Add Changelog v1.16.7 (#19575 )

Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: Gusted <williamzijl7@hotmail.com>
Dont overwrite err with nil (part #19572 ) (#19574 )
2025-11-03 08:02:36 +09:00 · 2022-05-02 05:41:09 +02:00 · 2022-05-02 01:54:20 +02:00 · 2022-05-01 00:22:42 +02:00 · 2022-04-30 15:00:14 +02:00 · 2022-04-29 12:25:19 +02:00
2427 changed files with 116396 additions and 79407 deletions
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -1,6 +1,3 @@
-# config for changelog tool
-# source: https://gitea.com/gitea/changelog
-
 # The full repository name
 repo: go-gitea/gitea

@@ -21,10 +18,6 @@ groups:
    name: SECURITY
    labels:
      - kind/security
-  -
-    name: FEDERATION
-    labels:
-      - theme/federation
  -
    name: FEATURES
    labels:
--- a/.drone.yml
+++ b/.drone.yml
@@ -109,7 +109,7 @@ steps:
    depends_on: [test-frontend]

  - name: build-backend-no-gcc
-    image: golang:1.18 # this step is kept as the lowest version of golang that we support
+    image: golang:1.16 # this step is kept as the lowest version of golang that we support
    pull: always
    environment:
      GO111MODULE: on
@@ -235,7 +235,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force
    when:
      event:
@@ -331,7 +330,7 @@ steps:
    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
+      - timeout -s ABRT 40m make test-mysql8-migration test-mysql8
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata
@@ -428,7 +427,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force
    when:
      event:
@@ -469,7 +467,7 @@ steps:
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
+      - timeout -s ABRT 40m make test-sqlite-migration test-sqlite
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata gogit sqlite sqlite_unlock_notify
@@ -485,7 +483,7 @@ steps:
    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
-      - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
+      - timeout -s ABRT 40m make test-pgsql-migration test-pgsql
    environment:
      GOPROXY: https://goproxy.io
      TAGS: bindata gogit
@@ -630,7 +628,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: deps-frontend
@@ -749,7 +746,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: deps-frontend
@@ -895,7 +891,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
@@ -959,7 +954,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
@@ -1022,7 +1016,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
@@ -1119,7 +1112,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
@@ -1183,7 +1175,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
@@ -1246,7 +1237,6 @@ steps:
    image: docker:git
    pull: always
    commands:
-      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force

  - name: publish
--- a/.eslintrc
+++ b/.eslintrc
@@ -13,17 +13,19 @@ plugins:
  - eslint-plugin-import
  - eslint-plugin-vue
  - eslint-plugin-html
-  - eslint-plugin-jquery

 extends:
  - plugin:vue/recommended

 env:
-  es2022: true
+  es2021: true
  node: true

 globals:
  __webpack_public_path__: true
+  CodeMirror: false
+  Dropzone: false
+  SimpleMDE: false

 settings:
  html/html-extensions: [".tmpl"]
@@ -32,6 +34,7 @@ overrides:
  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
+      jquery: true
      node: false
  - files: ["templates/**/*.tmpl"]
    rules:
@@ -141,55 +144,6 @@ rules:
  import/unambiguous: [0]
  indent: [2, 2, {SwitchCase: 1}]
  init-declarations: [0]
-  jquery/no-ajax-events: [2]
-  jquery/no-ajax: [0]
-  jquery/no-animate: [2]
-  jquery/no-attr: [0]
-  jquery/no-bind: [2]
-  jquery/no-class: [0]
-  jquery/no-clone: [2]
-  jquery/no-closest: [0]
-  jquery/no-css: [0]
-  jquery/no-data: [0]
-  jquery/no-deferred: [2]
-  jquery/no-delegate: [2]
-  jquery/no-each: [0]
-  jquery/no-extend: [2]
-  jquery/no-fade: [0]
-  jquery/no-filter: [0]
-  jquery/no-find: [0]
-  jquery/no-global-eval: [2]
-  jquery/no-grep: [2]
-  jquery/no-has: [2]
-  jquery/no-hide: [0]
-  jquery/no-html: [0]
-  jquery/no-in-array: [2]
-  jquery/no-is-array: [2]
-  jquery/no-is-function: [2]
-  jquery/no-is: [0]
-  jquery/no-load: [2]
-  jquery/no-map: [0]
-  jquery/no-merge: [2]
-  jquery/no-param: [2]
