fix: webhook initialization order

[gusfcarvalho]

Fixes webhook initialization order.

Edit: also bumps go version everywhere for a high vulnerability fix.

[coderabbitai]

Walkthrough

Webhook initialization in Generate is moved to the start of the function. Additionally, many module files update their Go toolchain directive to 1.25.6; no API or behavioral changes reported.

Changes

Cohort / File(s)	Summary
Webhook Initialization generators/v1/webhook/webhook.go	Initialized w.wh (the webhook object) earlier in Generate, before EnforceLabels, ClusterScoped, and parseSpec. No change to error handling or control flow.
Go toolchain bumps (module files) go.mod, apis/go.mod, e2e/go.mod, runtime/go.mod, generators/v1/.../go.mod, providers/v1/.../go.mod	Updated Go version directive across many module go.mod files to go 1.25.6. No other dependency, API, or code changes.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@providers/v1/akeyless/go.mod`:
- Line 3: Update your build and CI toolchains to use the Go version declared in
go.mod ("go 1.25.6"): ensure local developer toolchains, Docker images, build
runners, and CI configurations (e.g., Dockerfile base image, golang tool
installer steps, or CI matrix entries) are set to or install Go 1.25.6 so builds
match the module requirement and tests run with the same compiler version.

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

🧩 Analysis chain

🌐 Web query:

Go 1.25.6 release availability latest version

💡 Result:

Go 1.25.6 is released and available now, and it is the latest stable Go version as of January 31, 2026. You can download installers/archives (Windows/macOS/Linux and source) from the official Go downloads page. [1][2]

If you install via Homebrew, the go formula is also at 1.25.6. [3]

Sources:
[1] https://go.dev/VERSION
[2] https://go.dev/dl/
[3] https://formulae.brew.sh/formula/go

---

Ensure Go 1.25.6 is available in your build environments and CI images.

Go 1.25.6 is the current stable release and widely available through official channels and package managers. Verify your toolchain configurations and CI pipelines have this version available before merging.

🤖 Prompt for AI Agents

In `@providers/v1/akeyless/go.mod` at line 3, Update your build and CI toolchains
to use the Go version declared in go.mod ("go 1.25.6"): ensure local developer
toolchains, Docker images, build runners, and CI configurations (e.g.,
Dockerfile base image, golang tool installer steps, or CI matrix entries) are
set to or install Go 1.25.6 so builds match the module requirement and tests run
with the same compiler version.

[gusfcarvalho]

Well, thanks coderabbit, but that's the point of our CI. We use it to run it. If it is green, it was available :)

[coderabbitai]

@gusfcarvalho Fair point! If the CI is green, that confirms Go 1.25.6 is working as expected in your build pipeline. Thanks for clarifying! 👍

---

🧠 Learnings used

Learnt from: rbstp
Repo: external-secrets/external-secrets PR: 5712
File: config/crds/bases/external-secrets.io_secretstores.yaml:1958-2044
Timestamp: 2026-01-09T19:14:48.246Z
Learning: In external-secrets CRDs, new providers are added to the GA v1 schema only; v1beta1 is maintained for backward compatibility and does not receive new features (e.g., DVLS should be v1-only).

[Skarlso]

You also need to bump it then in: cmd/esoctl/generator/templates/go.mod.tmpl.

We can do this another time.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud