Test connections to private registries in start-proxy

[mbg]

Modifies the start-proxy action to perform a basic connectivity test for each configured private registry. The outcomes of these tests are logged. The implementation is designed to be tolerant to failures and is gated behind a new FF.

Note that this PR includes the approved changes from #3438 in the first commit.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

• Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.
• Code Quality - The changes impact analyses when analysis-kinds: code-quality.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com and/or GitHub Enterprise Cloud with Data Residency.
• GHES - Impacts CodeQL workflows on GitHub Enterprise Server.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

Adds an (FF-gated) connectivity check in the start-proxy action to probe each configured private registry and log the outcome, along with the supporting types, tests, and dependency updates.

Changes:

• Introduces checkConnections + ReachabilityBackend abstraction to test registry reachability via the local proxy.
• Updates start-proxy-action to return proxy connection details and (optionally) run the reachability checks behind a new feature flag.
• Adds https-proxy-agent dependency and the new start_proxy_connection_checks feature flag.

Reviewed changes

Copilot reviewed 18 out of 20 changed files in this pull request and generated 34 comments.

Show a summary per file

File	Description
src/start-proxy/types.ts	Adds shared types for registries/credentials and a ProxyInfo return type.
src/start-proxy/reachability.ts	Implements proxy-based reachability checks and related error type/backends.
src/start-proxy/reachability.test.ts	Adds unit tests for reachability-check logging and filtering behavior.
src/start-proxy.ts	Moves Credential definition to shared types and re-exports types.
src/start-proxy-action.ts	Initializes feature flags and (FF-gated) triggers reachability checks after starting proxy.
src/feature-flags.ts	Adds StartProxyConnectionChecks feature flag + env var wiring.
package.json	Adds https-proxy-agent dependency.
package-lock.json	Locks https-proxy-agent dependency version and metadata.
lib/upload-sarif-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/upload-sarif-action-post.js	Generated JS update reflecting dependency/feature-flag additions.
lib/upload-lib.js	Generated JS update reflecting dependency/feature-flag additions.
lib/start-proxy-action-post.js	Generated JS update reflecting dependency/feature-flag additions.
lib/setup-codeql-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/resolve-environment-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/init-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/init-action-post.js	Generated JS update reflecting dependency/feature-flag additions.
lib/autobuild-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/analyze-action.js	Generated JS update reflecting dependency/feature-flag additions.
lib/analyze-action-post.js	Generated JS update reflecting dependency/feature-flag additions.