Add status report for uploading databases to API

[henrymercer]

This PR adds a status report for uploading databases. This contains:

• The DB language
• The size of the zipped DB
• Whether the DB is an overlay base database
• How long the upload took
• Error information, if there was an error uploading the database.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Workflow types:

• Advanced setup - Impacts users who have custom CodeQL workflows.
• Managed - Impacts users with dynamic workflows (Default Setup, CCR, ...).

Products:

• Code Scanning - The changes impact analyses when analysis-kinds: code-scanning.

Environments:

• Dotcom - Impacts CodeQL workflows on github.com.

How did/will you validate this change?

• Test repository - This change will be tested on a test repository before merging.

See https://github.com/henrymercer-test-org/overlay-testing/actions/runs/20233483858/job/58082003115#step:5:5392

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Are there any special considerations for merging or releasing this change?

• No special considerations - This change can be merged at any time.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull request overview

This PR adds telemetry reporting for database upload operations to provide better observability into the upload process. The changes introduce a structured way to track upload success, failure, and performance metrics.

Key Changes

• Adds DatabaseUploadResult interface to capture upload metadata including language, size, timing, overlay base status, and error information
• Changes cleanupAndUploadDatabases to return upload results instead of void
• Integrates database upload results into the status reporting system

Reviewed changes

Copilot reviewed 3 out of 4 changed files in this pull request and generated no comments.

File	Description
src/database-upload.ts	Introduces DatabaseUploadResult interface and modifies cleanupAndUploadDatabases to collect and return upload telemetry for each language
src/analyze-action.ts	Updates status report interfaces and threading to include database upload results throughout the analyze action workflow
package-lock.json	Automatic npm metadata updates adding peer dependency markers
lib/analyze-action.js	Generated JavaScript code corresponding to TypeScript changes (not reviewed per guidelines)

[mbg]

Broadly looks good, just a couple of questions I had looking over the changes and one naming suggestion.

[mbg]

Any particular reason for using Date.now() for the measurement here rather than performance.now() that we use elsewhere?

[henrymercer]

performance.now() would be better 👍

[mbg]

If getErrorMessage(e) is useful here, would it also make sense in the log message above rather than just e?

[mbg]

I think this name is slightly misleading, because it also depends on the FF. Perhaps uploadOverlayDb would be a better name?

[mbg]

Thanks for addressing all the suggestions!

[henrymercer]

Fixed a merge conflict.