Harden scheduler switch guards

[Pigbibi]

Summary

• include per-target scheduler timezone and trigger times in the Cloud Run sync plan
• use per-target scheduler config when syncing Cloud Scheduler jobs
• make heartbeat named scheduler fallback handle service-name aliases such as a Cloud Run service ending in -service
• derive runtime guard scheduler filters from configured services when no explicit pattern is set

Tests

• python -m pytest tests/test_execution_report_heartbeat.py tests/test_cloud_run_runtime_guard.py
• bash tests/test_sync_cloud_run_env_workflow.sh
• git diff --check

Note: local runtime_config_support collection needs pandas from the full CI dependency set, so the new sync-plan assertion is covered by GitHub CI.

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e26a3518ce

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Anchor the derived scheduler job pattern

When no explicit RUNTIME_GUARD_SCHEDULER_JOB_PATTERN is set, this returns an alternation of bare service names, and the caller applies it with regex.search() to every scheduler job_id. If a configured service name is a prefix/sub-string of another scheduler job (for example svc and svc-monthly-scheduler, or future account/slot variants), failures from the unrelated job are included and can trigger a Runtime Guard alert/failing workflow for the configured service set. Build the pattern from exact scheduler job names/suffixes or anchor/group the candidates so only the intended service jobs match.

Useful? React with 👍 / 👎.