call setupActionsVars in the tests too

lib/codeql.test.js

@@ -30,6 +30,7 @@ const sampleGHAEApiDetails = {
 };
 ava_1.default("download codeql bundle cache", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         const versions = ["20200601", "20200610"];
         for (let i = 0; i < versions.length; i++) {
             const version = versions[i];
@@ -45,6 +46,7 @@ ava_1.default("download codeql bundle cache", async (t) => {
 });
 ava_1.default("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         nock_1.default("https://example.com")
             .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
             .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
@@ -59,6 +61,7 @@ ava_1.default("download codeql bundle cache explicitly requested with pinned dif
 });
 ava_1.default("don't download codeql bundle cache with pinned different version cached", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         nock_1.default("https://example.com")
             .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
             .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
@@ -71,6 +74,7 @@ ava_1.default("don't download codeql bundle cache with pinned different version
 });
 ava_1.default("download codeql bundle cache with different version cached (not pinned)", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         nock_1.default("https://example.com")
             .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
             .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
@@ -91,6 +95,7 @@ ava_1.default("download codeql bundle cache with different version cached (not p
 });
 ava_1.default('download codeql bundle cache with pinned different version cached if "latests" tools specified', async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         nock_1.default("https://example.com")
             .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
             .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`));
@@ -111,6 +116,7 @@ ava_1.default('download codeql bundle cache with pinned different version cached
 });
 ava_1.default("download codeql bundle from github ae endpoint", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
+        util.setupActionsVars(tmpDir, tmpDir);
         const bundleAssetID = 10;
         const platform = process.platform === "win32"
             ? "win64"

lib/runner.js

@@ -77,21 +77,6 @@ function parseTraceProcessLevel() {
     }
     return undefined;
 }
-// Sets environment variables that make using some libraries designed for
-// use only on actions safe to use outside of actions.
-//
-// Obviously this is not a tremendously great thing we're doing and it
-// would be better to write our own implementation of libraries to use
-// outside of actions. For now this works well enough.
-//
-// Currently this list of libraries that is deemed to now be safe includes:
-// - @actions/tool-cache
-//
-// Also see "queries/unguarded-action-lib.ql".
-function setupActionsVars(tempDir, toolsDir) {
-    process.env["RUNNER_TEMP"] = tempDir;
-    process.env["RUNNER_TOOL_CACHE"] = toolsDir;
-}
 program
     .command("init")
     .description("Initializes CodeQL")
@@ -115,7 +100,7 @@ program
     try {
         const tempDir = getTempDir(cmd.tempDir);
         const toolsDir = getToolsDir(cmd.toolsDir);
-        setupActionsVars(tempDir, toolsDir);
+        util_1.setupActionsVars(tempDir, toolsDir);
         // Wipe the temp dir
         logger.info(`Cleaning temp directory ${tempDir}`);
         fs.rmdirSync(tempDir, { recursive: true });
@@ -195,7 +180,7 @@ program
             throw new Error("Config file could not be found at expected location. " +
                 "Was the 'init' command run with the same '--temp-dir' argument as this command.");
         }
-        setupActionsVars(config.tempDir, config.toolCacheDir);
+        util_1.setupActionsVars(config.tempDir, config.toolCacheDir);
         importTracerEnvironment(config);
         let language = undefined;
         if (cmd.language !== undefined) {
@@ -244,7 +229,7 @@ program
             throw new Error("Config file could not be found at expected location. " +
                 "Was the 'init' command run with the same '--temp-dir' argument as this command.");
         }
-        setupActionsVars(config.tempDir, config.toolCacheDir);
+        util_1.setupActionsVars(config.tempDir, config.toolCacheDir);
         const auth = await util_1.getGitHubAuth(logger, cmd.githubAuth, cmd.githubAuthStdin);
         const apiDetails = {
             auth,

lib/util.js

@@ -320,4 +320,20 @@ async function getGitHubAuth(logger, githubAuth, fromStdIn, readable = process.s
     throw new Error("No GitHub authentication token was specified. Please provide a token via the GITHUB_TOKEN environment variable, or by adding the `--github-auth-stdin` flag and passing the token via standard input.");
 }
 exports.getGitHubAuth = getGitHubAuth;
+// Sets environment variables that make using some libraries designed for
+// use only on actions safe to use outside of actions.
+//
+// Obviously this is not a tremendously great thing we're doing and it
+// would be better to write our own implementation of libraries to use
+// outside of actions. For now this works well enough.
+//
+// Currently this list of libraries that is deemed to now be safe includes:
+// - @actions/tool-cache
+//
+// Also see "queries/unguarded-action-lib.ql".
+function setupActionsVars(tempDir, toolsDir) {
+    process.env["RUNNER_TEMP"] = tempDir;
+    process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+}
+exports.setupActionsVars = setupActionsVars;
 //# sourceMappingURL=util.js.map

