Report some types of errors in start-proxy status reports

[mbg]

This PR allows the start-proxy action to report some types of errors in status reports. The basic idea here is that we have a StartProxyErrorType enum to represent types of failures we care about, with associated, fixed error messages. We then have a StartProxyError type for exceptions which only accepts members of the StartProxyErrorType enum as messages.

Most of the size of this PR comes from refactoring functions from start-proxy-action to start-proxy to make it easier to handle the individual error cases, and to add better unit test coverage.

Best reviewed commit-by-commit.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

• Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
• Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
• GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

• Test repository - This change will be tested on a test repository before merging.
• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[henrymercer]

From what I can tell, the idea behind this test is that while the DownloadFailed error message would normally be regarded as safe, here the error object is not an instance of StartProxyError and it is therefore rejected.

I think it would be clearer to have a test that throws a different error message, and verifies the message that is sent to createStatusReportBase precisely (i.e. checking for "Error from start-proxy Action omitted" rather than the full original error message not being present).

Also, it might be worth adding a similar test for the top-level runWrapper. Note we'd have to follow the pattern of analyze-action in having one file per test case.

[mbg]

I think it would be clearer to have a test that throws a different error message, and verifies the message that is sent to createStatusReportBase precisely (i.e. checking for "Error from start-proxy Action omitted" rather than the full original error message not being present).

I have added more tests here to cover various cases, and named them differently.

Also, it might be worth adding a similar test for the top-level runWrapper. Note we'd have to follow the pattern of analyze-action in having one file per test case.

I have some thoughts on this, but they are outside of the scope of this PR I think.