CI check latest go version

.github/workflows/buf-binary-size.yaml

@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - main
-    tags: ['v*']
+    tags: ["v*"]
   pull_request:
 # Prevent writing to the repository using the CI token.
 # Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
@@ -19,7 +19,8 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
       - name: cache
         uses: actions/cache@v4
         with:

.github/workflows/build-and-draft-release.yaml

@@ -32,15 +32,16 @@ jobs:
       - name: Set up Go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
       - name: Set up Git name and email
         run: |
           git config user.name "${{ github.actor }}"
           git config user.email "${{ github.actor }}@users.noreply.github.com"
       - name: Build assets and draft release
         run: bash ./make/buf/scripts/draftrelease.bash
         env:
-          GH_TOKEN:  ${{ steps.app_token.outputs.token }}
+          GH_TOKEN: ${{ steps.app_token.outputs.token }}
           WEBHOOK_URL: ${{ secrets.SLACK_RELEASE_NOTIFICATION_WEBHOOK }}
           RELEASE_MINISIGN_PRIVATE_KEY: ${{secrets.RELEASE_MINISIGN_PRIVATE_KEY}}
           RELEASE_MINISIGN_PRIVATE_KEY_PASSWORD: ${{secrets.RELEASE_MINISIGN_PRIVATE_KEY_PASSWORD}}

.github/workflows/ci.yaml

@@ -3,13 +3,13 @@ on:
   push:
     branches:
       - main
-    tags: ['v*']
+    tags: ["v*"]
   pull_request:
 # Prevent writing to the repository using the CI token.
 # Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
 permissions: read-all
 env:
-  MAKEFLAGS: '-j 2'
+  MAKEFLAGS: "-j 2"
 jobs:
   lint:
     runs-on: ubuntu-latest
@@ -19,7 +19,8 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
       - name: cache
         uses: actions/cache@v4
         with:
@@ -44,7 +45,7 @@ jobs:
       - name: make-lint
         run: make lint
         env:
-          BUF_BREAKING_AGAINST_INPUT: 'https://github.com/bufbuild/buf.git#branch=main'
+          BUF_BREAKING_AGAINST_INPUT: "https://github.com/bufbuild/buf.git#branch=main"
           BUF_INPUT_HTTPS_USERNAME: ${{ github.actor }}
           BUF_INPUT_HTTPS_PASSWORD: ${{ github.token }}
   test:
@@ -55,7 +56,8 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
       - name: cache
         uses: actions/cache@v4
         with:
@@ -80,7 +82,7 @@ jobs:
     # 2. The repository is not a fork, i.e. it will only run on the official bufbuild/buf
     # 3. The workflow run is trigged by main branch OR a tag with v prefix
     # See https://github.com/bufbuild/buf/pull/289/files#r596207623 for the discussion
-    if:  ${{ github.repository == 'bufbuild/buf' && (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) }}
+    if: ${{ github.repository == 'bufbuild/buf' && (github.ref == 'refs/heads/main' || contains(github.ref, 'refs/tags/v')) }}
     steps:
       # qemu is used when executing things like `apk` in the final build
       # stage which must execute on the target platform. We currently do

.github/workflows/codeql.yaml

@@ -21,7 +21,8 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
       - name: initialize
         uses: github/codeql-action/init@v4
         with:

.github/workflows/make-upgrade.yaml

@@ -2,7 +2,7 @@ name: Make upgrade
 on:
   schedule:
     # Run every Monday at 10am UTC
-    - cron: '0 10 * * 1'
+    - cron: "0 10 * * 1"
 env:
   APP_ID: 251311
 jobs:
@@ -22,13 +22,14 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
           cache: false
       - name: Set up Git name and email
         run: |
           git config user.name 'github-actions[bot]'
           git config user.email 'github-actions[bot]@users.noreply.github.com'
       - name: make-githubactionupgrade
-        run : make githubactionupgrade
+        run: make githubactionupgrade
         env:
           GH_TOKEN: ${{ steps.app_token.outputs.token }}

.github/workflows/previous.yaml

@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - main
-    tags: ['v*']
+    tags: ["v*"]
   pull_request:
 # Prevent writing to the repository using the CI token.
 # Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
@@ -14,7 +14,7 @@ jobs:
   test-previous:
     strategy:
       matrix:
-        go-version: ['1.24.x']
+        go-version: ["1.24.x"]
     runs-on: ubuntu-latest
     steps:
       - name: checkout
@@ -23,6 +23,7 @@ jobs:
         uses: actions/setup-go@v6
         with:
           go-version: ${{ matrix.go-version }}
+          check-latest: true
       - name: cache
         uses: actions/cache@v4
         with:

.github/workflows/windows.yaml

@@ -3,7 +3,7 @@ on:
   push:
     branches:
       - main
-    tags: ['v*']
+    tags: ["v*"]
   pull_request:
 # Prevent writing to the repository using the CI token.
 # Ref: https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#permissions
@@ -26,7 +26,8 @@ jobs:
       - name: setup-go
         uses: actions/setup-go@v6
         with:
-          go-version: '1.25.x'
+          go-version: "1.25.x"
+          check-latest: true
           cache: true
       - name: windows-cache
         uses: actions/cache@v4