github
diff --git a/‎lib/codeql.test.js‎
Lines changed: 6 additions & 0 deletions b/‎lib/codeql.test.js‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎lib/codeql.test.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/codeql.test.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/runner.js‎
Lines changed: 3 additions & 18 deletions b/‎lib/runner.js‎
Lines changed: 3 additions & 18 deletions
diff --git a/‎lib/runner.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/runner.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/util.js‎
Lines changed: 16 additions & 0 deletions b/‎lib/util.js‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎lib/util.js.map‎
Lines changed: 1 addition & 1 deletion b/‎lib/util.js.map‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎queries/unguarded-action-lib.ql‎
Lines changed: 1 addition & 1 deletion b/‎queries/unguarded-action-lib.ql‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎src/codeql.test.ts‎
Lines changed: 12 additions & 0 deletions b/‎src/codeql.test.ts‎
Lines changed: 12 additions & 0 deletions
diff --git a/‎src/runner.ts‎
Lines changed: 1 addition & 16 deletions b/‎src/runner.ts‎
Lines changed: 1 addition & 16 deletions
diff --git a/‎src/util.ts‎
Lines changed: 16 additions & 0 deletions b/‎src/util.ts‎
Lines changed: 16 additions & 0 deletions
@@ -65,7 +65,7 @@ class RunnerEntrypoint extends Function {
    * Does this runner entry point set the RUNNER_TEMP and
    * RUNNER_TOOL_CACHE env vars which make some actions libraries
    * safe to use outside of actions.
-   * See "setupActionsVars" in "runner.ts".
+   * See "setupActionsVars" in "util.ts".
    */
   predicate setsActionsEnvVars() {
     // This is matching code of the following format, where "this"
 
@@ -24,6 +24,8 @@ const sampleGHAEApiDetails = {
 
 test("download codeql bundle cache", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     const versions = ["20200601", "20200610"];
 
     for (let i = 0; i < versions.length; i++) {
@@ -56,6 +58,8 @@ test("download codeql bundle cache", async (t) => {
 
 test("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -96,6 +100,8 @@ test("download codeql bundle cache explicitly requested with pinned different ve
 
 test("don't download codeql bundle cache with pinned different version cached", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -131,6 +137,8 @@ test("don't download codeql bundle cache with pinned different version cached",
 
 test("download codeql bundle cache with different version cached (not pinned)", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -181,6 +189,8 @@ test("download codeql bundle cache with different version cached (not pinned)",
 
 test('download codeql bundle cache with pinned different version cached if "latests" tools specified', async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -232,6 +242,8 @@ test('download codeql bundle cache with pinned different version cached if "late
 
 test("download codeql bundle from github ae endpoint", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     const bundleAssetID = 10;
 
     const platform =
 
@@ -21,6 +21,7 @@ import {
   getThreadsFlag,
   parseGithubUrl,
   getGitHubAuth,
+  setupActionsVars,
 } from "./util";
 
 const program = new Command();
@@ -86,22 +87,6 @@ function parseTraceProcessLevel(): number | undefined {
   return undefined;
 }
 
-// Sets environment variables that make using some libraries designed for
-// use only on actions safe to use outside of actions.
-//
-// Obviously this is not a tremendously great thing we're doing and it
-// would be better to write our own implementation of libraries to use
-// outside of actions. For now this works well enough.
-//
-// Currently this list of libraries that is deemed to now be safe includes:
-// - @actions/tool-cache
-//
-// Also see "queries/unguarded-action-lib.ql".
-function setupActionsVars(tempDir: string, toolsDir: string) {
-  process.env["RUNNER_TEMP"] = tempDir;
-  process.env["RUNNER_TOOL_CACHE"] = toolsDir;
-}
-
 interface InitArgs {
   languages: string | undefined;
   queries: string | undefined;
 
@@ -390,3 +390,19 @@ export async function getGitHubAuth(
     "No GitHub authentication token was specified. Please provide a token via the GITHUB_TOKEN environment variable, or by adding the `--github-auth-stdin` flag and passing the token via standard input."
   );
 }
+
+// Sets environment variables that make using some libraries designed for
+// use only on actions safe to use outside of actions.
+//
+// Obviously this is not a tremendously great thing we're doing and it
+// would be better to write our own implementation of libraries to use
+// outside of actions. For now this works well enough.
+//
+// Currently this list of libraries that is deemed to now be safe includes:
+// - @actions/tool-cache
+//
+// Also see "queries/unguarded-action-lib.ql".
+export function setupActionsVars(tempDir: string, toolsDir: string) {
+  process.env["RUNNER_TEMP"] = tempDir;
+  process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+}