fix api route (#7346 ) (#7347 )

add .fa margin like .octicon (#7267 )
Changelog 1.8.3 (#7230 )
2025-11-15 12:33:45 +09:00 · 2019-07-03 03:15:55 -04:00 · 2019-06-20 22:41:21 +08:00 · 2019-06-17 18:08:50 +01:00 · 2019-06-17 18:36:42 +03:00 · 2019-06-17 14:54:49 +01:00
7812 changed files with 1454550 additions and 575631 deletions
--- a/.air.toml
+++ b/.air.toml
@@ -1,10 +0,0 @@
 root = "."
 tmp_dir = ".air"
 [build]
 cmd = "make backend"
 bin = "gitea"
 include_ext = ["go", "tmpl"]
 exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
 include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
 exclude_regex = ["_test.go$"]
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -1,41 +1,27 @@
 # The full repository name
 repo: go-gitea/gitea
 # Service type (gitea or github)
 service: github
 # Base URL for Gitea instance if using gitea service type (optional)
 # Default: https://gitea.com
 base-url:
 # Changelog groups and which labeled PRs to add to each group
 groups:
  - 
    name: BREAKING
    labels:
      - kind/breaking
  - 
-    name: SECURITY
+    name: FEATURE
    labels:
      - kind/security
  -
    name: FEATURES
    labels:
      - kind/feature
  -
-    name: API
+    name: BUGFIXES
    labels:
-      - kind/api
+      - kind/bug
  - 
-    name: ENHANCEMENTS
+    name: ENHANCEMENT
    labels:
      - kind/enhancement
      - kind/refactor
      - kind/ui
  -
-    name: BUGFIXES
+    name: SECURITY
    labels:
-      - kind/bug
+      - kind/security
  - 
    name: TESTING
    labels:
@@ -56,6 +42,3 @@ groups:
  - 
    name: MISC
    default: true
 # regex indicating which labels to skip for the changelog
 skip-labels: skip-changelog|backport\/.+
--- a/.drone.yml
+++ b/.drone.yml
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,31 +1,30 @@
 # http://editorconfig.org
 root = true
 [*]
 charset = utf-8
 insert_final_newline = true
 trim_trailing_whitespace = true
 [*.go]
 indent_style = tab
 indent_size = 8
 [*.{tmpl,html}]
 indent_style = tab
 indent_size = 4
 [*.less]
 indent_style = space
 indent_size = 4
 [*.{yml,json}]
 indent_style = space
 indent_size = 2
 tab_width = 2
 end_of_line = lf
 charset = utf-8
 trim_trailing_whitespace = true
 insert_final_newline = true
-[*.{go,tmpl,html}]
+[*.js]
 indent_style = tab
 [templates/custom/*.tmpl]
 insert_final_newline = false
 [templates/swagger/v1_json.tmpl]
 indent_style = space
 [templates/user/auth/oidc_wellknown.tmpl]
 indent_style = space
 indent_size = 4
 [Makefile]
 indent_style = tab
 [*.svg]
 insert_final_newline = false
 [*.md]
 trim_trailing_whitespace = false
--- a/.eslintrc
+++ b/.eslintrc
@@ -1,461 +0,0 @@
 root: true
 reportUnusedDisableDirectives: true
 ignorePatterns:
  - /web_src/js/vendor
 parserOptions:
  sourceType: module
  ecmaVersion: latest
 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
  - eslint-plugin-vue
  - eslint-plugin-html
 extends:
  - plugin:vue/recommended
 env:
  es2021: true
  node: true
 globals:
  __webpack_public_path__: true
  CodeMirror: false
  Dropzone: false
  SimpleMDE: false
 settings:
  html/html-extensions: [".tmpl"]
 overrides:
  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
      jquery: true
      node: false
  - files: ["templates/**/*.tmpl"]
    rules:
      no-tabs: [0]
      indent: [2, tab, {SwitchCase: 1}]
  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
  - files: ["*.test.js"]
    env:
      jest: true
  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
 rules:
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
  array-callback-return: [0]
  array-element-newline: [0]
  arrow-body-style: [0]
  arrow-parens: [2, always]
  arrow-spacing: [2, {before: true, after: true}]
  block-scoped-var: [2]
  brace-style: [2, 1tbs, {allowSingleLine: true}]
  camelcase: [0]
  capitalized-comments: [0]
  class-methods-use-this: [0]
  comma-dangle: [2, only-multiline]
  comma-spacing: [2, {before: false, after: true}]
  comma-style: [2, last]
  complexity: [0]
  computed-property-spacing: [2, never]
  consistent-return: [0]
  consistent-this: [0]
  constructor-super: [2]
  curly: [0]
  default-case-last: [2]
  default-case: [0]
  default-param-last: [0]
  dot-location: [2, property]
  dot-notation: [0]
  eol-last: [2]
  eqeqeq: [2]
  for-direction: [2]
  func-call-spacing: [2, never]
  func-name-matching: [2]
  func-names: [0]
  func-style: [0]
  function-call-argument-newline: [0]
  function-paren-newline: [0]
  generator-star-spacing: [0]
  getter-return: [2]
  grouped-accessor-pairs: [2]
  guard-for-in: [0]
  id-blacklist: [0]
  id-length: [0]
  id-match: [0]
  implicit-arrow-linebreak: [0]
  import/default: [0]
  import/dynamic-import-chunkname: [0]
  import/export: [2]
  import/exports-last: [0]
  import/extensions: [2, always, {ignorePackages: true}]
  import/first: [2]
  import/group-exports: [0]
  import/max-dependencies: [0]
  import/named: [2]
  import/namespace: [0]
  import/newline-after-import: [0]
  import/no-absolute-path: [0]
  import/no-amd: [0]
  import/no-anonymous-default-export: [0]
  import/no-commonjs: [0]
  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
  import/no-mutable-exports: [2]
  import/no-named-as-default-member: [0]
  import/no-named-as-default: [2]
  import/no-named-default: [0]
  import/no-named-export: [0]
  import/no-namespace: [0]
  import/no-nodejs-modules: [0]
  import/no-relative-packages: [0]
  import/no-relative-parent-imports: [0]
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
  import/no-unresolved: [2, {commonjs: true}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
  import/order: [0]
  import/prefer-default-export: [0]
  import/unambiguous: [0]
  indent: [2, 2, {SwitchCase: 1}]
  init-declarations: [0]
  key-spacing: [2]
  keyword-spacing: [2]
  line-comment-position: [0]
  linebreak-style: [2, unix]
  lines-around-comment: [0]
  lines-between-class-members: [0]
  max-classes-per-file: [0]
  max-depth: [0]
  max-len: [0]
  max-lines-per-function: [0]
  max-lines: [0]
  max-nested-callbacks: [0]
  max-params: [0]
  max-statements-per-line: [0]
  max-statements: [0]
  multiline-comment-style: [2, separate-lines]
  multiline-ternary: [0]
  new-cap: [0]
  new-parens: [2]
  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
  no-async-promise-executor: [2]
  no-await-in-loop: [0]
  no-bitwise: [0]
  no-buffer-constructor: [0]
  no-caller: [2]
  no-case-declarations: [2]
  no-class-assign: [2]
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
  no-confusing-arrow: [0]
  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
  no-constant-condition: [0]
  no-constructor-return: [2]
  no-continue: [0]
  no-control-regex: [0]
  no-debugger: [1]
  no-delete-var: [2]
  no-div-regex: [0]
  no-dupe-args: [2]
  no-dupe-class-members: [2]
  no-dupe-else-if: [2]
  no-dupe-keys: [2]
  no-duplicate-case: [2]
  no-duplicate-imports: [2]
  no-else-return: [2]
  no-empty-character-class: [2]
  no-empty-function: [0]
  no-empty-pattern: [2]
  no-empty: [2, {allowEmptyCatch: true}]
  no-eq-null: [2]
  no-eval: [2]
  no-ex-assign: [2]
  no-extend-native: [2]
  no-extra-bind: [2]
  no-extra-boolean-cast: [2]
  no-extra-label: [0]
  no-extra-parens: [0]
  no-extra-semi: [2]
  no-fallthrough: [2]
  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
  no-implicit-coercion: [0]
  no-implicit-globals: [0]
  no-implied-eval: [2]
  no-import-assign: [2]
  no-inline-comments: [0]
  no-inner-declarations: [2]
  no-invalid-regexp: [2]
  no-invalid-this: [0]
  no-irregular-whitespace: [2]
  no-iterator: [2]
  no-label-var: [2]
  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
  no-loss-of-precision: [2]
  no-magic-numbers: [0]
  no-misleading-character-class: [2]
  no-mixed-operators: [0]
  no-mixed-spaces-and-tabs: [2]
  no-multi-assign: [0]
  no-multi-spaces: [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
  no-multi-str: [2]
  no-negated-condition: [0]
  no-nested-ternary: [0]
  no-new-func: [2]
  no-new-object: [2]
  no-new-symbol: [2]
  no-new-wrappers: [2]
  no-new: [0]
  no-nonoctal-decimal-escape: [2]
  no-obj-calls: [2]
  no-octal-escape: [2]
  no-octal: [2]
  no-param-reassign: [0]
  no-plusplus: [0]
  no-promise-executor-return: [0]
  no-proto: [2]
  no-prototype-builtins: [2]
  no-redeclare: [2]
  no-regex-spaces: [2]
  no-restricted-exports: [0]
  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
  no-restricted-imports: [0]
  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
  no-return-await: [0]
  no-script-url: [2]
  no-self-assign: [2, {props: true}]
  no-self-compare: [2]
  no-sequences: [2]
  no-setter-return: [2]
  no-shadow-restricted-names: [2]
  no-shadow: [0]
  no-sparse-arrays: [2]
  no-tabs: [2]
  no-template-curly-in-string: [2]
  no-ternary: [0]
  no-this-before-super: [2]
  no-throw-literal: [2]
  no-trailing-spaces: [2]
  no-undef-init: [2]
  no-undef: [2, {typeof: true}]
  no-undefined: [0]
  no-underscore-dangle: [0]
  no-unexpected-multiline: [2]
  no-unmodified-loop-condition: [2]
  no-unneeded-ternary: [0]
  no-unreachable-loop: [2]
  no-unreachable: [2]
  no-unsafe-finally: [2]
  no-unsafe-negation: [2]
  no-unused-expressions: [2]
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
  no-use-before-define: [2, nofunc]
  no-useless-backreference: [0]
  no-useless-call: [2]
  no-useless-catch: [2]
  no-useless-computed-key: [2]
  no-useless-concat: [2]
  no-useless-constructor: [2]
  no-useless-escape: [2]
  no-useless-rename: [2]
  no-useless-return: [2]
  no-var: [2]
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
  object-shorthand: [2, always]
  one-var-declaration-per-line: [0]
  one-var: [0]
  operator-assignment: [2, always]
  operator-linebreak: [2, after]
  padded-blocks: [2, never]
  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
  prefer-const: [2, {destructuring: all}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
  prefer-object-has-own: [0]
  prefer-object-spread: [0]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
  prefer-spread: [2]
  prefer-template: [2]
  quote-props: [0]
  quotes: [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
  radix: [2, as-needed]
  require-atomic-updates: [0]
  require-await: [0]
  require-unicode-regexp: [0]
  require-yield: [2]
  rest-spread-spacing: [2, never]
  semi-spacing: [2, {before: false, after: true}]
  semi-style: [2, last]
  semi: [2, always, {omitLastInOneLineBlock: true}]
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
  space-before-blocks: [2, always]
  space-in-parens: [2, never]
  space-infix-ops: [2]
  space-unary-ops: [2]
  spaced-comment: [2, always]
  strict: [0]
  switch-colon-spacing: [2]
  symbol-description: [2]
  template-curly-spacing: [2, never]
  template-tag-spacing: [2, never]
  unicode-bom: [2, never]
  unicorn/better-regex: [0]
  unicorn/catch-error-name: [0]
  unicorn/consistent-destructuring: [2]
  unicorn/consistent-function-scoping: [2]
  unicorn/custom-error-definition: [0]
  unicorn/empty-brace-spaces: [2]
  unicorn/error-message: [0]
  unicorn/escape-case: [0]
  unicorn/expiring-todo-comments: [0]
  unicorn/explicit-length-check: [0]
  unicorn/filename-case: [0]
  unicorn/import-index: [0]
  unicorn/import-style: [0]
  unicorn/new-for-builtins: [2]
  unicorn/no-abusive-eslint-disable: [0]
  unicorn/no-array-for-each: [2]
  unicorn/no-array-instanceof: [0]
  unicorn/no-array-method-this-argument: [2]
  unicorn/no-array-push-push: [2]
  unicorn/no-await-expression-member: [0]
  unicorn/no-console-spaces: [0]
  unicorn/no-document-cookie: [2]
  unicorn/no-empty-file: [2]
  unicorn/no-fn-reference-in-iterator: [0]
  unicorn/no-for-loop: [0]
  unicorn/no-hex-escape: [0]
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
  unicorn/no-nested-ternary: [0]
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
  unicorn/no-object-as-default-parameter: [2]
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
  unicorn/no-useless-fallback-in-spread: [2]
  unicorn/no-useless-length-check: [2]
  unicorn/no-useless-promise-resolve-reject: [2]
  unicorn/no-useless-spread: [2]
  unicorn/no-useless-undefined: [0]
  unicorn/no-zero-fractions: [2]
  unicorn/number-literal-case: [0]
  unicorn/numeric-separators-style: [0]
  unicorn/prefer-add-event-listener: [2]
  unicorn/prefer-array-find: [2]
  unicorn/prefer-array-flat-map: [2]
  unicorn/prefer-array-flat: [2]
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
  unicorn/prefer-code-point: [2]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
  unicorn/prefer-module: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
  unicorn/prefer-node-protocol: [0]
  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
  unicorn/prefer-object-has-own: [0]
  unicorn/prefer-optional-catch-binding: [2]
  unicorn/prefer-prototype-methods: [0]
  unicorn/prefer-query-selector: [0]
  unicorn/prefer-reflect-apply: [0]
  unicorn/prefer-regexp-test: [2]
  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
  unicorn/prefer-spread: [0]
  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
  unicorn/prefer-switch: [0]
  unicorn/prefer-ternary: [0]
  unicorn/prefer-text-content: [2]
  unicorn/prefer-top-level-await: [0]
  unicorn/prefer-trim-start-end: [2]
  unicorn/prefer-type-error: [0]
  unicorn/prevent-abbreviations: [0]
  unicorn/relative-url-style: [2]
  unicorn/require-array-join-separator: [2]
  unicorn/require-number-to-fixed-digits-argument: [2]
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
  unicorn/template-indent: [2]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
  vue/attributes-order: [0]
  vue/component-definition-name-casing: [0]
  vue/html-closing-bracket-spacing: [0]
  vue/max-attributes-per-line: [0]
  vue/one-component-per-file: [0]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
  yoda: [2, never]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,8 +1,6 @@
-* text=auto eol=lf
+conf/* linguist-vendored
-/vendor/** -text -eol linguist-vendored
+docker/* linguist-vendored
-/public/vendor/** -text -eol linguist-vendored
+options/* linguist-vendored
-/templates/**/*.tmpl linguist-language=Handlebars
+public/* linguist-vendored
-/.eslintrc linguist-language=YAML
+scripts/* linguist-vendored
-/.stylelintrc linguist-language=YAML
+templates/* linguist-vendored
 /web_src/fomantic/build/** linguist-generated
 Dockerfile.* linguist-language=Dockerfile
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@@ -1,42 +0,0 @@
 <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
 <!--
    1. Please speak English, this is the language all maintainers can speak and write.
    2. Please ask questions or configuration/deploy problems on our Discord
       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
    3. Please take a moment to check that your issue doesn't already exist.
    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
    5. Please give all relevant information below for bug reports, because
       incomplete details will be handled as an invalid report.
 -->
 - Gitea version (or commit ref):
 - Git version:
 - Operating system:
  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
  <!-- If you are using a package or systemd tell us what distribution you are using -->
 - Database (use `[x]`):
  - [ ] PostgreSQL
  - [ ] MySQL
  - [ ] MSSQL
  - [ ] SQLite
 - Can you reproduce the bug at https://try.gitea.io:
  - [ ] Yes (provide example URL)
  - [ ] No
 - Log gist:
 <!-- It really is important to provide pertinent logs -->
 <!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
 <!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
 ## Description
 <!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
     disable the proxy/CDN fully and connect to gitea directly to confirm
     the issue still persists without those services. -->
 ...
 ## Screenshots
 <!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,2 +0,0 @@
 open_collective: gitea
 custom: https://www.bountysource.com/teams/gitea
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,90 +0,0 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
 body:
 - type: markdown
  attributes:
    value: |
      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
 - type: markdown
  attributes:
    value: |
      1. Please speak English, this is the language all maintainers can speak and write.
      2. Please ask questions or configuration/deploy problems on our Discord
         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
      3. Make sure you are using the latest release and
         take a moment to check that your issue hasn't been reported before.
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
 - type: input
  id: gitea-ver
  attributes:
    label: Gitea Version
    description: Gitea version (or commit reference) of your instance
  validations:
    required: true
 - type: input
  id: git-ver
  attributes:
    label: Git Version
    description: The version of git running on the server
 - type: input
  id: os-ver
  attributes:
    label: Operating System
    description: The operating system you are using to run Gitea
 - type: textarea
  id: run-info
  attributes:
    label: How are you running Gitea?
    description: |
      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
      If you are using a package or systemd tell us what distribution you are using
  validations:
    required: true
 - type: dropdown
  id: database
  attributes:
    label: Database
    description: What database system are you running?
    options:
    - PostgreSQL
    - MySQL
    - MSSQL
    - SQLite
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: markdown
  attributes:
    value: |
      It's really important to provide pertinent logs
      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
 - type: input
  id: logs
  attributes:
    label: Log Gist
    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: If this issue involves the Web Interface, please provide one or more screenshots
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,17 +0,0 @@
 blank_issues_enabled: true
 contact_links:
  - name: Security Concern
    url: https://tinyurl.com/security-gitea
    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
  - name: Discord Server
    url: https://discord.gg/gitea
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
    url: https://discourse.gitea.io
    about: Questions and configuration or deployment problems can also be discussed on our forum.    
  - name: Frequently Asked Questions
    url: https://docs.gitea.io/en-us/faq
    about: Please check if your question isn't mentioned here.
  - name: Crowdin Translations
    url: https://crowdin.com/project/gitea
    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,23 +0,0 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
 body:
 - type: markdown
  attributes:
    value: |
      1. Please speak English, this is the language all maintainers can speak and write.
      2. Please ask questions or configuration/deploy problems on our Discord
         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
      3. Please take a moment to check that your feature hasn't already been suggested.
 - type: textarea
  id: description
  attributes:
    label: Feature Description
    placeholder: |
      I think it would be great if Gitea had...
  validations:
    required: true
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,62 +0,0 @@
 name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
 body:
 - type: markdown
  attributes:
    value: |
      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
 - type: markdown
  attributes:
    value: |
      1. Please speak English, this is the language all maintainers can speak and write.
      2. Please ask questions or configuration/deploy problems on our Discord
         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
      3. Please take a moment to check that your issue doesn't already exist.
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
 - type: input
  id: gitea-ver
  attributes:
    label: Gitea Version
    description: Gitea version (or commit reference) your instance is running
  validations:
    required: true
 - type: input
  id: os-ver
  attributes:
    label: Operating System
    description: The operating system you are using to access Gitea
 - type: input
  id: browser-ver
  attributes:
    label: Browser Version
    description: The browser and version that you are using to access Gitea
  validations:
    required: true
 - type: dropdown
  id: can-reproduce
  attributes:
    label: Can you reproduce the bug on the Gitea demo site?
    description: |
      If so, please provide a URL in the Description field
      URL of Gitea demo: https://try.gitea.io
    options:
    - "Yes"
    - "No"
  validations:
    required: true
 - type: textarea
  id: description
  attributes:
    label: Description
    description: |
      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
 - type: textarea
  id: screenshots
  attributes:
    label: Screenshots
    description: Please provide at least 1 screenshot showing the issue.
  validations:
    required: true
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -0,0 +1,33 @@
 <!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
 <!--
    1. Please speak English, this is the language all maintainers can speak and write.
    2. Please ask questions or configuration/deploy problems on our Discord 
       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
    3. Please take a moment to check that your issue doesn't already exist.
    4. Please give all relevant information below for bug reports, because 
       incomplete details will be handled as an invalid report.
 -->
 - Gitea version (or commit ref):
 - Git version:
 - Operating system:
 - Database (use `[x]`):
  - [ ] PostgreSQL
  - [ ] MySQL
  - [ ] MSSQL
  - [ ] SQLite
 - Can you reproduce the bug at https://try.gitea.io:
  - [ ] Yes (provide example URL)
  - [ ] No
  - [ ] Not relevant
 - Log gist:
 ## Description
 ...
 ## Screenshots
 <!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.github/lock.yml
+++ b/.github/lock.yml
@@ -1,23 +0,0 @@
 # Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
 # Number of days of inactivity before a closed issue or pull request is locked
 daysUntilLock: 60
 # Skip issues and pull requests created before a given timestamp. Timestamp must
 # follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
 skipCreatedBefore: false
 # Issues and pull requests with these labels will be ignored.
 exemptLabels: []
 # Label to add before locking, such as `outdated`. `false` is disabled
 lockLabel: false
 # Comment to post before locking.
 lockComment: >
  This thread has been automatically locked since there has not been
  any recent activity after it was closed. Please open a new issue for
  related bugs and link to relevant comments in this thread.
 # Assign `resolved` as the reason for locking. Set to `false` to disable
 setLockReason: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,7 @@
 <!--
 Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
+1. Make sure you are targeting the `master` branch, pull requests on release branches are only allowed for bug fixes.
-2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md
 3. Describe what your pull request does and which issue you're targeting (if any)
-->  
+**You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.**
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -27,11 +27,9 @@ staleLabel: stale
 # Comment to post when marking as stale. Set to `false` to disable
 markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity. 
+  This issue has been automatically marked as stale because it has not had
-  I am here to help clear issues left open even if solved or waiting for more insight.
+  recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you
-  This issue will be closed if no further activity occurs during the next 2 weeks.
+  for your contributions.
  If the issue is still valid just add a comment to keep it alive.
  Thank you for your contributions.
 # Comment to post when closing a stale Issue or Pull Request.
 closeComment: >
@@ -52,3 +50,4 @@ pulls:
  closeComment: >
    This pull request has been automatically closed because of inactivity.
    You can re-open it if needed.
--- a/.gitignore
+++ b/.gitignore
@@ -9,12 +9,9 @@ _test
 # IntelliJ
 .idea
 # Goland's output filename can not be set manually
 /go_build_*
 # MS VSCode
 .vscode
 __debug_bin
 # Architecture specific extensions/prefixes
 *.[568vq]
@@ -34,31 +31,21 @@ _testmain.go
 *coverage.out
 coverage.all
 cpu.out
 /modules/migration/bindata.go
 /modules/migration/bindata.go.hash
 /modules/options/bindata.go
 /modules/options/bindata.go.hash
 /modules/public/bindata.go
 /modules/public/bindata.go.hash
 /modules/templates/bindata.go
 /modules/templates/bindata.go.hash
 *.db
 *.log
 /gitea
 /gitea-vet
 /debug
 /integrations.test
 /bin
 /dist
-/custom/*
+/custom
 !/custom/conf
 /custom/conf/*
 !/custom/conf/app.example.ini
 /data
 /indexers
 /log
@@ -73,35 +60,13 @@ cpu.out
 /integrations/indexers-pgsql
 /integrations/indexers-sqlite
 /integrations/indexers-mssql
 /integrations/sqlite.ini
 /integrations/mysql.ini
 /integrations/mysql8.ini
 /integrations/pgsql.ini
 /integrations/mssql.ini
 /node_modules
-/yarn.lock
+/modules/indexer/issues/indexers
-/yarn-error.log
+
 /npm-debug.log*
 /public/js
 /public/serviceworker.js
 /public/css
 /public/fonts
 /public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
 !/web_src/fomantic/build/semantic.js
 !/web_src/fomantic/build/semantic.css
 !/web_src/fomantic/build/themes
 /web_src/fomantic/build/themes/*
 !/web_src/fomantic/build/themes/default
 /web_src/fomantic/build/themes/default/assets/*
 !/web_src/fomantic/build/themes/default/assets/fonts
 /web_src/fomantic/build/themes/default/assets/fonts/*
 !/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
 # Snapcraft
 snap/.snapcraft/
@@ -111,10 +76,3 @@ prime/
 *.snap
 *.snap-build
 *_source.tar.bz2
 .DS_Store
 # Make evidence files
 /.make_evidence
 # Manpage
 /man
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,161 +0,0 @@
 linters:
  enable:
    - gosimple
    - deadcode
    - typecheck
    - govet
    - errcheck
    - staticcheck
    - unused
    - structcheck
    - varcheck
    - dupl
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - misspell
    #- gocritic # TODO: disabled until fixed with go 1.18
    - bidichk
    - ineffassign
    - revive
  enable-all: false
  disable-all: true
  fast: false
 run:
  timeout: 10m
  skip-dirs:
    - node_modules
    - public
    - web_src
 linters-settings:
  gocritic:
    disabled-checks:
      - ifElseChain
      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
  revive:
    ignore-generated-header: false
    severity: warning
    confidence: 0.8
    errorCode: 1
    warningCode: 1
    rules:
      - name: blank-imports
      - name: context-as-argument
      - name: context-keys-type
      - name: dot-imports
      - name: error-return
      - name: error-strings
      - name: error-naming
      - name: exported
      - name: if-return
      - name: increment-decrement
      - name: var-naming
      - name: var-declaration
      - name: package-comments
      - name: range
      - name: receiver-naming
      - name: time-naming
      - name: unexported-return
      - name: indent-error-flow
      - name: errorf
      - name: duplicated-imports
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
    lang-version: 1.18
 issues:
  exclude-rules:
    # Exclude some linters from running on tests files.
    - path: _test\.go
      linters:
        - gocyclo
        - errcheck
        - dupl
        - gosec
        - unparam
        - staticcheck
    - path: models/migrations/v
      linters:
        - gocyclo
        - errcheck
        - dupl
        - gosec
    - linters:
        - dupl
      text: "webhook"
    - linters:
        - gocritic
      text: "`ID' should not be capitalized"
    - path: modules/templates/helper.go
      linters:
        - gocritic
    - linters:
        - unused
        - deadcode
      text: "swagger"
    - path: contrib/pr/checkout.go
      linters:
        - errcheck
    - path: models/issue.go
      linters:
        - errcheck
    - path: models/migrations/
      linters:
        - errcheck
    - path: modules/log/
      linters:
        - errcheck
    - path: routers/api/v1/repo/issue_subscription.go
      linters:
        - dupl
    - path: routers/repo/view.go
      linters:
        - dupl
    - path: models/migrations/
      linters:
        - unused
    - linters:
        - staticcheck
      text: "argument x is overwritten before first use"
    - path: modules/httplib/httplib.go
      linters:
        - staticcheck
    # Enabling this would require refactoring the methods and how they are called.
    - path: models/issue_comment_list.go
      linters:
        - dupl
    - linters:
        - misspell
      text: '`Unknwon` is a misspelling of `Unknown`'
    - path: models/update.go
      linters:
        - unused
    - path: cmd/dump.go
      linters:
        - dupl
    - path: services/webhook/webhook.go
      linters:
        - structcheck
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
    - text: "exitAfterDefer:"
      linters:
        - gocritic
    - path: modules/graceful/manager_windows.go
      linters:
        - staticcheck
      text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
    - path: models/user/openid.go
      linters:
        - golint
    - linters: staticcheck
      text: "strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead."
    - linters: staticcheck
      text: "util.FindClosure is deprecated: This function can not handle newlines. Many elements can be existed over multiple lines(e.g. link labels). Use text.Reader.FindClosure."
    - linters: staticcheck
      text: "gossh.SigAlgoRSASHA2256 is deprecated: use KeyAlgoRSASHA256."
    - linters: staticcheck
      text: "gossh.SigAlgoRSASHA2512 is deprecated: use KeyAlgoRSASHA512."
--- a/.ignore
+++ b/.ignore
@@ -1,8 +0,0 @@
 *.min.css
 *.min.js
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
 /public/vendor/plugins
 /vendor
 node_modules
--- a/.npmrc
+++ b/.npmrc
@@ -1,5 +0,0 @@
 audit=false
 fund=false
 update-notifier=false
 package-lock=true
 save-exact=true
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,25 @@
 ignoreGeneratedHeader = false
 severity = "warning"
 confidence = 0.8
 errorCode = 1
 warningCode = 1
 [rule.blank-imports]
 [rule.context-as-argument]
 [rule.context-keys-type]
 [rule.dot-imports]
 [rule.error-return]
 [rule.error-strings]
 [rule.error-naming]
 [rule.exported]
 [rule.if-return]
 [rule.increment-decrement]
 [rule.var-naming]
 [rule.var-declaration]
 [rule.package-comments]
 [rule.range]
 [rule.receiver-naming]
 [rule.time-naming]
 [rule.unexported-return]
 [rule.indent-error-flow]
 [rule.errorf]
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -1,31 +0,0 @@
 extends: stylelint-config-standard
 overrides:
  - files: ["**/*.less"]
    customSyntax: postcss-less
 rules:
  alpha-value-notation: null
  at-rule-empty-line-before: null
  block-closing-brace-empty-line-before: null
  color-function-notation: null
  color-hex-length: null
  comment-empty-line-before: null
  declaration-block-no-redundant-longhand-properties: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
  hue-degree-notation: null
  indentation: 2
  max-line-length: null
  no-descending-specificity: null
  no-invalid-position-at-import-rule: null
  number-leading-zero: never
  number-max-precision: null
  property-no-vendor-prefix: null
  rule-empty-line-before: null
  selector-class-pattern: null
  selector-id-pattern: null
  selector-pseudo-element-colon-notation: double
  shorthand-property-no-redundant-values: true
  string-quotes: null
  value-no-vendor-prefix: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,19 +3,15 @@
 ## Table of Contents
 - [Contribution Guidelines](#contribution-guidelines)
  - [Table of Contents](#table-of-contents)
  - [Introduction](#introduction)
  - [Bug reports](#bug-reports)
  - [Discuss your design](#discuss-your-design)
  - [Testing redux](#testing-redux)
  - [Vendoring](#vendoring)
  - [Translation](#translation)
  - [Building Gitea](#building-gitea)
  - [Code review](#code-review)
  - [Styleguide](#styleguide)
-  - [Design guideline](#design-guideline)
+  - [Sign-off your work](#sign-off-your-work)
  - [API v1](#api-v1)
  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
  - [Release Cycle](#release-cycle)
  - [Maintainers](#maintainers)
  - [Owners](#owners)
@@ -73,39 +69,40 @@ to make sure your changes don't cause regression elsewhere.
 Here's how to run the test suite: 
- code lint
+- Install the correct version of the drone-cli package.  As of this
  writing, the correct drone-cli version is
  [0.8.6](https://0-8-0.docs.drone.io/cli-installation/).
 - Ensure you have enough free disk space.  You will need at least
  15-20 Gb of free disk space to hold all of the containers drone
  creates (a default AWS or GCE disk size won't work -- see
  [#6243](https://github.com/go-gitea/gitea/issues/6243)).  
 - Change into the base directory of your copy of the gitea repository,
  and run `drone exec --local --build-event pull_request`.
-|                       |                                                                   |
+The drone version, command line, and disk requirements do change over
-| :-------------------- | :---------------------------------------------------------------- |
+time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
-|``make lint``          | lint everything (not suggest if you only change one type code)    |
+[#6243](https://github.com/go-gitea/gitea/issues/6243)); if you
-|``make lint-frontend`` | lint frontend files  |
+discover any issues, please feel free to send us a pull request to
-|``make lint-backend``  | lint backend files   |
+update these instructions.
 - run test code (Suggest run in Linux)  
 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
 |``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
 |[More details about integrations](integrations/README.md)  |
 ## Vendoring
-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
+We keep a cached copy of dependencies within the `vendor/` directory,
 managing updates via [dep](https://github.com/golang/dep).