queries/unguarded-action-lib.ql

@@ -65,7 +65,7 @@ class RunnerEntrypoint extends Function {
    * Does this runner entry point set the RUNNER_TEMP and
    * RUNNER_TOOL_CACHE env vars which make some actions libraries
    * safe to use outside of actions.
-   * See "setupActionsVars" in "runner.ts".
+   * See "setupActionsVars" in "util.ts".
    */
   predicate setsActionsEnvVars() {
     // This is matching code of the following format, where "this"

src/codeql.test.ts

@@ -24,6 +24,8 @@ const sampleGHAEApiDetails = {
 
 test("download codeql bundle cache", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     const versions = ["20200601", "20200610"];
 
     for (let i = 0; i < versions.length; i++) {
@@ -56,6 +58,8 @@ test("download codeql bundle cache", async (t) => {
 
 test("download codeql bundle cache explicitly requested with pinned different version cached", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -96,6 +100,8 @@ test("download codeql bundle cache explicitly requested with pinned different ve
 
 test("don't download codeql bundle cache with pinned different version cached", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -131,6 +137,8 @@ test("don't download codeql bundle cache with pinned different version cached",
 
 test("download codeql bundle cache with different version cached (not pinned)", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -181,6 +189,8 @@ test("download codeql bundle cache with different version cached (not pinned)",
 
 test('download codeql bundle cache with pinned different version cached if "latests" tools specified', async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     nock("https://example.com")
       .get(`/download/codeql-bundle-20200601/codeql-bundle.tar.gz`)
       .replyWithFile(
@@ -232,6 +242,8 @@ test('download codeql bundle cache with pinned different version cached if "late
 
 test("download codeql bundle from github ae endpoint", async (t) => {
   await util.withTmpDir(async (tmpDir) => {
+    util.setupActionsVars(tmpDir, tmpDir);
+
     const bundleAssetID = 10;
 
     const platform =

src/runner.ts

@@ -21,6 +21,7 @@ import {
   getThreadsFlag,
   parseGithubUrl,
   getGitHubAuth,
+  setupActionsVars,
 } from "./util";
 
 const program = new Command();
@@ -86,22 +87,6 @@ function parseTraceProcessLevel(): number | undefined {
   return undefined;
 }
 
-// Sets environment variables that make using some libraries designed for
-// use only on actions safe to use outside of actions.
-//
-// Obviously this is not a tremendously great thing we're doing and it
-// would be better to write our own implementation of libraries to use
-// outside of actions. For now this works well enough.
-//
-// Currently this list of libraries that is deemed to now be safe includes:
-// - @actions/tool-cache
-//
-// Also see "queries/unguarded-action-lib.ql".
-function setupActionsVars(tempDir: string, toolsDir: string) {
-  process.env["RUNNER_TEMP"] = tempDir;
-  process.env["RUNNER_TOOL_CACHE"] = toolsDir;
-}
-
 interface InitArgs {
   languages: string | undefined;
   queries: string | undefined;

src/util.ts

@@ -390,3 +390,19 @@ export async function getGitHubAuth(
     "No GitHub authentication token was specified. Please provide a token via the GITHUB_TOKEN environment variable, or by adding the `--github-auth-stdin` flag and passing the token via standard input."
   );
 }
+
+// Sets environment variables that make using some libraries designed for
+// use only on actions safe to use outside of actions.
+//
+// Obviously this is not a tremendously great thing we're doing and it
+// would be better to write our own implementation of libraries to use
+// outside of actions. For now this works well enough.
+//
+// Currently this list of libraries that is deemed to now be safe includes:
+// - @actions/tool-cache
+//
+// Also see "queries/unguarded-action-lib.ql".
+export function setupActionsVars(tempDir: string, toolsDir: string) {
+  process.env["RUNNER_TEMP"] = tempDir;
+  process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+}