Record the job that published an overlay status

[henrymercer]

This makes it easier to find the job that produced the status.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

• Advanced setup - Impacts users who have custom CodeQL workflows.
• Managed - Impacts users with dynamic workflows (Default Setup, Code Quality, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.
• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR adds job identification metadata to the overlay analysis status file stored in the GitHub Actions cache. When an overlay-base analysis fails to complete, the action now records the workflow run ID, run attempt number, and job name alongside the failure status, making it easier to trace which job produced the status.

Changes:

• New JobInfo interface and optional job field in OverlayStatus, plus a createOverlayStatus factory function that auto-populates job details from environment variables
• Refactored recordOverlayStatus in the post-helper to use createOverlayStatus instead of an object literal
• Updated tests to set the new required env vars and assert that job details are included in the saved overlay status

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File	Description
src/overlay/status.ts	Defines JobInfo interface, adds optional job field to OverlayStatus, adds createOverlayStatus factory
src/init-action-post-helper.ts	Uses new createOverlayStatus helper when recording overlay failure status
src/init-action-post-helper.test.ts	Sets GITHUB_RUN_ID, GITHUB_RUN_ATTEMPT, GITHUB_JOB env vars and asserts job info in saved status
lib/init-action-post.js	Auto-generated JS reflecting the TS source changes (not reviewed per convention)

[mbg]

Looks good. Just one small suggestion, but it's not really specific to this PR and would be out-of-place as a change here.

[mbg]

Minor: It might be nice to extend setupActionsVars with all environment variables that we'd typically expect in an Actions environment and modify it to accept an argument with a (partial) mapping of specific environment variables we want to set. Not necessarily something for this PR.

[henrymercer]

Good idea. I'll take a look at this in a separate PR.

[mbg]

I think we had a similar point on another PR recently: this is mostly equivalent to just checkRunId, except that with this the JobInfo object doesn't even contain the key? Do you think it's beneficial to explicitly not have the key, rather than it being set to undefined here? If so, it would be good to document why. Otherwise, change it to just checkRunId.

[mbg]

Should we also check that this is >= 0 (or similar)?