-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
+Pull requests should only include `vendor/` updates if they are part of
 the same change, be it a bugfix or a feature addition.
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
+The `vendor/` update needs to be justified as part of the PR description,
 and must be verified by the reviewers and/or merger to always reference
 an existing upstream commit.
-You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).
+You can find more information on how to get started with it on the [dep project website](https://golang.github.io/dep/docs/introduction.html).
 ## Translation
 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
+The only translation that is maintained in this git repository is
 [`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
 and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
@@ -113,7 +110,13 @@ included in the next released version.
 ## Building Gitea
-See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
+Generally, the go build tools are installed as-needed in the `Makefile`.
 An exception are the tools to build the CSS and images.
 - To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
  with `npm` and then run `npm install` and `make generate-stylesheets`.
 - To build Images: ImageMagick, inkscape and zopflipng binaries must be
  available in your `PATH` to run `make generate-images`.
 ## Code review
@@ -154,95 +157,39 @@ import (
 )
 ```
-## Design guideline
+## Sign-off your work
-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
+The sign-off is a simple line at the end of the explanation for the
-
+patch. Your signature certifies that you wrote the patch or otherwise
- **integration:** Integrations tests
+have the right to pass it on as an open-source patch. The rules are
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
+pretty simple: If you can certify [DCO](DCO), then you just add a line
- **models/fixtures:** Sample model data used in integration tests.
+to every git commit message:
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
 - **modules:** Different modules to handle specific functionality in Gitea.
 - **public:** Frontend files (javascript, images, css, etc.)
 - **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
 - **services:** Support functions for common routing operations. Uses models and modules to handle the request.
 - **templates:** Golang templates for generating the html output.
 - **vendor:** External code that Gitea depends on.
 ## API v1
 The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
 Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
 If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
 If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
 Updating an existing API should not remove existing fields unless there is a really good reason to do so.
 The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
 All expected results (errors, success, fail messages) should be documented
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
 All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
 [routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
 All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
 and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
 In general, HTTP methods are chosen as follows:
 * **GET** endpoints return requested object and status **OK (200)**
 * **DELETE** endpoints return status **No Content (204)**
 * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
 * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
 * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
 ### Endpoints returning lists should
 * support pagination (`page` & `limit` options in query)
 * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
 ## Developer Certificate of Origin (DCO)
 We consider the act of contributing to the code by submitting a Pull
 Request as the "Sign off" or agreement to the certifications and terms
 of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
 Additionally you could add a line at the end of your commit message.
 ```
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```
-If you set your `user.name` and `user.email` Git configs, you can add the
+Please use your real name; we really dislike pseudonyms or anonymous
-line to the end of your commit automatically with `git commit -s`.
+contributions. We are in the open-source world without secrets. If you
-
+set your `user.name` and `user.email` git configs, you can sign-off your
-We assume in good faith that the information you provide is legally binding.
+commit automatically with `git commit -s`.
 ## Release Cycle
 We adopted a release schedule to streamline the process of working
 on, finishing, and issuing releases. The overall goal is to make a
-minor release every three or four months, which breaks down into two or three months of
+minor release every two months, which breaks down into one month of
 general development followed by one month of testing and polishing
 known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
+merged in the first month of one release period. And, during the frozen
-release branch is open for fixes backported from main branch. Release candidates
+period, a corresponding release branch is open for fixes backported from
-are made during this period for user testing to
+master. Release candidates are made during this period for user testing to
 obtain a final version that is maintained in this branch. A release is
 maintained by issuing patch releases to only correct critical problems
 such as crashes or security issues.
-Major release cycles are seasonal. They always begin on the 25th and end on
+Major release cycles are bimonthly. They always begin on the 25th and end on
-the 24th (i.e., the 25th of December to March 24th).
+the 24th (i.e., the 25th of December to February 24th).
 During a development cycle, we may also publish any necessary minor releases
 for the previous version. For example, if the latest, published release is
@@ -267,7 +214,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
 For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
+if possible provide gpg signed commits. 
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/
@@ -298,45 +245,30 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:
 * 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
 * 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
 * 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
 * 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
 * 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
 * 2016-11-04 ~ 2017-12-31
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
 * 2018-01-01 ~ 2018-12-31
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
 * 2019-01-01 ~ 2019-12-31
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
  * [Matti Ranta](https://github.com/techknowlogick) <matti@mdranta.net>
 ## Versions
-Gitea has the `main` branch as a tip branch and has version branches
+Gitea has the `master` branch as a tip branch and has version branches
 such as `release/v0.9`. `release/v0.9` is a release branch and we will
 tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
 pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
+after bringing the bug fix also to the master branch.
-Since the `main` branch is a tip version, if you wish to use Gitea
+Since the `master` branch is a tip version, if you wish to use Gitea
 in production, please download the latest release tag version. All the
 branches will be protected via GitHub, all the PRs to every branch must
 be reviewed by two maintainers and must pass the automatic tests.
@@ -344,22 +276,22 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea
 * Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
-* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`. 
-* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
-* If needed send PR for changelog on branch `main`.
+* If needed send PR for changelog on branch `master`.
-* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
 ## Copyright
 Code that you contribute should use the standard copyright header:
 ```
-// Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/32
+++ b/32
@@ -1,16 +1,14 @@
 #Build stage
 FROM golang:1.18-alpine3.15 AS build-env
-ARG GOPROXY
+###################################
-ENV GOPROXY ${GOPROXY:-direct}
+#Build stage
 FROM golang:1.12-alpine3.9 AS build-env
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata timetzdata $TAGS"
+ENV TAGS "bindata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 #Build deps
-RUN apk --no-cache add build-base git nodejs npm
+RUN apk --no-cache add build-base git
 #Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
@@ -18,12 +16,9 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 #Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean-all build
+ && make clean generate build
-# Begin env-to-ini build
+FROM alpine:3.9
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 22 3000
@@ -33,14 +28,13 @@ RUN apk --no-cache add \
    ca-certificates \
    curl \
    gettext \
    git \
    linux-pam \
    openssh \
    s6 \
    sqlite \
    su-exec \
-    gnupg
+    tzdata
 RUN apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/v3.16/main
 RUN addgroup \
    -S -g 1000 \
@@ -52,7 +46,7 @@ RUN addgroup \
    -u 1000 \
    -G git \
    git && \
-  echo "git:*" | chpasswd -e
+  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
 ENV USER git
 ENV GITEA_CUSTOM /data/gitea
@@ -62,8 +56,6 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]
-COPY docker/root /
+COPY docker /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
 RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,74 +0,0 @@
 #Build stage
 FROM golang:1.18-alpine3.15 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS
 #Build deps
 RUN apk --no-cache add build-base git nodejs npm
 #Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 #Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean-all build
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
 FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 2222 3000
 RUN apk --no-cache add \
    bash \
    ca-certificates \
    gettext \
    curl \
    gnupg
 RUN apk add git --repository=http://dl-cdn.alpinelinux.org/alpine/v3.16/main
 RUN addgroup \
    -S -g 1000 \
    git && \
  adduser \
    -S -H -D \
    -h /var/lib/gitea/git \
    -s /bin/bash \
    -u 1000 \
    -G git \
    git
 RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 #git:git
 USER 1000:1000
 ENV GITEA_WORK_DIR /var/lib/gitea
 ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea
 #TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea
 ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD []
--- a/Gopkg.lock
+++ b/Gopkg.lock
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -0,0 +1,119 @@
 ignored = ["google.golang.org/appengine*"]
 [prune]
  go-tests = true
  unused-packages = true
  non-go = true
 [[constraint]]
  branch = "master"
  name = "code.gitea.io/git"
 [[constraint]]
  branch = "master"
  name = "code.gitea.io/sdk"
 [[constraint]]
  revision = "05d86ea8f6e30456949f612cf68cf4a27ce8c9c5"
  name = "github.com/blevesearch/bleve"
 [[constraint]]
  revision = "12dd70caea0268ac0d6c2707d0611ef601e7c64e"
  name = "golang.org/x/crypto"
 [[constraint]]
  branch = "master"
  name = "golang.org/x/sys"
 [[constraint]]
  revision = "2bf8f2a19ec09c670e931282edfe6567f6be21c9"
  name = "golang.org/x/text"
 [[constraint]]
  branch = "master"
  name = "golang.org/x/net"
 [[override]]
  name = "github.com/go-xorm/xorm"
  revision = "a6300f2a45e05a8f75f00a1d6188049fe7851915"
 [[override]]
  name = "github.com/go-xorm/builder"
  version = "0.3.3"
 [[override]]
  name = "github.com/go-sql-driver/mysql"
  revision = "c45f530f8e7fe40f4687eaa50d0c8c5f1b66f9e0"
 [[override]]
  name = "github.com/mattn/go-sqlite3"
  revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
 [[override]]
  name = "github.com/gorilla/mux"
  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
 [[constraint]]
  name = "github.com/gorilla/context"
  version = "1.1.1"
 [[constraint]]
  name = "github.com/lafriks/xormstore"
  version = "1.0.0"
 [[constraint]]
  branch = "master"
  name = "github.com/lunny/dingtalk_webhook"
 [[constraint]]
  name = "github.com/markbates/goth"
  version = "1.47.2"
 [[constraint]]
  branch = "master"
  name = "github.com/mcuadros/go-version"
 [[constraint]]
  branch = "master"
  name = "github.com/russross/blackfriday"
 [[constraint]]
  branch = "master"
  name = "github.com/tstranex/u2f"
 [[constraint]]
  name = "gopkg.in/editorconfig/editorconfig-core-go.v1"
  version = "1.2.0"
 [[constraint]]
  branch = "v2"
  name = "gopkg.in/gomail.v2"
 [[constraint]]
  name = "gopkg.in/ini.v1"
  version = "1.31.1"
 [[constraint]]
  name = "gopkg.in/ldap.v3"
  version = "3.0.1"
 [[constraint]]
  name = "gopkg.in/macaron.v1"
  version = "1.2.4"
 [[constraint]]
  name = "gopkg.in/testfixtures.v2"
  version = "2.0.0"
 [[override]]
  branch = "master"
  name = "golang.org/x/oauth2"
 [[constraint]]
  name = "github.com/prometheus/client_golang"
  version = "0.9.0"
 [[constraint]]
  name = "github.com/mvdan/xurls"
  version = "2.0.0"
--- a/22
+++ b/22
@@ -1,4 +1,5 @@
 Alexey Makhov <amakhov@avito.ru> (@makhov)
 Andrey Nering <andrey.nering@gmail.com> (@andreynering)
 Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
 Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
 Kees de Vries <bouwko@gmail.com> (@Bwko)
@@ -18,7 +19,7 @@ Lauris Bukšis-Haberkorns <lauris@nix.lv> (@lafriks)
 Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
 David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
 Peter Žeby <morlinest@gmail.com> (@morlinest)
-Matti Ranta <techknowlogick@gitea.io> (@techknowlogick)
+Matti Ranta <matti@mdranta.net> (@techknowlogick)
 Jonas Franz <info@jonasfranz.software> (@jonasfranz)
 Alexey Terentyev <axifnx@gmail.com> (@axifive)
 Lanre Adelowo <yo@lanre.wtf> (@adelowo)
@@ -27,22 +28,3 @@ He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
 Andrew Thornton <art27@cantab.net> (@zeripath)
 John Olheiser <john.olheiser@gmail.com> (@jolheiser)
 Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
 Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
 silverwind <me@silverwind.io> (@silverwind)
 Gary Kim <gary@garykim.dev> (@gary-kim)
 Guillermo Prandi <gitea.maint@mailfilter.com.ar> (@guillep2k)
 Mura Li <typeless@ctli.io> (@typeless)
 6543 <6543@obermui.de> (@6543)
 jaqra <jaqra@hotmail.com> (@jaqra)
 David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)
 a1012112796 <1012112796@qq.com> (@a1012112796)
 Karl Heinz Marbaise <kama@soebes.de> (@khmarbaise)
 Norwin Roosen <git@nroo.de> (@noerw)
 Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
 Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
 Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Gusted <williamzijl7@hotmail.com) (@Gusted)
 singuliere <singuliere@autistici.org> (@singuliere)
--- a/824
+++ b/824
--- a/README.md
+++ b/README.md
@@ -1,52 +1,16 @@
-<p align="center">
+[简体中文](https://github.com/go-gitea/gitea/blob/master/README_ZH.md)
  <a href="https://gitea.io/">
    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
  </a>
 </p>
 <h1 align="center">Gitea - Git with a cup of tea</h1>
-<p align="center">
+# Gitea - Git with a cup of tea
  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
  </a>
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
  </a>
  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
  </a>
  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
  </a>
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
-<p align="center">
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
-  <a href="README_ZH.md">View the chinese version of this document</a>
+[![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
-</p>
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
 [![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
 [![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
 [![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
 ## Purpose
@@ -65,20 +29,7 @@ This project has been
 From the root of the source tree, run:
-    TAGS="bindata" make build
+    TAGS="bindata" make generate all
 or if SQLite support is required:
    TAGS="bindata sqlite sqlite_unlock_notify" make build
 The `build` target is split into two sub-targets:
 - `make backend` which requires [Go 1.17](https://go.dev/dl/) or greater.
 - `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
 When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
 Parallelism (`make -j <num>`) is not supported.
 More info: https://docs.gitea.io/en-us/install-from-source/
@@ -98,24 +49,13 @@ NOTES:
 1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
 2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
 ## Translating
 Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
 You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
 https://docs.gitea.io/en-us/translation-guidelines/
 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 ## Further information
-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
+For more information and instructions about how to install Gitea, please look
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
+at our [documentation](https://docs.gitea.io/en-us/). If you have questions
-
+that are not covered by the documentation, you can get in contact with us on
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
+our [Discord server](https://discord.gg/NsatcWJ),
-The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
+or [forum](https://discourse.gitea.io/)!
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
 ## Authors
@@ -157,14 +97,15 @@ We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
 ## License
 This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
+See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file
 for the full license text.
 ## Screenshots
 Looking for an overview of the interface? Check it out!
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
+| | | |
 |:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
 |![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,52 +1,15 @@
-<p align="center">
+[English](https://github.com/go-gitea/gitea/blob/master/README.md)
  <a href="https://gitea.io/">
    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
  </a>
 </p>
 <h1 align="center">Gitea - Git with a cup of tea</h1>
-<p align="center">
+# Gitea - Git with a cup of tea
  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
  </a>
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
  </a>
  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
  </a>
  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
  </a>
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
-<p align="center">
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
-  <a href="README.md">View the english version of this document</a>
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
-</p>
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
 [![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
 [![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
 ## 目标
@@ -62,17 +25,12 @@ Gitea 的首要目标是创建一个极易安装，运行非常快速，安装
 ## 文档
-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
+关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/NsatcWJ) 和 QQ群 328432459 来和我们交流。
 ## 贡献流程
 Fork -> Patch -> Push -> Pull Request
 ## 翻译
 多语言翻译是基于Crowdin进行的.
 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 ## 作者
 * [Maintainers](https://github.com/orgs/go-gitea/people)
@@ -81,12 +39,13 @@ Fork -> Patch -> Push -> Pull Request
 ## 授权许可
-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
+本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) 文件中。
 ## 截图
-|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
+| | | |
 |:---:|:---:|:---:|
-|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
 |![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,10 +0,0 @@
 # Reporting security issues
 The Gitea maintainers take security seriously.  
 If you discover a security issue, please bring it to their attention right away!
 ### Reporting a Vulnerability
 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
 Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/logo.svg
+++ b/assets/logo.svg
@@ -1,31 +1,160 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
+
-<g>
+<svg
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
+   xmlns:cc="http://creativecommons.org/ns#"
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
-	<g>
+   xmlns:svg="http://www.w3.org/2000/svg"
-		<g>
+   xmlns="http://www.w3.org/2000/svg"
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
+   width="512"
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
+   height="512"
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
+   viewBox="0 0 135.46667 135.46667"
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
+   version="1.1"
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
+   id="svg8"
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
+   sodipodi:docname="logo.svg"
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
+   inkscape:version="0.92.1 r15371"
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
+   inkscape:export-filename=""
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
+   inkscape:export-xdpi="48.000004"
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
+   inkscape:export-ydpi="48.000004">
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
+  <defs
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
+     id="defs2" />
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
+  <sodipodi:namedview
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
+     id="base"
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
+     pagecolor="#ffffff"
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
+     bordercolor="#666666"
-		</g>
+     borderopacity="1.0"
-	</g>
+     inkscape:pageopacity="0"
-</g>
+     inkscape:pageshadow="2"
     inkscape:zoom="0.70710678"
     inkscape:cx="418.13805"
     inkscape:cy="177.57445"
     inkscape:document-units="mm"
     inkscape:current-layer="layer2"
     showgrid="false"
     units="px"
     width="256px"
     showguides="false"
     inkscape:window-width="1920"
     inkscape:window-height="1137"
     inkscape:window-x="1912"
     inkscape:window-y="-8"
     inkscape:window-maximized="1"
     inkscape:pagecheckerboard="false"
     inkscape:measure-start="283.373,243.952"
     inkscape:measure-end="290.267,236.527">
    <sodipodi:guide
       position="0,0"
       orientation="0,512"
       id="guide3699"
       inkscape:locked="false" />
    <sodipodi:guide
       position="135.46667,0"
       orientation="-512,0"
       id="guide3701"
       inkscape:locked="false" />
    <sodipodi:guide
       position="135.46667,135.46667"
       orientation="0,-512"
       id="guide3703"
       inkscape:locked="false" />
    <sodipodi:guide
       position="0,135.46667"
       orientation="512,0"
       id="guide3705"
       inkscape:locked="false" />
  </sodipodi:namedview>
  <metadata
     id="metadata5">
    <rdf:RDF>
      <cc:Work
         rdf:about="">
        <dc:format>image/svg+xml</dc:format>
        <dc:type
           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
        <dc:title></dc:title>
      </cc:Work>
    </rdf:RDF>
  </metadata>
  <g
     inkscape:label="Layer 1"
     inkscape:groupmode="layer"
     id="layer1"
     transform="translate(0,-161.53334)"
     style="display:inline">
    <path
       style="fill:#609926;fill-opacity:1;stroke:#428f29;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:none"
       d="m 27.709937,195.15095 c -9.546573,-0.0272 -22.3392732,6.79805 -21.6317552,23.90397 1.105534,26.72889 25.4565952,29.20839 35.1916502,29.42301 1.068023,5.01357 12.521798,22.30563 21.001818,23.21667 h 37.15277 c 22.27763,-1.66785 38.9607,-75.75671 26.59321,-76.03825 -46.781583,2.47691 -49.995146,2.13838 -88.599758,0 -2.495053,-0.0266 -5.972321,-0.49474 -9.707935,-0.5054 z m 2.491319,9.45886 c 1.351378,13.69267 3.555849,21.70359 8.018216,33.94345 -11.382872,-1.50473 -21.069822,-5.22443 -22.851515,-19.10984 -0.950962,-7.4112 2.390428,-15.16769 14.833299,-14.83361 z"
       id="path3722"
       inkscape:connector-curvature="0"
       sodipodi:nodetypes="sscccccsccsc" />
  </g>
  <g
     inkscape:groupmode="layer"
     id="layer2"
     inkscape:label="Layer 2"
     style="display:inline">
    <rect
       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.24757317;stroke-opacity:1"
       id="rect4599"
       width="34.762054"
       height="34.762054"
       x="87.508659"
       y="18.291576"
       transform="rotate(25.914715)"
       ry="5.4825778" />
    <path
       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26644793px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
       d="m 79.804947,57.359056 3.241146,1.609954 V 35.255731 h -3.262698 z"
       id="path4525"
       inkscape:connector-curvature="0"
       sodipodi:nodetypes="ccccc" />
  </g>
  <g
     inkscape:groupmode="layer"
     id="layer3"
     inkscape:label="Layer 3"
     style="display:inline">
    <g
       style="display:inline"
       id="g4539">
      <circle
         transform="rotate(-19.796137)"
         r="3.4745038"
         cy="90.077766"
         cx="49.064713"
         id="path4606"
         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
      <circle
         transform="rotate(-19.796137)"
         r="3.4745038"
         cy="102.1049"
         cx="36.810425"
         id="path4606-3"
         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
      <circle
         transform="rotate(-19.796137)"
         r="3.4745038"
         cy="111.43928"
         cx="46.484283"
         id="path4606-1"
         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
      <rect
         transform="rotate(26.024158)"
         y="18.061695"
         x="97.333458"
         height="27.261492"
         width="2.6726954"
         id="rect4629-8"
         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.27444693;stroke-opacity:1" />
      <path
         sodipodi:nodetypes="cc"
         inkscape:connector-curvature="0"
         id="path4514"
         d="m 76.558096,68.116343 c 12.97589,6.395378 13.012989,4.101862 4.890858,20.907244"
         style="fill:none;stroke:#609926;stroke-width:2.68000007;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
    </g>
  </g>
 </svg>
--- a/build.go
+++ b/build.go
@@ -1,25 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build vendor
 // +build vendor
 package main
 // Libraries that are included to vendor utilities used during build.
 // These libraries will not be included in a normal compilation.
 import (
 	// for embed
 	_ "github.com/shurcooL/vfsgen"
 	// for cover merge
 	_ "golang.org/x/tools/cover"
 	// for vet
 	_ "code.gitea.io/gitea-vet"
 	// for swagger
 	_ "github.com/go-swagger/go-swagger/cmd/swagger"
 )
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,285 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
 import (
 	"fmt"
 	"log"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"code.gitea.io/gitea/build/codeformat"
 )
 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
 // So we have to feed the files to some tools (like gofmt/misspell) batch by batch
 // We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
 var optionLogVerbose bool
 func logVerbose(msg string, args ...interface{}) {
 	if optionLogVerbose {
 		log.Printf(msg, args...)
 	}
 }
 func passThroughCmd(cmd string, args []string) error {
 	foundCmd, err := exec.LookPath(cmd)
 	if err != nil {
 		log.Fatalf("can not find cmd: %s", cmd)
 	}
 	c := exec.Cmd{
 		Path:   foundCmd,
 		Args:   append([]string{cmd}, args...),
 		Stdin:  os.Stdin,
 		Stdout: os.Stdout,
 		Stderr: os.Stderr,
 	}
 	return c.Run()
 }
 type fileCollector struct {
 	dirs            []string
 	includePatterns []*regexp.Regexp
 	excludePatterns []*regexp.Regexp
 	batchSize       int
 }
 func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error) {
 	co := &fileCollector{batchSize: batchSize}
 	if fileFilter == "go-own" {
 		co.dirs = []string{
 			"build",
 			"cmd",
 			"contrib",
 			"integrations",
 			"models",
 			"modules",
 			"routers",
 			"services",
 			"tools",
 		}
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`services/gitdiff/testdata`))
 	}
 	if co.dirs == nil {
 		return nil, fmt.Errorf("unknown file-filter: %s", fileFilter)
 	}
 	return co, nil
 }
 func (fc *fileCollector) matchPatterns(path string, regexps []*regexp.Regexp) bool {
 	path = strings.ReplaceAll(path, "\\", "/")
 	for _, re := range regexps {
 		if re.MatchString(path) {
 			return true
 		}
 	}
 	return false
 }
 func (fc *fileCollector) collectFiles() (res [][]string, err error) {
 	var batch []string
 	for _, dir := range fc.dirs {
 		err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
 			include := len(fc.includePatterns) == 0 || fc.matchPatterns(path, fc.includePatterns)
 			exclude := fc.matchPatterns(path, fc.excludePatterns)
 			process := include && !exclude
 			if !process {
 				if d.IsDir() {
 					if exclude {
 						logVerbose("exclude dir %s", path)
 						return filepath.SkipDir
 					}
 					// for a directory, if it is not excluded explicitly, we should walk into
 					return nil
 				}
 				// for a file, we skip it if it shouldn't be processed
 				logVerbose("skip process %s", path)
 				return nil
 			}
 			if d.IsDir() {
 				// skip dir, we don't add dirs to the file list now
 				return nil
 			}
 			if len(batch) >= fc.batchSize {
 				res = append(res, batch)
 				batch = nil
 			}
 			batch = append(batch, path)
 			return nil
 		})
 		if err != nil {
 			return nil, err
 		}
 	}
 	res = append(res, batch)
 	return res, nil
 }
 // substArgFiles expands the {file-list} to a real file list for commands
 func substArgFiles(args []string, files []string) []string {
 	for i, s := range args {
 		if s == "{file-list}" {
 			newArgs := append(args[:i], files...)
 			newArgs = append(newArgs, args[i+1:]...)
 			return newArgs
 		}
 	}
 	return args
 }
 func exitWithCmdErrors(subCmd string, subArgs []string, cmdErrors []error) {
 	for _, err := range cmdErrors {
 		if err != nil {
 			if exitError, ok := err.(*exec.ExitError); ok {
 				exitCode := exitError.ExitCode()
 				log.Printf("run command failed (code=%d): %s %v", exitCode, subCmd, subArgs)
 				os.Exit(exitCode)
 			} else {
 				log.Fatalf("run command failed (err=%s) %s %v", err, subCmd, subArgs)
 			}
 		}
 	}
 }
 func parseArgs() (mainOptions map[string]string, subCmd string, subArgs []string) {
 	mainOptions = map[string]string{}
 	for i := 1; i < len(os.Args); i++ {
 		arg := os.Args[i]
 		if arg == "" {
 			break
 		}
 		if arg[0] == '-' {
 			arg = strings.TrimPrefix(arg, "-")
 			arg = strings.TrimPrefix(arg, "-")
 			fields := strings.SplitN(arg, "=", 2)
 			if len(fields) == 1 {
 				mainOptions[fields[0]] = "1"
 			} else {
 				mainOptions[fields[0]] = fields[1]
 			}
 		} else {
 			subCmd = arg
 			subArgs = os.Args[i+1:]
 			break
 		}
 	}
 	return
 }
 func showUsage() {
 	fmt.Printf(`Usage: %[1]s [options] {command} [arguments]
 Options:
  --verbose
  --file-filter=go-own
  --batch-size=100
 Commands:
  %[1]s gofmt ...
  %[1]s misspell ...
 Arguments:
  {file-list}     the file list
 Example:
  %[1]s gofmt -s -d {file-list}
 `, "file-batch-exec")
 }
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
 		fileFilter = "go-own"
 	}
 	batchSize, _ := strconv.Atoi(mainOptions["batch-size"])
 	if batchSize == 0 {
 		batchSize = 100
 	}
 	return newFileCollector(fileFilter, batchSize)
 }
 func containsString(a []string, s string) bool {
 	for _, v := range a {
 		if v == s {
 			return true
 		}
 	}
 	return false
 }
 func giteaFormatGoImports(files []string) error {
 	for _, file := range files {
 		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
 	}
 	return nil
 }
 func main() {
 	mainOptions, subCmd, subArgs := parseArgs()
 	if subCmd == "" {
 		showUsage()
 		os.Exit(1)
 	}
 	optionLogVerbose = mainOptions["verbose"] != ""
 	fc, err := newFileCollectorFromMainOptions(mainOptions)
 	if err != nil {
 		log.Fatalf("can not create file collector: %s", err.Error())
 	}
 	fileBatches, err := fc.collectFiles()
 	if err != nil {
 		log.Fatalf("can not collect files: %s", err.Error())
 	}
 	processed := 0
 	var cmdErrors []error
 	for _, files := range fileBatches {
 		if len(files) == 0 {
 			break
 		}
 		substArgs := substArgFiles(subArgs, files)
 		logVerbose("batch cmd: %s %v", subCmd, substArgs)
 		switch subCmd {
 		case "gitea-fmt":
 			if containsString(subArgs, "-w") {
 				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
 			}
 			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
 			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
 		case "misspell":
 			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
 		processed += len(files)
 	}
 	logVerbose("processed %d files", processed)
 	exitWithCmdErrors(subCmd, subArgs, cmdErrors)
 }
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,187 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
 import (
 	"bytes"
 	"errors"
 	"io"
 	"os"
 	"sort"
 	"strings"
 )
 var importPackageGroupOrders = map[string]int{
 	"":                     1, // internal
 	"code.gitea.io/gitea/": 2,
 }
 var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
 var importBlockBegin = []byte("\nimport (\n")
 var importBlockEnd = []byte("\n)")
 type importLineParsed struct {
 	group   string
 	pkg     string
 	content string
 }
 func parseImportLine(line string) (*importLineParsed, error) {
 	il := &importLineParsed{content: line}
 	p1 := strings.IndexRune(line, '"')
 	if p1 == -1 {
 		return nil, errors.New("invalid import line: " + line)
 	}
 	p1++
 	p := strings.IndexRune(line[p1:], '"')
 	if p == -1 {
 		return nil, errors.New("invalid import line: " + line)
 	}
 	p2 := p1 + p
 	il.pkg = line[p1:p2]
 	pDot := strings.IndexRune(il.pkg, '.')
 	pSlash := strings.IndexRune(il.pkg, '/')
 	if pDot != -1 && pDot < pSlash {
 		il.group = "domain-package"
 	}
 	for groupName := range importPackageGroupOrders {
 		if groupName == "" {
 			continue // skip internal
 		}
 		if strings.HasPrefix(il.pkg, groupName) {
 			il.group = groupName
 		}
 	}
 	return il, nil
 }
 type importLineGroup []*importLineParsed
 type importLineGroupMap map[string]importLineGroup
 func formatGoImports(contentBytes []byte) ([]byte, error) {
 	p1 := bytes.Index(contentBytes, importBlockBegin)
 	if p1 == -1 {
 		return nil, nil
 	}
 	p1 += len(importBlockBegin)
 	p := bytes.Index(contentBytes[p1:], importBlockEnd)
 	if p == -1 {
 		return nil, nil
 	}
 	p2 := p1 + p
 	importGroups := importLineGroupMap{}
 	r := bytes.NewBuffer(contentBytes[p1:p2])
 	eof := false
 	for !eof {
 		line, err := r.ReadString('\n')
 		eof = err == io.EOF
 		if err != nil && !eof {
 			return nil, err
 		}
 		line = strings.TrimSpace(line)
 		if line != "" {
 			if strings.HasPrefix(line, "//") || strings.HasPrefix(line, "/*") {
 				return nil, errInvalidCommentBetweenImports
 			}
 			importLine, err := parseImportLine(line)
 			if err != nil {
 				return nil, err
 			}
 			importGroups[importLine.group] = append(importGroups[importLine.group], importLine)
 		}
 	}
 	var groupNames []string
 	for groupName, importLines := range importGroups {
 		groupNames = append(groupNames, groupName)
 		sort.Slice(importLines, func(i, j int) bool {
 			return strings.Compare(importLines[i].pkg, importLines[j].pkg) < 0
 		})
 	}
 	sort.Slice(groupNames, func(i, j int) bool {
 		n1 := groupNames[i]
 		n2 := groupNames[j]
 		o1 := importPackageGroupOrders[n1]
 		o2 := importPackageGroupOrders[n2]
 		if o1 != 0 && o2 != 0 {
 			return o1 < o2
 		}
 		if o1 == 0 && o2 == 0 {
 			return strings.Compare(n1, n2) < 0
 		}
 		return o1 != 0
 	})
 	formattedBlock := bytes.Buffer{}
 	for _, groupName := range groupNames {
 		hasNormalImports := false
 		hasDummyImports := false
 		// non-dummy import comes first
 		for _, importLine := range importGroups[groupName] {
 			if strings.HasPrefix(importLine.content, "_") {
 				hasDummyImports = true
 			} else {
 				formattedBlock.WriteString("\t" + importLine.content + "\n")
 				hasNormalImports = true
 			}
 		}
 		// dummy (_ "pkg") comes later
 		if hasDummyImports {
 			if hasNormalImports {
 				formattedBlock.WriteString("\n")
 			}
 			for _, importLine := range importGroups[groupName] {
 				if strings.HasPrefix(importLine.content, "_") {
 					formattedBlock.WriteString("\t" + importLine.content + "\n")
 				}
 			}
 		}
 		formattedBlock.WriteString("\n")
 	}
 	formattedBlockBytes := bytes.TrimRight(formattedBlock.Bytes(), "\n")
 	var formattedBytes []byte
 	formattedBytes = append(formattedBytes, contentBytes[:p1]...)
