Turn enablement errors into configuration errors

[mbg]

This PR adds more cases to wrapApiConfigurationError where we want specific errors to be treated as ConfigurationErrors.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

• Advanced setup - Impacts users who have custom workflows.
• Default setup - Impacts users who use default setup.
• Code Scanning - Impacts Code Scanning (i.e. analysis-kinds: code-scanning).
• Third-party analyses - Impacts third-party analyses (i.e. upload-sarif).
• GHES - Impacts GitHub Enterprise Server.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull Request Overview

This PR improves error handling for GitHub Security feature enablement errors by providing more user-friendly messages when features like Code Security, Advanced Security, or Code Scanning are not enabled.

Key changes:

• Added an isEnablementError helper function to detect enablement-related error messages
• Enhanced wrapApiConfigurationError to wrap enablement errors with clearer guidance
• Added comprehensive test coverage for the three enablement error scenarios

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
src/api-client.ts	Added isEnablementError helper and integrated enablement error checking into wrapApiConfigurationError
src/api-client.test.ts	Added test cases for Code Security, Advanced Security, and Code Scanning enablement errors
lib/upload-sarif-action.js	Generated JavaScript code from TypeScript source
lib/upload-lib.js	Generated JavaScript code from TypeScript source
lib/setup-codeql-action.js	Generated JavaScript code from TypeScript source
lib/init-action.js	Generated JavaScript code from TypeScript source
lib/init-action-post.js	Generated JavaScript code from TypeScript source
lib/analyze-action.js	Generated JavaScript code from TypeScript source

[esbena]

LGTM with two minor things to consider.

[esbena]

I find the test messages a bit brittle since they do exact matching on the user-facing texts, but I find it unlikely to result in significant churn, so 👍🏻

[mbg]

I have wrapped this up in a function to avoid the duplication in case we want to change it down the line. Ideally, I would have put it in error-messages.ts but that currently (transitively) depends on api-client.ts and I didn't want to refactor that as part of this PR so I have left a TODO comment for it.