-  jquery/no-parent: [0]
-  jquery/no-parents: [0]
-  jquery/no-parse-html: [2]
-  jquery/no-prop: [0]
-  jquery/no-proxy: [2]
-  jquery/no-ready: [0]
-  jquery/no-serialize: [2]
-  jquery/no-show: [0]
-  jquery/no-size: [2]
-  jquery/no-sizzle: [0]
-  jquery/no-slide: [0]
-  jquery/no-submit: [0]
-  jquery/no-text: [0]
-  jquery/no-toggle: [0]
-  jquery/no-trigger: [0]
-  jquery/no-trim: [2]
-  jquery/no-val: [0]
-  jquery/no-when: [2]
-  jquery/no-wrap: [2]
  key-spacing: [2]
  keyword-spacing: [2]
  line-comment-position: [0]
@@ -224,7 +178,6 @@ rules:
  no-confusing-arrow: [0]
  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
-  no-constant-binary-expression: [2]
  no-constant-condition: [0]
  no-constructor-return: [2]
  no-continue: [0]
@@ -331,7 +284,7 @@ rules:
  no-unused-expressions: [2]
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
-  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
  no-use-before-define: [2, nofunc]
  no-useless-backreference: [0]
  no-useless-call: [2]
@@ -435,14 +388,12 @@ rules:
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
  unicorn/no-unreadable-array-destructuring: [0]
-  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
  unicorn/no-useless-fallback-in-spread: [2]
  unicorn/no-useless-length-check: [2]
  unicorn/no-useless-promise-resolve-reject: [2]
  unicorn/no-useless-spread: [2]
-  unicorn/no-useless-switch-case: [2]
  unicorn/no-useless-undefined: [0]
  unicorn/no-zero-fractions: [2]
  unicorn/number-literal-case: [0]
@@ -464,9 +415,7 @@ rules:
  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
-  unicorn/prefer-modern-math-apis: [2]
  unicorn/prefer-module: [2]
-  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
  unicorn/prefer-node-protocol: [0]
@@ -497,7 +446,6 @@ rules:
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
  unicorn/template-indent: [2]
-  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,8 @@
 * text=auto eol=lf
-*.tmpl linguist-language=Handlebars
+/vendor/** -text -eol linguist-vendored
+/public/vendor/** -text -eol linguist-vendored
+/templates/**/*.tmpl linguist-language=Handlebars
 /.eslintrc linguist-language=YAML
 /.stylelintrc linguist-language=YAML
-/public/vendor/** -text -eol linguist-vendored
-/vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
-/web_src/js/vendor/** -text -eol linguist-vendored
 Dockerfile.* linguist-language=Dockerfile
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,6 +1,5 @@
 name: Bug Report
 description: Found something you weren't expecting? Report it here!
-labels: kind/bug
 body:
 - type: markdown
  attributes:
@@ -17,16 +16,6 @@ body:
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
 - type: input
  id: gitea-ver
  attributes:
@@ -34,34 +23,6 @@ body:
    description: Gitea version (or commit reference) of your instance
  validations:
    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
 - type: input
  id: git-ver
  attributes:
@@ -92,3 +53,38 @@ body:
    - MySQL
    - MSSQL
    - SQLite
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on the Gitea demo site?
+    description: |
+      If so, please provide a URL in the Description field
+      URL of Gitea demo: https://try.gitea.io
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: markdown
+  attributes:
+    value: |
+      It's really important to provide pertinent logs
+      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
+      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
+- type: input
+  id: logs
+  attributes:
+    label: Log Gist
+    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
+      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If this issue involves the Web Interface, please provide one or more screenshots
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,10 +1,10 @@
-blank_issues_enabled: false
+blank_issues_enabled: true
 contact_links:
  - name: Security Concern
    url: https://tinyurl.com/security-gitea
    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
  - name: Discord Server
-    url: https://discord.gg/Gitea
+    url: https://discord.gg/gitea
    about: Please ask questions and discuss configuration or deployment problems here.
