ jobs:
 
     - name: Run golangci-lint
       id: lint
-      uses: golangci/golangci-lint-action@v6
+      uses: golangci/golangci-lint-action@v9
       with:
         version: latest
         args: --timeout=5m -v
@@ -113,7 +113,7 @@ jobs:
 
     - uses: actions/setup-go@v5
       with:
-        go-version: '1.24.4'
+        go-version: '1.25.0'
 
     - name: setup-kosli-cli
       uses: kosli-dev/setup-cli-action@v2

Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:1
 
-ARG GO_VERSION="1.24"
+ARG GO_VERSION="1.25"
 ARG ALPINE_VERSION="3.21"
 
 

Makefile

@@ -37,8 +37,11 @@ ldflags:
 fmt: ## Reformat package sources
 	@go fmt ./...
 
-lint:
-	@docker run --rm -v $(PWD):/app -w /app golangci/golangci-lint:latest-alpine golangci-lint run --timeout=5m  -v ./...
+ensure_golangci-lint:
+	@$HOMEBREW_NO_AUTO_UPDATE=1 brew upgrade golangci-lint
+
+lint: deps vet ensure_golangci-lint
+	@golangci-lint run --timeout=5m --color always  -v ./...
 
 vet: fmt
 	@go vet ./...

cmd/kosli/allowArtifact_test.go

@@ -29,7 +29,7 @@ func (suite *AllowArtifactCommandTestSuite) SetupTest() {
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
 
-	CreateEnv(global.Org, suite.envName, "server", suite.Suite.T())
+	CreateEnv(global.Org, suite.envName, "server", suite.T())
 }
 
 func (suite *AllowArtifactCommandTestSuite) TestAllowArtifactCmd() {
@@ -70,7 +70,7 @@ func (suite *AllowArtifactCommandTestSuite) TestAllowArtifactCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/archiveAttestationType_test.go

@@ -25,7 +25,7 @@ func (suite *ArchiveAttestationTypeCommandTestSuite) SetupTest() {
 		Host:     "http://localhost:8001",
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
-	CreateCustomAttestationType(suite.attestationTypeName, "testdata/person-schema.json", []string{".age > 21"}, suite.Suite.T())
+	CreateCustomAttestationType(suite.attestationTypeName, "testdata/person-schema.json", []string{".age > 21"}, suite.T())
 }
 
 func (suite *ArchiveAttestationTypeCommandTestSuite) TestArchiveAttestationTypeCmd() {
@@ -55,7 +55,7 @@ func (suite *ArchiveAttestationTypeCommandTestSuite) TestArchiveAttestationTypeC
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/archiveEnvironment_test.go

@@ -25,7 +25,7 @@ func (suite *ArchiveEnvironmentCommandTestSuite) SetupTest() {
 		Host:     "http://localhost:8001",
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
-	CreateEnv(global.Org, suite.environmentName, "server", suite.Suite.T())
+	CreateEnv(global.Org, suite.environmentName, "server", suite.T())
 }
 
 func (suite *ArchiveEnvironmentCommandTestSuite) TestArchiveEnvironmentCmd() {
@@ -55,7 +55,7 @@ func (suite *ArchiveEnvironmentCommandTestSuite) TestArchiveEnvironmentCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/archiveFlow_test.go

@@ -25,7 +25,7 @@ func (suite *ArchiveFlowCommandTestSuite) SetupTest() {
 		Host:     "http://localhost:8001",
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
-	CreateFlow(suite.flowName, suite.Suite.T())
+	CreateFlow(suite.flowName, suite.T())
 }
 
 func (suite *ArchiveFlowCommandTestSuite) TestArchiveFlowCmd() {
@@ -55,7 +55,7 @@ func (suite *ArchiveFlowCommandTestSuite) TestArchiveFlowCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertApproval_test.go

@@ -36,14 +36,14 @@ func (suite *AssertApprovalCommandTestSuite) SetupTest() {
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
 
