deployment correlate-image: include ci_env in request payload

[DaniFdz]

What this changes

Two related fixes to the deployment correlate and deployment correlate-image commands:

1. correlate-image now sends a ci_env attribute on its request payload, mirroring the sibling correlate (GitOps) command. The backend uses it to derive pipeline_correlation_id and job_correlation_id.
2. Both commands now read the GitHub Actions numeric check run ID from the runner diagnostic log files (via getGithubJobIDFromLogs) before building the CI span tags, so ci.job.id carries the numeric ID instead of the workflow job name.

Why

The backend (/api/v2/ci/deployments/correlate-image in dd-source) needs ci_env to derive CI correlation IDs. Same wire shape as correlate so we are not inventing a new format.

For GitHub Actions, the numeric check run ID is not in any standard env var. It only lives in the runner diagnostic log files. The CI visibility commands (junit upload, trace) already use this approach. Without it, ci.job.id ends up being the workflow job name (for example "build"), the backend cannot parse that as an int64, and job_correlation_id stays empty on every GitHub deployment.

Example payload

{
  "data": {
    "type": "ci_deployment_correlate_image",
    "attributes": {
      "commit_sha": "abcdef",
      "repository_url": "https://github.com/DataDog/example",
      "image": "my-image:latest",
      "ci_env": {
        "ci.job.id": "29891234567",
        "ci.pipeline.id": "12345",
        "ci.provider.name": "github",
        "GITHUB_SERVER_URL": "https://github.com",
        "GITHUB_REPOSITORY": "DataDog/example",
        "GITHUB_RUN_ID": "12345",
        "GITHUB_RUN_ATTEMPT": "1"
      }
    }
  }
}

Companion backend PRs

• DataDog/dd-source#443772 (writer for correlate-image + ci.job.id fix)
• DataDog/dd-source#445158 (same ci.job.id fix on the existing correlate endpoint)
• DataDog/dd-go#238027 (reader on the ArgoCD path)

Safe to ship before the backends land. Older endpoint versions ignore unknown attributes.

Test plan

• yarn test packages/plugin-deployment/src/__tests__/correlate-image.test.ts passes, including new coverage for ci_env population.
• yarn lint clean.
• Validated end-to-end in staging.

[datadog-datadog-prod-us1]

🎉 All green!

🧪 All tests passed
❄️ No new flaky tests detected

_{This comment will be updated automatically if new data arrives.
🔗 Commit SHA: 9db901b | Docs | Datadog PR Page | Give us feedback!}

[Aaron-9900]

This one is legacy. I'd avoid updating it in any way

[DaniFdz]

Reverted in 9db901b3. Kept the change scoped to correlate-image.ts only.

Side note: dd-source#445158 still applies the same ci.job.id fix on the GitOps correlate endpoint backend. If correlate is fully deprecated and we expect no more customer traffic on it, we can close #445158 and roll it back. Otherwise the backend fix is harmless and helps any legacy customers still on the GitOps flow. Up to you.

[DaniFdz]

/merge

[gh-worker-devflow-routing-ef8351]

View all feedbacks in Devflow UI.

2026-05-22 11:03:07 UTC ℹ️ Start processing command /merge

---

2026-05-22 11:03:13 UTC ℹ️ MergeQueue: waiting for PR to be ready

This pull request is not mergeable according to GitHub. Common reasons include pending required checks, missing approvals, or merge conflicts — but it could also be blocked by other repository rules or settings.
It will be added to the queue as soon as checks pass and/or get approvals. View in MergeQueue UI.
Note: if you pushed new commits since the last approval, you may need additional approval.
You can remove it from the waiting list with /remove command.

---

2026-05-22 15:52:18 UTC ⚠️ MergeQueue: This merge request was unqueued

devflow unqueued this merge request: It did not become mergeable within the expected time