Ensure unqualified program names are present on PATH before executing them.

lib/external-queries.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
+const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 /**
  * Check out repository at the given ref, and return the directory of the checkout.
  */
@@ -22,12 +23,12 @@ async function checkoutExternalRepository(repository, ref, githubUrl, tempDir, l
     }
     if (!fs.existsSync(checkoutLocation)) {
         const repoURL = `${githubUrl}/${repository}`;
-        await new toolrunnner.ToolRunner("git", [
+        await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [
             "clone",
             repoURL,
             checkoutLocation,
         ]).exec();
-        await new toolrunnner.ToolRunner("git", [
+        await new toolrunnner.ToolRunner(await safeWhich.safeWhich("git"), [
             `--work-tree=${checkoutLocation}`,
             `--git-dir=${checkoutLocation}/.git`,
             "checkout",