Bump Go toolchain to v1.24.6

[mboersma]

What type of PR is this?

/kind cleanup

What this PR does / why we need it:

Updates the Go compiler and tools to v1.24.6.

I separated this out from #5661 because it's XL-sized on its own.

Which issue(s) this PR fixes:
Fixes #

Special notes for your reviewer:

TODOs:

• squashed commits
• includes documentation
• adds unit tests
• cherry-pick candidate

Release note:

NONE

[mboersma]

/hold because we may want to do the v1.21 release first

[jackfrancis]

@mboersma if this passes tests I'd be keen to include in 1.21

[codecov]

Codecov Report

❌ Patch coverage is 80.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 46.94%. Comparing base (7b2418f) to head (c2cf9c0).
⚠️ Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
azure/scope/machine.go	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5813      +/-   ##
==========================================
- Coverage   53.07%   46.94%   -6.14%     
==========================================
  Files         279      279              
  Lines       29687    29687              
==========================================
- Hits        15757    13936    -1821     
- Misses      13114    14938    +1824     
+ Partials      816      813       -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[mboersma]

/retest

[mboersma]

/retest

[nojnhuh]

Failure looks like #5703 but for the typha pods. I'm trying the fix from #5704 in #5819.

/retest

[nojnhuh]

Could we also bump the version here?

diff --git a/cloudbuild.yaml b/cloudbuild.yaml
index 79dcdcec3..e584386e8 100644
--- a/cloudbuild.yaml
+++ b/cloudbuild.yaml
@@ -4,7 +4,7 @@ options:
   substitution_option: ALLOW_LOOSE
   machineType: 'E2_HIGHCPU_8'
 steps:
-  - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250116-2a05ea7e3d' # Go 1.23
+  - name: 'gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250513-9264efb079' # Go 1.24
     entrypoint: make
     env:
       - DOCKER_CLI_EXPERIMENTAL=enabled

curl -sL gcr.io/v2/k8s-staging-test-infra/gcb-docker-gcloud/tags/list | jq '.tags'

% docker run --rm --entrypoint go gcr.io/k8s-staging-test-infra/gcb-docker-gcloud:v20250513-9264efb079 version
go version go1.24.3 linux/amd64

[nojnhuh]

These couple comments are totally non-blocking. Would be nice to update the cloudbuild.yaml as part of this PR though.

And for next time I think it would help reviewing to split this into separate commits for a) bumping the Go version, and b) each logic group of linter issues fixed.

[nojnhuh]

I think ideally we refactor this function to take a context or *testing.T argument so we can satisfy the linter. Otherwise, moving this ctx to the top of TestGetTokenCredential also appeases the linter, in case either of those are worth doing now.

diff --git a/azure/scope/identity_test.go b/azure/scope/identity_test.go
index 669fe204e..bcaa4aabd 100644
--- a/azure/scope/identity_test.go
+++ b/azure/scope/identity_test.go
@@ -17,7 +17,6 @@ limitations under the License.
 package scope
 
 import (
-	"context"
 	"os"
 	"reflect"
 	"testing"
@@ -208,6 +207,7 @@ func TestHasClientSecret(t *testing.T) {
 }
 
 func TestGetTokenCredential(t *testing.T) {
+	ctx := t.Context()
 	testCertPath := "../../test/setup/certificate"
 
 	tests := []struct {
@@ -439,7 +439,6 @@ func TestGetTokenCredential(t *testing.T) {
 				},
 			},
 			cacheExpect: func(cache *mock_azure.MockCredentialCache) {
-				ctx := context.Background()                      //nolint:usetesting
 				credsPath := "../../test/setup/credentials.json" //nolint:gosec
 				clientOptions := azcore.ClientOptions{
 					Cloud: cloud.Configuration{

[mboersma]

This test fails if we replace context.Background() with t.Context():

--- FAIL: TestGetTokenCredential (0.00s)
    --- FAIL: TestGetTokenCredential/UserAssignedIdentityCredential (0.00s)
        /Users/matt/projects/cluster-api-provider-azure/azure/scope/identity.go:169: Unexpected call to *mock_azure.MockCredentialCache.GetOrStoreUserAssignedManagedIdentityCredentials([context.Background ../../test/setup/credentials.json { {https://login.microsoftonline.com/ map[resourceManager:{https://management.core.windows.net/ https://management.azure.com}]} false {false [] []} {0 0s 0s 0s [] <nil>} { false} {0x104990dc0} <nil> [] []} &{0x14000452330 0}]) at /Users/matt/projects/cluster-api-provider-azure/azure/scope/identity.go:169 because: 
            expected call at /Users/matt/projects/cluster-api-provider-azure/azure/scope/identity_test.go:454 doesn't match the argument at index 0.
            Got: context.Background (context.backgroundCtx)
            Want: is equal to context.Background.WithCancel (*context.cancelCtx)
        /Users/matt/projects/cluster-api-provider-azure/azure/scope/controller.go:97: missing call(s) to *mock_azure.MockCredentialCache.GetOrStoreUserAssignedManagedIdentityCredentials(is equal to context.Background.WithCancel (*context.cancelCtx), is equal to ../../test/setup/credentials.json (string), adheres to a custom condition, is anything) /Users/matt/projects/cluster-api-provider-azure/azure/scope/identity_test.go:454
        /Users/matt/projects/cluster-api-provider-azure/azure/scope/controller.go:97: aborting test due to missing call(s)
FAIL
FAIL	sigs.k8s.io/cluster-api-provider-azure/azure/scope	0.581s
FAIL

And I wasn't excited to debug why, so I thought this was an acceptable use of //nolint.

[nojnhuh]

It would be great to eventually refactor the spots like this to define a root ctx in one place and pass that around instead of each reinstantiating a separate t.Context().

[mboersma]

That could be more explicit and coherent, but based on the implementation of testing.Context, I don't think there's any cost to the naive approach except a function call.

[nojnhuh]

/lgtm
/approve

I'll leave the hold in case we want to coordinate this with the 1.21 release.

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 16659b5793f821f261aa8b0b377d06db20166357

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nojnhuh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [nojnhuh]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mboersma]

/retest

[k8s-ci-robot]

@mboersma: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-azure-apidiff	c2cf9c0	link	false	/test pull-cluster-api-provider-azure-apidiff

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

[mboersma]

/hold cancel