Mutliple codestar connections

[cadmiumcat]

What problem does this pull request solve?

Allow for multiple codestar connections while we migrate our repos to a new GitHub organisation (alphagov--> govuk-forms).

Once we've finished migrating all repos, we can revert these code changes, and simple use the new codestar arns.

I am not adding a codestar connection for the integration account because we're no longer going to need it (#1959)

Trello card:

Things to consider when reviewing

This should be a no-op in most cases.
For anything referring to the forms-product-page repo, the codestar connection should be the one associated with the govuk-form repo.

• Ensure that you consider the wider context.
• Does it work when run on your machine?
• Is it clear what the code is doing?
• Do the commit messages explain why the changes were made?
• Are there all the unit tests needed?
• Has all relevant documentation been updated?

Reminders

If you've made changes to the deployer role (files in modules/deployer-access):

• Remember to run make <environment> forms/account apply on the relevant environments (dev, staging, user-research, and/or prod)
• Check the #govuk-forms-deployment-notifications Slack channel to ensure the apply-forms-terraform-<environment> pipelines have run successfully

[Copilot]

Pull request overview

Enable multiple AWS CodeStar/CodeConnections ARNs to support a phased migration of repositories from the alphagov GitHub org to govuk-forms, while selecting the appropriate connection per pipeline/module.

Changes:

• Change codestar_connection_arn inputs from a single string to an object with alphagov and govuk-forms ARNs across integration/forms/deploy stacks.
• Update CodePipeline/Image Builder/GHA runner wiring to reference the correct connection (.alphagov vs .govuk-forms) based on repository.
• Update environment/account tfvars to provide both ARNs (where available).

Reviewed changes

Copilot reviewed 25 out of 25 changed files in this pull request and generated 6 comments.

Show a summary per file

File	Description
infra/deployments/integration/tfvars/integration.tfvars	Switch integration tfvars to object-based connection ARNs (currently leaves govuk-forms empty).
infra/deployments/integration/review/github_actions_runner.tf	Select connection per app runner; product page uses govuk-forms.
infra/deployments/integration/review/gha-runner/inputs.tf	Adjust gha-runner module inputs for the new connection shape (type currently removed).
infra/deployments/integration/inputs.tf	Update integration stack variable type for codestar_connection_arn.
infra/deployments/forms/tfvars/user-research.tfvars	Provide both alphagov and govuk-forms connection ARNs.
infra/deployments/forms/tfvars/staging.tfvars	Provide both alphagov and govuk-forms connection ARNs.
infra/deployments/forms/tfvars/production.tfvars	Provide both alphagov and govuk-forms connection ARNs.
infra/deployments/forms/tfvars/dev.tfvars	Provide both alphagov and govuk-forms connection ARNs.
infra/deployments/forms/pipelines/deploy-forms-runner-container.tf	Update pipeline/module wiring to use codestar_connection_arn.alphagov.
infra/deployments/forms/pipelines/deploy-forms-product-page-container.tf	Update pipeline/module wiring to use codestar_connection_arn.alphagov (for e2e tests source).
infra/deployments/forms/pipelines/deploy-forms-admin-container.tf	Update pipeline/module wiring to use codestar_connection_arn.alphagov.
infra/deployments/forms/pipelines/apply-terraform.tf	Update source actions/modules to use codestar_connection_arn.alphagov.
infra/deployments/forms/inputs.tf	Change codestar_connection_arn variable type to an object with two org keys.
infra/deployments/forms/account/tfvars/user-research.tfvars	Provide both connection ARNs at the account layer.
infra/deployments/forms/account/tfvars/staging.tfvars	Provide both connection ARNs at the account layer.
infra/deployments/forms/account/tfvars/production.tfvars	Provide both connection ARNs at the account layer.
infra/deployments/forms/account/tfvars/dev.tfvars	Provide both connection ARNs at the account layer.
infra/deployments/forms/account/inputs.tf	Change codestar_connection_arn type to a two-key object.
infra/deployments/forms/account/engineer-access.tf	Pass codestar_connection_arn.alphagov into engineer access module.
infra/deployments/forms/account/deployer-access.tf	Pass codestar_connection_arn.alphagov into deployer access module.
infra/deployments/deploy/tools/pipeline-visualiser-pipeline.tf	Use .alphagov for pipeline source and broaden connection resources list in IAM policy doc.
infra/deployments/deploy/inputs.tf	Change deploy codestar_connection_arn to object with defaults for both orgs.
infra/deployments/deploy/image-builders/main.tf	Use govuk-forms connection for product page image builder, alphagov for others.
infra/deployments/deploy/engineer-access/roles.tf	Pass codestar_connection_arn.alphagov into deploy engineer access module.
infra/deployments/deploy/e2e-tests-image-builder/main.tf	Pass codestar_connection_arn.alphagov into e2e image pipeline module.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[whi-tw]

Agree with the nullable thing from copilot!

Not sure what to do about integration. I think it's fine here though - we can rip out the codestar stuff as part of the 'stop using hosted runners' PR.