 	formattedBytes = append(formattedBytes, formattedBlockBytes...)
 	formattedBytes = append(formattedBytes, contentBytes[p2:]...)
 	return formattedBytes, nil
 }
 //FormatGoImports format the imports by our rules (see unit tests)
 func FormatGoImports(file string) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
 	}
 	var contentBytes []byte
 	{
 		defer f.Close()
 		contentBytes, err = io.ReadAll(f)
 		if err != nil {
 			return err
 		}
 	}
 	formattedBytes, err := formatGoImports(contentBytes)
 	if err != nil {
 		return err
 	}
 	if formattedBytes == nil {
 		return nil
 	}
 	if bytes.Equal(contentBytes, formattedBytes) {
 		return nil
 	}
 	f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0644)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	_, err = f.Write(formattedBytes)
 	return err
 }
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,125 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestFormatImportsSimple(t *testing.T) {
 	formatted, err := formatGoImports([]byte(`
 package codeformat
 import (
 	"github.com/stretchr/testify/assert"
 	"testing"
 )
 `))
 	expected := `
 package codeformat
 import (
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 `
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(formatted))
 }
 func TestFormatImportsGroup(t *testing.T) {
 	// gofmt/goimports won't group the packages, for example, they produce such code:
 	//     "bytes"
 	//     "image"
 	//        (a blank line)
 	//     "fmt"
 	//     "image/color/palette"
 	// our formatter does better, and these packages are grouped into one.
 	formatted, err := formatGoImports([]byte(`
 package test
 import (
 	"bytes"
 	"fmt"
 	"image"
 	"image/color"
 	_ "image/gif"  // for processing gif images
 	_ "image/jpeg" // for processing jpeg images
 	_ "image/png"  // for processing png images
 	"code.gitea.io/other/package"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
  "xorm.io/the/package"
 	"github.com/issue9/identicon"
 	"github.com/nfnt/resize"
 	"github.com/oliamb/cutter"
 )
 `))
 	expected := `
 package test
 import (
 	"bytes"
 	"fmt"
 	"image"
 	"image/color"
 	_ "image/gif"  // for processing gif images
 	_ "image/jpeg" // for processing jpeg images
 	_ "image/png"  // for processing png images
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/other/package"
 	"github.com/issue9/identicon"
 	"github.com/nfnt/resize"
 	"github.com/oliamb/cutter"
 	"xorm.io/the/package"
 )
 `
 	assert.NoError(t, err)
 	assert.Equal(t, expected, string(formatted))
 }
 func TestFormatImportsInvalidComment(t *testing.T) {
 	// why we shouldn't write comments between imports: it breaks the grouping of imports
 	// for example:
 	//    "pkg1"
 	//    "pkg2"
 	//    // a comment
 	//    "pkgA"
 	//    "pkgB"
 	// the comment splits the packages into two groups, pkg1/2 are sorted separately, pkgA/B are sorted separately
 	// we don't want such code, so the code should be:
 	//    "pkg1"
 	//    "pkg2"
 	//    "pkgA" // a comment
 	//    "pkgB"
 	_, err := formatGoImports([]byte(`
 package test
 import (
  "image/jpeg"
 	// for processing gif images
 	"image/gif"
 )
 `))
 	assert.ErrorIs(t, err, errInvalidCommentBetweenImports)
 }
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -1,91 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
 import (
 	"bytes"
 	"crypto/sha1"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"path/filepath"
 	"strconv"
 	"github.com/shurcooL/vfsgen"
 )
 func needsUpdate(dir string, filename string) (bool, []byte) {
 	needRegen := false
 	_, err := os.Stat(filename)
 	if err != nil {
 		needRegen = true
 	}
 	oldHash, err := os.ReadFile(filename + ".hash")
 	if err != nil {
 		oldHash = []byte{}
 	}
 	hasher := sha1.New()
 	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
 		_, _ = hasher.Write([]byte(info.Name()))
 		_, _ = hasher.Write([]byte(info.ModTime().String()))
 		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
 		return nil
 	})
 	if err != nil {
 		return true, oldHash
 	}
 	newHash := hasher.Sum([]byte{})
 	if bytes.Compare(oldHash, newHash) != 0 {
 		return true, newHash
 	}
 	return needRegen, newHash
 }
 func main() {
 	if len(os.Args) < 4 {
 		log.Fatal("Insufficient number of arguments. Need: directory packageName filename")
 	}
 	dir, packageName, filename := os.Args[1], os.Args[2], os.Args[3]
 	var useGlobalModTime bool
 	if len(os.Args) == 5 {
 		useGlobalModTime, _ = strconv.ParseBool(os.Args[4])
 	}
 	update, newHash := needsUpdate(dir, filename)
 	if !update {
 		fmt.Printf("bindata for %s already up-to-date\n", packageName)
 		return
 	}
 	fmt.Printf("generating bindata for %s\n", packageName)
 	var fsTemplates http.FileSystem = http.Dir(dir)
 	err := vfsgen.Generate(fsTemplates, vfsgen.Options{
 		PackageName:      packageName,
 		BuildTags:        "bindata",
 		VariableName:     "Assets",
 		Filename:         filename,
 		UseGlobalModTime: useGlobalModTime,
 	})
 	if err != nil {
 		log.Fatalf("%v\n", err)
 	}
 	_ = os.WriteFile(filename+".hash", newHash, 0666)
 }
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -1,224 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
 import (
 	"flag"
 	"fmt"
 	"go/format"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 	"unicode/utf8"
 	"code.gitea.io/gitea/modules/json"
 )
 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
 	maxUnicodeVersion = 12
 )
 var (
 	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
 )
 // Gemoji is a set of emoji data.
 type Gemoji []Emoji
 // Emoji represents a single emoji and associated data.
 type Emoji struct {
 	Emoji          string   `json:"emoji"`
 	Description    string   `json:"description,omitempty"`
 	Aliases        []string `json:"aliases"`
 	UnicodeVersion string   `json:"unicode_version,omitempty"`
 	SkinTones      bool     `json:"skin_tones,omitempty"`
 }
 // Don't include some fields in JSON
 func (e Emoji) MarshalJSON() ([]byte, error) {
 	type emoji Emoji
 	x := emoji(e)
 	x.UnicodeVersion = ""
 	x.Description = ""
 	x.SkinTones = false
 	return json.Marshal(x)
 }
 func main() {
 	var err error
 	flag.Parse()
 	// generate data
 	buf, err := generate()
 	if err != nil {
 		log.Fatal(err)
 	}
 	// write
 	err = os.WriteFile(*flagOut, buf, 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
 }
 var replacer = strings.NewReplacer(
 	"main.Gemoji", "Gemoji",
 	"main.Emoji", "\n",
 	"}}", "},\n}",
 	", Description:", ", ",
 	", Aliases:", ", ",
 	", UnicodeVersion:", ", ",
 	", SkinTones:", ", ",
 )
 var emojiRE = regexp.MustCompile(`\{Emoji:"([^"]*)"`)
 func generate() ([]byte, error) {
 	var err error
 	// load gemoji data
 	res, err := http.Get(gemojiURL)
 	if err != nil {
 		return nil, err
 	}
 	defer res.Body.Close()
 	// read all
 	body, err := io.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}
 	// unmarshal
 	var data Gemoji
 	err = json.Unmarshal(body, &data)
 	if err != nil {
 		return nil, err
 	}
 	var skinTones = make(map[string]string)
 	skinTones["\U0001f3fb"] = "Light Skin Tone"
 	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
 	skinTones["\U0001f3fd"] = "Medium Skin Tone"
 	skinTones["\U0001f3fe"] = "Medium-Dark Skin Tone"
 	skinTones["\U0001f3ff"] = "Dark Skin Tone"
 	var tmp Gemoji
 	//filter out emoji that require greater than max unicode version
 	for i := range data {
 		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
 		if int(val) <= maxUnicodeVersion {
 			tmp = append(tmp, data[i])
 		}
 	}
 	data = tmp
 	sort.Slice(data, func(i, j int) bool {
 		return data[i].Aliases[0] < data[j].Aliases[0]
 	})
 	aliasMap := make(map[string]int, len(data))
 	for i, e := range data {
 		if e.Emoji == "" || len(e.Aliases) == 0 {
 			continue
 		}
 		for _, a := range e.Aliases {
 			if a == "" {
 				continue
 			}
 			aliasMap[a] = i
 		}
 	}
 	// gitea customizations
 	i, ok := aliasMap["tada"]
 	if ok {
 		data[i].Aliases = append(data[i].Aliases, "hooray")
 	}
 	i, ok = aliasMap["laughing"]
 	if ok {
 		data[i].Aliases = append(data[i].Aliases, "laugh")
 	}
 	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
 	file, _ := json.Marshal(data)
 	_ = os.WriteFile("assets/emoji.json", file, 0644)
 	// Add skin tones to emoji that support it
 	var (
 		s              []string
 		newEmoji       string
 		newDescription string
 		newData        Emoji
 	)
 	for i := range data {
 		if data[i].SkinTones {
 			for k, v := range skinTones {
 				s = strings.Split(data[i].Emoji, "")
 				if utf8.RuneCountInString(data[i].Emoji) == 1 {
 					s = append(s, k)
 				} else {
 					// insert into slice after first element because all emoji that support skin tones
 					// have that modifier placed at this spot
 					s = append(s, "")
 					copy(s[2:], s[1:])
 					s[1] = k
 				}
 				newEmoji = strings.Join(s, "")
 				newDescription = data[i].Description + ": " + v
 				newAlias := data[i].Aliases[0] + "_" + strings.ReplaceAll(v, " ", "_")
 				newData = Emoji{newEmoji, newDescription, []string{newAlias}, "12.0", false}
 				data = append(data, newData)
 			}
 		}
 	}
 	// add header
 	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))
 	// change the format of the unicode string
 	str = emojiRE.ReplaceAllStringFunc(str, func(s string) string {
 		var err error
 		s, err = strconv.Unquote(s[len("{Emoji:"):])
 		if err != nil {
 			panic(err)
 		}
 		return "{" + strconv.QuoteToASCII(s)
 	})
 	// format
 	return format.Source([]byte(str))
 }
 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package emoji
 // Code generated by gen.go. DO NOT EDIT.
 // Sourced from %s
 //
 var GemojiData = %#v
 `
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@@ -1,130 +0,0 @@
 //go:build ignore
 // +build ignore
 package main
 import (
 	"archive/tar"
 	"compress/gzip"
 	"flag"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"code.gitea.io/gitea/modules/util"
 )
 func main() {
 	var (
 		prefix         = "gitea-gitignore"
 		url            = "https://api.github.com/repos/github/gitignore/tarball"
 		githubApiToken = ""
 		githubUsername = ""
 		destination    = ""
 	)
 	flag.StringVar(&destination, "dest", "options/gitignore/", "destination for the gitignores")
 	flag.StringVar(&githubUsername, "username", "", "github username")
 	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()
 	file, err := os.CreateTemp(os.TempDir(), prefix)
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
 	defer util.Remove(file.Name())
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}
 	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
 		req.SetBasicAuth(githubUsername, githubApiToken)
 	}
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}
 	defer resp.Body.Close()
 	if _, err := io.Copy(file, resp.Body); err != nil {
 		log.Fatalf("Failed to copy archive to file. %s", err)
 	}
 	if _, err := file.Seek(0, 0); err != nil {
 		log.Fatalf("Failed to reset seek on archive. %s", err)
 	}
 	gz, err := gzip.NewReader(file)
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
 	tr := tar.NewReader(gz)
 	filesToCopy := make(map[string]string, 0)
 	for {
 		hdr, err := tr.Next()
 		if err == io.EOF {
 			break
 		}
 		if err != nil {
 			log.Fatalf("Failed to iterate archive. %s", err)
 		}
 		if filepath.Ext(hdr.Name) != ".gitignore" {
 			continue
 		}
 		if hdr.Typeflag == tar.TypeSymlink {
 			fmt.Printf("Found symlink %s -> %s\n", hdr.Name, hdr.Linkname)
 			filesToCopy[strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")] = strings.TrimSuffix(filepath.Base(hdr.Linkname), ".gitignore")
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
 		defer out.Close()
 		if _, err := io.Copy(out, tr); err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		} else {
 			fmt.Printf("Written %s\n", out.Name())
 		}
 	}
 	for dst, src := range filesToCopy {
 		// Read all content of src to data
 		src = path.Join(destination, src)
 		data, err := os.ReadFile(src)
 		if err != nil {
 			log.Fatalf("Failed to read src file. %s", err)
 		}
 		// Write data to dst
 		dst = path.Join(destination, dst)
 		err = os.WriteFile(dst, data, 0644)
 		if err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		}
 		fmt.Printf("Written (copy of %s) %s\n", src, dst)
 	}
 	fmt.Println("Done")
 }
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -1,84 +0,0 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
 import fs from 'fs';
 import {resolve, dirname} from 'path';
 import {fileURLToPath} from 'url';
 const {readFile, writeFile} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const logoFile = resolve(__dirname, '../assets/logo.svg');
 function exit(err) {
  if (err) console.error(err);
  process.exit(err ? 1 : 0);
 }
 function loadSvg(svg) {
  return new Promise((resolve) => {
    fabric.loadSVGFromString(svg, (objects, options) => {
      resolve({objects, options});
    });
  });
 }
 async function generate(svg, outputFile, {size, bg}) {
  if (outputFile.endsWith('.svg')) {
    const {data} = optimize(svg, {
      plugins: [
        'preset-default',
        'removeDimensions',
        {
          name: 'addAttributesToSVGElement',
          params: {attributes: [{width: size}, {height: size}]}
        },
      ],
    });
    await writeFile(outputFile, data);
    return;
  }
  const {objects, options} = await loadSvg(svg);
  const canvas = new fabric.Canvas();
  canvas.setDimensions({width: size, height: size});
  const ctx = canvas.getContext('2d');
  ctx.scale(options.width ? (size / options.width) : 1, options.height ? (size / options.height) : 1);
  if (bg) {
    canvas.add(new fabric.Rect({
      left: 0,
      top: 0,
      height: size * (1 / (size / options.height)),
      width: size * (1 / (size / options.width)),
      fill: 'white',
    }));
  }
  canvas.add(fabric.util.groupSVGElements(objects, options));
  canvas.renderAll();
  let png = Buffer.from([]);
  for await (const chunk of canvas.createPNGStream()) {
    png = Buffer.concat([png, chunk]);
  }
  png = await imageminZopfli({more: true})(png);
  await writeFile(outputFile, png);
 }
 async function main() {
  const gitea = process.argv.slice(2).includes('gitea');
  const svg = await readFile(logoFile, 'utf8');
  await Promise.all([
    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
  ]);
 }
 main().then(exit).catch(exit);
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -1,118 +0,0 @@
 //go:build ignore
 // +build ignore
 package main
 import (
 	"archive/tar"
 	"compress/gzip"
 	"flag"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"code.gitea.io/gitea/modules/util"
 )
 func main() {
 	var (
 		prefix         = "gitea-licenses"
 		url            = "https://api.github.com/repos/spdx/license-list-data/tarball"
 		githubApiToken = ""
 		githubUsername = ""
 		destination    = ""
 	)
 	flag.StringVar(&destination, "dest", "options/license/", "destination for the licenses")
 	flag.StringVar(&githubUsername, "username", "", "github username")
 	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()
 	file, err := os.CreateTemp(os.TempDir(), prefix)
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
 	defer util.Remove(file.Name())
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}
 	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
 		req.SetBasicAuth(githubUsername, githubApiToken)
 	}
 	resp, err := http.DefaultClient.Do(req)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
 	}
 	defer resp.Body.Close()
 	if _, err := io.Copy(file, resp.Body); err != nil {
 		log.Fatalf("Failed to copy archive to file. %s", err)
 	}
 	if _, err := file.Seek(0, 0); err != nil {
 		log.Fatalf("Failed to reset seek on archive. %s", err)
 	}
 	gz, err := gzip.NewReader(file)
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
 	tr := tar.NewReader(gz)
 	for {
 		hdr, err := tr.Next()
 		if err == io.EOF {
 			break
 		}
 		if err != nil {
 			log.Fatalf("Failed to iterate archive. %s", err)
 		}
 		if !strings.Contains(hdr.Name, "/text/") {
 			continue
 		}
 		if filepath.Ext(hdr.Name) != ".txt" {
 			continue
 		}
 		if strings.HasPrefix(filepath.Base(hdr.Name), "README") {
 			continue
 		}
 		if strings.HasPrefix(filepath.Base(hdr.Name), "deprecated_") {
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
 		defer out.Close()
 		if _, err := io.Copy(out, tr); err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		} else {
 			fmt.Printf("Written %s\n", out.Name())
 		}
 	}
 	fmt.Println("Done")
 }
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,58 +0,0 @@
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
 import {resolve, parse, dirname} from 'path';
 import fs from 'fs';
 import {fileURLToPath} from 'url';
 const {readFile, writeFile, mkdir} = fs.promises;
 const __dirname = dirname(fileURLToPath(import.meta.url));
 const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
 const outputDir = resolve(__dirname, '../public/img/svg');
 function exit(err) {
  if (err) console.error(err);
  process.exit(err ? 1 : 0);
 }
 async function processFile(file, {prefix, fullName} = {}) {
  let name;
  if (fullName) {
    name = fullName;
  } else {
    name = parse(file).name;
    if (prefix) name = `${prefix}-${name}`;
    if (prefix === 'octicon') name = name.replace(/-[0-9]+$/, ''); // chop of '-16' on octicons
  }
  const {data} = optimize(await readFile(file, 'utf8'), {
    plugins: [
      {name: 'preset-default'},
      {name: 'removeXMLNS'},
      {name: 'removeDimensions'},
      {name: 'prefixIds', params: {prefix: () => name}},
      {name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
    ],
  });
  await writeFile(resolve(outputDir, `${name}.svg`), data);
 }
 function processFiles(pattern, opts) {
  return glob(pattern).map((file) => processFile(file, opts));
 }
 async function main() {
  try {
    await mkdir(outputDir);
  } catch {}
  await Promise.all([
    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
    ...processFiles('../web_src/svg/*.svg'),
    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }
 main().then(exit).catch(exit);
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -1,27 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 // +build ignore
 package main
 import (
 	"log"
 	"os"
 	"code.gitea.io/gitea/build/codeformat"
 )
 func main() {
 	if len(os.Args) <= 1 {
 		log.Fatalf("Usage: gitea-format-imports [files...]")
 	}
 	for _, file := range os.Args[1:] {
 		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Fatalf("can not format file %s, err=%v", file, err)
 		}
 	}
 }
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -1,120 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
 //go:build ignore
 // +build ignore
 package main
 import (
 	"flag"
 	"fmt"
 	"io"
 	"log"
 	"os"
 	"sort"
 	"golang.org/x/tools/cover"
 )
 func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
 	if p.Mode != merge.Mode {
 		log.Fatalf("cannot merge profiles with different modes")
 	}
 	// Since the blocks are sorted, we can keep track of where the last block
 	// was inserted and only look at the blocks after that as targets for merge
 	startIndex := 0
 	for _, b := range merge.Blocks {
 		startIndex = mergeProfileBlock(p, b, startIndex)
 	}
 }
 func mergeProfileBlock(p *cover.Profile, pb cover.ProfileBlock, startIndex int) int {
 	sortFunc := func(i int) bool {
 		pi := p.Blocks[i+startIndex]
 		return pi.StartLine >= pb.StartLine && (pi.StartLine != pb.StartLine || pi.StartCol >= pb.StartCol)
 	}
 	i := 0
 	if sortFunc(i) != true {
 		i = sort.Search(len(p.Blocks)-startIndex, sortFunc)
 	}
 	i += startIndex
 	if i < len(p.Blocks) && p.Blocks[i].StartLine == pb.StartLine && p.Blocks[i].StartCol == pb.StartCol {
 		if p.Blocks[i].EndLine != pb.EndLine || p.Blocks[i].EndCol != pb.EndCol {
 			log.Fatalf("OVERLAP MERGE: %v %v %v", p.FileName, p.Blocks[i], pb)
 		}
 		switch p.Mode {
 		case "set":
 			p.Blocks[i].Count |= pb.Count
 		case "count", "atomic":
 			p.Blocks[i].Count += pb.Count
 		default:
 			log.Fatalf("unsupported covermode: '%s'", p.Mode)
 		}
 	} else {
 		if i > 0 {
 			pa := p.Blocks[i-1]
 			if pa.EndLine >= pb.EndLine && (pa.EndLine != pb.EndLine || pa.EndCol > pb.EndCol) {
 				log.Fatalf("OVERLAP BEFORE: %v %v %v", p.FileName, pa, pb)
 			}
 		}
 		if i < len(p.Blocks)-1 {
 			pa := p.Blocks[i+1]
 			if pa.StartLine <= pb.StartLine && (pa.StartLine != pb.StartLine || pa.StartCol < pb.StartCol) {
 				log.Fatalf("OVERLAP AFTER: %v %v %v", p.FileName, pa, pb)
 			}
 		}
 		p.Blocks = append(p.Blocks, cover.ProfileBlock{})
 		copy(p.Blocks[i+1:], p.Blocks[i:])
 		p.Blocks[i] = pb
 	}
 	return i + 1
 }
 func addProfile(profiles []*cover.Profile, p *cover.Profile) []*cover.Profile {
 	i := sort.Search(len(profiles), func(i int) bool { return profiles[i].FileName >= p.FileName })
 	if i < len(profiles) && profiles[i].FileName == p.FileName {
 		mergeProfiles(profiles[i], p)
 	} else {
 		profiles = append(profiles, nil)
 		copy(profiles[i+1:], profiles[i:])
 		profiles[i] = p
 	}
 	return profiles
 }
 func dumpProfiles(profiles []*cover.Profile, out io.Writer) {
 	if len(profiles) == 0 {
 		return
 	}
 	fmt.Fprintf(out, "mode: %s\n", profiles[0].Mode)
 	for _, p := range profiles {
 		for _, b := range p.Blocks {
 			fmt.Fprintf(out, "%s:%d.%d,%d.%d %d %d\n", p.FileName, b.StartLine, b.StartCol, b.EndLine, b.EndCol, b.NumStmt, b.Count)
 		}
 	}
 }
 func main() {
 	flag.Parse()
 	var merged []*cover.Profile
 	for _, file := range flag.Args() {
 		profiles, err := cover.ParseProfiles(file)
 		if err != nil {
 			log.Fatalf("failed to parse profile '%s': %v", file, err)
 		}
 		for _, p := range profiles {
 			merged = addProfile(merged, p)
 		}
 	}
 	dumpProfiles(merged, os.Stdout)
 }
--- a/build/test-env-check.sh
+++ b/build/test-env-check.sh
@@ -1,24 +0,0 @@
 #!/bin/sh
 set -e
 if [ ! -f ./build/test-env-check.sh ]; then
  echo "${0} can only be executed in gitea source root directory"
  exit 1
 fi
 echo "check uid ..."
 # the uid of gitea defined in "https://gitea.com/gitea/test-env" is 1000
 gitea_uid=$(id -u gitea)
 if [ "$gitea_uid" != "1000" ]; then
  echo "The uid of linux user 'gitea' is expected to be 1000, but it is $gitea_uid"
  exit 1
 fi
 cur_uid=$(id -u)
 if [ "$cur_uid" != "0" -a "$cur_uid" != "$gitea_uid" ]; then
  echo "The uid of current linux user is expected to be 0 or $gitea_uid, but it is $cur_uid"
  exit 1
 fi
--- a/build/test-env-prepare.sh
+++ b/build/test-env-prepare.sh
@@ -1,11 +0,0 @@
 #!/bin/sh
 set -e
 if [ ! -f ./build/test-env-prepare.sh ]; then
  echo "${0} can only be executed in gitea source root directory"
  exit 1
 fi
 echo "change the owner of files to gitea ..."
 chown -R gitea:gitea .
--- a/build/update-locales.sh
+++ b/build/update-locales.sh
@@ -1,23 +0,0 @@
 #!/bin/sh
 mv ./options/locale/locale_en-US.ini ./options/
 # Make sure to only change lines that have the translation enclosed between quotes
 sed -i -r -e '/^[a-zA-Z0-9_.-]+[ ]*=[ ]*".*"$/ {
 	s/^([a-zA-Z0-9_.-]+)[ ]*="/\1=/
 	s/\\"/"/g
 	s/"$//
 	}' ./options/locale/*.ini
 # Remove translation under 25% of en_us
 baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
 baselines=$((baselines / 4))
 for filename in ./options/locale/*.ini; do
  lines=$(wc -l "$filename" | cut -d" " -f1)
  if [ $lines -lt $baselines ]; then
    echo "Removing $filename: $lines/$baselines"
    rm "$filename"
  fi
 done
 mv ./options/locale_en-US.ini ./options/locale/
--- a/cmd/admin.go
+++ b/cmd/admin.go
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -1,397 +0,0 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"fmt"
 	"strings"
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/services/auth/source/ldap"
 	"github.com/urfave/cli"
 )
 type (
 	authService struct {
 		initDB            func(ctx context.Context) error
 		createAuthSource  func(*auth.Source) error
 		updateAuthSource  func(*auth.Source) error
 		getAuthSourceByID func(id int64) (*auth.Source, error)
 	}
 )
 var (
 	commonLdapCLIFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "name",
 			Usage: "Authentication name.",
 		},
 		cli.BoolFlag{
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
 		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
 		},
 		cli.BoolFlag{
 			Name:  "skip-tls-verify",
 			Usage: "Disable TLS verification.",
 		},
 		cli.StringFlag{
 			Name:  "host",
 			Usage: "The address where the LDAP server can be reached.",
 		},
 		cli.IntFlag{
 			Name:  "port",
 			Usage: "The port to use when connecting to the LDAP server.",
 		},
 		cli.StringFlag{
 			Name:  "user-search-base",
 			Usage: "The LDAP base at which user accounts will be searched for.",
 		},
 		cli.StringFlag{
 			Name:  "user-filter",
 			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
 		},
 		cli.StringFlag{
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
 		cli.StringFlag{
 			Name:  "restricted-filter",
 			Usage: "An LDAP filter specifying if a user should be given restricted status.",
 		},
 		cli.BoolFlag{
 			Name:  "allow-deactivate-all",
 			Usage: "Allow empty search results to deactivate all users.",
 		},
 		cli.StringFlag{
 			Name:  "username-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user name.",
 		},
 		cli.StringFlag{
 			Name:  "firstname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
 		},
 		cli.StringFlag{
 			Name:  "surname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
 		},
 		cli.StringFlag{
 			Name:  "email-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
 		},
 		cli.StringFlag{
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
 		cli.BoolFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
 		cli.StringFlag{
 			Name:  "avatar-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
 		},
 	}
 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
 		cli.StringFlag{
 			Name:  "bind-dn",
 			Usage: "The DN to bind to the LDAP server with when searching for the user.",
 		},
 		cli.StringFlag{
 			Name:  "bind-password",
 			Usage: "The password for the Bind DN, if any.",
 		},
 		cli.BoolFlag{
 			Name:  "attributes-in-bind",
 			Usage: "Fetch attributes in bind DN context.",
 		},
 		cli.BoolFlag{
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
 		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
 		})
 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
 		cli.StringFlag{
 			Name:  "user-dn",
 			Usage: "The user’s DN.",
 		})
 	cmdAuthAddLdapBindDn = cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
 			return newAuthService().addLdapBindDn(c)
 		},
 		Flags: ldapBindDnCLIFlags,
 	}
 	cmdAuthUpdateLdapBindDn = cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
 			return newAuthService().updateLdapBindDn(c)
 		},
 		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
 	}
 	cmdAuthAddLdapSimpleAuth = cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
 			return newAuthService().addLdapSimpleAuth(c)
 		},
 		Flags: ldapSimpleAuthCLIFlags,
 	}
 	cmdAuthUpdateLdapSimpleAuth = cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
 			return newAuthService().updateLdapSimpleAuth(c)
 		},
 		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
 	}
 )
 // newAuthService creates a service with default functions.
 func newAuthService() *authService {
 	return &authService{
 		initDB:            initDB,
 		createAuthSource:  auth.CreateSource,
 		updateAuthSource:  auth.UpdateSource,
 		getAuthSourceByID: auth.GetSourceByID,
 	}
 }
 // parseAuthSource assigns values on authSource according to command line flags.
 func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("name") {
 		authSource.Name = c.String("name")
 	}
 	if c.IsSet("not-active") {
 		authSource.IsActive = !c.Bool("not-active")
 	}
 	if c.IsSet("synchronize-users") {
 		authSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
 }
 // parseLdapConfig assigns values on config according to command line flags.
 func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("name") {
 		config.Name = c.String("name")
 	}
 	if c.IsSet("host") {
 		config.Host = c.String("host")
 	}
 	if c.IsSet("port") {
 		config.Port = c.Int("port")
 	}
 	if c.IsSet("security-protocol") {
 		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
 		if !ok {
 			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
 		}
 		config.SecurityProtocol = p
 	}
 	if c.IsSet("skip-tls-verify") {
 		config.SkipVerify = c.Bool("skip-tls-verify")
 	}
 	if c.IsSet("bind-dn") {
 		config.BindDN = c.String("bind-dn")
 	}
 	if c.IsSet("user-dn") {
 		config.UserDN = c.String("user-dn")
 	}
 	if c.IsSet("bind-password") {
 		config.BindPassword = c.String("bind-password")
 	}
 	if c.IsSet("user-search-base") {
 		config.UserBase = c.String("user-search-base")
 	}
 	if c.IsSet("username-attribute") {
 		config.AttributeUsername = c.String("username-attribute")
 	}
 	if c.IsSet("firstname-attribute") {
 		config.AttributeName = c.String("firstname-attribute")
 	}
 	if c.IsSet("surname-attribute") {
 		config.AttributeSurname = c.String("surname-attribute")
 	}
 	if c.IsSet("email-attribute") {
 		config.AttributeMail = c.String("email-attribute")
 	}
 	if c.IsSet("attributes-in-bind") {
 		config.AttributesInBind = c.Bool("attributes-in-bind")
 	}
 	if c.IsSet("public-ssh-key-attribute") {
 		config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
 	}
 	if c.IsSet("avatar-attribute") {
 		config.AttributeAvatar = c.String("avatar-attribute")
 	}
 	if c.IsSet("page-size") {
 		config.SearchPageSize = uint32(c.Uint("page-size"))
 	}
 	if c.IsSet("user-filter") {
 		config.Filter = c.String("user-filter")
 	}
 	if c.IsSet("admin-filter") {
 		config.AdminFilter = c.String("admin-filter")
 	}
 	if c.IsSet("restricted-filter") {
 		config.RestrictedFilter = c.String("restricted-filter")
 	}
 	if c.IsSet("allow-deactivate-all") {
 		config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
 	}
 	if c.IsSet("skip-local-2fa") {
 		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
 	}
 	return nil
 }
 // findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
 // It returns the value of the security protocol and if it was found.
 func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
 	for i, n := range ldap.SecurityProtocolNames {
 		if strings.EqualFold(name, n) {
 			return i, true
 		}
 	}
 	return 0, false
 }
 // getAuthSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
 func (a *authService) getAuthSource(c *cli.Context, authType auth.Type) (*auth.Source, error) {
 	if err := argsSet(c, "id"); err != nil {
 		return nil, err
 	}
 	authSource, err := a.getAuthSourceByID(c.Int64("id"))
 	if err != nil {
 		return nil, err
 	}
 	if authSource.Type != authType {
 		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", authType.String(), authSource.Type.String())
 	}
 	return authSource, nil
 }
 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
 func (a *authService) addLdapBindDn(c *cli.Context) error {
 	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
 		return err
 	}
 	authSource := &auth.Source{
 		Type:     auth.LDAP,
 		IsActive: true, // active by default
 		Cfg: &ldap.Source{
 			Enabled: true, // always true
 		},
 	}
 	parseAuthSource(c, authSource)
 	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
 		return err
 	}
 	return a.createAuthSource(authSource)
 }
 // updateLdapBindDn updates a new LDAP via Bind DN authentication source.
 func (a *authService) updateLdapBindDn(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
 		return err
 	}
 	authSource, err := a.getAuthSource(c, auth.LDAP)
 	if err != nil {
 		return err
 	}
 	parseAuthSource(c, authSource)
 	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
 		return err
 	}
 	return a.updateAuthSource(authSource)
 }
 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
 func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
 		return err
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
 		return err
 	}
 	authSource := &auth.Source{
 		Type:     auth.DLDAP,
 		IsActive: true, // active by default
 		Cfg: &ldap.Source{
 			Enabled: true, // always true
 		},
 	}
 	parseAuthSource(c, authSource)
 	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
 		return err
 	}
 	return a.createAuthSource(authSource)
 }
 // updateLdapBindDn updates a new LDAP (simple auth) authentication source.
 func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := a.initDB(ctx); err != nil {
 		return err
 	}
 	authSource, err := a.getAuthSource(c, auth.DLDAP)
 	if err != nil {
 		return err
 	}
 	parseAuthSource(c, authSource)
 	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
 		return err
 	}
 	return a.updateAuthSource(authSource)
 }
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -170,28 +170,17 @@ func runCert(c *cli.Context) error {
 	if err != nil {
 		log.Fatalf("Failed to open cert.pem for writing: %v", err)
 	}
-	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	if err != nil {
+	certOut.Close()
 		log.Fatalf("Failed to encode certificate: %v", err)
 	}
 	err = certOut.Close()
 	if err != nil {
 		log.Fatalf("Failed to write cert: %v", err)
 	}
 	log.Println("Written cert.pem")
 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
-	err = pem.Encode(keyOut, pemBlockForKey(priv))
+	pem.Encode(keyOut, pemBlockForKey(priv))
-	if err != nil {
+	keyOut.Close()
 		log.Fatalf("Failed to encode key: %v", err)
 	}
 	err = keyOut.Close()
 	if err != nil {
 		log.Fatalf("Failed to write key: %v", err)
 	}
 	log.Println("Written key.pem")
 	return nil
 }
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -7,16 +7,10 @@
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"os"
 	"os/signal"
 	"strings"
 	"syscall"
-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -31,66 +25,24 @@ func argsSet(c *cli.Context, args ...string) error {
 			return errors.New(a + " is not set")
 		}
-		if util.IsEmptyString(c.String(a)) {
+		if util.IsEmptyString(a) {
 			return errors.New(a + " is required")
 		}
 	}
 	return nil
 }
-// confirm waits for user input which confirms an action
+func initDB() error {
-func confirm() (bool, error) {
+	return initDBDisableConsole(false)
 	var response string
 	_, err := fmt.Scanln(&response)
 	if err != nil {
 		return false, err
 	}
 	switch strings.ToLower(response) {
 	case "y", "yes":
 		return true, nil
 	case "n", "no":
 		return false, nil
 	default:
 		return false, errors.New(response + " isn't a correct confirmation string")
 	}
 }
-func initDB(ctx context.Context) error {
+func initDBDisableConsole(disableConsole bool) error {
-	setting.LoadFromExisting()
+	setting.NewContext()
-	setting.InitDBConfig()
+	models.LoadConfigs()
 	setting.NewXORMLogService(false)
-	if setting.Database.Type == "" {
+	setting.NewXORMLogService(disableConsole)
-		log.Fatal(`Database settings are missing from the configuration file: %q.