  - name: Discourse Forum
    url: https://discourse.gitea.io
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,6 +1,5 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/feature", "kind/proposal"]
 body:
 - type: markdown
  attributes:
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,6 +1,5 @@
 name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
 body:
 - type: markdown
  attributes:
@@ -16,23 +15,6 @@ body:
      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
      5. Please give all relevant information below for bug reports, because
         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
 - type: input
  id: gitea-ver
  attributes:
@@ -40,18 +22,6 @@ body:
    description: Gitea version (or commit reference) your instance is running
  validations:
    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
 - type: input
  id: os-ver
  attributes:
@@ -64,3 +34,29 @@ body:
    description: The browser and version that you are using to access Gitea
  validations:
    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on the Gitea demo site?
+    description: |
+      If so, please provide a URL in the Description field
+      URL of Gitea demo: https://try.gitea.io
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
+      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: Please provide at least 1 screenshot showing the issue.
+  validations:
+    required: true
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -13,18 +13,15 @@ linters:
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - misspell
-    - gocritic
+    #- gocritic # TODO: disabled until fixed with go 1.18
    - bidichk
    - ineffassign
    - revive
-    - gofumpt
-    - depguard
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: 1.18
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -66,15 +63,7 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.18"
-  depguard:
-    # TODO: use depguard to replace import checks in gitea-vet
-    list-type: denylist
-    # Check the list against standard lib.
-    include-go-root: true
-    packages-with-error-message:
-      - encoding/json: "use gitea's modules/json instead of encoding/json"
-      - github.com/unknwon/com: "use gitea's util and replacements"
+    lang-version: 1.18

 issues:
  exclude-rules:
@@ -162,3 +151,11 @@ issues:
    - path: models/user/openid.go
      linters:
        - golint
+    - linters: staticcheck
+      text: "strings.Title is deprecated: The rule Title uses for word boundaries does not handle Unicode punctuation properly. Use golang.org/x/text/cases instead."
+    - linters: staticcheck
+      text: "util.FindClosure is deprecated: This function can not handle newlines. Many elements can be existed over multiple lines(e.g. link labels). Use text.Reader.FindClosure."
+    - linters: staticcheck
+      text: "gossh.SigAlgoRSASHA2256 is deprecated: use KeyAlgoRSASHA256."
+    - linters: staticcheck
+      text: "gossh.SigAlgoRSASHA2512 is deprecated: use KeyAlgoRSASHA512."
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -14,7 +14,6 @@ rules:
  declaration-block-no-redundant-longhand-properties: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
-  function-no-unknown: null
  hue-degree-notation: null
  indentation: 2
  max-line-length: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,370 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17
-
-* SECURITY
-  * Correctly escape within tribute.js (#20831) (#20832)
-* ENHANCEMENTS
-  * Add support for NuGet API keys (#20721) (#20734)
-  * Display project in issue list (#20583)
-  * Add disable download source configuration (#20548) (#20579)
-  * Add username check to doctor (#20140) (#20671)
-  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
-* BUGFIXES
-  * Use the total issue count for UI (#20785) (#20827)
-  * Add proxy host into allow list (#20798) (#20819)
-  * Add missing translation for queue flush workers (#20791) (#20792)
-  * Improve comment header for mobile (#20781) (#20789)
-  * Fix git.Init for doctor sub-command (#20782) (#20783)
-  * Check webhooks slice length before calling xorm (#20642) (#20768)
-  * Remove manual rollback for failed generated repositories (#20639) (#20762)
-  * Use correct field name in npm template (#20675) (#20760)
-  * Keep download count on Container tag overwrite (#20728) (#20735)
-  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
-  * Use request timeout for git service rpc (#20689) (#20693)
