Skip to content

🐛 Downgrade Go to 1.24.6 and standardize version across codebase #5186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 12, 2025
Merged

🐛 Downgrade Go to 1.24.6 and standardize version across codebase #5186

merged 1 commit into from
Nov 12, 2025
+31 −31

Conversation

@camilamacedo86
Copy link
Member

@camilamacedo86 camilamacedo86 commented Nov 9, 2025
edited
Loading

Summary

This PR downgrades the Go version to 1.24.6 and ensures consistent usage across all modules and build configurations.

Motivation

  • Security: Go 1.24.6 includes important fixes that address a known CVE affecting earlier patch releases in the 1.24 series.
  • Compatibility: The latest versions of Kubernetes APIs, controller-runtime, and controller-tools are still built and tested against Go 1.24.x, so maintaining this version ensures full compatibility and avoids potential build or runtime issues.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Nov 9, 2025
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 9, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: camilamacedo86

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 9, 2025
@camilamacedo86 camilamacedo86 changed the title ✨ Use go 1.24.6 for scaffolds and keep certmanager 1.18.2 which is compatible with 1.24 WIP Nov 9, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch 3 times, most recently from 77bd060 to 89f28b5 Compare November 12, 2025 05:44
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 12, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch 2 times, most recently from 66af85a to 75dd88d Compare November 12, 2025 06:33
@camilamacedo86 camilamacedo86 changed the title WIP 🐛 Downgrade Go to 1.24.6 and standardize version across codebase Nov 12, 2025
@camilamacedo86 camilamacedo86 changed the title 🐛 Downgrade Go to 1.24.6 and standardize version across codebase 🐛 Downgrade Go to 1.24.6 and standardize version across codebase Nov 12, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch 2 times, most recently from b91c726 to 761bdb9 Compare November 12, 2025 08:15
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 12, 2025
@camilamacedo86 camilamacedo86 changed the title 🐛 Downgrade Go to 1.24.6 and standardize version across codebase WIP 🐛 Downgrade Go to 1.24.6 and standardize version across codebase Nov 12, 2025
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 12, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch from 761bdb9 to aadb985 Compare November 12, 2025 11:18
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Nov 12, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch 2 times, most recently from 48a952e to 84383cb Compare November 12, 2025 15:35
@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 12, 2025
@camilamacedo86 camilamacedo86 force-pushed the go-certmanager-downgrade-for-release branch from 84383cb to 3cbeee9 Compare November 12, 2025 15:36
@camilamacedo86 camilamacedo86 changed the title WIP 🐛 Downgrade Go to 1.24.6 and standardize version across codebase 🐛 Downgrade Go to 1.24.6 and standardize version across codebase Nov 12, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 12, 2025
camilamacedo86
camilamacedo86 commented Nov 12, 2025
View reviewed changes
go.mod
module sigs.k8s.io/kubebuilder/v4

go 1.25.0
go 1.24.6
Copy link
Member Author

@camilamacedo86 camilamacedo86 Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We upgrade the version for the tooling to workaround that was properly addressed with: #5194

In order to push a release with a go version that address CVE and still compatible with the libs adopt we should stick with 1.24.6. Let;s just upgrade to 1.25 when we bump controller-runtime using it.

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 12, 2025

@camilamacedo86: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubebuilder-e2e-k8s-1-33-0 3cbeee9 link true /test pull-kubebuilder-e2e-k8s-1-33-0

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@camilamacedo86
Copy link
Member Author

camilamacedo86 commented Nov 12, 2025

/test pull-kubebuilder-e2e-k8s-1-33-0

@camilamacedo86 camilamacedo86 merged commit 05c6782 into kubernetes-sigs:master Nov 12, 2025
34 of 39 checks passed
@camilamacedo86 camilamacedo86 deleted the go-certmanager-downgrade-for-release branch November 12, 2025 16:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Kavinjsir Kavinjsir Awaiting requested review from Kavinjsir

@varshaprasad96 varshaprasad96 Awaiting requested review from varshaprasad96

Assignees

No one assigned

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. release-blocker size/M Denotes a PR that changes 30-99 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@camilamacedo86 @k8s-ci-robot