diff --git a/models/fixtures/action_run.yml b/models/fixtures/action_run.yml
index a42ab77ca5b..71037dcc1f2 100644
--- a/models/fixtures/action_run.yml
+++ b/models/fixtures/action_run.yml
@@ -36,3 +36,22 @@
   updated: 1683636626
   need_approval: 0
   approved_by: 0
+-
+  id: 793
+  title: "use a private action"
+  repo_id: 6
+  owner_id: 10
+  workflow_id: "run.yaml"
+  index: 189
+  trigger_user_id: 10
+  ref: "refs/heads/master"
+  commit_sha: "c2d72f548424103f01ee1dc02889c1e2bff816b0"
+  event: "push"
+  is_fork_pull_request: 0
+  status: 1
+  started: 1683636528
+  stopped: 1683636626
+  created: 1683636108
+  updated: 1683636626
+  need_approval: 0
+  approved_by: 0
diff --git a/models/fixtures/action_run_job.yml b/models/fixtures/action_run_job.yml
index fd90f4fd5d2..c5f02421371 100644
--- a/models/fixtures/action_run_job.yml
+++ b/models/fixtures/action_run_job.yml
@@ -26,3 +26,17 @@
   status: 1
   started: 1683636528
   stopped: 1683636626
+-
+  id: 194
+  run_id: 793
+  repo_id: 6
+  owner_id: 10
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  name: job_2
+  attempt: 1
+  job_id: job_2
+  task_id: 48
+  status: 1
+  started: 1683636528
+  stopped: 1683636626
diff --git a/models/fixtures/action_task.yml b/models/fixtures/action_task.yml
index d88a8ed8a91..0252677fa5d 100644
--- a/models/fixtures/action_task.yml
+++ b/models/fixtures/action_task.yml
@@ -57,3 +57,23 @@
   log_length: 707
   log_size: 90179
   log_expired: 0
+-
+  id: 49
+  job_id: 194
+  attempt: 1
+  runner_id: 1
+  status: 6 # 6 is the status code for "running"
+  started: 1683636528
+  stopped: 1683636626
+  repo_id: 6
+  owner_id: 10
+  commit_sha: c2d72f548424103f01ee1dc02889c1e2bff816b0
+  is_fork_pull_request: 0
+  token_hash: b8d3962425466b6709b9ac51446f93260c54afe8e7b6d3686e34f991fb8a8953822b0deed86fe41a103f34bc48dbc478422b
+  token_salt: ERxJGHvg3I
+  token_last_eight: 182199eb
+  log_filename: collaborative-owner-test/1a/49.log
+  log_in_storage: 1
+  log_length: 707
+  log_size: 90179
+  log_expired: 0
diff --git a/models/fixtures/repo_unit.yml b/models/fixtures/repo_unit.yml
index f6b6252da1f..f8bb8ef0d32 100644
--- a/models/fixtures/repo_unit.yml
+++ b/models/fixtures/repo_unit.yml
@@ -733,3 +733,10 @@
   type: 3
   config: "{\"IgnoreWhitespaceConflicts\":false,\"AllowMerge\":true,\"AllowRebase\":true,\"AllowRebaseMerge\":true,\"AllowSquash\":true}"
   created_unix: 946684810
+
+-
+  id: 111
+  repo_id: 3
+  type: 10
+  config: "{}"
+  created_unix: 946684810
diff --git a/tests/integration/actions_settings_test.go b/tests/integration/actions_settings_test.go
new file mode 100644
index 00000000000..fbc36994ff0
--- /dev/null
+++ b/tests/integration/actions_settings_test.go
@@ -0,0 +1,62 @@
+// Copyright 2024 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package integration
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	repo_model "code.gitea.io/gitea/models/repo"
+	"code.gitea.io/gitea/models/unittest"
+	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/json"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestActionsCollaborativeOwner(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		// actionRepo is a private repo and its owner is org3
+		actionRepo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
+
+		// user2 is an admin of org3
+		user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
+		// a private repo(id=6) of user10 will try to clone actionRepo
+		user10 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 10})
+
+		taskToken := "674f727a81ed2f195bccab036cccf86a182199eb" // task id is 49
+		u.Path = fmt.Sprintf("%s/%s.git", actionRepo.OwnerName, actionRepo.Name)
+		u.User = url.UserPassword(taskToken, "")
+
+		// now user10 is not a collaborative owner, so the git clone will fail
+		doGitCloneFail(u)(t)
+
+		// add user10 to the list of collaborative owners
+		user2Session := loginUser(t, user2.Name)
+		user2CSRF := GetUserCSRFToken(t, user2Session)
+		req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/collaborative_owner/add", actionRepo.OwnerName, actionRepo.Name), map[string]string{
+			"_csrf":               user2CSRF,
+			"collaborative_owner": user10.Name,
+		})
+		user2Session.MakeRequest(t, req, http.StatusSeeOther)
+
+		// the git clone will be successful
+		doGitClone(t.TempDir(), u)(t)
+
+		// remove user10 from the list of collaborative owners
+		req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings/actions/general/collaborative_owner/delete", actionRepo.OwnerName, actionRepo.Name), map[string]string{
+			"_csrf": user2CSRF,
+			"id":    fmt.Sprintf("%d", user10.ID),
+		})
+		resp := user2Session.MakeRequest(t, req, http.StatusOK)
+		res := make(map[string]string)
+		assert.NoError(t, json.NewDecoder(resp.Body).Decode(&res))
+		assert.EqualValues(t, fmt.Sprintf("/%s/%s/settings/actions/general", actionRepo.OwnerName, actionRepo.Name), res["redirect"])
+
+		// the git clone will fail
+		doGitCloneFail(u)(t)
+	})
+}