-  * Send correct NuGet status codes (#20647) (#20677)
-  * Use correct context to get package content (#20673) (#20676)
-  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
-  * Add default commit messages to PR for squash merge (#20618) (#20645)
-  * Fix package upload for files >32mb (#20622) (#20635)
-  * Fix the new-line copy-paste for rendered code (#20612)
-  * Clean up and fix clone button script (#20415 & #20600) (#20599)
-  * Fix default merge style (#20564) (#20565)
-  * Add repository condition for issue count (#20454) (#20496)
-  * Make branch icon stand out more (#20726) (#20774)
-  * Fix loading button with invalid form (#20754) (#20759)
-  * Fix SecToTime edge-cases (#20610) (#20611)
-  * Executable check always returns true for windows (#20637) (#20835)
-  * Check issue labels slice length before calling xorm Insert (#20655) (#20836)
-  * Fix owners cannot create organization repos bug (#20841) (#20854)
-  * Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)
-
-## [1.17.0](https://github.com/go-gitea/gitea/releases/tag/v1.17.0) - 2022-07-30
-
-* BREAKING
-  * Require go1.18 for Gitea 1.17 (#19918)
-  * Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
-  * Nuke the incorrect permission report on /api/v1/notifications (#19761)
-  * Refactor git module, make Gitea use internal git config (#19732)
-  * Remove `RequireHighlightJS` field, update plantuml example. (#19615)
-  * Increase minimal required git version to 2.0 (#19577)
-  * Add a directory prefix `gitea-src-VERSION` to release-tar-file (#19396)
-  * Use "main" as default branch name (#19354)
-  * Make cron task no notice on success (#19221)
-  * Add pam account authorization check (#19040)
-  * Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
-  * Refactor mirror code & fix StartToMirror (#18904)
-  * Remove deprecated SSH ciphers from default (#18697)
-  * Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
-  * Update reserved usernames list (#18438)
-  * Support custom ACME provider (#18340)
-  * Change initial TrustModel to committer (#18335)
-  * Update HTTP status codes (#18063)
-  * Upgrade Alpine from 3.13 to 3.15 (#18050)
-  * Restrict email address validation (#17688) 
-  * Refactor Router Logger (#17308)
-* SECURITY
-  * Use git.HOME_PATH for Git HOME directory (#20114) (#20293)
-  * Add write check for creating Commit Statuses (#20332) (#20333)
-  * Remove deprecated SSH ciphers from default (#18697)
-* FEDERATION
-  * Return statistic information for nodeinfo (#19561)
-  * Add Webfinger endpoint (#19462)
-  * Store the foreign ID of issues during migration (#18446)
-* FEATURES
-  * Automatically render wiki TOC (#19873)
-  * Adding button to link accounts from user settings (#19792)
-  * Allow set default merge style while creating repo (#19751)
-  * Auto merge pull requests when all checks succeeded (#9307 & #19648)
-  * Improve reviewing PR UX (#19612)
-  * Add support for rendering console output with colors (#19497)
-  * Add Helm Chart registry (#19406)
-  * Add Goroutine stack inspector to admin/monitor (#19207)
-  * RSS/Atom support for Orgs & Repos (#17714 & #19055)
-  * Add button for issue deletion (#19032)
-  * Allow to mark files in a PR as viewed (#19007)
-  * Add Index to comment for migrations and mirroring (#18806)
-  * Add health check endpoint (#18465)
-  * Add packagist webhook (#18224)
-  * Add "Allow edits from maintainer" feature (#18002)
-  * Add apply-patch, basic revert and cherry-pick functionality (#17902)
-  * Add Package Registry (#16510)
-  * Add LDAP group sync to Teams (#16299)
-  * Pause queues (#15928)
-  * Added auto-save whitespace behavior if it changed manually (#15566)
-  * Find files in repo (#15028)
-  * Provide configuration to allow camo-media proxying (#12802)
-* API
-  * Add endpoint to serve blob or LFS file content (#19689)
-  * Add endpoint to check if team has repo access (#19540)
-  * More commit info (#19252)
-  * Allow to create file on empty repo (#19224)
-  * Allow removing issues (#18879)
-  * Add endpoint to query collaborators permission for a repository (#18761)
-  * Return primary language and repository language stats API URL (#18396)
-  * Implement http signatures support for the API (#17565)
-* ENHANCEMENTS
-  * Make notification bell more prominent on mobile (#20108, #20236, #20251) (#20269)
-  * Adjust max-widths for the repository file table (#20243) (#20247)
-  * Display full name (#20171) (#20246)
-  * Add dbconsistency checks for Stopwatches (#20010)
