chore: fix linting and enable it in CI for all modules

chore: fix arguments

.github/workflows/golangci-lint.yaml

@@ -35,15 +35,7 @@ jobs:
         uses: golangci/golangci-lint-action@v6
         with:
           version: ${{ env.GOLANGCI_LINT_VERSION }}
-          working-directory: api
-          args: --timeout=10m --config=../.golangci.yaml
-
-      - name: golangci-lint
-        uses: golangci/golangci-lint-action@v6
-        with:
-          version: ${{ env.GOLANGCI_LINT_VERSION }}
-          working-directory: rpadmin
-          args: --timeout=10m --config=../.golangci.yaml
+          args: --timeout=10m --config=./.golangci.yaml
 
       - name: Install Task
         uses: arduino/setup-task@v2

secrets/aws.go

@@ -19,6 +19,7 @@ type awsSecretsManager struct {
 	logger *slog.Logger
 }
 
+// NewAWSSecretsManager creates a secret API for AWS.
 func NewAWSSecretsManager(ctx context.Context, logger *slog.Logger, region string, roleARN string) (SecretAPI, error) {
 	cl, err := createAWSClient(ctx, region, roleARN)
 	if err != nil {

secrets/az.go

@@ -19,6 +19,7 @@ type azSecretsManager struct {
 	logger *slog.Logger
 }
 
+// NewAzSecretsManager creates a new Azure secrets manager client.
 func NewAzSecretsManager(logger *slog.Logger, vaultURL string) (SecretAPI, error) {
 	cred, err := azidentity.NewDefaultAzureCredential(nil)
 	if err != nil {
@@ -36,6 +37,7 @@ func NewAzSecretsManager(logger *slog.Logger, vaultURL string) (SecretAPI, error
 	}, nil
 }
 
+// GetSecretValue gets a secret value.
 func (a *azSecretsManager) GetSecretValue(ctx context.Context, key string) (string, bool) {
 	key = sanitize(key)
 	resp, err := a.client.GetSecret(ctx, key, latestVersion, nil)
@@ -49,6 +51,7 @@ func (a *azSecretsManager) GetSecretValue(ctx context.Context, key string) (stri
 	return *resp.Value, true
 }
 
+// CheckSecretExists checks if a secret exists.
 func (a *azSecretsManager) CheckSecretExists(ctx context.Context, key string) bool {
 	key = sanitize(key)
 	pager := a.client.NewListSecretVersionsPager(key, nil)

secrets/gcp.go

@@ -17,6 +17,7 @@ type gcpSecretsManager struct {
 	logger    *slog.Logger
 }
 
+// NewGCPSecretsManager creates a secret API for GCP.
 func NewGCPSecretsManager(ctx context.Context, logger *slog.Logger, projectID string) (SecretAPI, error) {
 	client, err := secretmanager.NewClient(ctx)
 	if err != nil {

secrets/generic.go

@@ -12,6 +12,8 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
+// Package secrets provides common functionality for interacting
+// with different cloud providers' secrets managers.
 package secrets
 
 import (
@@ -21,11 +23,13 @@ import (
 	"github.com/tidwall/gjson"
 )
 
+// SecretAPI is the generic Secret API interface.
 type SecretAPI interface {
 	GetSecretValue(context.Context, string) (string, bool)
 	CheckSecretExists(context.Context, string) bool
 }
 
+// SecretProviderFn is a secret API provider function type.
 type SecretProviderFn func(secretsManager SecretAPI, prefix string, trimPrefix string) (SecretAPI, error)
 
 type secretProvider struct {
@@ -34,6 +38,7 @@ type secretProvider struct {
 	trimPrefix string
 }
 
+// GetSecretValue gets the secret value.
 func (s *secretProvider) GetSecretValue(ctx context.Context, key string) (string, bool) {
 	secretName, field, ok := s.trimPrefixAndSplit(key)
 	if !ok {
@@ -52,6 +57,7 @@ func (s *secretProvider) GetSecretValue(ctx context.Context, key string) (string
 	return getJSONValue(value, field)
 }
 
+// CheckSecretExists checks if the secret exists.
 func (s *secretProvider) CheckSecretExists(ctx context.Context, key string) bool {
 	secretName, _, ok := s.trimPrefixAndSplit(key)
 	if !ok {
@@ -73,6 +79,8 @@ func NewSecretProvider(secretsManager SecretAPI, prefix string, trimPrefix strin
 }
 
 // trims the secret prefix and returns full secret ID with JSON field reference
+//
+//nolint:revive // no named return
 func (s *secretProvider) trimPrefixAndSplit(key string) (string, string, bool) {
 	if !strings.HasPrefix(key, s.trimPrefix) {
 		return "", "", false