+	if err := models.SetEngine(); err != nil {
-Ensure you are running in the correct environment or set the correct configuration file with -c.
+		return fmt.Errorf("models.SetEngine: %v", err)
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
 		return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }
 func installSignals() (context.Context, context.CancelFunc) {
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
 		// install notify
 		signalChannel := make(chan os.Signal, 1)
 		signal.Notify(
 			signalChannel,
 			syscall.SIGINT,
 			syscall.SIGTERM,
 		)
 		select {
 		case <-signalChannel:
 		case <-ctx.Done():
 		}
 		cancel()
 		signal.Reset()
 	}()
 	return ctx, cancel
 }
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -1,52 +0,0 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"fmt"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
 // CmdConvert represents the available convert sub-command.
 var CmdConvert = cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
 	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
 	Action:      runConvert,
 }
 func runConvert(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
 		return err
 	}
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}
 	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
 		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
 		return err
 	}
 	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
 	return nil
 }
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -1,65 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"fmt"
 	"os"
 	"strings"
 	"github.com/urfave/cli"
 )
 // CmdDocs represents the available docs sub-command.
 var CmdDocs = cli.Command{
 	Name:        "docs",
 	Usage:       "Output CLI documentation",
 	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
 	Action:      runDocs,
 	Flags: []cli.Flag{
 		&cli.BoolFlag{
 			Name:  "man",
 			Usage: "Output man pages instead",
 		},
 		&cli.StringFlag{
 			Name:  "output, o",
 			Usage: "Path to output to instead of stdout (will overwrite if exists)",
 		},
 	},
 }
 func runDocs(ctx *cli.Context) error {
 	docs, err := ctx.App.ToMarkdown()
 	if ctx.Bool("man") {
 		docs, err = ctx.App.ToMan()
 	}
 	if err != nil {
 		return err
 	}
 	if !ctx.Bool("man") {
 		// Clean up markdown. The following bug was fixed in v2, but is present in v1.
 		// It affects markdown output (even though the issue is referring to man pages)
 		// https://github.com/urfave/cli/issues/1040
 		firstHashtagIndex := strings.Index(docs, "#")
 		if firstHashtagIndex > 0 {
 			docs = docs[firstHashtagIndex:]
 		}
 	}
 	out := os.Stdout
 	if ctx.String("output") != "" {
 		fi, err := os.Create(ctx.String("output"))
 		if err != nil {
 			return err
 		}
 		defer fi.Close()
 		out = fi
 	}
 	_, err = fmt.Fprintln(out, docs)
 	return err
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -1,219 +0,0 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"fmt"
 	golog "log"
 	"os"
 	"strings"
 	"text/tabwriter"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 	"xorm.io/xorm"
 )
 // CmdDoctor represents the available doctor sub-command.
 var CmdDoctor = cli.Command{
 	Name:        "doctor",
 	Usage:       "Diagnose problems",
 	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
 	Action:      runDoctor,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "list",
 			Usage: "List the available checks",
 		},
 		cli.BoolFlag{
 			Name:  "default",
 			Usage: "Run the default checks (if neither --run or --all is set, this is the default behaviour)",
 		},
 		cli.StringSliceFlag{
 			Name:  "run",
 			Usage: "Run the provided checks - (if --default is set, the default checks will also run)",
 		},
 		cli.BoolFlag{
 			Name:  "all",
 			Usage: "Run all the available checks",
 		},
 		cli.BoolFlag{
 			Name:  "fix",
 			Usage: "Automatically fix what we can",
 		},
 		cli.StringFlag{
 			Name:  "log-file",
 			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
 		},
 		cli.BoolFlag{
 			Name:  "color, H",
 			Usage: "Use color for outputted information",
 		},
 	},
 	Subcommands: []cli.Command{
 		cmdRecreateTable,
 	},
 }
 var cmdRecreateTable = cli.Command{
 	Name:      "recreate-table",
 	Usage:     "Recreate tables from XORM definitions and copy the data.",
 	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "debug",
 			Usage: "Print SQL commands sent",
 		},
 	},
 	Description: `The database definitions Gitea uses change across versions, sometimes changing default values and leaving old unused columns.
 This command will cause Xorm to recreate tables, copying over the data and deleting the old table.
 You should back-up your database before doing this and ensure that your database is up-to-date first.`,
 	Action: runRecreateTable,
 }
 func runRecreateTable(ctx *cli.Context) error {
 	// Redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
 	setting.LoadFromExisting()
 	setting.InitDBConfig()
 	setting.EnableXORMLog = ctx.Bool("debug")
 	setting.Database.LogSQL = ctx.Bool("debug")
 	setting.Cfg.Section("log").Key("XORM").SetValue(",")
 	setting.NewXORMLogService(!ctx.Bool("debug"))
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := db.InitEngine(stdCtx); err != nil {
 		fmt.Println(err)
 		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
 		return nil
 	}
 	args := ctx.Args()
 	names := make([]string, 0, ctx.NArg())
 	for i := 0; i < ctx.NArg(); i++ {
 		names = append(names, args.Get(i))
 	}
 	beans, err := db.NamesToBean(names...)
 	if err != nil {
 		return err
 	}
 	recreateTables := migrations.RecreateTables(beans...)
 	return db.InitEngineWithMigration(context.Background(), func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
 			return err
 		}
 		return recreateTables(x)
 	})
 }
 func runDoctor(ctx *cli.Context) error {
 	// Silence the default loggers
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Now setup our own
 	logFile := ctx.String("log-file")
 	if !ctx.IsSet("log-file") {
 		logFile = "doctor.log"
 	}
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
 	}
 	if len(logFile) == 0 {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else if logFile == "-" {
 		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
 	} else {
 		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
 	// Finally redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
 	if ctx.IsSet("list") {
 		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
 		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
 		for _, check := range doctor.Checks {
 			if check.IsDefault {
 				_, _ = w.Write([]byte{'*'})
 			}
 			_, _ = w.Write([]byte{'\t'})
 			_, _ = w.Write([]byte(check.Name))
 			_, _ = w.Write([]byte{'\t'})
 			_, _ = w.Write([]byte(check.Title))
 			_, _ = w.Write([]byte{'\n'})
 		}
 		return w.Flush()
 	}
 	var checks []*doctor.Check
 	if ctx.Bool("all") {
 		checks = doctor.Checks
 	} else if ctx.IsSet("run") {
 		addDefault := ctx.Bool("default")
 		names := ctx.StringSlice("run")
 		for i, name := range names {
 			names[i] = strings.ToLower(strings.TrimSpace(name))
 		}
 		for _, check := range doctor.Checks {
 			if addDefault && check.IsDefault {
 				checks = append(checks, check)
 				continue
 			}
 			for _, name := range names {
 				if name == check.Name {
 					checks = append(checks, check)
 					break
 				}
 			}
 		}
 	} else {
 		for _, check := range doctor.Checks {
 			if check.IsDefault {
 				checks = append(checks, check)
 			}
 		}
 	}
 	// Now we can set up our own logger to return information about what the doctor is doing
 	if err := log.NewNamedLogger("doctorouter",
 		1000,
 		"console",
 		"console",
 		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
 		fmt.Println(err)
 		return err
 	}
 	logger := log.GetLogger("doctorouter")
 	defer logger.Close()
 	return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
 }
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -7,89 +7,21 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
 	"log"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"time"
-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
-	"gitea.com/go-chi/session"
+	"github.com/Unknwon/cae/zip"
-	archiver "github.com/mholt/archiver/v3"
+	"github.com/Unknwon/com"
 	"github.com/urfave/cli"
 )
 func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 	if verbose {
 		log.Info("Adding file %s\n", filePath)
 	}
 	file, err := os.Open(absPath)
 	if err != nil {
 		return err
 	}
 	defer file.Close()
 	fileInfo, err := file.Stat()
 	if err != nil {
 		return err
 	}
 	return w.Write(archiver.File{
 		FileInfo: archiver.FileInfo{
 			FileInfo:   fileInfo,
 			CustomName: filePath,
 		},
 		ReadCloser: file,
 	})
 }
 func isSubdir(upper, lower string) (bool, error) {
 	if relPath, err := filepath.Rel(upper, lower); err != nil {
 		return false, err
 	} else if relPath == "." || !strings.HasPrefix(relPath, ".") {
 		return true, nil
 	}
 	return false, nil
 }
 type outputType struct {
 	Enum     []string
 	Default  string
 	selected string
 }
 func (o outputType) Join() string {
 	return strings.Join(o.Enum, ", ")
 }
 func (o *outputType) Set(value string) error {
 	for _, enum := range o.Enum {
 		if enum == value {
 			o.selected = value
 			return nil
 		}
 	}
 	return fmt.Errorf("allowed values are %s", o.Join())
 }
 func (o outputType) String() string {
 	if o.selected == "" {
 		return o.Default
 	}
 	return o.selected
 }
 var outputTypeEnum = &outputType{
 	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
 	Default: "zip",
 }
 // CmdDump represents the available dump sub-command.
 var CmdDump = cli.Command{
 	Name:  "dump",
@@ -99,12 +31,12 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:  "file, f",
+			Name:  "config, c",
-			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Value: "custom/conf/app.ini",
-			Usage: "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
+			Usage: "Custom configuration file path",
 		},
 		cli.BoolFlag{
-			Name:  "verbose, V",
+			Name:  "verbose, v",
 			Usage: "Show process details",
 		},
 		cli.StringFlag{
@@ -120,286 +52,120 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-repository, R",
 			Usage: "Skip the repository dumping",
 		},
 		cli.BoolFlag{
 			Name:  "skip-log, L",
 			Usage: "Skip the log dumping",
 		},
 		cli.BoolFlag{
 			Name:  "skip-custom-dir",
 			Usage: "Skip custom directory",
 		},
 		cli.BoolFlag{
 			Name:  "skip-lfs-data",
 			Usage: "Skip LFS data",
 		},
 		cli.BoolFlag{
 			Name:  "skip-attachment-data",
 			Usage: "Skip attachment data",
 		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
 			Usage: fmt.Sprintf("Dump output format: %s", outputTypeEnum.Join()),
 		},
 	},
 }
 func fatal(format string, args ...interface{}) {
 	fmt.Fprintf(os.Stderr, format+"\n", args...)
 	log.Fatal(format, args...)
 }
 func runDump(ctx *cli.Context) error {
-	var file *os.File
+	if ctx.IsSet("config") {
-	fileName := ctx.String("file")
+		setting.CustomConf = ctx.String("config")
 	outType := ctx.String("type")
 	if fileName == "-" {
 		file = os.Stdout
 		err := log.DelLogger("console")
 		if err != nil {
 			fatal("Deleting default logger failed. Can not write to stdout: %v", err)
 		}
 	} else {
 		for _, suffix := range outputTypeEnum.Enum {
 			if strings.HasSuffix(fileName, "."+suffix) {
 				fileName = strings.TrimSuffix(fileName, "."+suffix)
 				break
 			}
 		}
 		fileName += "." + outType
 	}
 	setting.LoadFromExisting()
 	// make sure we are logging to the console no matter what the configuration tells us do to
 	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
 	}
 	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
 		return fmt.Errorf("gitea is not initialized")
 	}
 	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise
 	models.LoadConfigs()
-	stdCtx, cancel := installSignals()
+	err := models.SetEngine()
 	defer cancel()
 	err := db.InitEngine(stdCtx)
 	if err != nil {
 		return err
 	}
 	if err := storage.Init(); err != nil {
 		return err
 	}
 	if file == nil {
 		file, err = os.Create(fileName)
 		if err != nil {
 			fatal("Unable to open %s: %v", fileName, err)
 		}
 	}
 	defer file.Close()
 	absFileName, err := filepath.Abs(fileName)
 	if err != nil {
 		return err
 	}
 	verbose := ctx.Bool("verbose")
 	var iface interface{}
 	if fileName == "-" {
 		iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
 	} else {
 		iface, err = archiver.ByExtension(fileName)
 	}
 	if err != nil {
 		fatal("Unable to get archiver for extension: %v", err)
 	}
 	w, _ := iface.(archiver.Writer)
 	if err := w.Create(file); err != nil {
 		fatal("Creating archiver.Writer failed: %v", err)
 	}
 	defer w.Close()
 	if ctx.IsSet("skip-repository") && ctx.Bool("skip-repository") {
 		log.Info("Skip dumping local repositories")
 	} else {
 		log.Info("Dumping local repositories... %s", setting.RepoRootPath)
 		if err := addRecursiveExclude(w, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
 			fatal("Failed to include repositories: %v", err)
 		}
 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
 			log.Info("Skip dumping LFS data")
 		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
 				return err
 			}
 			return w.Write(archiver.File{
 				FileInfo: archiver.FileInfo{
 					FileInfo:   info,
 					CustomName: path.Join("data", "lfs", objPath),
 				},
 				ReadCloser: object,
 			})
 		}); err != nil {
 			fatal("Failed to dump LFS objects: %v", err)
 		}
 	}
 	tmpDir := ctx.String("tempdir")
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
-		fatal("Path does not exist: %s", tmpDir)
+		log.Fatalf("Path does not exist: %s", tmpDir)
 	}
 	tmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
 	if err != nil {
 		log.Fatalf("Failed to create tmp work directory: %v", err)
 	}
 	log.Printf("Creating tmp work dir: %s", tmpWorkDir)
 	// work-around #1103
 	if os.Getenv("TMPDIR") == "" {
 		os.Setenv("TMPDIR", tmpWorkDir)
 	}
-	dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
+	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")
 	fileName := fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix())
 	log.Printf("Packing dump files...")
 	z, err := zip.Create(fileName)
 	if err != nil {
-		fatal("Failed to create tmp file: %v", err)
+		log.Fatalf("Failed to create %s: %v", fileName, err)
 	}
-	defer func() {
+	zip.Verbose = ctx.Bool("verbose")
-		if err := util.Remove(dbDump.Name()); err != nil {
+
-			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
+	if ctx.IsSet("skip-repository") {
 		log.Printf("Skip dumping local repositories")
 	} else {
 		log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
 		reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
 		if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
 			log.Fatalf("Failed to dump local repositories: %v", err)
 		}
-	}()
+		if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
 			log.Fatalf("Failed to include gitea-repo.zip: %v", err)
 		}
 	}
 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+	if len(targetDBType) > 0 && targetDBType != models.DbCfg.Type {
-		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
+		log.Printf("Dumping database %s => %s...", models.DbCfg.Type, targetDBType)
 	} else {
-		log.Info("Dumping database...")
+		log.Printf("Dumping database...")
 	}
-	if err := db.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
+	if err := models.DumpDatabase(dbDump, targetDBType); err != nil {
-		fatal("Failed to dump database: %v", err)
+		log.Fatalf("Failed to dump database: %v", err)
 	}
-	if err := addFile(w, "gitea-db.sql", dbDump.Name(), verbose); err != nil {
+	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
-		fatal("Failed to include gitea-db.sql: %v", err)
+		log.Fatalf("Failed to include gitea-db.sql: %v", err)
 	}
-
+	customDir, err := os.Stat(setting.CustomPath)
-	if len(setting.CustomConf) > 0 {
+	if err == nil && customDir.IsDir() {
-		log.Info("Adding custom configuration file from %s", setting.CustomConf)
+		if err := z.AddDir("custom", setting.CustomPath); err != nil {
-		if err := addFile(w, "app.ini", setting.CustomConf, verbose); err != nil {
+			log.Fatalf("Failed to include custom: %v", err)
 			fatal("Failed to include specified app.ini: %v", err)
 		}
 	}
 	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
 		log.Info("Skipping custom directory")
 	} else {
-		customDir, err := os.Stat(setting.CustomPath)
+		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
-		if err == nil && customDir.IsDir() {
+	}
-			if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
+
-				if err := addRecursiveExclude(w, "custom", setting.CustomPath, []string{absFileName}, verbose); err != nil {
+	if com.IsExist(setting.AppDataPath) {
-					fatal("Failed to include custom: %v", err)
+		log.Printf("Packing data directory...%s", setting.AppDataPath)
-				}
+
-			} else {
+		var sessionAbsPath string
-				log.Info("Custom dir %s is inside data dir %s, skipped", setting.CustomPath, setting.AppDataPath)
+		if setting.SessionConfig.Provider == "file" {
-			}
+			sessionAbsPath = setting.SessionConfig.ProviderConfig
-		} else {
+		}
-			log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+		if err := zipAddDirectoryExclude(z, "data", setting.AppDataPath, sessionAbsPath); err != nil {
 			log.Fatalf("Failed to include data directory: %v", err)
 		}
 	}
-	isExist, err := util.IsExist(setting.AppDataPath)
+	if err := z.AddDir("log", setting.LogRootPath); err != nil {
-	if err != nil {
+		log.Fatalf("Failed to include log: %v", err)
 		log.Error("Unable to check if %s exists. Error: %v", setting.AppDataPath, err)
 	}
 	if isExist {
 		log.Info("Packing data directory...%s", setting.AppDataPath)
 		var excludes []string
 		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
 			}
 			excludes = append(excludes, opts.ProviderConfig)
 		}
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
 		}
 	}
-	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
+	if err = z.Close(); err != nil {
-		log.Info("Skip dumping attachment data")
+		_ = os.Remove(fileName)
-	} else if err := storage.Attachments.IterateObjects(func(objPath string, object storage.Object) error {
+		log.Fatalf("Failed to save %s: %v", fileName, err)
 		info, err := object.Stat()
 		if err != nil {
 			return err
 		}
 		return w.Write(archiver.File{
 			FileInfo: archiver.FileInfo{
 				FileInfo:   info,
 				CustomName: path.Join("data", "attachments", objPath),
 			},
 			ReadCloser: object,
 		})
 	}); err != nil {
 		fatal("Failed to dump attachments: %v", err)
 	}
-	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
+	if err := os.Chmod(fileName, 0600); err != nil {
-	// ensuring that it's clear the dump is skipped whether the directory's initialized
+		log.Printf("Can't change file access permissions mask to 0600: %v", err)
 	// yet or not.
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
 	} else {
 		isExist, err := util.IsExist(setting.LogRootPath)
 		if err != nil {
 			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
 		}
 		if isExist {
 			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
 				fatal("Failed to include log: %v", err)
 			}
 		}
 	}
-	if fileName != "-" {
+	log.Printf("Removing tmp work dir: %s", tmpWorkDir)
 		if err = w.Close(); err != nil {
 			_ = util.Remove(fileName)
 			fatal("Failed to save %s: %v", fileName, err)
 		}
-		if err := os.Chmod(fileName, 0600); err != nil {
+	if err := os.RemoveAll(tmpWorkDir); err != nil {
-			log.Info("Can't change file access permissions mask to 0600: %v", err)
+		log.Fatalf("Failed to remove %s: %v", tmpWorkDir, err)
 		}
 	}
 	if fileName != "-" {
 		log.Info("Finish dumping in file %s", fileName)
 	} else {
 		log.Info("Finish dumping to stdout")
 	}
 	log.Printf("Finish dumping in file %s", fileName)
 	return nil
 }
-func contains(slice []string, s string) bool {
+// zipAddDirectoryExclude zips absPath to specified zipPath inside z excluding excludeAbsPath
-	for _, v := range slice {
+func zipAddDirectoryExclude(zip *zip.ZipArchive, zipPath, absPath string, excludeAbsPath string) error {
 		if v == s {
 			return true
 		}
 	}
 	return false
 }
 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
 func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
 	if err != nil {
 		return err
@@ -410,24 +176,24 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 	}
 	defer dir.Close()
 	zip.AddEmptyDir(zipPath)
 	files, err := dir.Readdir(0)
 	if err != nil {
 		return err
 	}
 	for _, file := range files {
 		currentAbsPath := path.Join(absPath, file.Name())
-		currentInsidePath := path.Join(insidePath, file.Name())
+		currentZipPath := path.Join(zipPath, file.Name())
 		if file.IsDir() {
-			if !contains(excludeAbsPath, currentAbsPath) {
+			if currentAbsPath != excludeAbsPath {
-				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
+				if err = zipAddDirectoryExclude(zip, currentZipPath, currentAbsPath, excludeAbsPath); err != nil {
 					return err
 				}
 				if err = addRecursiveExclude(w, currentInsidePath, currentAbsPath, excludeAbsPath, verbose); err != nil {
 					return err
 				}
 			}
 		} else {
-			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
+			if err = zip.AddFile(currentZipPath, currentAbsPath); err != nil {
 				return err
 			}
 		}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -1,165 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"errors"
 	"strings"
 	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/services/migrations"
 	"github.com/urfave/cli"
 )
 // CmdDumpRepository represents the available dump repository sub-command.
 var CmdDumpRepository = cli.Command{
 	Name:        "dump-repo",
 	Usage:       "Dump the repository from git/github/gitea/gitlab",
 	Description: "This is a command for dumping the repository data.",
 	Action:      runDumpRepository,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "git_service",
 			Value: "",
 			Usage: "Git service, git, github, gitea, gitlab. If clone_addr could be recognized, this could be ignored.",
 		},
 		cli.StringFlag{
 			Name:  "repo_dir, r",
 			Value: "./data",
 			Usage: "Repository dir path to store the data",
 		},
 		cli.StringFlag{
 			Name:  "clone_addr",
 			Value: "",
 			Usage: "The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL",
 		},
 		cli.StringFlag{
 			Name:  "auth_username",
 			Value: "",
 			Usage: "The username to visit the clone_addr",
 		},
 		cli.StringFlag{
 			Name:  "auth_password",
 			Value: "",
 			Usage: "The password to visit the clone_addr",
 		},
 		cli.StringFlag{
 			Name:  "auth_token",
 			Value: "",
 			Usage: "The personal token to visit the clone_addr",
 		},
 		cli.StringFlag{
 			Name:  "owner_name",
 			Value: "",
 			Usage: "The data will be stored on a directory with owner name if not empty",
 		},
 		cli.StringFlag{
 			Name:  "repo_name",
 			Value: "",
 			Usage: "The data will be stored on a directory with repository name if not empty",
 		},
 		cli.StringFlag{
 			Name:  "units",
 			Value: "",
 			Usage: `Which items will be migrated, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 	},
 }
 func runDumpRepository(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
 		return err
 	}
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	var (
 		serviceType structs.GitServiceType
 		cloneAddr   = ctx.String("clone_addr")
 		serviceStr  = ctx.String("git_service")
 	)
 	if strings.HasPrefix(strings.ToLower(cloneAddr), "https://github.com/") {
 		serviceStr = "github"
 	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitlab.com/") {
 		serviceStr = "gitlab"
 	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitea.com/") {
 		serviceStr = "gitea"
 	}
 	if serviceStr == "" {
 		return errors.New("git_service missed or clone_addr cannot be recognized")
 	}
 	serviceType = convert.ToGitServiceType(serviceStr)
 	var opts = base.MigrateOptions{
 		GitServiceType: serviceType,
 		CloneAddr:      cloneAddr,
 		AuthUsername:   ctx.String("auth_username"),
 		AuthPassword:   ctx.String("auth_password"),
 		AuthToken:      ctx.String("auth_token"),
 		RepoName:       ctx.String("repo_name"),
 	}
 	if len(ctx.String("units")) == 0 {
 		opts.Wiki = true
 		opts.Issues = true
 		opts.Milestones = true
 		opts.Labels = true
 		opts.Releases = true
 		opts.Comments = true
 		opts.PullRequests = true
 		opts.ReleaseAssets = true
 	} else {
 		units := strings.Split(ctx.String("units"), ",")
 		for _, unit := range units {
 			switch strings.ToLower(unit) {
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
 				opts.Issues = true
 			case "milestones":
 				opts.Milestones = true
 			case "labels":
 				opts.Labels = true
 			case "releases":
 				opts.Releases = true
 			case "release_assets":
 				opts.ReleaseAssets = true
 			case "comments":
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
 			}
 		}
 	}
 	if err := migrations.DumpRepository(
 		context.Background(),
 		ctx.String("repo_dir"),
 		ctx.String("owner_name"),
 		opts,
 	); err != nil {
 		log.Fatal("Failed to dump repository: %v", err)
 		return err
 	}
 	log.Trace("Dump finished!!!")
 	return nil
 }
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -1,334 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build bindata
 // +build bindata
 package cmd
 import (
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
 	"sort"
 	"strings"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/options"
 	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/templates"
 	"code.gitea.io/gitea/modules/util"
 	"github.com/gobwas/glob"
 	"github.com/urfave/cli"
 )
 // Cmdembedded represents the available extract sub-command.
 var (
 	Cmdembedded = cli.Command{
 		Name:        "embedded",
 		Usage:       "Extract embedded resources",
 		Description: "A command for extracting embedded resources, like templates and images",
 		Subcommands: []cli.Command{
 			subcmdList,
 			subcmdView,
 			subcmdExtract,
 		},
 	}
 	subcmdList = cli.Command{
 		Name:   "list",
 		Usage:  "List files matching the given pattern",
 		Action: runList,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name:  "include-vendored,vendor",
 				Usage: "Include files under public/vendor as well",
 			},
 		},
 	}
 	subcmdView = cli.Command{
 		Name:   "view",
 		Usage:  "View a file matching the given pattern",
 		Action: runView,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name:  "include-vendored,vendor",
 				Usage: "Include files under public/vendor as well",
 			},
 		},
 	}
 	subcmdExtract = cli.Command{
 		Name:   "extract",
 		Usage:  "Extract resources",
 		Action: runExtract,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name:  "include-vendored,vendor",
 				Usage: "Include files under public/vendor as well",
 			},
 			cli.BoolFlag{
 				Name:  "overwrite",
 				Usage: "Overwrite files if they already exist",
 			},
 			cli.BoolFlag{
 				Name:  "rename",
 				Usage: "Rename files as {name}.bak if they already exist (overwrites previous .bak)",
 			},
 			cli.BoolFlag{
 				Name:  "custom",
 				Usage: "Extract to the 'custom' directory as per app.ini",
 			},
 			cli.StringFlag{
 				Name:  "destination,dest-dir",
 				Usage: "Extract to the specified directory",
 			},
 		},
 	}
 	sections map[string]*section
 	assets   []asset
 )
 type section struct {
 	Path  string
 	Names func() []string
 	IsDir func(string) (bool, error)
 	Asset func(string) ([]byte, error)
 }
 type asset struct {
 	Section *section
 	Name    string
 	Path    string
 }
 func initEmbeddedExtractor(c *cli.Context) error {
 	// Silence the console logger
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
 	// Read configuration file
 	setting.LoadAllowEmpty()
 	pats, err := getPatterns(c.Args())
 	if err != nil {
 		return err
 	}
 	sections := make(map[string]*section, 3)
 	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
 	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
 	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}
 	for _, sec := range sections {
 		assets = append(assets, buildAssetList(sec, pats, c)...)