-	CreateFlow(suite.flowName, suite.Suite.T())
+	CreateFlow(suite.flowName, suite.T())
 	fingerprintOptions := &fingerprintOptions{
 		artifactType: "file",
 	}
 	var err error
 	suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger)
-	require.NoError(suite.Suite.T(), err)
-	CreateArtifact(suite.flowName, suite.fingerprint, suite.artifactName, suite.Suite.T())
+	require.NoError(suite.T(), err)
+	CreateArtifact(suite.flowName, suite.fingerprint, suite.artifactName, suite.T())
 }
 
 func (suite *AssertApprovalCommandTestSuite) TestAssertApprovalCmd() {
@@ -126,9 +126,9 @@ func (suite *AssertApprovalCommandTestSuite) TestAssertApprovalCmd() {
 
 	for _, t := range tests {
 		if t.additionalConfig != nil && t.additionalConfig.(assertApprovalTestConfig).createApproval {
-			CreateApproval(suite.flowName, suite.fingerprint, t.additionalConfig.(assertApprovalTestConfig).isRequest, suite.Suite.T())
+			CreateApproval(suite.flowName, suite.fingerprint, t.additionalConfig.(assertApprovalTestConfig).isRequest, suite.T())
 		}
-		runTestCmd(suite.Suite.T(), []cmdTestCase{t})
+		runTestCmd(suite.T(), []cmdTestCase{t})
 	}
 }
 

cmd/kosli/assertArtifact_test.go

@@ -49,35 +49,35 @@ func (suite *AssertArtifactCommandTestSuite) SetupTest() {
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
 
-	CreateFlow(suite.flowName1, suite.Suite.T())
-	CreateFlow(suite.flowName2, suite.Suite.T())
+	CreateFlow(suite.flowName1, suite.T())
+	CreateFlow(suite.flowName2, suite.T())
 	fingerprintOptions := &fingerprintOptions{
 		artifactType: "file",
 	}
-	CreateEnv(global.Org, suite.envName, "server", suite.Suite.T())
-	CreatePolicy(global.Org, suite.policyName1, suite.Suite.T())
-	CreatePolicy(global.Org, suite.policyName2, suite.Suite.T())
+	CreateEnv(global.Org, suite.envName, "server", suite.T())
+	CreatePolicy(global.Org, suite.policyName1, suite.T())
+	CreatePolicy(global.Org, suite.policyName2, suite.T())
 	var err error
 	suite.fingerprint1, err = GetSha256Digest(suite.artifact1Path, fingerprintOptions, logger)
-	require.NoError(suite.Suite.T(), err)
-	CreateArtifact(suite.flowName1, suite.fingerprint1, suite.artifactName1, suite.Suite.T())
+	require.NoError(suite.T(), err)
+	CreateArtifact(suite.flowName1, suite.fingerprint1, suite.artifactName1, suite.T())
 	suite.fingerprint2, err = GetSha256Digest(suite.artifact2Path, fingerprintOptions, logger)
-	require.NoError(suite.Suite.T(), err)
-	CreateArtifact(suite.flowName1, suite.fingerprint2, suite.artifactName2, suite.Suite.T())
-	CreateArtifact(suite.flowName2, suite.fingerprint2, suite.artifactName1, suite.Suite.T())
+	require.NoError(suite.T(), err)
+	CreateArtifact(suite.flowName1, suite.fingerprint2, suite.artifactName2, suite.T())
+	CreateArtifact(suite.flowName2, suite.fingerprint2, suite.artifactName1, suite.T())
 
 	// Setup for asserting non-compliant artifact to check error response
 	suite.flowName3 = "assert-non-compliant-artifact"
 	suite.trailName = "non-compliant-trail"
 	suite.artifactName3 = "arti-for-AssertArtifactCommandTestSuite-non-compliant"
 	suite.artifact3Path = "testdata/artifacts/AssertArtifactCommandTestSuiteArtifact3.txt"
 	suite.fingerprint3, err = GetSha256Digest(suite.artifact3Path, fingerprintOptions, logger)
-	CreateFlow(suite.flowName3, suite.Suite.T())
-	BeginTrail(suite.trailName, suite.flowName3, "", suite.Suite.T())
-	CreateArtifactOnTrail(suite.flowName3, suite.trailName, "cli", suite.fingerprint3, suite.artifactName3, suite.Suite.T())
-	require.NoError(suite.Suite.T(), err)
-	CreateGenericArtifactAttestation(suite.flowName3, suite.trailName, suite.fingerprint3, "failing-attestation", false, suite.Suite.T())
-	require.NoError(suite.Suite.T(), err)
+	CreateFlow(suite.flowName3, suite.T())
+	BeginTrail(suite.trailName, suite.flowName3, "", suite.T())
+	CreateArtifactOnTrail(suite.flowName3, suite.trailName, "cli", suite.fingerprint3, suite.artifactName3, suite.T())
+	require.NoError(suite.T(), err)
+	CreateGenericArtifactAttestation(suite.flowName3, suite.trailName, suite.fingerprint3, "failing-attestation", false, suite.T())
+	require.NoError(suite.T(), err)
 }
 
 func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
@@ -201,7 +201,7 @@ func (suite *AssertArtifactCommandTestSuite) TestAssertArtifactCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertPRAzure_test.go

