DPC-4472 dedupe workflows (#2391)

## 🎫 Ticket

https://jira.cms.gov/browse/DPC-4472

## 🛠 Changes

- logic for deploying api-waf-sync, opt-out-import, opt-out-export
consolidated to deploy_go.yml
- workflows differentiated by environment consolidated into single
workflows with environment variable

## ℹ️ Context

Rampant duplication of code consolidated for ease of maintenance and for
running workflows.

## 🧪 Validation

Deploy workflows ran automatically and passed tests (see checks).

Author: jdettmannnava

.github/workflows/api-waf-sync-deploy.yml

@@ -0,0 +1,36 @@
+name: api-waf-sync dev deploy
+
+on:
+  workflow_call:
+    inputs:
+      env:
+        description: AWS environment to deploy to
+        required: true
+        type: string
+        default: "dev"
+
+  workflow_dispatch:
+    inputs:
+      env:
+        description: AWS environment to deploy to
+        required: true
+        type: string
+        default: "dev"
+
+  push:
+    branches:
+      - main
+    paths:
+      - lambda/api-waf-sync/**
+      - .github/workflows/api-waf-sync-deploy.yml
+      - .github/workflows/deploy_go_lambda.yml
+
+jobs:
+  deploy:
+    name: 'Deploy API WAF sync'
+    uses: ./.github/workflows/deploy_go_lambda.yml
+    with:
+      env: dev # ${{ inputs.env || 'dev' }} currently only available on dev
+      project: api-waf-sync
+      go_files: "main.go db.go aws.go"
+    secrets: inherit

.github/workflows/api-waf-sync-dev-deploy.yml

@@ -4,7 +4,8 @@ on:
   pull_request:
     paths:
       - .github/workflows/api-waf-sync-test-integration.yml
-      - .github/workflows/api-waf-sync-test-deploy.yml
+      - .github/workflows/api-waf-sync-deploy.yml
+      - .github/workflows/deploy_go_lambda.yml
       - lambda/api-waf-sync/**
   workflow_dispatch:
 
@@ -16,7 +17,9 @@ jobs:
   # Deploy first if triggered by pull_request
   deploy:
     if: ${{ github.event_name == 'pull_request' }}
-    uses: ./.github/workflows/api-waf-sync-test-deploy.yml
+    uses: ./.github/workflows/api-waf-sync-deploy.yml
+    with:
+      env: dev
     secrets: inherit
 
   trigger:

.github/workflows/api-waf-sync-prod-deploy.yml

@@ -0,0 +1,72 @@
+name: Deploy go lambda
+
+on:
+  workflow_call:
+    inputs:
+      env:
+        description: AWS environment to deploy to
+        required: true
+        type: string
+      project:
+        description: Project name
+        required: true
+        type: string
+      go_files:
+        description: space-delimited go files
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    name: "Build and Deploy"
+    if: ${{ inputs.env != 'prod' }}
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./lambda/${{ inputs.project }}
+    environment: ${{ inputs.env }}
+    steps:
+      - uses: actions/checkout@v4
+      - uses: actions/setup-go@v5
+      - name: Build ${{ inputs.project }} zip file
+        env:
+          CGO_ENABLED: 0
+        run: |
+          go build -o bootstrap ${{ inputs.go_files }}
+          zip function.zip bootstrap
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-${{ inputs.env }}-github-actions
+      - name: Upload and reload
+        env:
+          LABEL: ${{ inputs.env }}-${{ inputs.project }}
+        run: |
+          aws s3 cp --no-progress function.zip \
+            s3://dpc-$LABEL-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name dpc-$LABEL \
+            --s3-bucket dpc-$LABEL-function --s3-key function-${{ github.sha }}.zip
+
+  promote:
+    name: "Promote to prod"
+    if: ${{ inputs.env == 'prod' }}
+    permissions:
+      contents: read
+      id-token: write
+    runs-on: ubuntu-latest
+    environment: prod
+    steps:
+      - uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ vars.AWS_REGION }}
+          role-to-assume: arn:aws:iam::${{ secrets.ACCOUNT_ID }}:role/delegatedadmin/developer/dpc-prod-github-actions
+      - name: Promote lambda code from test to prod
+        run: |
+          aws s3 cp --no-progress \
+            s3://dpc-test-${{ inputs.project }}-function/function-${{ github.sha }}.zip \
+            s3://dpc-prod-${{ inputs.project }}-function/function-${{ github.sha }}.zip
+          aws lambda update-function-code --function-name dpc-prod-${{ inputs.project }} \
+            --s3-bucket dpc-prod-${{ inputs.project }}-function --s3-key function-${{ github.sha }}.zip

.github/workflows/api-waf-sync-test-deploy.yml

@@ -0,0 +1,36 @@
+name: opt-out-export deploy
+
+on:
+  workflow_call:
+    inputs:
+      env:
+        description: AWS environment to deploy to
+        required: true
+        type: string
+        default: "dev"
+
+  workflow_dispatch:
+    inputs:
+      env:
+        description: AWS environment to deploy to
+        required: true
+        type: string
+        default: "dev"
+
+  push:
+    branches:
+      - main
+    paths:
+      - lambda/opt-out-export/**
+      - .github/workflows/opt-out-export-deploy.yml
+      - .github/workflows/deploy_go_lambda.yml
+
+jobs:
+  deploy:
+    name: 'Deploy Opt Out Export'
+    uses: ./.github/workflows/deploy_go_lambda.yml
+    with:
+      env: ${{ inputs.env || 'dev' }}
+      project: opt-out-export
+      go_files: "main.go db.go"
+    secrets: inherit