 	}
 	// Sort assets
 	sort.SliceStable(assets, func(i, j int) bool {
 		return assets[i].Path < assets[j].Path
 	})
 	return nil
 }
 func runList(c *cli.Context) error {
 	if err := runListDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
 func runView(c *cli.Context) error {
 	if err := runViewDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
 func runExtract(c *cli.Context) error {
 	if err := runExtractDo(c); err != nil {
 		fmt.Fprintf(os.Stderr, "%v\n", err)
 		return err
 	}
 	return nil
 }
 func runListDo(c *cli.Context) error {
 	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
 	for _, a := range assets {
 		fmt.Println(a.Path)
 	}
 	return nil
 }
 func runViewDo(c *cli.Context) error {
 	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
 	if len(assets) == 0 {
 		return fmt.Errorf("No files matched the given pattern")
 	} else if len(assets) > 1 {
 		return fmt.Errorf("Too many files matched the given pattern; try to be more specific")
 	}
 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
 		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	if _, err = os.Stdout.Write(data); err != nil {
 		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	return nil
 }
 func runExtractDo(c *cli.Context) error {
 	if err := initEmbeddedExtractor(c); err != nil {
 		return err
 	}
 	if len(c.Args()) == 0 {
 		return fmt.Errorf("A list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}
 	destdir := "."
 	if c.IsSet("destination") {
 		destdir = c.String("destination")
 	} else if c.Bool("custom") {
 		destdir = setting.CustomPath
 		fmt.Println("Using app.ini at", setting.CustomConf)
 	}
 	fi, err := os.Stat(destdir)
 	if errors.Is(err, os.ErrNotExist) {
 		// In case Windows users attempt to provide a forward-slash path
 		wdestdir := filepath.FromSlash(destdir)
 		if wfi, werr := os.Stat(wdestdir); werr == nil {
 			destdir = wdestdir
 			fi = wfi
 			err = nil
 		}
 	}
 	if err != nil {
 		return fmt.Errorf("%s: %s", destdir, err)
 	} else if !fi.IsDir() {
 		return fmt.Errorf("%s is not a directory.", destdir)
 	}
 	fmt.Printf("Extracting to %s:\n", destdir)
 	overwrite := c.Bool("overwrite")
 	rename := c.Bool("rename")
 	for _, a := range assets {
 		if err := extractAsset(destdir, a, overwrite, rename); err != nil {
 			// Non-fatal error
 			fmt.Fprintf(os.Stderr, "%s: %v", a.Path, err)
 		}
 	}
 	return nil
 }
 func extractAsset(d string, a asset, overwrite, rename bool) error {
 	dest := filepath.Join(d, filepath.FromSlash(a.Path))
 	dir := filepath.Dir(dest)
 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
 		return fmt.Errorf("%s: %v", a.Path, err)
 	}
 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
 		return fmt.Errorf("%s: %v", dir, err)
 	}
 	perms := os.ModePerm & 0666
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
 			return fmt.Errorf("%s: %v", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
 		return nil
 	} else if !fi.Mode().IsRegular() {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
 			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
 	}
 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
 		return fmt.Errorf("%s: %v", dest, err)
 	}
 	defer file.Close()
 	if _, err = file.Write(data); err != nil {
 		return fmt.Errorf("%s: %v", dest, err)
 	}
 	fmt.Println(dest)
 	return nil
 }
 func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
 	var results = make([]asset, 0, 64)
 	for _, name := range sec.Names() {
 		if isdir, err := sec.IsDir(name); !isdir && err == nil {
 			if sec.Path == "public" &&
 				strings.HasPrefix(name, "vendor/") &&
 				!c.Bool("include-vendored") {
 				continue
 			}
 			matchName := sec.Path + "/" + name
 			for _, g := range globs {
 				if g.Match(matchName) {
 					results = append(results, asset{Section: sec,
 						Name: name,
 						Path: sec.Path + "/" + name})
 					break
 				}
 			}
 		}
 	}
 	return results
 }
 func getPatterns(args []string) ([]glob.Glob, error) {
 	if len(args) == 0 {
 		args = []string{"**"}
 	}
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
 			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
 		} else {
 			pat[i] = g
 		}
 	}
 	return pat, nil
 }
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -1,31 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build !bindata
 // +build !bindata
 package cmd
 import (
 	"fmt"
 	"os"
 	"github.com/urfave/cli"
 )
 // Cmdembedded represents the available extract sub-command.
 var (
 	Cmdembedded = cli.Command{
 		Name:        "embedded",
 		Usage:       "Extract embedded resources",
 		Description: "A command for extracting embedded resources, like templates and images",
 		Action:      extractorNotImplemented,
 	}
 )
 func extractorNotImplemented(c *cli.Context) error {
 	err := fmt.Errorf("Sorry: the 'embedded' subcommand is not available in builds without bindata")
 	fmt.Fprintf(os.Stderr, "%s\n", err)
 	return err
 }
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -7,11 +7,9 @@ package cmd
 import (
 	"fmt"
 	"os"
 	"code.gitea.io/gitea/modules/generate"
 	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli"
 )
@@ -42,10 +40,9 @@ var (
 	}
 	microcmdGenerateLfsJwtSecret = cli.Command{
-		Name:    "JWT_SECRET",
+		Name:   "LFS_JWT_SECRET",
-		Aliases: []string{"LFS_JWT_SECRET"},
+		Usage:  "Generate a new LFS_JWT_SECRET",
-		Usage:   "Generate a new JWT_SECRET",
+		Action: runGenerateLfsJwtSecret,
 		Action:  runGenerateLfsJwtSecret,
 	}
 	microcmdGenerateSecretKey = cli.Command{
@@ -61,27 +58,17 @@ func runGenerateInternalToken(c *cli.Context) error {
 		return err
 	}
-	fmt.Printf("%s", internalToken)
+	fmt.Printf("%s\n", internalToken)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
 		fmt.Printf("\n")
 	}
 	return nil
 }
 func runGenerateLfsJwtSecret(c *cli.Context) error {
-	JWTSecretBase64, err := generate.NewJwtSecretBase64()
+	JWTSecretBase64, err := generate.NewJwtSecret()
 	if err != nil {
 		return err
 	}
-	fmt.Printf("%s", JWTSecretBase64)
+	fmt.Printf("%s\n", JWTSecretBase64)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
 		fmt.Printf("\n")
 	}
 	return nil
 }
@@ -91,11 +78,6 @@ func runGenerateSecretKey(c *cli.Context) error {
 		return err
 	}
-	fmt.Printf("%s", secretKey)
+	fmt.Printf("%s\n", secretKey)
 	if isatty.IsTerminal(os.Stdout.Fd()) {
 		fmt.Printf("\n")
 	}
 	return nil
 }
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -8,15 +8,13 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
 	"io"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
 	"time"
 	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -24,21 +22,23 @@ import (
 	"github.com/urfave/cli"
 )
 const (
 	hookBatchSize = 30
 )
 var (
 	// CmdHook represents the available hooks sub-command.
 	CmdHook = cli.Command{
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "This should only be called by Git",
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "config, c",
 				Value: "custom/conf/app.ini",
 				Usage: "Custom configuration file path",
 			},
 		},
 		Subcommands: []cli.Command{
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
 			subcmdHookPostReceive,
 			subcmdHookProcReceive,
 		},
 	}
@@ -47,183 +47,48 @@ var (
 		Usage:       "Delegate pre-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPreReceive,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 	subcmdHookUpdate = cli.Command{
 		Name:        "update",
 		Usage:       "Delegate update Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookUpdate,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 	subcmdHookPostReceive = cli.Command{
 		Name:        "post-receive",
 		Usage:       "Delegate post-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPostReceive,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 	// Note: new hook since git 2.29
 	subcmdHookProcReceive = cli.Command{
 		Name:        "proc-receive",
 		Usage:       "Delegate proc-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookProcReceive,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 )
 type delayWriter struct {
 	internal io.Writer
 	buf      *bytes.Buffer
 	timer    *time.Timer
 }
 func newDelayWriter(internal io.Writer, delay time.Duration) *delayWriter {
 	timer := time.NewTimer(delay)
 	return &delayWriter{
 		internal: internal,
 		buf:      &bytes.Buffer{},
 		timer:    timer,
 	}
 }
 func (d *delayWriter) Write(p []byte) (n int, err error) {
 	if d.buf != nil {
 		select {
 		case <-d.timer.C:
 			_, err := d.internal.Write(d.buf.Bytes())
 			if err != nil {
 				return 0, err
 			}
 			d.buf = nil
 			return d.internal.Write(p)
 		default:
 			return d.buf.Write(p)
 		}
 	}
 	return d.internal.Write(p)
 }
 func (d *delayWriter) WriteString(s string) (n int, err error) {
 	if d.buf != nil {
 		select {
 		case <-d.timer.C:
 			_, err := d.internal.Write(d.buf.Bytes())
 			if err != nil {
 				return 0, err
 			}
 			d.buf = nil
 			return d.internal.Write([]byte(s))
 		default:
 			return d.buf.WriteString(s)
 		}
 	}
 	return d.internal.Write([]byte(s))
 }
 func (d *delayWriter) Close() error {
 	if d == nil {
 		return nil
 	}
 	stopped := util.StopTimer(d.timer)
 	if stopped || d.buf == nil {
 		return nil
 	}
 	_, err := d.internal.Write(d.buf.Bytes())
 	d.buf = nil
 	return err
 }
 type nilWriter struct{}
 func (n *nilWriter) Write(p []byte) (int, error) {
 	return len(p), nil
 }
 func (n *nilWriter) WriteString(s string) (int, error) {
 	return len(s), nil
 }
 func runHookPreReceive(c *cli.Context) error {
 	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("hooks/pre-receive.log", c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
 		return nil
 	}
-	// the environment is set by serv command
+	if c.IsSet("config") {
-	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+		setting.CustomConf = c.String("config")
 	} else if c.GlobalIsSet("config") {
 		setting.CustomConf = c.GlobalString("config")
 	}
 	setup("hooks/pre-receive.log")
 	// the environment setted on serv command
 	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
-	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	userIDStr := os.Getenv(models.EnvPusherID)
-	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
+	repoPath := models.RepoPath(username, reponame)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(models.EnvDeployKeyID), 10, 64)
 	hookOptions := private.HookOptions{
 		UserID:                          userID,
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
 	}
 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
 	refFullNames := make([]string, hookBatchSize)
 	count := 0
 	total := 0
 	lastline := 0
 	var out io.Writer
 	out = &nilWriter{}
 	if setting.Git.VerbosePush {
 		if setting.Git.VerbosePushDelay > 0 {
 			dWriter := newDelayWriter(os.Stdout, setting.Git.VerbosePushDelay)
 			defer dWriter.Close()
 			out = dWriter
 		} else {
 			out = os.Stdout
 		}
 	}
 	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
 		supportProcRecive = true
 	}
 	for scanner.Scan() {
 		buf.Write(scanner.Bytes())
 		buf.WriteByte('\n')
 		// TODO: support news feeds for wiki
 		if isWiki {
 			continue
@@ -237,137 +102,85 @@ Gitea or set your environment appropriately.`, "")
 		oldCommitID := string(fields[0])
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])
 		total++
 		lastline++
-		// If the ref is a branch or tag, check if it's protected
+		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
-		// if supportProcRecive all ref should be checked because
+		protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
-		// permission check was delayed
+		if err != nil {
-		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+			fail("Internal error", fmt.Sprintf("retrieve protected branches information failed: %v", err))
-			oldCommitIDs[count] = oldCommitID
+		}
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
 			count++
 			fmt.Fprintf(out, "*")
-			if count >= hookBatchSize {
+		if protectBranch != nil && protectBranch.IsProtected() {
-				fmt.Fprintf(out, " Checking %d references\n", count)
+			// check and deletion
-
+			if newCommitID == git.EmptySHA {
-				hookOptions.OldCommitIDs = oldCommitIDs
+				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-				hookOptions.NewCommitIDs = newCommitIDs
+			}
-				hookOptions.RefFullNames = refFullNames
+
-				statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
+			// detect force push
-				switch statusCode {
+			if git.EmptySHA != oldCommitID {
-				case http.StatusOK:
+				output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
-					// no-op
+				if err != nil {
-				case http.StatusInternalServerError:
+					fail("Internal error", "Fail to detect force push: %v", err)
-					return fail("Internal Server Error", msg)
+				} else if len(output) > 0 {
-				default:
+					fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
-					return fail(msg, "")
+				}
-				}
+			}
-				count = 0
+
-				lastline = 0
+			userID, _ := strconv.ParseInt(userIDStr, 10, 64)
 			canPush, err := private.CanUserPush(protectBranch.ID, userID)
 			if err != nil {
 				fail("Internal error", "Fail to detect user can push: %v", err)
 			} else if !canPush {
 				fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
 			}
 		} else {
 			fmt.Fprintf(out, ".")
 		}
 		if lastline >= hookBatchSize {
 			fmt.Fprintf(out, "\n")
 			lastline = 0
 		}
 	}
 	if count > 0 {
 		hookOptions.OldCommitIDs = oldCommitIDs[:count]
 		hookOptions.NewCommitIDs = newCommitIDs[:count]
 		hookOptions.RefFullNames = refFullNames[:count]
 		fmt.Fprintf(out, " Checking %d references\n", count)
 		statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
 		switch statusCode {
 		case http.StatusInternalServerError:
 			return fail("Internal Server Error", msg)
 		case http.StatusForbidden:
 			return fail(msg, "")
 		}
 	} else if lastline > 0 {
 		fmt.Fprintf(out, "\n")
 	}
 	fmt.Fprintf(out, "Checked %d references in total\n", total)
 	return nil
 }
 func runHookUpdate(c *cli.Context) error {
-	// Update is empty and is kept only for backwards compatibility
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		return nil
 	}
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	} else if c.GlobalIsSet("config") {
 		setting.CustomConf = c.GlobalString("config")
 	}
 	setup("hooks/update.log")
 	return nil
 }
 func runHookPostReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	// First of all run update-server-info no matter what
 	if _, err := git.NewCommandContext(ctx, "update-server-info").Run(); err != nil {
 		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}
 	// Now if we're an internal don't do anything else
 	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	setup("hooks/post-receive.log", c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
 		return nil
 	}
-	var out io.Writer
+	if c.IsSet("config") {
-	var dWriter *delayWriter
+		setting.CustomConf = c.String("config")
-	out = &nilWriter{}
+	} else if c.GlobalIsSet("config") {
-	if setting.Git.VerbosePush {
+		setting.CustomConf = c.GlobalString("config")
 		if setting.Git.VerbosePushDelay > 0 {
 			dWriter = newDelayWriter(os.Stdout, setting.Git.VerbosePushDelay)
 			defer dWriter.Close()
 			out = dWriter
 		} else {
 			out = os.Stdout
 		}
 	}
-	// the environment is set by serv command
+	setup("hooks/post-receive.log")
 	// the environment setted on serv command
 	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	repoUser := os.Getenv(models.EnvRepoUsername)
-	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	repoName := os.Getenv(models.EnvRepoName)
 	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
 	pusherName := os.Getenv(models.EnvPusherName)
-	hookOptions := private.HookOptions{
+	buf := bytes.NewBuffer(nil)
 		UserName:                        pusherName,
 		UserID:                          pusherID,
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
 		GitPushOptions:                  pushOptions(),
 	}
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
 	refFullNames := make([]string, hookBatchSize)
 	count := 0
 	total := 0
 	wasEmpty := false
 	masterPushed := false
 	results := make([]private.HookPostReceiveBranchResult, 0)
 	scanner := bufio.NewScanner(os.Stdin)
 	for scanner.Scan() {
 		buf.Write(scanner.Bytes())
 		buf.WriteByte('\n')
 		// TODO: support news feeds for wiki
 		if isWiki {
 			continue
@@ -378,430 +191,62 @@ Gitea or set your environment appropriately.`, "")
 			continue
 		}
-		fmt.Fprintf(out, ".")
+		oldCommitID := string(fields[0])
-		oldCommitIDs[count] = string(fields[0])
+		newCommitID := string(fields[1])
-		newCommitIDs[count] = string(fields[1])
+		refFullName := string(fields[2])
 		refFullNames[count] = string(fields[2])
 		if refFullNames[count] == git.BranchPrefix+"master" && newCommitIDs[count] != git.EmptySHA && count == total {
 			masterPushed = true
 		}
 		count++
 		total++
-		if count >= hookBatchSize {
+		if err := private.PushUpdate(models.PushUpdateOptions{
-			fmt.Fprintf(out, " Processing %d references\n", count)
+			RefFullName:  refFullName,
-			hookOptions.OldCommitIDs = oldCommitIDs
+			OldCommitID:  oldCommitID,
-			hookOptions.NewCommitIDs = newCommitIDs
+			NewCommitID:  newCommitID,
-			hookOptions.RefFullNames = refFullNames
+			PusherID:     pusherID,
-			resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
+			PusherName:   pusherName,
-			if resp == nil {
+			RepoUserName: repoUser,
-				_ = dWriter.Close()
+			RepoName:     repoName,
-				hookPrintResults(results)
+		}); err != nil {
-				return fail("Internal Server Error", err)
+			log.GitLogger.Error(2, "Update: %v", err)
 			}
 			wasEmpty = wasEmpty || resp.RepoWasEmpty
 			results = append(results, resp.Results...)
 			count = 0
 		}
 	}
-	if count == 0 {
+		if newCommitID != git.EmptySHA && strings.HasPrefix(refFullName, git.BranchPrefix) {
-		if wasEmpty && masterPushed {
+			branch := strings.TrimPrefix(refFullName, git.BranchPrefix)
-			// We need to tell the repo to reset the default branch to master
+			repo, pullRequestAllowed, err := private.GetRepository(repoID)
 			err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
 			if err != nil {
-				return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
+				log.GitLogger.Error(2, "get repo: %v", err)
 				break
 			}
-		}
+			if !pullRequestAllowed {
 		fmt.Fprintf(out, "Processed %d references in total\n", total)
 		_ = dWriter.Close()
 		hookPrintResults(results)
 		return nil
 	}
 	hookOptions.OldCommitIDs = oldCommitIDs[:count]
 	hookOptions.NewCommitIDs = newCommitIDs[:count]
 	hookOptions.RefFullNames = refFullNames[:count]
 	fmt.Fprintf(out, " Processing %d references\n", count)
 	resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
 	if resp == nil {
 		_ = dWriter.Close()
 		hookPrintResults(results)
 		return fail("Internal Server Error", err)
 	}
 	wasEmpty = wasEmpty || resp.RepoWasEmpty
 	results = append(results, resp.Results...)
 	fmt.Fprintf(out, "Processed %d references in total\n", total)
 	if wasEmpty && masterPushed {
 		// We need to tell the repo to reset the default branch to master
 		err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
 		if err != nil {
 			return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
 		}
 	}
 	_ = dWriter.Close()
 	hookPrintResults(results)
 	return nil
 }
 func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 	for _, res := range results {
 		if !res.Message {
 			continue
 		}
 		fmt.Fprintln(os.Stderr, "")
 		if res.Create {
 			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res.Branch)
 			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		} else {
 			fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
 			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		}
 		fmt.Fprintln(os.Stderr, "")
 		os.Stderr.Sync()
 	}
 }
 func pushOptions() map[string]string {
 	opts := make(map[string]string)
 	if pushCount, err := strconv.Atoi(os.Getenv(private.GitPushOptionCount)); err == nil {
 		for idx := 0; idx < pushCount; idx++ {
 			opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", idx))
 			kv := strings.SplitN(opt, "=", 2)
 			if len(kv) == 2 {
 				opts[kv[0]] = kv[1]
 			}
 		}
 	}
 	return opts
 }
 func runHookProcReceive(c *cli.Context) error {
 	setup("hooks/proc-receive.log", c.Bool("debug"))
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
 		return nil
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if git.CheckGitVersionAtLeast("2.29") != nil {
 		return fail("Internal Server Error", "git not support proc-receive.")
 	}
 	reader := bufio.NewReader(os.Stdin)
 	repoUser := os.Getenv(models.EnvRepoUsername)
 	repoName := os.Getenv(models.EnvRepoName)
 	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
 	pusherName := os.Getenv(models.EnvPusherName)
 	// 1. Version and features negotiation.
 	// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
 	// S: flush-pkt
 	// H: PKT-LINE(version=1\0push-options...)
 	// H: flush-pkt
 	rs, err := readPktLine(reader, pktLineTypeData)
 	if err != nil {
 		return err
 	}
 	const VersionHead string = "version=1"
 	var (
 		hasPushOptions bool
 		response       = []byte(VersionHead)
 		requestOptions []string
 	)
 	index := bytes.IndexByte(rs.Data, byte(0))
 	if index >= len(rs.Data) {
 		return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 	}
 	if index < 0 {
 		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
 			index = 9
 		} else {
 			return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 		}
 	}
 	if string(rs.Data[0:index]) != VersionHead {
 		return fail("Internal Server Error", "Received unsupported version: %s", string(rs.Data[0:index]))
 	}
 	requestOptions = strings.Split(string(rs.Data[index+1:]), " ")
 	for _, option := range requestOptions {
 		if strings.HasPrefix(option, "push-options") {
 			response = append(response, byte(0))
 			response = append(response, []byte("push-options")...)
 			hasPushOptions = true
 		}
 	}
 	response = append(response, '\n')
 	_, err = readPktLine(reader, pktLineTypeFlush)
 	if err != nil {
 		return err
 	}
 	err = writeDataPktLine(os.Stdout, response)
 	if err != nil {
 		return err
 	}
 	err = writeFlushPktLine(os.Stdout)
 	if err != nil {
 		return err
 	}
 	// 2. receive commands from server.
 	// S: PKT-LINE(<old-oid> <new-oid> <ref>)
 	// S: ... ...
 	// S: flush-pkt
 	// # [receive push-options]
 	// S: PKT-LINE(push-option)
 	// S: ... ...
 	// S: flush-pkt
 	hookOptions := private.HookOptions{
 		UserName: pusherName,
 		UserID:   pusherID,
 	}
 	hookOptions.OldCommitIDs = make([]string, 0, hookBatchSize)
 	hookOptions.NewCommitIDs = make([]string, 0, hookBatchSize)
 	hookOptions.RefFullNames = make([]string, 0, hookBatchSize)
 	for {
 		// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
 		rs, err = readPktLine(reader, pktLineTypeUnknow)
 		if err != nil {
 			return err
 		}
 		if rs.Type == pktLineTypeFlush {
 			break
 		}
 		t := strings.SplitN(string(rs.Data), " ", 3)
 		if len(t) != 3 {
 			continue
 		}
 		hookOptions.OldCommitIDs = append(hookOptions.OldCommitIDs, t[0])
 		hookOptions.NewCommitIDs = append(hookOptions.NewCommitIDs, t[1])
 		hookOptions.RefFullNames = append(hookOptions.RefFullNames, t[2])
 	}
 	hookOptions.GitPushOptions = make(map[string]string)
 	if hasPushOptions {
 		for {
 			rs, err = readPktLine(reader, pktLineTypeUnknow)
 			if err != nil {
 				return err
 			}
 			if rs.Type == pktLineTypeFlush {
 				break
 			}
-			kv := strings.SplitN(string(rs.Data), "=", 2)
+			baseRepo := repo
-			if len(kv) == 2 {
+			if repo.IsFork {
-				hookOptions.GitPushOptions[kv[0]] = kv[1]
+				baseRepo = repo.BaseRepo
 			}
 		}
 	}
-	// 3. run hook
+			if !repo.IsFork && branch == baseRepo.DefaultBranch {
-	resp, err := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
+				break
-	if err != nil {
+			}
 		return fail("Internal Server Error", "run proc-receive hook failed :%v", err)
 	}
-	// 4. response result to service
+			pr, err := private.ActivePullRequest(baseRepo.ID, repo.ID, baseRepo.DefaultBranch, branch)
 	// # a. OK, but has an alternate reference.  The alternate reference name
 	// # and other status can be given in option directives.
 	// H: PKT-LINE(ok <ref>)
 	// H: PKT-LINE(option refname <refname>)
 	// H: PKT-LINE(option old-oid <old-oid>)
 	// H: PKT-LINE(option new-oid <new-oid>)
 	// H: PKT-LINE(option forced-update)
 	// H: ... ...
 	// H: flush-pkt
 	// # b. NO, I reject it.
 	// H: PKT-LINE(ng <ref> <reason>)
 	// # c. Fall through, let 'receive-pack' to execute it.
 	// H: PKT-LINE(ok <ref>)
 	// H: PKT-LINE(option fall-through)
 	for _, rs := range resp.Results {
 		if len(rs.Err) > 0 {
 			err = writeDataPktLine(os.Stdout, []byte("ng "+rs.OriginalRef+" "+rs.Err))
 			if err != nil {
-				return err
+				log.GitLogger.Error(2, "get active pr: %v", err)
 				break
 			}
 			continue
 		}
-		if rs.IsNotMatched {
+			fmt.Fprintln(os.Stderr, "")
-			err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
+			if pr == nil {
-			if err != nil {
+				if repo.IsFork {
-				return err
+					branch = fmt.Sprintf("%s:%s", repo.OwnerName, branch)
 				}
 				fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", branch)
 				fmt.Fprintf(os.Stderr, "  %s/compare/%s...%s\n", baseRepo.HTMLURL(), util.PathEscapeSegments(baseRepo.DefaultBranch), util.PathEscapeSegments(branch))
 			} else {
 				fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
 				fmt.Fprintf(os.Stderr, "  %s/pulls/%d\n", baseRepo.HTMLURL(), pr.Index)
 			}
-			err = writeDataPktLine(os.Stdout, []byte("option fall-through"))
+			fmt.Fprintln(os.Stderr, "")
 			if err != nil {
 				return err
 			}
 			continue
 		}
 		err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
 		if err != nil {
 			return err
 		}
 		err = writeDataPktLine(os.Stdout, []byte("option refname "+rs.Ref))
 		if err != nil {
 			return err
 		}
 		if rs.OldOID != git.EmptySHA {
 			err = writeDataPktLine(os.Stdout, []byte("option old-oid "+rs.OldOID))
 			if err != nil {
 				return err
 			}
 		}
 		err = writeDataPktLine(os.Stdout, []byte("option new-oid "+rs.NewOID))
 		if err != nil {
 			return err
 		}
 		if rs.IsForcePush {
 			err = writeDataPktLine(os.Stdout, []byte("option forced-update"))
 			if err != nil {
 				return err
 			}
 		}
 	}
 	err = writeFlushPktLine(os.Stdout)
 	return err
 }
 // git PKT-Line api
 // pktLineType message type of pkt-line
 type pktLineType int64
 const (
 	// UnKnow type
 	pktLineTypeUnknow pktLineType = 0
 	// flush-pkt "0000"
 	pktLineTypeFlush pktLineType = iota
 	// data line
 	pktLineTypeData
 )
 // gitPktLine pkt-line api
 type gitPktLine struct {
 	Type   pktLineType
 	Length uint64
 	Data   []byte
 }
 func readPktLine(in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
 	var (
 		err error
 		r   *gitPktLine
 	)
 	// read prefix
 	lengthBytes := make([]byte, 4)
 	for i := 0; i < 4; i++ {
 		lengthBytes[i], err = in.ReadByte()
 		if err != nil {
 			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
 		}
 	}
 	r = new(gitPktLine)
 	r.Length, err = strconv.ParseUint(string(lengthBytes), 16, 32)
 	if err != nil {
 		return nil, fail("Internal Server Error", "Pkt-Line format is wrong :%v", err)
 	}
 	if r.Length == 0 {
 		if requestType == pktLineTypeData {
 			return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
 		}
 		r.Type = pktLineTypeFlush
 		return r, nil
 	}
 	if r.Length <= 4 || r.Length > 65520 || requestType == pktLineTypeFlush {
 		return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
 	}
 	r.Data = make([]byte, r.Length-4)
 	for i := range r.Data {
 		r.Data[i], err = in.ReadByte()
 		if err != nil {
 			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
 		}
 	}
 	r.Type = pktLineTypeData
 	return r, nil
 }
 func writeFlushPktLine(out io.Writer) error {
 	l, err := out.Write([]byte("0000"))
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	if l != 4 {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	return nil
 }
 func writeDataPktLine(out io.Writer, data []byte) error {
 	hexchar := []byte("0123456789abcdef")
 	hex := func(n uint64) byte {
 		return hexchar[(n)&15]
 	}
 	length := uint64(len(data) + 4)
 	tmp := make([]byte, 4)
 	tmp[0] = hex(length >> 12)
 	tmp[1] = hex(length >> 8)
 	tmp[2] = hex(length >> 4)
 	tmp[3] = hex(length)
 	lr, err := out.Write(tmp)
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	if 4 != lr {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	lr, err = out.Write(data)
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	if int(length-4) != lr {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
 	return nil
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,41 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"bufio"
 	"bytes"
 	"strings"
 	"testing"
 	"github.com/stretchr/testify/assert"
 )
 func TestPktLine(t *testing.T) {
 	// test read
 	s := strings.NewReader("0000")
 	r := bufio.NewReader(s)
 	result, err := readPktLine(r, pktLineTypeFlush)
 	assert.NoError(t, err)
 	assert.Equal(t, pktLineTypeFlush, result.Type)
 	s = strings.NewReader("0006a\n")
 	r = bufio.NewReader(s)
 	result, err = readPktLine(r, pktLineTypeData)
 	assert.NoError(t, err)
 	assert.Equal(t, pktLineTypeData, result.Type)
 	assert.Equal(t, []byte("a\n"), result.Data)
 	// test write
 	w := bytes.NewBuffer([]byte{})
 	err = writeFlushPktLine(w)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("0000"), w.Bytes())
 	w.Reset()
 	err = writeDataPktLine(w, []byte("a\nb"))
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("0007a\nb"), w.Bytes())
 }
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -9,7 +9,8 @@ import (
 	"fmt"
 	"strings"
-	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
@@ -40,10 +41,19 @@ var CmdKeys = cli.Command{
 			Value: "",
 			Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
 		},
 		cli.StringFlag{
 			Name:  "config, c",
 			Value: "custom/conf/app.ini",
 			Usage: "Custom configuration file path",
 		},
 	},
 }
 func runKeys(c *cli.Context) error {
 	if c.IsSet("config") {
 		setting.CustomConf = c.String("config")
 	}
 	if !c.IsSet("username") {
 		return errors.New("No username provided")
 	}
@@ -62,15 +72,14 @@ func runKeys(c *cli.Context) error {
 		return errors.New("No key type and content provided")
 	}
-	ctx, cancel := installSignals()
+	if err := initDBDisableConsole(true); err != nil {
-	defer cancel()
+		return err
 	}
-	setup("keys.log", false)
+	publicKey, err := models.SearchPublicKeyByContent(content)
 	authorizedString, err := private.AuthorizedPublicKeyByContent(ctx, content)
 	if err != nil {
 		return err
 	}
-	fmt.Println(strings.TrimSpace(authorizedString))
+	fmt.Println(publicKey.AuthorizedString())
 	return nil
 }
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -1,55 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"fmt"
 	"net/http"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
 func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setting.LoadFromExisting()
 	if err := argsSet(c, "title"); err != nil {
 		return err
 	}
 	subject := c.String("title")
 	confirmSkiped := c.Bool("force")
 	body := c.String("content")
 	if !confirmSkiped {
 		if len(body) == 0 {
 			fmt.Print("warning: Content is empty")
 		}
 		fmt.Print("Proceed with sending email? [Y/n] ")
 		isConfirmed, err := confirm()
 		if err != nil {
 			return err
 		} else if !isConfirmed {
 			fmt.Println("The mail was not sent")
 			return nil
 		}
 	}
 	status, message := private.SendEmail(ctx, subject, body, nil)
 	if status != http.StatusOK {
 		fmt.Printf("error: %s\n", message)
 		return nil
 	}
 	fmt.Printf("Success: %s\n", message)
 	return nil
 }
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -1,478 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"fmt"
 	"net/http"
 	"os"
 	"time"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"github.com/urfave/cli"
 )
 var (
 	// CmdManager represents the manager command
 	CmdManager = cli.Command{
 		Name:        "manager",
 		Usage:       "Manage the running gitea process",
 		Description: "This is a command for managing the running gitea process",
 		Subcommands: []cli.Command{
 			subcmdShutdown,
 			subcmdRestart,
 			subcmdFlushQueues,
 			subcmdLogging,
 		},
 	}
 	subcmdShutdown = cli.Command{
 		Name:  "shutdown",
 		Usage: "Gracefully shutdown the running process",
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 		Action: runShutdown,
 	}
 	subcmdRestart = cli.Command{
 		Name:  "restart",
 		Usage: "Gracefully restart the running process - (not implemented for windows servers)",
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 		Action: runRestart,
 	}
 	subcmdFlushQueues = cli.Command{
 		Name:   "flush-queues",
 		Usage:  "Flush queues in the running process",
 		Action: runFlushQueues,
 		Flags: []cli.Flag{
 			cli.DurationFlag{
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
 			}, cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
 			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 	defaultLoggingFlags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "group, g",
 			Usage: "Group to add logger to - will default to \"default\"",
 		}, cli.StringFlag{
 			Name:  "name, n",
 			Usage: "Name of the new logger - will default to mode",
 		}, cli.StringFlag{
 			Name:  "level, l",
 			Usage: "Logging level for the new logger",
 		}, cli.StringFlag{
 			Name:  "stacktrace-level, L",
 			Usage: "Stacktrace logging level",
 		}, cli.StringFlag{
 			Name:  "flags, F",
 			Usage: "Flags for the logger",
 		}, cli.StringFlag{
 			Name:  "expression, e",
 			Usage: "Matching expression for the logger",
 		}, cli.StringFlag{
 			Name:  "prefix, p",
 			Usage: "Prefix for the logger",
 		}, cli.BoolFlag{
 			Name:  "color",
 			Usage: "Use color in the logs",
 		}, cli.BoolFlag{
 			Name: "debug",
 		},
 	}
 	subcmdLogging = cli.Command{
 		Name:  "logging",
 		Usage: "Adjust logging commands",
 		Subcommands: []cli.Command{
 			{
 				Name:  "pause",
 				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runPauseLogging,
 			}, {
 				Name:  "resume",
 				Usage: "Resume logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runResumeLogging,
 			}, {
 				Name:  "release-and-reopen",
 				Usage: "Cause Gitea to release and re-open files used for logging",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
 				Action: runReleaseReopenLogging,
 			}, {
 				Name:      "remove",
 				Usage:     "Remove a logger",
 				ArgsUsage: "[name] Name of logger to remove",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.StringFlag{
 						Name:  "group, g",
 						Usage: "Group to add logger to - will default to \"default\"",
 					},
 				},
 				Action: runRemoveLogger,
 			}, {
 				Name:  "add",
 				Usage: "Add a logger",
 				Subcommands: []cli.Command{
 					{
 						Name:  "console",
 						Usage: "Add a console logger",
 						Flags: append(defaultLoggingFlags,
 							cli.BoolFlag{
 								Name:  "stderr",
 								Usage: "Output console logs to stderr - only relevant for console",
 							}),
 						Action: runAddConsoleLogger,
 					}, {
 						Name:  "file",
 						Usage: "Add a file logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "filename, f",
 								Usage: "Filename for the logger - this must be set.",
 							}, cli.BoolTFlag{
 								Name:  "rotate, r",
 								Usage: "Rotate logs",
 							}, cli.Int64Flag{
 								Name:  "max-size, s",
 								Usage: "Maximum size in bytes before rotation",
 							}, cli.BoolTFlag{
 								Name:  "daily, d",
 								Usage: "Rotate logs daily",
 							}, cli.IntFlag{
 								Name:  "max-days, D",
 								Usage: "Maximum number of daily logs to keep",
 							}, cli.BoolTFlag{
 								Name:  "compress, z",
 								Usage: "Compress rotated logs",
 							}, cli.IntFlag{
 								Name:  "compression-level, Z",
 								Usage: "Compression level to use",
 							},
 						}...),
 						Action: runAddFileLogger,
 					}, {
 						Name:  "conn",
 						Usage: "Add a net conn logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.BoolFlag{
 								Name:  "reconnect-on-message, R",
 								Usage: "Reconnect to host for every message",
 							}, cli.BoolFlag{
 								Name:  "reconnect, r",
 								Usage: "Reconnect to host when connection is dropped",
 							}, cli.StringFlag{
 								Name:  "protocol, P",
 								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
 							}, cli.StringFlag{
 								Name:  "address, a",
 								Usage: "Host address and port to connect to (defaults to :7020)",
 							},
 						}...),
 						Action: runAddConnLogger,
 					}, {
 						Name:  "smtp",
 						Usage: "Add an SMTP logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
 								Name:  "username, u",
 								Usage: "Mail server username",
 							}, cli.StringFlag{
 								Name:  "password, P",
 								Usage: "Mail server password",
 							}, cli.StringFlag{
 								Name:  "host, H",
 								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
 							}, cli.StringSliceFlag{
 								Name:  "send-to, s",
 								Usage: "Email address(es) to send to",
 							}, cli.StringFlag{
 								Name:  "subject, S",
 								Usage: "Subject header of sent emails",
 							},
 						}...),
 						Action: runAddSMTPLogger,
 					},
 				},
 			},
 		},
 	}
 )
 func runRemoveLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	group := c.String("group")
 	if len(group) == 0 {
 		group = log.DEFAULT
 	}
 	name := c.Args().First()
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.RemoveLogger(ctx, group, name)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runAddSMTPLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "smtp"
 	if c.IsSet("host") {
 		vals["host"] = c.String("host")
 	} else {
 		vals["host"] = "127.0.0.1:25"
 	}
 	if c.IsSet("username") {
 		vals["username"] = c.String("username")
 	}
 	if c.IsSet("password") {
 		vals["password"] = c.String("password")
 	}
 	if !c.IsSet("send-to") {
 		return fmt.Errorf("Some recipients must be provided")
 	}
 	vals["sendTos"] = c.StringSlice("send-to")
 	if c.IsSet("subject") {
 		vals["subject"] = c.String("subject")
 	} else {
 		vals["subject"] = "Diagnostic message from Gitea"
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConnLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "conn"
 	vals["net"] = "tcp"
 	if c.IsSet("protocol") {
 		switch c.String("protocol") {
 		case "udp":
 			vals["net"] = "udp"
 		case "unix":
 			vals["net"] = "unix"
 		}
 	}
 	if c.IsSet("address") {
 		vals["address"] = c.String("address")
 	} else {
 		vals["address"] = ":7020"
 	}
 	if c.IsSet("reconnect") {
 		vals["reconnect"] = c.Bool("reconnect")
 	}
 	if c.IsSet("reconnect-on-message") {
 		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddFileLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "file"
 	if c.IsSet("filename") {
 		vals["filename"] = c.String("filename")
 	} else {
 		return fmt.Errorf("filename must be set when creating a file logger")
 	}
 	if c.IsSet("rotate") {
 		vals["rotate"] = c.Bool("rotate")
 	}
 	if c.IsSet("max-size") {
 		vals["maxsize"] = c.Int64("max-size")
 	}
 	if c.IsSet("daily") {
 		vals["daily"] = c.Bool("daily")
 	}
 	if c.IsSet("max-days") {
 		vals["maxdays"] = c.Int("max-days")
 	}
 	if c.IsSet("compress") {
 		vals["compress"] = c.Bool("compress")
 	}
 	if c.IsSet("compression-level") {
 		vals["compressionLevel"] = c.Int("compression-level")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func runAddConsoleLogger(c *cli.Context) error {
 	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "console"
 	if c.IsSet("stderr") && c.Bool("stderr") {
 		vals["stderr"] = c.Bool("stderr")
 	}
 	return commonAddLogger(c, mode, vals)
 }
 func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
 	if len(c.String("level")) > 0 {
 		vals["level"] = log.FromString(c.String("level")).String()
 	}
 	if len(c.String("stacktrace-level")) > 0 {
 		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
 	}
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
 	}
 	if len(c.String("prefix")) > 0 {
 		vals["prefix"] = c.String("prefix")
 	}
 	if len(c.String("flags")) > 0 {
 		vals["flags"] = log.FlagsFromString(c.String("flags"))
 	}
 	if c.IsSet("color") {
 		vals["colorize"] = c.Bool("color")
 	}
 	group := "default"
 	if c.IsSet("group") {
 		group = c.String("group")
 	}
 	name := mode
 	if c.IsSet("name") {
 		name = c.String("name")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runShutdown(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.Shutdown(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runRestart(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.Restart(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runFlushQueues(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.PauseLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runResumeLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ResumeLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runReleaseReopenLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.ReleaseReopenLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -5,9 +5,7 @@
 package cmd
 import (
-	"context"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -21,24 +19,32 @@ var CmdMigrate = cli.Command{
 	Usage:       "Migrate the database",
 	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
 	Action:      runMigrate,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "config, c",
 			Value: "custom/conf/app.ini",
 			Usage: "Custom configuration file path",
 		},
 	},
 }
 func runMigrate(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
+	if ctx.IsSet("config") {
-	defer cancel()
+		setting.CustomConf = ctx.String("config")
 	}
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}
-	log.Info("AppPath: %s", setting.AppPath)
+	log.Trace("AppPath: %s", setting.AppPath)
-	log.Info("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.LogRootPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	models.LoadConfigs()
-	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
+	if err := models.NewEngine(migrations.Migrate); err != nil {
-		log.Fatal("Failed to initialize ORM engine: %v", err)
+		log.Fatal(4, "Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -1,196 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"fmt"
 	"strings"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"github.com/urfave/cli"
 )
 // CmdMigrateStorage represents the available migrate storage sub-command.