@@ -17,7 +17,7 @@ type AssertPRAzureCommandTestSuite struct {
 }
 
 func (suite *AssertPRAzureCommandTestSuite) SetupTest() {
-	testHelpers.SkipIfEnvVarUnset(suite.Suite.T(), []string{"KOSLI_AZURE_TOKEN"})
+	testHelpers.SkipIfEnvVarUnset(suite.T(), []string{"KOSLI_AZURE_TOKEN"})
 
 	global = &GlobalOpts{
 		ApiToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImNkNzg4OTg5In0.e8i_lA_QrEhFncb05Xw6E_tkCHU9QfcY4OLTVUCHffY",
@@ -51,7 +51,7 @@ func (suite *AssertPRAzureCommandTestSuite) TestAssertPRAzureCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertPRBitbucket_test.go

@@ -17,7 +17,7 @@ type AssertPRBitbucketCommandTestSuite struct {
 }
 
 func (suite *AssertPRBitbucketCommandTestSuite) SetupTest() {
-	testHelpers.SkipIfEnvVarUnset(suite.Suite.T(), []string{"KOSLI_BITBUCKET_ACCESS_TOKEN"})
+	testHelpers.SkipIfEnvVarUnset(suite.T(), []string{"KOSLI_BITBUCKET_ACCESS_TOKEN"})
 
 	global = &GlobalOpts{
 		ApiToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImNkNzg4OTg5In0.e8i_lA_QrEhFncb05Xw6E_tkCHU9QfcY4OLTVUCHffY",
@@ -58,7 +58,7 @@ func (suite *AssertPRBitbucketCommandTestSuite) TestAssertPRBitbucketCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertPRGithub_test.go

@@ -17,7 +17,7 @@ type AssertPRGithubCommandTestSuite struct {
 }
 
 func (suite *AssertPRGithubCommandTestSuite) SetupTest() {
-	testHelpers.SkipIfEnvVarUnset(suite.Suite.T(), []string{"KOSLI_GITHUB_TOKEN"})
+	testHelpers.SkipIfEnvVarUnset(suite.T(), []string{"KOSLI_GITHUB_TOKEN"})
 
 	global = &GlobalOpts{
 		ApiToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImNkNzg4OTg5In0.e8i_lA_QrEhFncb05Xw6E_tkCHU9QfcY4OLTVUCHffY",
@@ -51,7 +51,7 @@ func (suite *AssertPRGithubCommandTestSuite) TestAssertPRGithubCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertPRGitlab_test.go

@@ -17,7 +17,7 @@ type AssertPRGitlabCommandTestSuite struct {
 }
 
 func (suite *AssertPRGitlabCommandTestSuite) SetupTest() {
-	testHelpers.SkipIfEnvVarUnset(suite.Suite.T(), []string{"KOSLI_GITLAB_TOKEN"})
+	testHelpers.SkipIfEnvVarUnset(suite.T(), []string{"KOSLI_GITLAB_TOKEN"})
 
 	global = &GlobalOpts{
 		ApiToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpZCI6ImNkNzg4OTg5In0.e8i_lA_QrEhFncb05Xw6E_tkCHU9QfcY4OLTVUCHffY",
@@ -63,7 +63,7 @@ func (suite *AssertPRGitlabCommandTestSuite) TestAssertPRGitlabCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/assertSnapshot_test.go

@@ -41,23 +41,23 @@ func (suite *AssertSnapshotCommandTestSuite) SetupTest() {
 	suite.defaultKosliArguments = fmt.Sprintf(" --host %s --org %s --api-token %s", global.Host, global.Org, global.ApiToken)
 
 	// Non-compliant environment
-	CreateEnv(global.Org, suite.nonCompliantEnvName, "server", suite.Suite.T())
-	CreateFlow(suite.flowName, suite.Suite.T())
+	CreateEnv(global.Org, suite.nonCompliantEnvName, "server", suite.T())
+	CreateFlow(suite.flowName, suite.T())
 
 	// In order for an environment to be compliant instead of unknown (which we convert to false), it must have
 	// a polict attached.
-	CreateEnv(global.Org, suite.compliantEnvName, "server", suite.Suite.T())
-	CreatePolicy(global.Org, "server-policy", suite.Suite.T())
-	AttachPolicy([]string{suite.compliantEnvName}, "server-policy", suite.Suite.T())
+	CreateEnv(global.Org, suite.compliantEnvName, "server", suite.T())
+	CreatePolicy(global.Org, "server-policy", suite.T())
+	AttachPolicy([]string{suite.compliantEnvName}, "server-policy", suite.T())
 