-  * Add fetch.writeCommitGraph to gitconfig (#20006)
-  * Add fgprof pprof profiler (#20005)
-  * Move agit dependency (#19998)
-  * Empty log queue on flush and close (#19994)
-  * Remove tab/TabName usage where it's not needed (#19973)
-  * Improve file header on mobile (#19945)
-  * Move issues related files into models/issues (#19931)
-  * Add breaking email restrictions checker in doctor (#19903)
-  * Improve UX on modal for deleting an access token (#19894)
-  * Add alt text to logo (#19892)
-  * Move some code into models/git (#19879)
-  * Remove customized (unmaintained) dropdown, improve aria a11y for dropdown (#19861)
-  * Make user profile image show full image on mobile (#19840)
-  * Replace blue button and label classes with primary (#19763)
-  * Remove fomantic progress module (#19760)
-  * Allows repo search to match against "owner/repo" pattern strings (#19754)
-  * Move org functions (#19753)
-  * Move almost all functions' parameter db.Engine to context.Context (#19748)
-  * Show source/target branches on PR's list (#19747)
-  * Use http.StatusTemporaryRedirect(307) when serve avatar directly (#19739)
-  * Add doctor orphan check for orphaned pull requests without an existing base repo  (#19731)
-  * Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
-  * Update go-chi/cache to utilize Ping() (#19719)
-  * Improve commit list/view on mobile (#19712)
-  * Move some repository related code into sub package (#19711)
-  * Use a better OlderThan for DeleteInactiveUsers (#19693)
-  * Introduce eslint-plugin-jquery (#19690)
-  * Tidy up `<head>` template (#19678)
-  * Calculate filename hash only once (#19654)
-  * Simplify `IsVendor` (#19626)
-  * Add "Reference" section to Issue view sidebar (#19609)
-  * Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581)
-  * Use for a repo action one database transaction (#19576)
-  * Simplify loops to copy (#19569)
-  * Added X-Mailer header to outgoing emails (#19562)
-  * use middleware to open gitRepo (#19559)
-  * Mute link in diff header (#19556)
-  * Improve UI on mobile (#19546)
-  * Fix Pull Request comment filename word breaks (#19535)
-  * Permalink files In PR diff (#19534)
-  * PullService lock via pullID (#19520)
-  * Make repository file list useable on mobile (#19515)
-  * more context for models  (#19511)
-  * Refactor readme file renderer (#19502)
-  * By default force vertical tabs on mobile (#19486)
-  * Github style following followers (#19482)
-  * Improve action table indices (#19472)
-  * Use horizontal tabs for repo header on mobile (#19468)
-  * pass gitRepo down since its used for main repo and wiki (#19461)
-  * Admin should not delete himself (#19423)
-  * Use queue instead of memory queue in webhook send service (#19390)
-  * Simplify the code to get issue count (#19380)
-  * Add commit status popup to issuelist (#19375)
-  * Add RSS Feed buttons to Repo, User and Org pages (#19370)
-  * Add logic to switch between source/rendered on Markdown (#19356)
-  * Move some helper files out of models (#19355)
-  * Move access and repo permission to models/perm/access (#19350)
-  * Disallow selecting the text of buttons (#19330)
-  * Allow custom redirect for landing page (#19324)
-  * Remove dependent on session auth for api/v1 routers (#19321)
-  * Never use /api/v1 from Gitea UI Pages (#19318)
-  * Remove legacy unmaintained packages, refactor to support change default locale (#19308)
-  * Move milestone to models/issues/ (#19278)
-  * Configure OpenSSH log level via Environment in Docker (#19274)
-  * Move reaction to models/issues/ (#19264)
-  * Make git.OpenRepository accept Context (#19260)
-  * Move some issue methods as functions (#19255)
-  * Show last cron messages on monitor page (#19223)
-  * New cron task: delete old system notices (#19219)
-  * Add Redis Sentinel Authentication Support (#19213)
-  * Add auto logging of goroutine pid label (#19212)
-  * Set OpenGraph title to DisplayName in profile pages  (#19206)
-  * Add pprof labels in processes and for lifecycles (#19202)
-  * Let web and API routes have different auth methods group (#19168)
-  * Move init repository related functions to modules (#19159)
-  * Feeds: render markdown to html (#19058)
-  * Allow users to self-request a PR review (#19030)
-  * Allow render HTML with css/js external links (#19017)
-  * Fix script compatiable with OpenWrt (#19000)
-  * Support ignore all santize for external renderer (#18984)