 var CmdMigrateStorage = cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
 	Description: "This is a command for migrating storage.",
 	Action:      runMigrateStorage,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "type, t",
 			Value: "",
 			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
 		},
 		cli.StringFlag{
 			Name:  "storage, s",
 			Value: "",
 			Usage: "New storage type: local (default) or minio",
 		},
 		cli.StringFlag{
 			Name:  "path, p",
 			Value: "",
 			Usage: "New storage placement if store is local (leave blank for default)",
 		},
 		cli.StringFlag{
 			Name:  "minio-endpoint",
 			Value: "",
 			Usage: "Minio storage endpoint",
 		},
 		cli.StringFlag{
 			Name:  "minio-access-key-id",
 			Value: "",
 			Usage: "Minio storage accessKeyID",
 		},
 		cli.StringFlag{
 			Name:  "minio-secret-access-key",
 			Value: "",
 			Usage: "Minio storage secretAccessKey",
 		},
 		cli.StringFlag{
 			Name:  "minio-bucket",
 			Value: "",
 			Usage: "Minio storage bucket",
 		},
 		cli.StringFlag{
 			Name:  "minio-location",
 			Value: "",
 			Usage: "Minio storage location to create bucket",
 		},
 		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
 			Usage: "Minio storage basepath on the bucket",
 		},
 		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
 	},
 }
 func migrateAttachments(dstStorage storage.ObjectStorage) error {
 	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }
 func migrateLFS(dstStorage storage.ObjectStorage) error {
 	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }
 func migrateAvatars(dstStorage storage.ObjectStorage) error {
 	return user_model.IterateUser(func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }
 func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
 	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(stdCtx); err != nil {
 		return err
 	}
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
 	goCtx := context.Background()
 	if err := storage.Init(); err != nil {
 		return err
 	}
 	var dstStorage storage.ObjectStorage
 	var err error
 	switch strings.ToLower(ctx.String("storage")) {
 	case "":
 		fallthrough
 	case string(storage.LocalStorageType):
 		p := ctx.String("path")
 		if p == "" {
 			log.Fatal("Path must be given when storage is loal")
 			return nil
 		}
 		dstStorage, err = storage.NewLocalStorage(
 			goCtx,
 			storage.LocalStorageConfig{
 				Path: p,
 			})
 	case string(storage.MinioStorageType):
 		dstStorage, err = storage.NewMinioStorage(
 			goCtx,
 			storage.MinioStorageConfig{
 				Endpoint:        ctx.String("minio-endpoint"),
 				AccessKeyID:     ctx.String("minio-access-key-id"),
 				SecretAccessKey: ctx.String("minio-secret-access-key"),
 				Bucket:          ctx.String("minio-bucket"),
 				Location:        ctx.String("minio-location"),
 				BasePath:        ctx.String("minio-base-path"),
 				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
 		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
 	}
 	if err != nil {
 		return err
 	}
 	tp := strings.ToLower(ctx.String("type"))
 	switch tp {
 	case "attachments":
 		if err := migrateAttachments(dstStorage); err != nil {
 			return err
 		}
 	case "lfs":
 		if err := migrateLFS(dstStorage); err != nil {
 			return err
 		}
 	case "avatars":
 		if err := migrateAvatars(dstStorage); err != nil {
 			return err
 		}
 	case "repo-avatars":
 		if err := migrateRepoAvatars(dstStorage); err != nil {
 			return err
 		}
 	default:
 		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
 	}
 	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
 	return nil
 }
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -1,68 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"errors"
 	"net/http"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
 // CmdRestoreRepository represents the available restore a repository sub-command.
 var CmdRestoreRepository = cli.Command{
 	Name:        "restore-repo",
 	Usage:       "Restore the repository from disk",
 	Description: "This is a command for restoring the repository data.",
 	Action:      runRestoreRepository,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "repo_dir, r",
 			Value: "./data",
 			Usage: "Repository dir path to restore from",
 		},
 		cli.StringFlag{
 			Name:  "owner_name",
 			Value: "",
 			Usage: "Restore destination owner name",
 		},
 		cli.StringFlag{
 			Name:  "repo_name",
 			Value: "",
 			Usage: "Restore destination repository name",
 		},
 		cli.StringFlag{
 			Name:  "units",
 			Value: "",
 			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
 	},
 }
 func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setting.LoadFromExisting()
 	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
 		c.String("repo_name"),
 		c.StringSlice("units"),
 	)
 	if statusCode == http.StatusOK {
 		return nil
 	}
 	log.Fatal("Failed to restore repository: %v", errStr)
 	return errors.New(errStr)
 }
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -6,34 +6,29 @@
 package cmd
 import (
 	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
-	"regexp"
+	"path/filepath"
 	"strconv"
 	"strings"
 	"time"
 	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"
-	"github.com/golang-jwt/jwt/v4"
+	"github.com/Unknwon/com"
-	"github.com/kballard/go-shellquote"
+	"github.com/dgrijalva/jwt-go"
 	version "github.com/mcuadros/go-version"
 	"github.com/urfave/cli"
 )
 const (
 	accessDenied        = "Repository does not exist or you do not have access"
 	lfsAuthenticateVerb = "git-lfs-authenticate"
 )
@@ -44,64 +39,80 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.BoolFlag{
+		cli.StringFlag{
-			Name: "enable-pprof",
+			Name:  "config, c",
 			Value: "custom/conf/app.ini",
 			Usage: "Custom configuration file path",
 		},
 		cli.BoolFlag{
-			Name: "debug",
+			Name: "enable-pprof",
 		},
 	},
 }
-func setup(logPath string, debug bool) {
+func checkLFSVersion() {
-	_ = log.DelLogger("console")
+	if setting.LFS.StartServer {
-	if debug {
+		//Disable LFS client hooks if installed for the current OS user
-		_ = log.NewLogger(1000, "console", "console", `{"level":"trace","stacktracelevel":"NONE","stderr":true}`)
+		//Needs at least git v2.1.2
-	} else {
+		binVersion, err := git.BinVersion()
-		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
+		if err != nil {
 			fail(fmt.Sprintf("Error retrieving git version: %v", err), fmt.Sprintf("Error retrieving git version: %v", err))
 		}
 		if !version.Compare(binVersion, "2.1.2", ">=") {
 			setting.LFS.StartServer = false
 			println("LFS server support needs at least Git v2.1.2, disabled")
 		} else {
 			git.GlobalCommandArgs = append(git.GlobalCommandArgs, "-c", "filter.lfs.required=",
 				"-c", "filter.lfs.smudge=", "-c", "filter.lfs.clean=")
 		}
 	}
-	setting.LoadFromExisting()
+}
-	if debug {
+
-		setting.RunMode = "dev"
+func setup(logPath string) {
 	log.DelLogger("console")
 	setting.NewContext()
 	checkLFSVersion()
 	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
 }
 func parseCmd(cmd string) (string, string) {
 	ss := strings.SplitN(cmd, " ", 2)
 	if len(ss) != 2 {
 		return "", ""
 	}
 	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
 }
 var (
-	allowedCommands = map[string]perm.AccessMode{
+	allowedCommands = map[string]models.AccessMode{
-		"git-upload-pack":    perm.AccessModeRead,
+		"git-upload-pack":    models.AccessModeRead,
-		"git-upload-archive": perm.AccessModeRead,
+		"git-upload-archive": models.AccessModeRead,
-		"git-receive-pack":   perm.AccessModeWrite,
+		"git-receive-pack":   models.AccessModeWrite,
-		lfsAuthenticateVerb:  perm.AccessModeNone,
+		lfsAuthenticateVerb:  models.AccessModeNone,
 	}
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )
-func fail(userMessage, logMessage string, args ...interface{}) error {
+func fail(userMessage, logMessage string, args ...interface{}) {
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
 	fmt.Fprintln(os.Stdout, "")
 	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
 	if len(logMessage) > 0 {
-		if !setting.IsProd {
+		if !setting.ProdMode {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 		log.GitLogger.Fatal(3, logMessage, args...)
 		return
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
-	if len(logMessage) > 0 {
+	log.GitLogger.Close()
-		_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
+	os.Exit(1)
 	}
 	return cli.NewExitError("", 1)
 }
 func runServ(c *cli.Context) error {
-	ctx, cancel := installSignals()
+	if c.IsSet("config") {
-	defer cancel()
+		setting.CustomConf = c.String("config")
-
+	}
-	// FIXME: This needs to internationalised
+	setup("serv.log")
 	setup("serv.log", c.Bool("debug"))
 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -109,166 +120,196 @@ func runServ(c *cli.Context) error {
 	}
 	if len(c.Args()) < 1 {
-		if err := cli.ShowSubcommandHelp(c); err != nil {
+		cli.ShowSubcommandHelp(c)
 			fmt.Printf("error showing subcommand help: %v\n", err)
 		}
 		return nil
 	}
 	keys := strings.Split(c.Args()[0], "-")
 	if len(keys) != 2 || keys[0] != "key" {
 		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
 	keyID, err := strconv.ParseInt(keys[1], 10, 64)
 	if err != nil {
 		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
 	}
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
-		key, user, err := private.ServNoCommand(ctx, keyID)
+		println("Hi there, You've successfully authenticated, but Gitea does not provide shell access.")
 		if err != nil {
 			return fail("Internal error", "Failed to check provided key: %v", err)
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
 		case asymkey_model.KeyTypePrincipal:
 			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
 		default:
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
 		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
 	} else if c.Bool("debug") {
 		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
 	}
-	words, err := shellquote.Split(cmd)
+	verb, args := parseCmd(cmd)
 	if err != nil {
 		return fail("Error parsing arguments", "Failed to parse arguments: %v", err)
 	}
 	if len(words) < 2 {
 		if git.CheckGitVersionAtLeast("2.29") == nil {
 			// for AGit Flow
 			if cmd == "ssh_info" {
 				fmt.Print(`{"type":"gitea","version":1}`)
 				return nil
 			}
 		}
 		return fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
 	}
 	verb := words[0]
 	repoPath := words[1]
 	if repoPath[0] == '/' {
 		repoPath = repoPath[1:]
 	}
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {
 		if !setting.LFS.StartServer {
-			return fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
+			fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
 		}
-		if len(words) > 2 {
+		argsSplit := strings.Split(args, " ")
-			lfsVerb = words[2]
+		if len(argsSplit) >= 2 {
 			args = strings.TrimSpace(argsSplit[0])
 			lfsVerb = strings.TrimSpace(argsSplit[1])
 		}
 	}
-	// LowerCase and trim the repoPath as that's how they are stored.
+	repoPath := strings.ToLower(strings.Trim(args, "'"))
 	repoPath = strings.ToLower(strings.TrimSpace(repoPath))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
-		return fail("Invalid repository path", "Invalid repository path: %v", repoPath)
+		fail("Invalid repository path", "Invalid repository path: %v", args)
 	}
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
-	if alphaDashDotPattern.MatchString(reponame) {
+	if setting.EnablePprof || c.Bool("enable-pprof") {
 		return fail("Invalid repo name", "Invalid repo name: %s", reponame)
 	}
 	if c.Bool("enable-pprof") {
 		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
-			return fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
+			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}
-		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		stopCPUProfiler := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
 		if err != nil {
 			return fail("Internal Server Error", "Unable to start CPU profile: %v", err)
 		}
 		defer func() {
 			stopCPUProfiler()
-			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+			pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
 			if err != nil {
 				_ = fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
 			}
 		}()
 	}
 	var (
 		isWiki   bool
 		unitType = models.UnitTypeCode
 		unitName = "code"
 	)
 	if strings.HasSuffix(reponame, ".wiki") {
 		isWiki = true
 		unitType = models.UnitTypeWiki
 		unitName = "wiki"
 		reponame = reponame[:len(reponame)-5]
 	}
 	os.Setenv(models.EnvRepoUsername, username)
 	if isWiki {
 		os.Setenv(models.EnvRepoIsWiki, "true")
 	} else {
 		os.Setenv(models.EnvRepoIsWiki, "false")
 	}
 	os.Setenv(models.EnvRepoName, reponame)
 	repo, err := private.GetRepositoryByOwnerAndName(username, reponame)
 	if err != nil {
 		if strings.Contains(err.Error(), "Failed to get repository: repository does not exist") {
 			fail(accessDenied, "Repository does not exist: %s/%s", username, reponame)
 		}
 		fail("Internal error", "Failed to get repository: %v", err)
 	}
 	requestedMode, has := allowedCommands[verb]
 	if !has {
-		return fail("Unknown git command", "Unknown git command %s", verb)
+		fail("Unknown git command", "Unknown git command %s", verb)
 	}
 	if verb == lfsAuthenticateVerb {
 		if lfsVerb == "upload" {
-			requestedMode = perm.AccessModeWrite
+			requestedMode = models.AccessModeWrite
 		} else if lfsVerb == "download" {
-			requestedMode = perm.AccessModeRead
+			requestedMode = models.AccessModeRead
 		} else {
-			return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
+			fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
 		}
 	}
-	results, err := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
+	// Prohibit push to mirror repositories.
 	if requestedMode > models.AccessModeRead && repo.IsMirror {
 		fail("mirror repository is read-only", "")
 	}
 	// Allow anonymous clone for public repositories.
 	var (
 		keyID  int64
 		user   *models.User
 		userID int64
 	)
 	keys := strings.Split(c.Args()[0], "-")
 	if len(keys) != 2 {
 		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
 	key, err := private.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
 	if err != nil {
-		if private.IsErrServCommand(err) {
+		fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
 			errServCommand := err.(private.ErrServCommand)
 			if errServCommand.StatusCode != http.StatusInternalServerError {
 				return fail("Unauthorized", "%s", errServCommand.Error())
 			}
 			return fail("Internal Server Error", "%s", errServCommand.Error())
 		}
 		return fail("Internal Server Error", "%s", err.Error())
 	}
-	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	keyID = key.ID
-	os.Setenv(models.EnvRepoName, results.RepoName)
+	userID = key.OwnerID
 	os.Setenv(models.EnvRepoUsername, results.OwnerName)
 	os.Setenv(models.EnvPusherName, results.UserName)
 	os.Setenv(models.EnvPusherEmail, results.UserEmail)
 	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
 	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
 	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
 	os.Setenv(models.EnvDeployKeyID, fmt.Sprintf("%d", results.DeployKeyID))
 	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
 	os.Setenv(models.EnvAppURL, setting.AppURL)
-	// LFS token authentication
+	if key.Type == models.KeyTypeDeploy {
 		// Now we have to get the deploy key for this repo
 		deployKey, err := private.GetDeployKey(key.ID, repo.ID)
 		if err != nil {
 			fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 		}
 		if deployKey == nil {
 			fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 		}
 		if deployKey.Mode < requestedMode {
 			fail("Key permission denied", "Cannot push with read-only deployment key: %d to repo_id: %d", key.ID, repo.ID)
 		}
 		// Update deploy key activity.
 		if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
 			fail("Internal error", "UpdateDeployKey: %v", err)
 		}
 		// FIXME: Deploy keys aren't really the owner of the repo pushing changes
 		// however we don't have good way of representing deploy keys in hook.go
 		// so for now use the owner
 		os.Setenv(models.EnvPusherName, username)
 		os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID))
 		userID = repo.OwnerID
 	} else if requestedMode == models.AccessModeWrite || repo.IsPrivate || setting.Service.RequireSignInView {
 		// Check deploy key or user key.
 		user, err = private.GetUserByKeyID(key.ID)
 		if err != nil {
 			fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 		}
 		if !user.IsActive || user.ProhibitLogin {
 			fail("Your account is not active or has been disabled by Administrator",
 				"User %s is disabled and have no access to repository %s",
 				user.Name, repoPath)
 		}
 		mode, err := private.CheckUnitUser(user.ID, repo.ID, user.IsAdmin, unitType)
 		if err != nil {
 			fail("Internal error", "Failed to check access: %v", err)
 		} else if *mode < requestedMode {
 			clientMessage := accessDenied
 			if *mode >= models.AccessModeRead {
 				clientMessage = "You do not have sufficient authorization for this action"
 			}
 			fail(clientMessage,
 				"User %s does not have level %v access to repository %s's "+unitName,
 				user.Name, requestedMode, repoPath)
 		}
 		os.Setenv(models.EnvPusherName, user.Name)
 		os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", user.ID))
 	}
 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
-		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))
+		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, username, repo.Name)
 		now := time.Now()
-		claims := lfs.Claims{
+		claims := jwt.MapClaims{
-			// FIXME: we need to migrate to RegisteredClaims
+			"repo": repo.ID,
-			StandardClaims: jwt.StandardClaims{ // nolint
+			"op":   lfsVerb,
-				ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
+			"exp":  now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
-				NotBefore: now.Unix(),
+			"nbf":  now.Unix(),
-			},
+		}
-			RepoID: results.RepoID,
+		if userID > 0 {
-			Op:     lfsVerb,
+			claims["user"] = userID
 			UserID: results.UserID,
 		}
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)
 		// Sign and get the complete encoded token as a string using the secret
 		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
 		if err != nil {
-			return fail("Internal error", "Failed to sign JWT token: %v", err)
+			fail("Internal error", "Failed to sign JWT token: %v", err)
 		}
 		tokenAuthentication := &models.LFSTokenResponse{
@@ -280,8 +321,9 @@ func runServ(c *cli.Context) error {
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
 		if err != nil {
-			return fail("Internal error", "Failed to encode LFS json response: %v", err)
+			fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
 		return nil
 	}
@@ -293,33 +335,30 @@ func runServ(c *cli.Context) error {
 	var gitcmd *exec.Cmd
 	verbs := strings.Split(verb, " ")
 	if len(verbs) == 2 {
-		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
+		gitcmd = exec.Command(verbs[0], verbs[1], repoPath)
 	} else {
-		gitcmd = exec.CommandContext(ctx, verb, repoPath)
+		gitcmd = exec.Command(verb, repoPath)
 	}
-
+	if isWiki {
-	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
+		if err = private.InitWiki(repo.ID); err != nil {
-	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
+			fail("Internal error", "Failed to init wiki repo: %v", err)
 	if _, err := os.Stat(setting.RepoRootPath); err != nil {
 		if os.IsNotExist(err) {
 			return fail("Incorrect configuration.",
 				"Directory `[repository]` `ROOT` was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository]` `ROOT` an absolute value.")
 		}
 	}
-	process.SetSysProcAttribute(gitcmd)
+	os.Setenv(models.ProtectedBranchRepoID, fmt.Sprintf("%d", repo.ID))
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
 	gitcmd.Stderr = os.Stderr
 	if err = gitcmd.Run(); err != nil {
-		return fail("Internal error", "Failed to execute git command: %v", err)
+		fail("Internal error", "Failed to execute git command: %v", err)
 	}
 	// Update user key activity.
-	if results.KeyID > 0 {
+	if keyID > 0 {
-		if err = private.UpdatePublicKeyInRepo(ctx, results.KeyID, results.RepoID); err != nil {
+		if err = private.UpdatePublicKeyUpdated(keyID); err != nil {
-			return fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
+			fail("Internal error", "UpdatePublicKey: %v", err)
 		}
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -5,22 +5,24 @@
 package cmd
 import (
-	"context"
+	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
 	"net/http/fcgi"
 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
 	"strings"
 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
-	"code.gitea.io/gitea/routers/install"
+	"code.gitea.io/gitea/routers/routes"
 	"github.com/Unknwon/com"
 	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
 	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )
@@ -38,23 +40,15 @@ and it takes care of all the other things for you`,
 			Usage: "Temporary port number to prevent conflict",
 		},
 		cli.StringFlag{
-			Name:  "install-port",
+			Name:  "config, c",
-			Value: "3000",
+			Value: "custom/conf/app.ini",
-			Usage: "Temporary port number to run the install page on to prevent conflict",
+			Usage: "Custom configuration file path",
 		},
 		cli.StringFlag{
 			Name:  "pid, P",
-			Value: setting.PIDFile,
+			Value: "/var/run/gitea.pid",
 			Usage: "Custom pid file path",
 		},
 		cli.BoolFlag{
 			Name:  "quiet, q",
 			Usage: "Only display Fatal logging errors until logging is set-up",
 		},
 		cli.BoolFlag{
 			Name:  "verbose",
 			Usage: "Set initial logging to TRACE level until logging is properly set-up",
 		},
 	},
 }
@@ -71,73 +65,105 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
-	var err = runHTTP("tcp", source, "HTTP Redirector", handler)
+	var err = runHTTP(source, context2.ClearHandler(handler))
 	if err != nil {
-		log.Fatal("Failed to start port redirection: %v", err)
+		log.Fatal(4, "Failed to start port redirection: %v", err)
 	}
 }
-func runWeb(ctx *cli.Context) error {
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
-	if ctx.Bool("verbose") {
+	certManager := autocert.Manager{
-		_ = log.DelLogger("console")
+		Prompt:     autocert.AcceptTOS,
-		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "trace", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
+		HostPolicy: autocert.HostWhitelist(domain),
-	} else if ctx.Bool("quiet") {
+		Cache:      autocert.DirCache(directory),
-		_ = log.DelLogger("console")
+		Email:      email,
 		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "fatal", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
 	}
-	defer func() {
+	go func() {
-		if panicked := recover(); panicked != nil {
+		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-			log.Fatal("PANIC: %v\n%s", panicked, string(log.Stack(2)))
+		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
 		if err != nil {
 			log.Fatal(4, "Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 		}
 	}()
 	server := &http.Server{
 		Addr:    listenAddr,
 		Handler: m,
 		TLSConfig: &tls.Config{
 			GetCertificate: certManager.GetCertificate,
 		},
 	}
 	return server.ListenAndServeTLS("", "")
 }
-	managerCtx, cancel := context.WithCancel(context.Background())
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	graceful.InitManager(managerCtx)
+	if r.Method != "GET" && r.Method != "HEAD" {
-	defer cancel()
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
 		return
 	}
 	// Remove the trailing slash at the end of setting.AppURL, the request
 	// URI always contains a leading slash, which would result in a double
 	// slash
 	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
 	http.Redirect(w, r, target, http.StatusFound)
 }
-	if os.Getppid() > 1 && len(os.Getenv("LISTEN_FDS")) > 0 {
+func runWeb(ctx *cli.Context) error {
-		log.Info("Restarting Gitea on PID: %d from parent PID: %d", os.Getpid(), os.Getppid())
+	if ctx.IsSet("config") {
-	} else {
+		setting.CustomConf = ctx.String("config")
 		log.Info("Starting Gitea on PID: %d", os.Getpid())
 	}
 	// Set pid file setting
 	if ctx.IsSet("pid") {
-		setting.PIDFile = ctx.String("pid")
+		setting.CustomPID = ctx.String("pid")
 		setting.WritePIDFile = true
 	}
-	// Perform pre-initialization
+	routers.GlobalInit()
-	needsInstall := install.PreloadSettings(graceful.GetManager().HammerContext())
+
-	if needsInstall {
+	m := routes.NewMacaron()
-		// Flag for port number in case first time run conflict
+	routes.RegisterRoutes(m)
-		if ctx.IsSet("port") {
+
-			if err := setPort(ctx.String("port")); err != nil {
+	// Flag for port number in case first time run conflict.
-				return err
+	if ctx.IsSet("port") {
-			}
+		setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, ctx.String("port"), 1)
-		}
+		setting.HTTPPort = ctx.String("port")
-		if ctx.IsSet("install-port") {
+
-			if err := setPort(ctx.String("install-port")); err != nil {
+		switch setting.Protocol {
-				return err
+		case setting.UnixSocket:
-			}
+		case setting.FCGI:
 		}
 		c := install.Routes()
 		err := listen(c, false)
 		if err != nil {
 			log.Critical("Unable to open listener for installer. Is Gitea already running?")
 			graceful.GetManager().DoGracefulShutdown()
 		}
 		select {
 		case <-graceful.GetManager().IsShutdown():
 			<-graceful.GetManager().Done()
 			log.Info("PID: %d Gitea Web Finished", os.Getpid())
 			log.Close()
 			return err
 		default:
 			// Save LOCAL_ROOT_URL if port changed
 			cfg := ini.Empty()
 			if com.IsFile(setting.CustomConf) {
 				// Keeps custom settings if there is already something.
 				if err := cfg.Append(setting.CustomConf); err != nil {
 					return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 				}
 			}
 			defaultLocalURL := string(setting.Protocol) + "://"
 			if setting.HTTPAddr == "0.0.0.0" {
 				defaultLocalURL += "localhost"
 			} else {
 				defaultLocalURL += setting.HTTPAddr
 			}
 			defaultLocalURL += ":" + setting.HTTPPort + "/"
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 			if err := cfg.SaveTo(setting.CustomConf); err != nil {
 				return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err)
 			}
 		}
-	} else {
+	}
-		NoInstallListener()
+
 	listenAddr := setting.HTTPAddr
 	if setting.Protocol != setting.UnixSocket {
 		listenAddr += ":" + setting.HTTPPort
 	}
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	if setting.LFS.StartServer {
 		log.Info("LFS server enabled")
 	}
 	if setting.EnablePprof {
@@ -147,116 +173,49 @@ func runWeb(ctx *cli.Context) error {
 		}()
 	}
 	log.Info("Global init")
 	// Perform global initialization
 	setting.LoadFromExisting()
 	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
 	// We check that AppDataPath exists here (it should have been created during installation)
 	// We can't check it in `GlobalInitInstalled`, because some integration tests
 	// use cmd -> GlobalInitInstalled, but the AppDataPath doesn't exist during those tests.
 	if _, err := os.Stat(setting.AppDataPath); err != nil {
 		log.Fatal("Can not find APP_DATA_PATH '%s'", setting.AppDataPath)
 	}
 	// Override the provided port number within the configuration
 	if ctx.IsSet("port") {
 		if err := setPort(ctx.String("port")); err != nil {
 			return err
 		}
 	}
 	// Set up Chi routes
 	c := routers.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
 	log.Close()
 	return err
 }
 func setPort(port string) error {
 	setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, port, 1)
 	setting.HTTPPort = port
 	switch setting.Protocol {
 	case setting.HTTPUnix:
 	case setting.FCGI:
 	case setting.FCGIUnix:
 	default:
 		defaultLocalURL := string(setting.Protocol) + "://"
 		if setting.HTTPAddr == "0.0.0.0" {
 			defaultLocalURL += "localhost"
 		} else {
 			defaultLocalURL += setting.HTTPAddr
 		}
 		defaultLocalURL += ":" + setting.HTTPPort + "/"
 		// Save LOCAL_ROOT_URL if port changed
 		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 		})
 	}
 	return nil
 }
 func listen(m http.Handler, handleRedirector bool) error {
 	listenAddr := setting.HTTPAddr
 	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
 		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
 	}
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
 	// A user may fix the configuration mistake when he sees this log.
