fix: enable token auth for private reusable workflows

act/runner/reusable_workflow.go

@@ -71,8 +71,8 @@ func newRemoteReusableWorkflowExecutor(rc *RunContext) common.Executor {
 	filename := fmt.Sprintf("%s/%s@%s", remoteReusableWorkflow.Org, remoteReusableWorkflow.Repo, remoteReusableWorkflow.Ref)
 	workflowDir := fmt.Sprintf("%s/%s", rc.ActionCacheDir(), safeFilename(filename))
 
-	// FIXME: if the reusable workflow is from a private repository, we need to provide a token to access the repository.
-	token := ""
+	// If the repository is private, we need a token to clone it
+	token := rc.Config.GetToken()
 
 	if rc.Config.ActionCache != nil {
 		return newActionCacheReusableWorkflowExecutor(rc, filename, remoteReusableWorkflow)

act/runner/runner.go

@@ -76,12 +76,16 @@ type Config struct {
 	ContainerNetworkEnableIPv6 bool // create the network with IPv6 support enabled
 }
 
-// GetToken: Adapt to Gitea
+// GetToken returns the authentication token for git operations.
+// Priority: ACTIONS_TOKEN > GITEA_TOKEN > GITHUB_TOKEN
 func (c Config) GetToken() string {
 	token := c.Secrets["GITHUB_TOKEN"]
 	if c.Secrets["GITEA_TOKEN"] != "" {
 		token = c.Secrets["GITEA_TOKEN"]
 	}
+	if c.Secrets["ACTIONS_TOKEN"] != "" {
+		token = c.Secrets["ACTIONS_TOKEN"]
+	}
 	return token
 }