-  * Add note to GPG key response if user has no keys (#18961)
-  * Improve Stopwatch behavior (#18930)
-  * Improve mirror iterator (#18928)
-  * Uncapitalize errors (#18915)
-  * Prevent Stats Indexer reporting error if repo dir missing (#18870)
-  * Refactor SecToTime() function (#18863)
-  * Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
-  * Move deletebeans into models/db (#18781)
-  * Fix display time of milestones (#18753)
-  * Add config option to disable "Update branch by rebase" (#18745)
-  * Display template path of current page in dev mode (#18717)
-  * Add number in queue status to monitor page (#18712)
-  * Change git.cmd to RunWithContext (#18693)
-  * Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
-  * Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)
-  * Move organization related structs into sub package (#18518)
-  * Warn at startup if the provided `SCRIPT_TYPE` is not on the PATH (#18467)
-  * Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)
-  * Use explicit jQuery import, remove unused eslint globals (#18435)
-  * Allow to filter repositories by language in explore, user and organization repositories lists (#18430)
-  * Use base32 for 2FA scratch token (#18384)
-  * Unexport var git.GlobalCommandArgs (#18376)
-  * Don't underline commit status icon on hover (#18372)
-  * Always use git command but not os.Command (#18363)
-  * Switch to non-deprecation setting (#18358)
-  * Set the LastModified header for raw files (#18356)
-  * Refactor jwt.StandardClaims to RegisteredClaims (#18344)
-  * Enable deprecation error for v1.17.0 (#18341)
-  * Refactor httplib (#18338)
-  * Limit max-height of CodeMirror editors for issue comment and wiki (#18271)
-  * Validate migration files (#18203)
-  * Format with gofumpt (#18184)
-  * Allow custom default merge message with .gitea/default_merge_message/<merge_style>_TEMPLATE.md (#18177)
-  * Prettify number of issues (#17760)
-  * Add a "admin user generate-access-token" subcommand (#17722)
-  * Custom regexp external issues (#17624)
-  * Add smtp password to install page (#17564)
-  * Add config options to hide issue events (#17414)
-  * Prevent double click new issue/pull/comment button (#16157)
-  * Show issue assignee on project board (#15232)
-* BUGFIXES
-  * WebAuthn CredentialID field needs to be increased in size (#20530) (#20555)
-  * Ensure that all unmerged files are merged when conflict checking (#20528) (#20536)
-  * Stop logging EOFs and exit(1)s in ssh handler (#20476) (#20529)
-  * Add labels to two buttons that were missing them (#20419) (#20524)
-  * Fix ROOT_URL detection for URLs without trailing slash (#20502) (#20503)
-  * Dismiss prior pull reviews if done via web in review dismiss (#20197) (#20407)
-  * Allow RSA 2047 bit keys (#20272) (#20396)
-  * Add missing return for when topic isn't found (#20351) (#20395)
-  * Fix commit status icon when in subdirectory (#20285) (#20385)
-  * Initialize cron last (#20373) (#20384)
-  * Set target on create release with existing tag (#20381) (#20382)
-  * Update xorm.io/xorm to fix a interpreting db column sizes issue on 32bit systems (#20371) (#20372)
-  * Make sure `repo_dir` is an empty directory or doesn't exist before 'dump-repo' (#20205) (#20370)
-  * Prevent context deadline error propagation in GetCommitsInfo (#20346) (#20361)
-  * Correctly handle draft releases without a tag (#20314) (#20335)
-  * Prevent "empty" scrollbars on Firefox (#20294) (#20308)
-  * Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299) (#20306)
-  * Bump goldmark to v1.4.13 (#20300) (#20301)
-  * Do not create empty ".ssh" directory when loading config (#20289) (#20298)
-  * Fix NPE when using non-numeric (#20277) (#20278)
-  * Store read access in access for team repositories (#20275) (#20276)
-  * EscapeFilter the group dn membership (#20200) (#20254)
-  * Only show Followers that current user can access (#20220) (#20252)
-  * Update Bluemonday to v1.0.19 (#20199) (#20209)
-  * Refix indices on actions table (#20158) (#20198)
-  * Check if project has the same repository id with issue when assign project to issue (#20133) (#20188)
-  * Fix remove file on initial comment (#20127) (#20128)
-  * Catch the error before the response is processed by goth (#20000) (#20102)
-  * Dashboard feed respect setting.UI.FeedPagingNum again (#20094) (#20099)
-  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
-  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
-  * Return 404 when tag is broken (#20017) (#20024)