 	// And this is also very helpful to maintainers to provide help to users to resolve their configuration problems.
 	log.Info("AppURL(ROOT_URL): %s", setting.AppURL)
 	if setting.LFS.StartServer {
 		log.Info("LFS server enabled")
 	}
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		if handleRedirector {
+		err = runHTTP(listenAddr, context2.ClearHandler(m))
 			NoHTTPRedirector()
 		}
 		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
 		if setting.EnableLetsEncrypt {
-			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, m)
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 			break
 		}
-		if handleRedirector {
+		if setting.RedirectOtherPort {
-			if setting.RedirectOtherPort {
+			go runHTTPRedirector()
 				go runHTTPRedirector()
 			} else {
 				NoHTTPRedirector()
 			}
 		}
-		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
+		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		if handleRedirector {
+		listener, err := net.Listen("tcp", listenAddr)
-			NoHTTPRedirector()
+		if err != nil {
 			log.Fatal(4, "Failed to bind %s", listenAddr, err)
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
+		defer listener.Close()
-	case setting.HTTPUnix:
+		err = fcgi.Serve(listener, context2.ClearHandler(m))
-		if handleRedirector {
+	case setting.UnixSocket:
-			NoHTTPRedirector()
+		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
 			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
 		}
-		err = runHTTP("unix", listenAddr, "Web", m)
+		var listener *net.UnixListener
-	case setting.FCGIUnix:
+		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
-		if handleRedirector {
+		if err != nil {
-			NoHTTPRedirector()
+			break // Handle error after switch
 		}
-		err = runFCGI("unix", listenAddr, "Web", m)
+
 		// FIXME: add proper implementation of signal capture on all protocols
 		// execute this on SIGTERM or SIGINT: listener.Close()
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
 			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
 		}
 		err = http.Serve(listener, context2.ClearHandler(m))
 	default:
-		log.Fatal("Invalid protocol: %s", setting.Protocol)
+		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
 	}
 	if err != nil {
-		log.Critical("Failed to start server: %v", err)
+		log.Fatal(4, "Failed to start server: %v", err)
 	}
-	log.Info("HTTP Listener: %s Closed", listenAddr)
+
-	return err
+	return nil
 }
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -1,3 +1,5 @@
 // +build !windows
 // Copyright 2016 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
@@ -5,52 +7,39 @@
 package cmd
 import (
-	"net"
+	"crypto/tls"
 	"net/http"
 	"net/http/fcgi"
 	"strings"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
+
 	"github.com/facebookgo/grace/gracehttp"
 )
-func runHTTP(network, listenAddr, name string, m http.Handler) error {
+func runHTTP(listenAddr string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
+	return gracehttp.Serve(&http.Server{
-}
+		Addr:    listenAddr,
-
+		Handler: m,
-// NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
+	})
-func NoHTTPRedirector() {
+}
-	graceful.GetManager().InformCleanup()
+
-}
+func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
-
+	config := &tls.Config{
-// NoMainListener tells our cleanup routine that we will not be using a possibly provided listener
+		MinVersion: tls.VersionTLS10,
-// for our main HTTP/HTTPS service
+	}
-func NoMainListener() {
+	if config.NextProtos == nil {
-	graceful.GetManager().InformCleanup()
+		config.NextProtos = []string{"http/1.1"}
-}
+	}
-
+
-// NoInstallListener tells our cleanup routine that we will not be using a possibly provided listener
+	config.Certificates = make([]tls.Certificate, 1)
-// for our install HTTP/HTTPS service
+	var err error
-func NoInstallListener() {
+	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
-	graceful.GetManager().InformCleanup()
+	if err != nil {
-}
+		log.Fatal(4, "Failed to load https cert file %s: %v", listenAddr, err)
-
+	}
-func runFCGI(network, listenAddr, name string, m http.Handler) error {
+
-	// This needs to handle stdin as fcgi point
+	return gracehttp.Serve(&http.Server{
-	fcgiServer := graceful.NewServer(network, listenAddr, name)
+		Addr:      listenAddr,
-
+		Handler:   m,
-	err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
+		TLSConfig: config,
 		return fcgi.Serve(listener, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
 			if setting.AppSubURL != "" {
 				req.URL.Path = strings.TrimPrefix(req.URL.Path, setting.AppSubURL)
 			}
 			m.ServeHTTP(resp, req)
 		}))
 	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
 	log.Info("FCGI Listener: %s Closed", listenAddr)
 	return err
 }
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,192 +0,0 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"crypto/tls"
 	"net/http"
 	"os"
 	"strings"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/klauspost/cpuid/v2"
 )
 var tlsVersionStringMap = map[string]uint16{
 	"":        tls.VersionTLS12, // Default to tls.VersionTLS12
 	"tlsv1.0": tls.VersionTLS10,
 	"tlsv1.1": tls.VersionTLS11,
 	"tlsv1.2": tls.VersionTLS12,
 	"tlsv1.3": tls.VersionTLS13,
 }
 func toTLSVersion(version string) uint16 {
 	tlsVersion, ok := tlsVersionStringMap[strings.TrimSpace(strings.ToLower(version))]
 	if !ok {
 		log.Warn("Unknown tls version: %s", version)
 		return 0
 	}
 	return tlsVersion
 }
 var curveStringMap = map[string]tls.CurveID{
 	"x25519": tls.X25519,
 	"p256":   tls.CurveP256,
 	"p384":   tls.CurveP384,
 	"p521":   tls.CurveP521,
 }
 func toCurvePreferences(preferences []string) []tls.CurveID {
 	ids := make([]tls.CurveID, 0, len(preferences))
 	for _, pref := range preferences {
 		id, ok := curveStringMap[strings.TrimSpace(strings.ToLower(pref))]
 		if !ok {
 			log.Warn("Unknown curve: %s", pref)
 		}
 		if id != 0 {
 			ids = append(ids, id)
 		}
 	}
 	return ids
 }
 var cipherStringMap = map[string]uint16{
 	"rsa_with_rc4_128_sha":                      tls.TLS_RSA_WITH_RC4_128_SHA,
 	"rsa_with_3des_ede_cbc_sha":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
 	"rsa_with_aes_128_cbc_sha":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
 	"rsa_with_aes_256_cbc_sha":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
 	"rsa_with_aes_128_cbc_sha256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
 	"rsa_with_aes_128_gcm_sha256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
 	"rsa_with_aes_256_gcm_sha384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
 	"ecdhe_ecdsa_with_rc4_128_sha":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
 	"ecdhe_ecdsa_with_aes_128_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
 	"ecdhe_ecdsa_with_aes_256_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
 	"ecdhe_rsa_with_rc4_128_sha":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 	"ecdhe_rsa_with_3des_ede_cbc_sha":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
 	"ecdhe_rsa_with_aes_128_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
 	"ecdhe_rsa_with_aes_256_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
 	"ecdhe_ecdsa_with_aes_128_cbc_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
 	"ecdhe_rsa_with_aes_128_cbc_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
 	"ecdhe_rsa_with_aes_128_gcm_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 	"ecdhe_ecdsa_with_aes_128_gcm_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 	"ecdhe_rsa_with_aes_256_gcm_sha384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 	"ecdhe_ecdsa_with_aes_256_gcm_sha384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 	"ecdhe_rsa_with_chacha20_poly1305_sha256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
 	"ecdhe_ecdsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
 	"ecdhe_rsa_with_chacha20_poly1305":          tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 	"ecdhe_ecdsa_with_chacha20_poly1305":        tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 	"aes_128_gcm_sha256":                        tls.TLS_AES_128_GCM_SHA256,
 	"aes_256_gcm_sha384":                        tls.TLS_AES_256_GCM_SHA384,
 	"chacha20_poly1305_sha256":                  tls.TLS_CHACHA20_POLY1305_SHA256,
 }
 func toTLSCiphers(cipherStrings []string) []uint16 {
 	ciphers := make([]uint16, 0, len(cipherStrings))
 	for _, cipherString := range cipherStrings {
 		cipher, ok := cipherStringMap[strings.TrimSpace(strings.ToLower(cipherString))]
 		if !ok {
 			log.Warn("Unknown cipher: %s", cipherString)
 		}
 		if cipher != 0 {
 			ciphers = append(ciphers, cipher)
 		}
 	}
 	return ciphers
 }
 // defaultCiphers uses hardware support to check if AES is specifically
 // supported by the CPU.
 //
 // If AES is supported AES ciphers will be preferred over ChaCha based ciphers
 // (This code is directly inspired by the certmagic code.)
 func defaultCiphers() []uint16 {
 	if cpuid.CPU.Supports(cpuid.AESNI) {
 		return defaultCiphersAESfirst
 	}
 	return defaultCiphersChaChaFirst
 }
 var (
 	defaultCiphersAES = []uint16{
 		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
 		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
 		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
 		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
 	}
 	defaultCiphersChaCha = []uint16{
 		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
 		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
 	}
 	defaultCiphersAESfirst    = append(defaultCiphersAES, defaultCiphersChaCha...)
 	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
 )
 // runHTTPs listens on the provided network address and then calls
 // Serve to handle requests on incoming TLS connections.
 //
 // Filenames containing a certificate and matching private key for the server must
 // be provided. If the certificate is signed by a certificate authority, the
 // certFile should be the concatenation of the server's certificate followed by the
 // CA's certificate.
 func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
 	tlsConfig := &tls.Config{}
 	if tlsConfig.NextProtos == nil {
 		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
 	}
 	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
 		tlsConfig.MinVersion = version
 	}
 	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
 		tlsConfig.MaxVersion = version
 	}
 	// Set curve preferences
 	tlsConfig.CurvePreferences = []tls.CurveID{
 		tls.X25519,
 		tls.CurveP256,
 	}
 	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
 		tlsConfig.CurvePreferences = curves
 	}
 	// Set cipher suites
 	tlsConfig.CipherSuites = defaultCiphers()
 	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
 		tlsConfig.CipherSuites = ciphers
 	}
 	tlsConfig.Certificates = make([]tls.Certificate, 1)
 	certPEMBlock, err := os.ReadFile(certFile)
 	if err != nil {
 		log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, network, listenAddr, err)
 		return err
 	}
 	keyPEMBlock, err := os.ReadFile(keyFile)
 	if err != nil {
 		log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, network, listenAddr, err)
 		return err
 	}
 	tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
 	if err != nil {
 		log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, network, listenAddr, err)
 		return err
 	}
 	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
 func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
 	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -1,100 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"net/http"
 	"strconv"
 	"strings"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/caddyserver/certmagic"
 )
 func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
 	// Due to docker port mapping this can't be checked programmatically
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
 	enableHTTPChallenge := true
 	enableTLSALPNChallenge := true
 	altHTTPPort := 0
 	altTLSALPNPort := 0
 	if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
 		altHTTPPort = p
 	}
 	if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
 		altTLSALPNPort = p
 	}
 	magic := certmagic.NewDefault()
 	magic.Storage = &certmagic.FileStorage{Path: directory}
 	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
 		Email:                   email,
 		Agreed:                  setting.LetsEncryptTOS,
 		DisableHTTPChallenge:    !enableHTTPChallenge,
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
 		ListenHost:              setting.HTTPAddr,
 		AltTLSALPNPort:          altTLSALPNPort,
 		AltHTTPPort:             altHTTPPort,
 	})
 	magic.Issuers = []certmagic.Issuer{myACME}
 	// this obtains certificates or renews them if necessary
 	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
 	if err != nil {
 		return err
 	}
 	tlsConfig := magic.TLSConfig()
 	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
 	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
 		tlsConfig.MinVersion = version
 	}
 	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
 		tlsConfig.MaxVersion = version
 	}
 	// Set curve preferences
 	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
 		tlsConfig.CurvePreferences = curves
 	}
 	// Set cipher suites
 	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
 		tlsConfig.CipherSuites = ciphers
 	}
 	if enableHTTPChallenge {
 		go func() {
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
 			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}
 	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
 }
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 	if r.Method != "GET" && r.Method != "HEAD" {
 		http.Error(w, "Use HTTPS", http.StatusBadRequest)
 		return
 	}
 	// Remove the trailing slash at the end of setting.AppURL, the request
 	// URI always contains a leading slash, which would result in a double
 	// slash
 	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
 	http.Redirect(w, r, target, http.StatusFound)
 }
--- a/cmd/web_windows.go
+++ b/cmd/web_windows.go
@@ -0,0 +1,19 @@
 // +build windows
 // Copyright 2016 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"net/http"
 )
 func runHTTP(listenAddr string, m http.Handler) error {
 	return http.ListenAndServe(listenAddr, m)
 }
 func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
 	return http.ListenAndServeTLS(listenAddr, certFile, keyFile, m)
 }
--- a/contrib/environment-to-ini/README
+++ b/contrib/environment-to-ini/README
@@ -1,47 +0,0 @@
 Environment To Ini
 ==================
 Multiple docker users have requested that the Gitea docker is changed
 to permit arbitrary configuration via environment variables.
 Gitea needs to use an ini file for configuration because the running
 environment that starts the docker may not be the same as that used
 by the hooks. An ini file also gives a good default and means that
 users do not have to completely provide a full environment.
 With those caveats above, this command provides a generic way of
 converting suitably structured environment variables into any ini
 value.
 To use the command is very simple just run it and the default gitea
 app.ini will be rewritten to take account of the variables provided,
 however there are various options to give slightly different
 behavior and these can be interrogated with the `-h` option.
 The environment variables should be of the form:
 	GITEA__SECTION_NAME__KEY_NAME
 Note, SECTION_NAME in the notation above is case-insensitive.
 Environment variables are usually restricted to a reduced character
 set "0-9A-Z_" - in order to allow the setting of sections with
 characters outside of that set, they should be escaped as following:
 "_0X2E_" for "." and "_0X2D_" for "-". The entire section and key names 
 can be escaped as a UTF8 byte string if necessary. E.g. to configure:
 	"""
 	...
 	[log.console]
 	COLORIZE=false
 	STDERR=true
 	...
 	"""
 You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
 and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 on the configuration cheat sheet.
 To build locally, run:
 	go build contrib/environment-to-ini/environment-to-ini.go
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -1,237 +0,0 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
 import (
 	"os"
 	"regexp"
 	"strconv"
 	"strings"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
 // EnvironmentPrefix environment variables prefixed with this represent ini values to write
 const EnvironmentPrefix = "GITEA"
 func main() {
 	app := cli.NewApp()
 	app.Name = "environment-to-ini"
 	app.Usage = "Use provided environment to update configuration ini"
 	app.Description = `As a helper to allow docker users to update the gitea configuration
 	through the environment, this command allows environment variables to
 	be mapped to values in the ini.
 	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME"
 	will be mapped to the ini section "[section_name]" and the key
 	"KEY_NAME" with the value as provided.
 	Environment variables are usually restricted to a reduced character
 	set "0-9A-Z_" - in order to allow the setting of sections with
 	characters outside of that set, they should be escaped as following:
 	"_0X2E_" for ".". The entire section and key names can be escaped as
 	a UTF8 byte string if necessary. E.g. to configure:
 		"""
 		...
 		[log.console]
 		COLORIZE=false
 		STDERR=true
 		...
 		"""
 	You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
 	and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 	on the configuration cheat sheet.`
 	app.Flags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "custom-path, C",
 			Value: setting.CustomPath,
 			Usage: "Custom path file path",
 		},
 		cli.StringFlag{
 			Name:  "config, c",
 			Value: setting.CustomConf,
 			Usage: "Custom configuration file path",
 		},
 		cli.StringFlag{
 			Name:  "work-path, w",
 			Value: setting.AppWorkPath,
 			Usage: "Set the gitea working path",
 		},
 		cli.StringFlag{
 			Name:  "out, o",
 			Value: "",
 			Usage: "Destination file to write to",
 		},
 		cli.BoolFlag{
 			Name:  "clear",
 			Usage: "Clears the matched variables from the environment",
 		},
 		cli.StringFlag{
 			Name:  "prefix, p",
 			Value: EnvironmentPrefix,
 			Usage: "Environment prefix to look for - will be suffixed by __ (2 underscores)",
 		},
 	}
 	app.Action = runEnvironmentToIni
 	setting.SetCustomPathAndConf("", "", "")
 	err := app.Run(os.Args)
 	if err != nil {
 		log.Fatal("Failed to run app with %s: %v", os.Args, err)
 	}
 }
 func runEnvironmentToIni(c *cli.Context) error {
 	providedCustom := c.String("custom-path")
 	providedConf := c.String("config")
 	providedWorkPath := c.String("work-path")
 	setting.SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath)
 	cfg := ini.Empty()
 	isFile, err := util.IsFile(setting.CustomConf)
 	if err != nil {
 		log.Fatal("Unable to check if %s is a file. Error: %v", setting.CustomConf, err)
 	}
 	if isFile {
 		if err := cfg.Append(setting.CustomConf); err != nil {
 			log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 		}
 	} else {
 		log.Warn("Custom config '%s' not found, ignore this if you're running first time", setting.CustomConf)
 	}
 	cfg.NameMapper = ini.SnackCase
 	changed := false
 	prefix := c.String("prefix") + "__"
 	for _, kv := range os.Environ() {
 		idx := strings.IndexByte(kv, '=')
 		if idx < 0 {
 			continue
 		}
 		eKey := kv[:idx]
 		value := kv[idx+1:]
 		if !strings.HasPrefix(eKey, prefix) {
 			continue
 		}
 		eKey = eKey[len(prefix):]
 		sectionName, keyName := DecodeSectionKey(eKey)
 		if len(keyName) == 0 {
 			continue
 		}
 		section, err := cfg.GetSection(sectionName)
 		if err != nil {
 			section, err = cfg.NewSection(sectionName)
 			if err != nil {
 				log.Error("Error creating section: %s : %v", sectionName, err)
 				continue
 			}
 		}
 		key := section.Key(keyName)
 		if key == nil {
 			key, err = section.NewKey(keyName, value)
 			if err != nil {
 				log.Error("Error creating key: %s in section: %s with value: %s : %v", keyName, sectionName, value, err)
 				continue
 			}
 		}
 		oldValue := key.Value()
 		if !changed && oldValue != value {
 			changed = true
 		}
 		key.SetValue(value)
 	}
 	destination := c.String("out")
 	if len(destination) == 0 {
 		destination = setting.CustomConf
 	}
 	if destination != setting.CustomConf || changed {
 		log.Info("Settings saved to: %q", destination)
 		err = cfg.SaveTo(destination)
 		if err != nil {
 			return err
 		}
 	}
 	if c.Bool("clear") {
 		for _, kv := range os.Environ() {
 			idx := strings.IndexByte(kv, '=')
 			if idx < 0 {
 				continue
 			}
 			eKey := kv[:idx]
 			if strings.HasPrefix(eKey, prefix) {
 				_ = os.Unsetenv(eKey)
 			}
 		}
 	}
 	return nil
 }
 const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_"
 var escapeRegex = regexp.MustCompile(escapeRegexpString)
 // DecodeSectionKey will decode a portable string encoded Section__Key pair
 // Portable strings are considered to be of the form [A-Z0-9_]*
 // We will encode a disallowed value as the UTF8 byte string preceded by _0X and
 // followed by _. E.g. _0X2C_ for a '-' and _0X2E_ for '.'
 // Section and Key are separated by a plain '__'.
 // The entire section can be encoded as a UTF8 byte string
 func DecodeSectionKey(encoded string) (string, string) {
 	section := ""
 	key := ""
 	inKey := false
 	last := 0
 	escapeStringIndices := escapeRegex.FindAllStringIndex(encoded, -1)
 	for _, unescapeIdx := range escapeStringIndices {
 		preceding := encoded[last:unescapeIdx[0]]
 		if !inKey {
 			if splitter := strings.Index(preceding, "__"); splitter > -1 {
 				section += preceding[:splitter]
 				inKey = true
 				key += preceding[splitter+2:]
 			} else {
 				section += preceding
 			}
 		} else {
 			key += preceding
 		}
 		toDecode := encoded[unescapeIdx[0]+3 : unescapeIdx[1]-1]
 		decodedBytes := make([]byte, len(toDecode)/2)
 		for i := 0; i < len(toDecode)/2; i++ {
 			// Can ignore error here as we know these should be hexadecimal from the regexp
 			byteInt, _ := strconv.ParseInt(toDecode[2*i:2*i+2], 16, 0)
 			decodedBytes[i] = byte(byteInt)
 		}
 		if inKey {
 			key += string(decodedBytes)
 		} else {
 			section += string(decodedBytes)
 		}
 		last = unescapeIdx[1]
 	}
 	remaining := encoded[last:]
 	if !inKey {
 		if splitter := strings.Index(remaining, "__"); splitter > -1 {
 			section += remaining[:splitter]
 			key += remaining[splitter+2:]
 		} else {
 			section += remaining
 		}
 	} else {
 		key += remaining
 	}
 	section = strings.ToLower(section)
 	return section, key
 }
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -1,40 +0,0 @@
 #!/bin/bash
 #############################################################################
 # This script sets some defaults for gitea to run in a FHS compliant manner #
 #############################################################################
 # It assumes that you place this script as gitea in /usr/bin
 #
 # And place the original in /usr/lib/gitea with working files in /var/lib/gitea
 # and main configuration in /etc/gitea/app.ini
 GITEA="/usr/lib/gitea/gitea"
 WORK_DIR="/var/lib/gitea"
 APP_INI="/etc/gitea/app.ini"
 APP_INI_SET=""
 for i in "$@"; do
 	case "$i" in
 	"-c")
 		APP_INI_SET=1
 		;;
 	"-c="*)
 		APP_INI_SET=1
 		;;
 	"--config")
 		APP_INI_SET=1
 		;;
 	"--config="*)
 		APP_INI_SET=1
 		;;
 	*)
 	;;
 	esac
 done
 if [ -z "$APP_INI_SET" ]; then
 	CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}")
 fi
 # Provide FHS compliant defaults
 GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}"  "$@"
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -1,78 +0,0 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
 import (
 	"fmt"
 	"os"
 	"path/filepath"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/unittest"
 )
 // To generate derivative fixtures, execute the following from Gitea's repository base dir:
 // go run -tags 'sqlite sqlite_unlock_notify' contrib/fixtures/fixture_generation.go [fixture...]
 var (
 	generators = []struct {
 		gen  func() (string, error)
 		name string
 	}{
 		{
 			models.GetYamlFixturesAccess, "access",
 		},
 	}
 	fixturesDir string
 )
 func main() {
 	pathToGiteaRoot := "."
 	fixturesDir = filepath.Join(pathToGiteaRoot, "models", "fixtures")
 	if err := unittest.CreateTestEngine(unittest.FixturesOptions{
 		Dir: fixturesDir,
 	}); err != nil {
 		fmt.Printf("CreateTestEngine: %+v", err)
 		os.Exit(1)
 	}
 	if err := unittest.PrepareTestDatabase(); err != nil {
 		fmt.Printf("PrepareTestDatabase: %+v\n", err)
 		os.Exit(1)
 	}
 	if len(os.Args) == 0 {
 		for _, r := range os.Args {
 			if err := generate(r); err != nil {
 				fmt.Printf("generate '%s': %+v\n", r, err)
 				os.Exit(1)
 			}
 		}
 	} else {
 		for _, g := range generators {
 			if err := generate(g.name); err != nil {
 				fmt.Printf("generate '%s': %+v\n", g.name, err)
 				os.Exit(1)
 			}
 		}
 	}
 }
 func generate(name string) error {
 	for _, g := range generators {
 		if g.name == name {
 			data, err := g.gen()
 			if err != nil {
 				return err
 			}
 			path := filepath.Join(fixturesDir, name+".yml")
 			if err := os.WriteFile(path, []byte(data), 0644); err != nil {
 				return fmt.Errorf("%s: %+v", path, err)
 			}
 			fmt.Printf("%s created.\n", path)
 			return nil
 		}
 	}
 	return fmt.Errorf("generator not found")
 }
--- a/contrib/gitea-monitoring-mixin/.gitignore
+++ b/contrib/gitea-monitoring-mixin/.gitignore
@@ -1,2 +0,0 @@
 dashboards_out
 vendor
--- a/contrib/gitea-monitoring-mixin/Makefile
+++ b/contrib/gitea-monitoring-mixin/Makefile
@@ -1,31 +0,0 @@
 JSONNET_FMT := jsonnetfmt -n 2 --max-blank-lines 1 --string-style s --comment-style s
 .PHONY: all
 all: build dashboards_out
 vendor: jsonnetfile.json
 	jb install
 .PHONY: build
 build: vendor
 .PHONY: fmt
 fmt:
 	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
 		xargs -n 1 -- $(JSONNET_FMT) -i
 .PHONY: lint
 lint: build
 	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
 		while read f; do \
 			$(JSONNET_FMT) "$$f" | diff -u "$$f" -; \
 		done
 	mixtool lint mixin.libsonnet
 dashboards_out: mixin.libsonnet config.libsonnet $(wildcard dashboards/*)
 	@mkdir -p dashboards_out
 	jsonnet -J vendor -m dashboards_out lib/dashboards.jsonnet
 .PHONY: clean
 clean:
 	rm -rf dashboards_out
--- a/contrib/gitea-monitoring-mixin/README.md
+++ b/contrib/gitea-monitoring-mixin/README.md
@@ -1,33 +0,0 @@
 # Gitea Mixin
 Gitea Mixin is a set of configurable Grafana dashboards based on the metrics exported by the Gitea built-in metrics endpoint.
 ## Generate config files
 You can manually generate dashboards, but first you should install some tools:
 ```bash
 go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
 go install github.com/google/go-jsonnet/cmd/jsonnet@latest
 # or in brew: brew install go-jsonnet
 ```
 For linting and formatting, you would also need `mixtool` and `jsonnetfmt` installed. If you
 have a working Go development environment, it's easiest to run the following:
 ```bash
 go install github.com/monitoring-mixins/mixtool/cmd/mixtool@latest
 go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
 ```
 The files in `dashboards_out` need to be imported
 into your Grafana server.  The exact details will be depending on your environment.
 Edit `config.libsonnet` if required and then build JSON dashboard files for Grafana:
 ```bash
 make
 ```
 For more advanced uses of mixins, see
 https://github.com/monitoring-mixins/docs.
--- a/contrib/gitea-monitoring-mixin/config.libsonnet
+++ b/contrib/gitea-monitoring-mixin/config.libsonnet
@@ -1,99 +0,0 @@
 {
  _config+:: {
    local c = self,
    dashboardNamePrefix: 'Gitea',
    dashboardTags: ['gitea'],
    dashboardPeriod: 'now-1h',
    dashboardTimezone: 'default',
    dashboardRefresh: '1m',
    // please see https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
    // Show issue by repository metrics with format gitea_issues_by_repository{repository="org/repo"} 5.
    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_REPOSITORY set to true.
    showIssuesByRepository: true,
    // Show graphs for issue by label metrics with format gitea_issues_by_label{label="bug"} 2.
