Permission issues when vale-action runs on latest after v3 CLI release

[carolstran]

Description

Following the Vale CLI v3.0.0 release, we've noticed the vale-action runs into permissions issues that causes the workflow to pass even when errors are present and fail_on_error is true.

This happens right after the workflow runs vale with reviewdog:

Warning

You also have the same issue in your runner / vale job run on the Vale CLI repo.

Screenshot (in case the logs expire)

I opened a pull request with known issues and used tmate to reproduce the action. Then when running the same command (but with sudo permissions), it produces the expected output.

Screenshot of tmate repro output

Vale versions

• Introduced with 3.0.0 and persists with 3.1.1
• 2.30.0 or lower works as expected (if you revert the folder structure changes for Vocabularies)

Example outputs

3.0.0

Shows mkdir /.local: permission denied

Job logs

Screenshot (in case the logs expire)

2.30.0

Works as expected (this run should fail because there are known errors in this PR)

Job logs

Screenshot (in case the logs expire)

Environment

My default workflow (source code):

jobs:
  vale:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: errata-ai/vale-action@reviewdog
        with:
          fail_on_error: true
          vale_flags: "--minAlertLevel=error"
        env:
          GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}

GITHUB_TOKEN Permissions
  Actions: write
  Checks: write
  Contents: write
  Deployments: write
  Discussions: write
  Issues: write
  Metadata: read
  Packages: write
  Pages: write
  PullRequests: write
  RepositoryProjects: write
  SecurityEvents: write
  Statuses: write

I've also tried...

• Setting explicit GITHUB_TOKEN permissions
• Defining the token input explicitly
• Setting up the env file earlier in the action

[jdkato]

This should be fixed now.

[carolstran]

@jdkato Thanks so much! Out of curiosity, what was the issue and which commit fixed it?