-  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
-  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
-  * Return 404 when tag is broken (#20017) (#20024)
-  * Write Commit-Graphs in RepositoryDumper (#20004)
-  * Use DisplayName() instead of FullName in Oauth Provider (#19991)
-  * Don't buffer doctor logger (#19982)
-  * Always try to fetch repo for mirrors (#19975)
-  * Uppercase first languages letters (#19965)
-  * Fix cli command restore-repo: "units" should be parsed as StringSlice (#19953)
-  * Ensure minimum mirror interval is reported on settings page (#19895)
-  * Exclude Archived repos from Dashboard Milestones (#19882)
-  * gitconfig: set safe.directory = * (#19870)
-  * Prevent NPE on update mirror settings (#19864)
-  * Only return valid stopwatches to the EventSource (#19863)
-  * Prevent NPE whilst migrating if there is a team request review (#19855)
-  * Fix inconsistency in doctor output (#19836)
-  * Fix release tag for webhook (#19830)
-  * Add title attribute to dependencies in sidebar (#19807)
-  * Estimate Action Count in Statistics (#19775)
-  * Do not update user stars numbers unless fix is specified (#19750)
-  * Improved ref comment link when origin is body/title (#19741)
-  * Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
-  * Fix duplicate entry error when add team member (#19702)
-  * Fix sending empty notifications (#19589)
-  * Update image URL for Discord webhook (#19536)
-  * Don't let repo clone URL overflow (#19517)
-  * Allow commit status popup on /pulls page (#19507)
-  * Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl (#19494)
-  * Fix logging of Transfer API (#19456)
-  * Fix panic in teams API when requesting members (#19360)
-  * Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
-  * An attempt to sync a non-mirror repo must give 400 (Bad Request) (#19300)
-  * Move checks for pulls before merge into own function (#19271)
-  * Fix `contrib/upgrade.sh` (#19222)
-  * Set the default branch for repositories generated from templates (#19136)
-  * Fix EasyMDE error when input Enter (#19004)
-  * Don't clean up hardcoded `tmp` (#18983)
-  * Delete related notifications on issue deletion too (#18953)
-  * Fix trace log to show value instead of pointers (#18926)
-  * Fix behavior or checkbox submission. (#18851)
-  * Add `ContextUser` (#18798)
-  * Fix some mirror bugs (#18649)
-  * Quote MAKE to prevent path expansion with space error (#18622)
-  * Preserve users if restoring a repository on the same Gitea instance (#18604)
-  * Fix non-ASCII search on database  (#18437)
-  * Automatically pause queue if index service is unavailable (#15066)
-* TESTING
-  * Allow postgres integration tests to run over unix pipe (#19875)
-  * Prevent intermittent NPE in queue tests (#19301)
-  * Add test for importing pull requests in gitea uploader for migrations (#18752)
-  * Remove redundant comparison in repo dump/restore (#18660)
-  * More repo dump/restore tests, including pull requests  (#18621)
-  * Add test coverage for original author conversion during migrations (#18506)
-* TRANSLATION
-  * Update issue_no_dependencies description (#19112)
-  * Refactor webhooks i18n (#18380)
-* BUILD
-  * Use alpine 3.16 (#19797)
-  * Require node 14.0 (#19451)
-* DOCS
-  * Update documents (git/fomantic/db, etc) (#19868)
-  * Update the ROOT documentation and error messages (#19832)
-  * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for Docker (#19794)
-  * Update documentation to disable duration settings with -1 instead of 0 (#19647)
-  * Add warning to set SENDMAIL_ARGS to --  (#19102)
-  * Update nginx reverse proxy docs (#18922)
-  * Add example to render html files (#18736)
-  * Make SSH passtrough documentation better (#18687)
-  * Changelog 1.16.0 & 1.15.11 (#18468 & #18455)  (#18470)
-  * Update the SSH passthrough documentation (#18366)
-  * Add `contrib/upgrade.sh` (#18286)
-* MISC
-  * Fix aria for logo (#19955)
-  * In code search, get code unit accessible repos in one (main) query (#19764)
-  * Add tooltip to pending PR comments (#19662)
-  * Improve sync performance for pull-mirrors (#19125)
-  * Improve dashboard's repo list performance (#18963)
-  * Avoid database lookups for `DescriptionHTML` (#18924)
-  * Remove CodeMirror dependencies (#18911)
-  * Disable unnecessary mirroring elements (#18527)
-  * Disable unnecessary OpenID/OAuth2 elements (#18491)
-  * Disable unnecessary GitHooks elements (#18485)