    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_LABEL set to true.
    showIssuesByLabel: true,
    // Requires Gitea 1.16.0.
    showIssuesOpenClose: true,
    // add or remove metrics from dashboard
    giteaStatMetrics:
      [
        {
          name: 'gitea_organizations',
          description: 'Organizations',
        },
        {
          name: 'gitea_teams',
          description: 'Teams',
        },
        {
          name: 'gitea_users',
          description: 'Users',
        },
        {
          name: 'gitea_repositories',
          description: 'Repositories',
        },
        {
          name: 'gitea_milestones',
          description: 'Milestones',
        },
        {
          name: 'gitea_stars',
          description: 'Stars',
        },
        {
          name: 'gitea_releases',
          description: 'Releases',
        },
      ]
      +
      if c.showIssuesOpenClose then
        [
          {
            name: 'gitea_issues_open',
            description: 'Issues opened',
          },
          {
            name: 'gitea_issues_closed',
            description: 'Issues closed',
          },
        ] else
        [
          {
            name: 'gitea_issues',
            description: 'Issues',
          },
        ],
    //set this for using label colors on graphs
    issueLabels: [
      {
        label: 'bug',
        color: '#ee0701',
      },
      {
        label: 'duplicate',
        color: '#cccccc',
      },
      {
        label: 'invalid',
        color: '#e6e6e6',
      },
      {
        label: 'enhancement',
        color: '#84b6eb',
      },
      {
        label: 'help wanted',
        color: '#128a0c',
      },
      {
        label: 'question',
        color: '#cc317c',
      },
    ],
  },
 }
--- a/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
@@ -1 +0,0 @@
 (import 'overview.libsonnet')
--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -1,461 +0,0 @@
 local grafana = import 'github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet';
 local prometheus = grafana.prometheus;
 local addIssueLabelsOverrides(labels) =
  {
    fieldConfig+: {
      overrides+: [
        {
          matcher: {
            id: 'byRegexp',
            options: label.label,
          },
          properties: [
            {
              id: 'color',
              value: {
                fixedColor: label.color,
                mode: 'fixed',
              },
            },
          ],
        }
        for label in labels
      ],
    },
  };
 {
  grafanaDashboards+:: {
    local giteaSelector = 'job="$job", instance="$instance"',
    local giteaStatsPanel =
      grafana.statPanel.new(
        'Gitea stats',
        datasource='$datasource',
        reducerFunction='lastNotNull',
        graphMode='none',
        colorMode='value',
      )
      .addTargets(
        [
          prometheus.target(expr='%s{%s}' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=10)
          for metric in $._config.giteaStatMetrics
        ]
      )
      + {
        fieldConfig+: {
          defaults+: {
            color: {
              fixedColor: 'blue',
              mode: 'fixed',
            },
          },
        },
      },
    local giteaUptimePanel =
      grafana.statPanel.new(
        'Uptime',
        datasource='$datasource',
        reducerFunction='last',
        graphMode='area',
        colorMode='value',
      )
      .addTarget(prometheus.target(expr='time()-process_start_time_seconds{%s}' % giteaSelector, intervalFactor=1))
      + {
        fieldConfig+: {
          defaults+: {
            color: {
              fixedColor: 'blue',
              mode: 'fixed',
            },
            unit: 's',
          },
        },
      },
    local giteaMemoryPanel =
      grafana.graphPanel.new(
        'Memory usage',
        datasource='$datasource'
      )
      .addTarget(prometheus.target(expr='process_resident_memory_bytes{%s}' % giteaSelector, intervalFactor=2))
      + {
        type: 'timeseries',
        options+: {
          tooltip: {
            mode: 'multi',
          },
          legend+: {
            displayMode: 'hidden',
          },
        },
        fieldConfig+: {
          defaults+: {
            custom+: {
              lineInterpolation: 'smooth',
              fillOpacity: 15,
            },
            color: {
              fixedColor: 'green',
              mode: 'fixed',
            },
            unit: 'decbytes',
          },
        },
      },
    local giteaCpuPanel =
      grafana.graphPanel.new(
        'CPU usage',
        datasource='$datasource'
      )
      .addTarget(prometheus.target(expr='rate(process_cpu_seconds_total{%s}[$__rate_interval])*100' % giteaSelector, intervalFactor=2))
      + {
        type: 'timeseries',
        options+: {
          tooltip: {
            mode: 'multi',
          },
          legend+: {
            displayMode: 'hidden',
          },
        },
        fieldConfig+: {
          defaults+: {
            custom+: {
              lineInterpolation: 'smooth',
              gradientMode: 'scheme',
              fillOpacity: 15,
              axisSoftMin: 0,
              axisSoftMax: 0,
            },
            color: {
              mode: 'continuous-GrYlRd',  // from green to red (100%)
            },
            unit: 'percent',
          },
          overrides: [
            {
              matcher: {
                id: 'byRegexp',
                options: '.+',
              },
              properties: [
                {
                  id: 'max',
                  value: 100,
                },
                {
                  id: 'min',
                  value: 0,
                },
              ],
            },
          ],
        },
      },
    local giteaFileDescriptorsPanel =
      grafana.graphPanel.new(
        'File descriptors usage',
        datasource='$datasource',
      )
      .addTarget(prometheus.target(expr='process_open_fds{%s}' % giteaSelector, intervalFactor=2))
      .addTarget(prometheus.target(expr='process_max_fds{%s}' % giteaSelector, intervalFactor=2))
      .addSeriesOverride(
        {
          alias: '/process_max_fds.+/',
          color: '#F2495C',  // red
          dashes: true,
          fill: 0,
        },
      )
      + {
        type: 'timeseries',
        options+: {
          tooltip: {
            mode: 'multi',
          },
          legend+: {
            displayMode: 'hidden',
          },
        },
        fieldConfig+: {
          defaults+: {
            custom+: {
              lineInterpolation: 'smooth',
              gradientMode: 'scheme',
              fillOpacity: 0,
            },
            color: {
              fixedColor: 'green',
              mode: 'fixed',
            },
            unit: '',
          },
          overrides: [
            {
              matcher: {
                id: 'byFrameRefID',
                options: 'B',
              },
              properties: [
                {
                  id: 'custom.lineStyle',
                  value: {
                    fill: 'dash',
                    dash: [
                      10,
                      10,
                    ],
                  },
                },
                {
                  id: 'color',
                  value: {
                    mode: 'fixed',
                    fixedColor: 'red',
                  },
                },
              ],
            },
          ],
        },
      },
    local giteaChangesPanelPrototype =
      grafana.graphPanel.new(
        '',
        datasource='$datasource',
        interval='$agg_interval',
        maxDataPoints=10000,
      )
      + {
        type: 'timeseries',
        options+: {
          tooltip: {
            mode: 'multi',
          },
          legend+: {
            calcs+: [
              'sum',
            ],
          },
        },
        fieldConfig+: {
          defaults+: {
            noValue: '0',
            custom+: {
              drawStyle: 'bars',
              barAlignment: -1,
              fillOpacity: 50,
              gradientMode: 'hue',
              pointSize: 1,
              lineWidth: 0,
              stacking: {
                group: 'A',
                mode: 'normal',
              },
            },
          },
        },
      },
    local giteaChangesPanelAll =
      giteaChangesPanelPrototype
      .addTarget(prometheus.target(expr='changes(process_start_time_seconds{%s}[$__interval]) > 0' % [giteaSelector], legendFormat='Restarts', intervalFactor=1))
      .addTargets(
        [
          prometheus.target(expr='floor(delta(%s{%s}[$__interval])) > 0' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=1)
          for metric in $._config.giteaStatMetrics
        ]
      ) + { id: 200 },  // some unique number, beyond the maximum number of panels in the dashboard,
    local giteaChangesPanelTotal =
      grafana.statPanel.new(
        'Changes',
        datasource='-- Dashboard --',
        reducerFunction='sum',
        graphMode='none',
        textMode='value_and_name',
        colorMode='value',
      )
      + {
        targets+: [
          {
            panelId: giteaChangesPanelAll.id,
            refId: 'A',
          },
        ],
      }
      + {
        fieldConfig+: {
          defaults+: {
            color: {
              mode: 'palette-classic',
            },
          },
        },
      },
    local giteaChangesByRepositories =
      giteaChangesPanelPrototype
      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_repository{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ repository }}', intervalFactor=1))
      + { id: 210 },  // some unique number, beyond the maximum number of panels in the dashboard,
    local giteaChangesByRepositoriesTotal =
      grafana.statPanel.new(
        'Issues by repository',
        datasource='-- Dashboard --',
        reducerFunction='sum',
        graphMode='none',
        textMode='value_and_name',
        colorMode='value',
      )
      + {
        id: 211,
        targets+: [
          {
            panelId: giteaChangesByRepositories.id,
            refId: 'A',
          },
        ],
      }
      + {
        fieldConfig+: {
          defaults+: {
            color: {
              mode: 'palette-classic',
            },
          },
        },
      },
    local giteaChangesByLabel =
      giteaChangesPanelPrototype
      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_label{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ label }}', intervalFactor=1))
      + addIssueLabelsOverrides($._config.issueLabels)
      + { id: 220 },  // some unique number, beyond the maximum number of panels in the dashboard,
    local giteaChangesByLabelTotal =
      grafana.statPanel.new(
        'Issues by labels',
        datasource='-- Dashboard --',
        reducerFunction='sum',
        graphMode='none',
        textMode='value_and_name',
        colorMode='value',
      )
      + addIssueLabelsOverrides($._config.issueLabels)
      + {
        id: 221,
        targets+: [
          {
            panelId: giteaChangesByLabel.id,
            refId: 'A',
          },
        ],
      }
      + {
        fieldConfig+: {
          defaults+: {
            color: {
              mode: 'palette-classic',
            },
          },
        },
      },
    'gitea-overview.json':
      grafana.dashboard.new(
        '%s Overview' % $._config.dashboardNamePrefix,
        time_from='%s' % $._config.dashboardPeriod,
        editable=false,
        tags=($._config.dashboardTags),
        timezone='%s' % $._config.dashboardTimezone,
        refresh='%s' % $._config.dashboardRefresh,
        graphTooltip='shared_crosshair',
        uid='gitea-overview'
      )
      .addTemplate(
        {
          current: {
            text: 'Prometheus',
            value: 'Prometheus',
          },
          hide: 0,
          label: 'Data Source',
          name: 'datasource',
          options: [],
          query: 'prometheus',
          refresh: 1,
          regex: '',
          type: 'datasource',
        },
      )
      .addTemplate(
        {
          hide: 0,
          label: null,
          name: 'job',
          options: [],
          query: 'label_values(gitea_organizations, job)',
          refresh: 1,
          regex: '',
          type: 'query',
        },
      )
      .addTemplate(
        {
          hide: 0,
          label: null,
          name: 'instance',
          options: [],
          query: 'label_values(gitea_organizations{job="$job"}, instance)',
          refresh: 1,
          regex: '',
          type: 'query',
        },
      )
      .addTemplate(
        {
          hide: 0,
          label: 'aggregation interval',
          name: 'agg_interval',
          auto_min: '1m',
          auto: true,
          query: '1m,10m,1h,1d,7d',
          type: 'interval',
        },
      )
      .addPanel(grafana.row.new(title='General'), gridPos={ x: 0, y: 0, w: 0, h: 0 },)
      .addPanel(giteaStatsPanel, gridPos={ x: 0, y: 0, w: 16, h: 4 })
      .addPanel(giteaUptimePanel, gridPos={ x: 16, y: 0, w: 8, h: 4 })
      .addPanel(giteaMemoryPanel, gridPos={ x: 0, y: 4, w: 8, h: 6 })
      .addPanel(giteaCpuPanel, gridPos={ x: 8, y: 4, w: 8, h: 6 })
      .addPanel(giteaFileDescriptorsPanel, gridPos={ x: 16, y: 4, w: 8, h: 6 })
      .addPanel(grafana.row.new(title='Changes', collapse=false), gridPos={ x: 0, y: 10, w: 24, h: 8 })
      .addPanel(giteaChangesPanelTotal, gridPos={ x: 0, y: 12, w: 6, h: 8 })
      +  // use patching instead of .addPanel() to keep static ids
      {
        panels+: std.flattenArrays([
          [
            giteaChangesPanelAll { gridPos: { x: 6, y: 12, w: 18, h: 8 } },
          ],
          if $._config.showIssuesByRepository then
            [
              giteaChangesByRepositoriesTotal { gridPos: { x: 0, y: 20, w: 6, h: 8 } },
              giteaChangesByRepositories { gridPos: { x: 6, y: 20, w: 18, h: 8 } },
            ] else [],
          if $._config.showIssuesByLabel then
            [
              giteaChangesByLabelTotal { gridPos: { x: 0, y: 28, w: 6, h: 8 } },
              giteaChangesByLabel { gridPos: { x: 6, y: 28, w: 18, h: 8 } },
            ] else [],
        ]),
      },
  },
 }
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.json
@@ -1,15 +0,0 @@
 {
    "version": 1,
    "dependencies": [
      {
        "source": {
          "git": {
            "remote": "https://github.com/grafana/grafonnet-lib.git",
            "subdir": "grafonnet"
          }
        },
        "version": "master"
      }
    ],
    "legacyImports": false
  }
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
@@ -1,16 +0,0 @@
 {
  "version": 1,
  "dependencies": [
    {
      "source": {
        "git": {
          "remote": "https://github.com/grafana/grafonnet-lib.git",
          "subdir": "grafonnet"
        }
      },
      "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
      "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
    }
  ],
  "legacyImports": false
 }
--- a/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
@@ -1 +0,0 @@
 std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)
--- a/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
@@ -1,6 +0,0 @@
 local dashboards = (import '../mixin.libsonnet').grafanaDashboards;
 {
  [name]: dashboards[name]
  for name in std.objectFields(dashboards)
 }
--- a/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
@@ -1 +0,0 @@
 std.manifestYamlDoc((import '../mixin.libsonnet').prometheusRules)
--- a/contrib/gitea-monitoring-mixin/mixin.libsonnet
+++ b/contrib/gitea-monitoring-mixin/mixin.libsonnet
@@ -1,2 +0,0 @@
 (import 'dashboards/dashboards.libsonnet') +
 (import 'config.libsonnet')
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -19,7 +19,7 @@
      "type": "go",
      "request": "launch",
      "mode": "debug",
-      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
+      "buildFlags": "-tags=\"sqlite sqlite_unlock_notify\"",
      "port": 2345,
      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
--- a/contrib/ide/vscode/settings.json
+++ b/contrib/ide/vscode/settings.json
@@ -1,4 +0,0 @@
 {
    "go.buildTags": "'sqlite sqlite_unlock_notify'",
    "go.testFlags": ["-v"]
 }
--- a/contrib/ide/vscode/tasks.json
+++ b/contrib/ide/vscode/tasks.json
@@ -2,7 +2,7 @@
  "version": "2.0.0",
  "tasks": [
    {
-      "label": "Build",
+      "taskName": "Build",
      "type": "shell",
      "command": "go",
      "group": "build",
@@ -12,19 +12,20 @@
        "focus": false,
        "panel": "shared"
      },
      "args": ["build"],
      "linux": {
-        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
      },
      "osx": {
-        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
      },
      "windows": {
-        "args": ["build", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": [ "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
      },
      "problemMatcher": ["$go"]
    },
    {
-      "label": "Build (with SQLite3)",
+      "taskName": "Build (with SQLite3)",
      "type": "shell",
      "command": "go",
      "group": "build",
@@ -34,14 +35,15 @@
        "focus": false,
        "panel": "shared"
      },
      "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\""],
      "linux": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
      },
      "osx": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
      },
      "windows": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": ["-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
      },
      "problemMatcher": ["$go"]
    }
--- a/contrib/init/debian/gitea
+++ b/contrib/init/debian/gitea
@@ -18,7 +18,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
 DESC="Gitea - Git with a cup of tea"
 NAME=gitea
 SERVICEVERBOSE=yes
-PIDFILE=/run/$NAME.pid
+PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 WORKINGDIR=/var/lib/$NAME
 DAEMON=/usr/local/bin/$NAME
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@@ -7,7 +7,7 @@ start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
 command="/usr/local/bin/gitea"
 command_args="web -c /etc/gitea/app.ini"
 command_background=yes
-pidfile=/run/gitea.pid
+pidfile=/var/run/gitea.pid
 depend()
 {
--- a/contrib/init/suse/gitea
+++ b/contrib/init/suse/gitea
@@ -93,7 +93,7 @@ case "$1" in
 		# Return value is slightly different for the status command:
 		# 0 - service up and running
-		# 1 - service dead, but /run/  pid  file exists
+		# 1 - service dead, but /var/run/  pid  file exists
 		# 2 - service dead, but /var/lock/ lock file exists
 		# 3 - service not running (unused)
 		# 4 - service status unknown :-(
--- a/contrib/k8s/gitea.yml
+++ b/contrib/k8s/gitea.yml
@@ -0,0 +1,107 @@
 apiVersion: v1
 kind: Namespace
 metadata:
  name: gitea
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: gitea
  namespace: gitea
  labels:
    app: gitea
 spec:
  replicas: 1
  template:
    metadata:
      name: gitea
      labels:
        app: gitea
    spec:
      containers:
      - name: gitea
        image: gitea/gitea:latest
        imagePullPolicy: Always
        volumeMounts:
          - mountPath: "/var/lib/gitea"
            name: "root"
          - mountPath: "/data"
            name: "data"
        ports:
          - containerPort: 22
            name: ssh
            protocol: TCP
          - containerPort: 3000
            name: http
            protocol: TCP
      restartPolicy: Always
      volumes:
        # Set up a data directory for gitea
        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
      - name: "root"
        hostPath:
          # directory location on host
          path: "/var/lib/gitea"
          # this field is optional
          type: Directory
      - name: "data"
        hostPath:
          path: "/data/gitea"
          type: Directory
  selector:
    matchLabels:
      app: gitea
 ---
 # Using cluster mode
 apiVersion: v1
 kind: Service
 metadata:
  name: gitea-web
  namespace: gitea
  labels:
    app: gitea-web
 spec:
  ports:
  - port: 80
    targetPort: 3000
    name: http
  selector:
    app: gitea
 ---
 # Using node-port mode
 # This mainly open a specific TCP port for SSH usage on each host,
 # so you can use a proxy layer to handle it(e.g. slb, nginx)
 apiVersion: v1
 kind: Service
 metadata:
  name: gitea-ssh
  namespace: gitea
  labels:
    app: gitea-ssh
 spec:
  ports:
  - port: 22
    targetPort: 22
    nodePort: 30022
    name: ssh
  selector:
    app: gitea
  type: NodePort
 ---
 # Ingress is always suitable for HTTP usage,
 # we suggest using an proxy layer such as slb to send traffic to different ports.
 # Usually 80/443 for web and 22 directly for SSH.
 apiVersion: extensions/v1beta1
 kind: Ingress
 metadata:
  name: gitea
  namespace: gitea
 spec:
  rules:
  - host: your-gitea-host.com
    http:
      paths:
      - backend:
          serviceName: gitea-web
          servicePort: 80
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Lunny Xiao	11f6ed4f83	fix api route (#7346 ) (#7347 )	2019-07-03 03:15:55 -04:00
Antoine GIRARD	e94a84248d	add .fa margin like .octicon (#7267 )	2019-06-20 22:41:21 +08:00
John Olheiser	cf7a5b3d91	Changelog 1.8.3 (#7230 ) * Changelog 1.8.3 Signed-off-by: jolheiser <john.olheiser@gmail.com> * Suggestion Co-Authored-By: zeripath <art27@cantab.net>	2019-06-17 18:08:50 +01:00
zeripath	5d1a8d23b0	Always set userID on LFS authentication (#7224 ) * Always set userID on LFS authentication Fix #5478 Fix #7219 * Deploy keys should only be able to read their repos	2019-06-17 18:36:42 +03:00
zeripath	dbd0a2e6dc	Fix LFS Locks over SSH (#6999 ) (#7223 ) * Fix LFS Locks over SSH * Mark test as skipped	2019-06-17 14:54:49 +01:00
Lunny Xiao	7697a282d6	fix duplicated file on pull request conflicted files (#7211 ) (#7214 )	2019-06-15 17:22:45 +01:00
zeripath	76e8eec3d9	Detect noreply email address as user (#7133 ) (#7195 )	2019-06-13 12:16:50 -04:00
Lunny Xiao	10effb396a	if milestone id is zero don't get it from database (#7174 )	2019-06-10 23:29:07 +08:00
Lanre Adelowo	5e97b2d00e	archived repos can be starred and watched (#7163 ) (#7168 )	2019-06-10 09:20:34 -04:00
Lunny Xiao	873acd884d	fix GCArgs load from ini (#7156 ) (#7157 )	2019-06-08 10:41:44 -04:00
techknowlogick	dc73b2748d	1.8.2 changelog (#7079 ) * 1.8.2 changelog	2019-05-29 20:29:53 +01:00
Lunny Xiao	31ad8b7026	Fix wrong init dependency on markup extensions (#7038 ) (#7074 ) * fix wrong init dependency on markup extensions	2019-05-29 12:05:36 -04:00
techknowlogick	d07edc5336	Handle early git version's lack of get-url (#7065 ) (#7076 )	2019-05-29 12:04:55 -04:00
Lunny Xiao	63cb160cb1	fix possbile mysql invalid connnection error (#7051 ) (#7071 )	2019-05-29 10:49:03 +01:00
zeripath	8d5c3d3d0b	Install page - Handle invalid administrator username better (#7060 ) (#7063 ) * Install page - detect invalid admin username before installing * Also fix #6954	2019-05-28 10:38:13 +01:00
techknowlogick	706d85b87d	Disable arm7 builds (#7037 ) (#7042 )	2019-05-25 20:03:43 +01:00
jpicht	75e491c03e	Fix default for allowing new organization creation for new users (#7017 ) (#7034 ) * FIX issue 6542 When creating users DefaultAllowCreateOrganization was ignored. Signed-off-by: Julian Picht <julian.picht@gmail.com> * fix TestCreateUser_Issue5882 Signed-off-by: Julian Picht <julian.picht@gmail.com>	2019-05-25 02:00:04 +03:00
Lauris BH	608f46e59c	SearchRepositoryByName improvements and unification (#6897 ) (#7002 ) * SearchRepositoryByName improvements and unification (#6897) * Update tests Co-Authored-By: zeripath <art27@cantab.net> * Update tests Co-Authored-By: zeripath <art27@cantab.net> * Update tests Co-Authored-By: zeripath <art27@cantab.net> * Fix tests	2019-05-21 18:07:07 +03:00
David Schneiderbauer	895764e7f5	fix u2f registrationlist ToRegistrations() method (#6980 ) (#6982 )	2019-05-18 10:15:41 -04:00
mrsdizzie	21983965d0	Allow collaborators to view repo owned by private org (#6965 ) (#6968 ) * Allow collaborators to view repo owned private org (#6965) Handle case where an orginization is private but a user who is not a member of the orgninization has been added as a collaborator of a repo within that org Fixes #6962 * Match release/v1.8 fixtures	2019-05-16 18:01:55 -04:00
techknowlogick	e069a75817	Use AppURL for Oauth user link (#6894 ) (#6925 )	2019-05-13 07:53:02 +03:00
zeripath	ebb8fa610c	Escape the commit message on issues update (#6901 ) (#6902 )	2019-05-10 21:19:45 +01:00
Richard Mahn	c8fc7fce4a	Fixes #6881 - API users search fix (#6882 ) (#6885 )	2019-05-09 13:37:49 +08:00
John Olheiser	57b226e284	1.8.1 changelog (#6877 ) * New and improved Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add backport/original PR numbers Change wording for 500 error Signed-off-by: jolheiser <john.olheiser@gmail.com>	2019-05-08 10:58:05 -04:00
Lunny Xiao	5f20841bc3	Fix 404 when send pull request some situation (#6871 ) (#6873 )	2019-05-08 00:05:05 -04:00
Antoine GIRARD	40dc7342cf	Enforce osusergo build tag for releases (#6869 )	2019-05-06 22:35:25 +01:00
techknowlogick	6d2f0e555e	Don't post process commit summary in templates (#6868 ) Backport #6842 credit to @mrsdizzie	2019-05-06 22:05:04 +03:00
Lunny Xiao	476ca67cd4	fix config ui error about cache ttl (#6861 ) (#6865 )	2019-05-06 19:18:17 +03:00
Lunny Xiao	96eb99ea55	fix 500 when reviewer is deleted with integration tests (#6856 ) (#6860 )	2019-05-06 17:03:35 +03:00
zeripath	83560bf9d0	Attempt to fix #6707 (#6823 ) (#6854 )	2019-05-06 08:49:38 +08:00
techknowlogick	6b29a6b6f2	Added tags pull step to drone config to show correct version hashes (#6839 ) Backport #6836	2019-05-03 06:18:04 +01:00
SagePtr	74eee64b57	Fix double-generation of scratch token (backport #6833 ) (#6835 )	2019-05-03 00:24:20 +03:00
zeripath	d21dabab4e	When mirroring we should set the remote to mirror (#6824 ) (#6834 )	2019-05-02 15:57:19 -04:00
Lauris BH	34ba1c8957	Show scrollbar only when needed (#6802 ) (#6803 )	2019-04-29 17:23:01 -04:00
techknowlogick	98d82a7dd9	Service worker js is a missing comma (#6788 ) (#6795 )	2019-04-29 13:26:34 -04:00
silverwind	ee163a8af1	Minor CSS cleanup for the navbar (#6553 ) (#6781 ) * Minor CSS cleanup for the navbar * move height fix to navbar Fixes: #6776	2019-04-28 21:47:41 -04:00
ngourdon	ed96b84b2e	Set user search base field optional in DLDAP edit page (#6779 ) (#6789 )	2019-04-28 11:36:07 -04:00
ngourdon	7284829962	Fix team edit API panic (#6785 ) * fix team edit API panic * Change user to a member of the owner team	2019-04-28 09:52:38 -04:00
zeripath	21fb791747	Detect encoding and BOM in content (#6727 ) (#6765 ) Detect and remove a decoded BOM when showing content. Restore the previous encoding and BOM when updating content. On error keep as UTF-8 encoding. Signed-off-by: Andrew Thornton <art27@cantab.net>	2019-04-27 19:36:12 -04:00
mrsdizzie	8b3aad940e	Stricter domain name pattern in email regex (#6768 ) Backport of #6739	2019-04-26 18:40:22 +03:00
Lunny Xiao	81adf6ad86	Fix org visibility bug when git cloning (#6743 ) (#6762 ) * fix org visibility bug * fix permission check * add integration tests * fix tests * change test user name for easier maintainance and fix test * fix test git repo name	2019-04-26 15:02:27 +03:00
techknowlogick	e6cd4f3276	OAuth2 token can be used in basic auth (#6747 ) (#6761 )	2019-04-25 19:57:35 -04:00
Lunny Xiao	30226b4793	fix missing return (#6751 ) (#6756 )	2019-04-25 10:38:51 -04:00
Lunny Xiao	aecd9231ba	Fix: Sort repos on org home page with non-admin login (#6741 ) (#6746 )	2019-04-24 22:47:44 -04:00
Lanre Adelowo	26c1550643	Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736 ) (#6744 ) * Drop is_bare IDX only when it exists * show indexes only on mysql or mariadb	2019-04-24 19:22:06 +01:00
Lunny Xiao	5f6b118007	Fix team members API (#6714 ) (#6729 )	2019-04-24 20:41:02 +08:00
John Olheiser	b1cb52e477	[API] Load issue attributes when editing an issue (#6723 ) (#6725 )	2019-04-23 20:48:20 +03:00
techknowlogick	799f5e05c9	1.8.0 Changelog (#6678 )	2019-04-20 13:23:24 -04:00
zeripath	497f37bffd	Unfortunately MemProvider Init does not actually Init properly (#6692 ) (#6693 ) * Unfortunately MemProvider Init does not actually Init properly Worse all of its members are private and you cannot update them. Simple fix copy it in to modules session. Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix misspelling	2019-04-20 14:42:51 +01:00
zeripath	d7aa553f1b	Prevent creating empty sessions (#6677 ) (#6690 ) Backport #6677 Signed-off-by: Andrew Thornton <art27@cantab.net>	2019-04-20 10:24:20 +01:00
techknowlogick	ba12463175	backport #6674 - API OTP Context (#6676 )	2019-04-19 20:18:10 +08:00
zeripath	0acaa6bd00	Fix 6655 - there is no need to EscapePound .Link as it is already escaped (#6656 ) (#6666 ) Signed-off-by: Andrew Thornton <art27@cantab.net>	2019-04-17 16:19:20 -04:00
zeripath	66a3353c31	Properly escape on the redirect from the web editor (#6657 ) (#6667 )	2019-04-17 15:52:45 -04:00
Segev Finer	5236d8a936	Fix forking an empty repository (#6637 ) (#6653 ) Fixes #6633 Signed-off-by: Segev Finer <segev@codeocean.com>	2019-04-16 20:47:09 +01:00
zeripath	5876e37ed4	Fix dropdown icon padding (#6651 ) (#6654 ) Signed-off-by: Andrew Thornton <art27@cantab.net>	2019-04-16 14:28:42 -04:00
John Olheiser	3c21a0ee80	Add title attributes to all items in the repo list viewer (#6258 ) (#6650 )	2019-04-16 10:25:15 -04:00
Antoine GIRARD	f43783f003	[backport] Fix wrong GPG expire date (#6643 ) (#6644 ) * fix expire of gpg relative to key creation https://tools.ietf.org/html/rfc4880#section-5.2.3.6 * add test	2019-04-16 08:52:09 +08:00
zeripath	b9c5a3acc3	Return a UserList from /api/v1/admin/users (#6629 ) (#6642 )	2019-04-15 17:38:41 -04:00
Jonas Franz	c363ef5da0	Add json tags for oauth2 form (#6627 ) (#6641 ) (cherry picked from commit `62d3f49c28`) Signed-off-by: Jonas Franz <info@jonasfranz.software>	2019-04-15 22:36:14 +02:00
techknowlogick	e8ca2da08f	Fix cross-compile builds (#6609 ) (#6615 ) * Fix cross-compile builds (#6609) * Update Makefile * remove bash requirement	2019-04-14 23:22:48 +03:00
techknowlogick	f64b8eb009	1.8.0-rc3 changelog & 1.7.6 changelog backport (#6597 )	2019-04-12 23:12:47 -04:00
zeripath	40f41dc694	Correctly adjust mirror url (#6593 ) (#6594 )	2019-04-12 22:25:06 +01:00
John Olheiser	a63b9fbc70	Change summary to full message (#6591 ) (#6592 ) Signed-off-by: jolheiser <john.olheiser@gmail.com>	2019-04-12 20:47:29 +03:00
Lunny Xiao	4b87aa367c	fix mail notification when close/reopen issue (#6581 ) (#6588 )	2019-04-12 13:01:34 +01:00
Jonas Franz	72f4cdf868	Add option to disable refresh token invalidation (#6584 ) (#6587 ) * Add option to disable refresh token invalidation Signed-off-by: Jonas Franz <info@jonasfranz.software> * Add integration tests and remove wrong todos Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix typo Signed-off-by: Jonas Franz <info@jonasfranz.software> * Fix tests and add documentation Signed-off-by: Jonas Franz <info@jonasfranz.software> (cherry picked from commit `783cd64927`) Signed-off-by: Jonas Franz <info@jonasfranz.software>	2019-04-12 13:42:44 +03:00
Lunny Xiao	5be1b7df3f	fix bug user search API pagesize didn't obey ExplorePagingNum (#6579 ) (#6586 )	2019-04-11 21:45:35 -04:00
John Olheiser	95e12be30f	Fix new repo alignment (#6583 ) (#6585 ) * Fix new repo alignment (#6583) Signed-off-by: jolheiser <john.olheiser@gmail.com> * Kick Drone * Make stylesheets again. Signed-off-by: jolheiser <john.olheiser@gmail.com>	2019-04-11 19:29:00 -04:00
zeripath	245089b9c9	Prevent server 500 on compare branches with no common history (#6555 ) (#6558 ) * Prevent server 500 on compare branches with no common history (#6555) * Update code.gitea.io/git module	2019-04-11 21:31:17 +01:00
mrsdizzie	2551660f49	Properly escape release attachment URL (#6512 ) (#6523 ) Make sure file attachments on a release get a properly escaped URL when linking. Fixes #6506	2019-04-05 13:00:20 -04:00
Lauris BH	3b28de7d8e	fix bug when user login and want to resend register confirmation email (#6482 ) (#6486 )	2019-04-02 09:36:56 +01:00
zeripath	3725eefb7f	Hacky fix for alignment of the create-organization dialog (#6455 ) (#6462 ) * Hacky fix for alignment of the create-organization dialog * Mangle the post-scripted red-asterisk back in to follow the Visibility Header	2019-03-28 15:17:04 -04:00
John Olheiser	73ce02400c	Changelog 1.8.0 rc2 (#6451 )	2019-03-27 15:16:25 -04:00
John Olheiser	197cbd674d	Changelog 1.7.5 (#6444 ) (#6448 ) Signed-off-by: jolheiser <john.olheiser@gmail.com>	2019-03-27 14:47:14 -04:00
mrsdizzie	4a0f7c1eb4	Change order that PostProcess Processors are run (#6445 ) (#6447 ) Make sure Processors that work on full links are run first so that something matching another pattern doesn't alter a link before we get to it, for example: https://stackoverflow.com/questions/2896191/what-is-go-used-fore Fixes #4813	2019-03-27 12:06:40 -04:00
Segev Finer	e54f7a708c	Fix Hook & HookList in Swagger (#6432 ) (#6440 ) Backport from #6432	2019-03-27 09:03:34 +02:00
mrsdizzie	63f6764dce	Clean up ref name rules (#6437 ) (#6439 )	2019-03-26 21:14:22 +00:00
Allen Wild	0bf7ed55be	routers/repo/setting: display correct error for invalid mirror interval (#6429 ) Set Err_Interval in the context data so that the mirror interval box is highlighted red as expected. Clear Err_RepoName for the mirror and advanced actions. repo_name is not set by these forms, causing auth.validate() to set the Err_RepoName before SettingsPost is called, which would lead to the repository name box getting erroneously highlighted red. Fixes: https://github.com/go-gitea/gitea/issues/6396	2019-03-25 20:35:06 -04:00
kolaente	93e8174e4e	Fixed unitTypeCode not being used (#6419 ) (#6422 )	2019-03-24 17:31:34 +00:00
Lunny Xiao	c5ec66a8a3	fix dump table name error and add some test for dump database (#6394 ) (#6402 )	2019-03-21 09:11:44 +00:00
Lunny Xiao	b6fb082b78	fix migrations 82 to ignore unsynced tags between database and git data and missing is_archived on repository table (#6387 ) (#6403 )	2019-03-21 08:39:50 +00:00
mrsdizzie	3ce195115b	Don't Unescape redirect_to cookie value (#6399 ) (#6401 ) redirect_to holds a value that we want to redirect back to after login. This value can be a path with intentonally escaped values and we should not unescape it. Fixes #4475	2019-03-21 08:58:49 +02:00
Lunny Xiao	00619a04f7	fix bug manifest.json will not request with cookie so that session will created every request (#6372 ) (#6382 )	2019-03-19 22:19:16 -04:00
Lanre Adelowo	16815306ad	make sure units of a team are returned (#6379 ) (#6381 )	2019-03-19 18:40:54 -04:00
techknowlogick	3934d9cd2f	Disable benchmarking during tag events on DroneIO (#6365 ) (#6366 )	2019-03-19 02:54:34 -04:00
		`@@ -1,2 +0,0 @@`
			`open_collective: gitea`
			`custom: https://www.bountysource.com/teams/gitea`
		`@@ -1 +0,0 @@`
			`std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)`
		`@@ -1,2 +0,0 @@`
			`(import 'dashboards/dashboards.libsonnet') +`
			`(import 'config.libsonnet')`