diff --git a/.github/workflows/backport.yaml b/.github/workflows/backport.yaml
index 108e3e2bb..4081bb128 100644
--- a/.github/workflows/backport.yaml
+++ b/.github/workflows/backport.yaml
@@ -7,6 +7,6 @@ jobs:
     permissions:
       contents: write # for reading and creating branches.
       pull-requests: write # for creating pull requests against release branches.
-    uses: fluxcd/gha-workflows/.github/workflows/backport.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/backport.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/cifuzz.yaml b/.github/workflows/cifuzz.yaml
index c25086ad1..16ddaa227 100644
--- a/.github/workflows/cifuzz.yaml
+++ b/.github/workflows/cifuzz.yaml
@@ -11,7 +11,7 @@ jobs:
       contents: read # for reading the repository code.
     steps:
       - name: Test suite setup
-        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.3.0
+        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:
           go-version: 1.25.x
       - name: Smoke test Fuzzers
diff --git a/.github/workflows/e2e.yaml b/.github/workflows/e2e.yaml
index 465bb8f42..483e65ad6 100644
--- a/.github/workflows/e2e.yaml
+++ b/.github/workflows/e2e.yaml
@@ -13,7 +13,7 @@ jobs:
       contents: read # for reading the repository code.
     steps:
       - name: Test suite setup
-        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.3.0
+        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:
           go-version: 1.25.x
       - name: Verify
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index ffb1c3cd9..e7097010c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -15,7 +15,7 @@ jobs:
       contents: write # for creating the GitHub release.
       id-token: write # for creating OIDC tokens for signing.
       packages: write # for pushing and signing container images.
-    uses: fluxcd/gha-workflows/.github/workflows/controller-release.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/controller-release.yaml@v0.4.0
     with:
       controller: ${{ github.event.repository.name }}
       release-candidate-prefix: ${{ github.event.inputs.tag }}
diff --git a/.github/workflows/scan.yaml b/.github/workflows/scan.yaml
index 4d7f2b0f5..ea8e992de 100644
--- a/.github/workflows/scan.yaml
+++ b/.github/workflows/scan.yaml
@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: read # for reading the repository code.
       security-events: write # for uploading the CodeQL analysis results.
-    uses: fluxcd/gha-workflows/.github/workflows/code-scan.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/code-scan.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
       fossa-token: ${{ secrets.FOSSA_TOKEN }}
diff --git a/.github/workflows/sync-labels.yaml b/.github/workflows/sync-labels.yaml
index cc69156a8..a4635094d 100644
--- a/.github/workflows/sync-labels.yaml
+++ b/.github/workflows/sync-labels.yaml
@@ -11,6 +11,6 @@ jobs:
     permissions:
       contents: read # for reading the labels file.
       issues: write # for creating and updating labels.
-    uses: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml@v0.3.0
+    uses: fluxcd/gha-workflows/.github/workflows/labels-sync.yaml@v0.4.0
     secrets:
       github-token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/test.yaml b/.github/workflows/test.yaml
index 4ba71463f..c7a9aa2e8 100644
--- a/.github/workflows/test.yaml
+++ b/.github/workflows/test.yaml
@@ -11,7 +11,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Test suite setup
-        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.3.0
+        uses: fluxcd/gha-workflows/.github/actions/setup-kubernetes@v0.4.0
         with:
           go-version: 1.25.x
       - name: Run tests