 	//Create artifact to report to environments
 	fingerprintOptions := &fingerprintOptions{
 		artifactType: "file",
 	}
 	var err error
 	suite.fingerprint, err = GetSha256Digest(suite.artifactPath, fingerprintOptions, logger)
-	require.NoError(suite.Suite.T(), err)
-	CreateArtifact(suite.flowName, suite.fingerprint, suite.artifactName, suite.Suite.T())
+	require.NoError(suite.T(), err)
+	CreateArtifact(suite.flowName, suite.fingerprint, suite.artifactName, suite.T())
 
 }
 
@@ -117,9 +117,9 @@ func (suite *AssertSnapshotCommandTestSuite) TestAssertSnapshotCmd() {
 
 	for _, t := range tests {
 		if t.additionalConfig != nil && t.additionalConfig.(assertSnapshotTestConfig).reportToEnv {
-			ReportServerArtifactToEnv([]string{suite.artifactPath}, t.additionalConfig.(assertSnapshotTestConfig).envName, suite.Suite.T())
+			ReportServerArtifactToEnv([]string{suite.artifactPath}, t.additionalConfig.(assertSnapshotTestConfig).envName, suite.T())
 		}
-		runTestCmd(suite.Suite.T(), []cmdTestCase{t})
+		runTestCmd(suite.T(), []cmdTestCase{t})
 	}
 }
 

cmd/kosli/assertStatus_test.go

@@ -28,7 +28,7 @@ func (suite *AssertStatusCommandTestSuite) TestAssertStatusCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/attestArtifact_test.go

@@ -26,8 +26,8 @@ func (suite *AttestArtifactCommandTestSuite) SetupTest() {
 		Host:     "http://localhost:8001",
 	}
 	suite.defaultKosliArguments = fmt.Sprintf(" --flow %s --trail %s --repo-root ../.. --host %s --org %s --api-token %s", suite.flowName, suite.trailName, global.Host, global.Org, global.ApiToken)
-	CreateFlowWithTemplate(suite.flowName, "testdata/valid_template.yml", suite.Suite.T())
-	BeginTrail(suite.trailName, suite.flowName, "", suite.Suite.T())
+	CreateFlowWithTemplate(suite.flowName, "testdata/valid_template.yml", suite.T())
+	BeginTrail(suite.trailName, suite.flowName, "", suite.T())
 }
 
 func (suite *AttestArtifactCommandTestSuite) TestAttestArtifactCmd() {
@@ -96,7 +96,7 @@ func (suite *AttestArtifactCommandTestSuite) TestAttestArtifactCmd() {
 			wantError: true,
 			name:      "fails when annotation is not valid",
 			cmd:       fmt.Sprintf("attest artifact testdata/file1 --fingerprint 7509e5bda0c762d2bac7f90d758b5b2263fa01ccbc542ab5e3df163be08e6ca9 --name cli --commit HEAD --build-url http://www.example.com --commit-url http://www.example.com --annotate foo.baz=bar %s", suite.defaultKosliArguments),
-			golden:    "Error: --annotate flag should be in the format key=value. Invalid key: 'foo.baz'. Key can only contain [A-Za-z0-9_].\n",
+			golden:    "Error: --annotate flag should be in the format key=value. Invalid key: 'foo.baz'. Key can only contain [A-Za-z0-9_]\n",
 		},
 		{
 			name:   "can attest a file artifact with redacted commit info",
@@ -111,7 +111,7 @@ func (suite *AttestArtifactCommandTestSuite) TestAttestArtifactCmd() {
 		},
 	}
 
-	runTestCmd(suite.Suite.T(), tests)
+	runTestCmd(suite.T(), tests)
 }
 
 // In order for 'go test' to run this suite, we need to create

cmd/kosli/attestCustom.go

@@ -170,7 +170,11 @@ func (o *attestCustomOptions) run(args []string) error {
 	}
 	// if we created a tar package, remove it after uploading it
 	if cleanupNeeded {
-		defer os.Remove(evidencePath)
+		defer func() {
+			if err := os.Remove(evidencePath); err != nil {
+				logger.Warn("failed to remove evidence file: %v", err)
+			}
+		}()
 	}
 
 	reqParams := &requests.RequestParams{