-  * Change some logging levels (#18421)
-  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385)
-  * Use correct translation key for errors (#18342)
-
-## [1.16.8](https://github.com/go-gitea/gitea/releases/tag/v1.16.8) - 2022-05-16
-
-* ENHANCEMENTS
-  * Add doctor check/fix for bogus action rows (#19656) (#19669)
-  * Make .cs highlighting legible on dark themes. (#19604) (#19605)
-* BUGFIXES
-  * Fix oauth setting list bug (#19681)
-  * Delete user related oauth stuff on user deletion too (#19677) (#19680)
-  * Fix new release from tags list UI (#19670) (#19673)
-  * Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
-  * GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
-  * Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)
-  * Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)
-  * Fix sending empty notifications (#19589) (#19590)
-  * Ignore DNS error when doing migration allow/block check (#19566) (#19567)
-  * Fix issue overview for teams (#19652) (#19653)
-
 ## [1.16.7](https://github.com/go-gitea/gitea/releases/tag/v1.16.7) - 2022-05-02

 * SECURITY
@@ -563,7 +199,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 * ENHANCEMENTS
  * Add dropdown icon to label set template dropdown (#18564) (#18571)
 * BUGFIXES
-  * comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
+  * Comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
  * Stop logging an error when notes are not found (#18626) (#18635)
  * Ensure that blob-excerpt links work for wiki (#18587) (#18624)
  * Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -134,15 +134,6 @@ Some of the key points:
  if that is not related to your PR, please make *another* PR for that.
 * Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
-* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
-
-If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this could affect users and how to mitigate these changes.

 ## Styleguide

@@ -150,8 +141,8 @@ For imports you should use the following format (_without_ the comments)
 ```go
 import (
  // stdlib
+  "encoding/json"
  "fmt"
-  "math"

  // local packages
  "code.gitea.io/gitea/models"
@@ -212,74 +203,13 @@ In general, HTTP methods are chosen as follows:
 * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
 * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object

+
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
+
 ### Endpoints returning lists should
 * support pagination (`page` & `limit` options in query)
 * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

-## Large Character Comments
-
-Throughout the codebase there are large-text comments for sections of code, e.g.:
-
-```go
-// __________            .__               
-// \______   \ _______  _|__| ______  _  __
-//  |       _// __ \  \/ /  |/ __ \ \/ \/ /
-//  |    |   \  ___/\   /|  \  ___/\     / 
-//  |____|_  /\___  >\_/ |__|\___  >\/\_/  
-//         \/     \/             \/        
-```
-
-These were created using the `figlet` tool with the `graffiti` font.
-
-A simple way of creating these is to use the following:
-
-```bash
-figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
-```
-
-## Backports and Frontports
-
-Occasionally backports of PRs are required.
-
-The backported PR title should be:
-
-```
-Title of backported PR (#ORIGINAL_PR_NUMBER)
-```
-
-The first two lines of the summary of the backporting PR should be:
-
-```
-Backport #ORIGINAL_PR_NUMBER
-
-```
-
-with the rest of the summary matching the original PR. Similarly for frontports
-
---
-
-The below is a script that may be helpful in creating backports. YMMV.
-
-```bash
-#!/bin/sh
-PR="$1"
-SHA="$2"
-VERSION="$3"
-
-if [ -z "$SHA" ]; then
-    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
-fi
-
-if [ -z "$VERSION" ]; then
-    VERSION="v1.16"
-fi
-
-echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
-
-```

 ## Developer Certificate of Origin (DCO)

@@ -421,19 +351,15 @@ be reviewed by two maintainers and must pass the automatic tests.
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
 * And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+* If needed send PR for changelog on branch `main`.
 * Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
-* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  * bump the version of https://dl.gitea.io/gitea/version.json
-  * merge the blog post PR
-  * announce the release in discord `#announcements`

 ## Copyright

 Code that you contribute should use the standard copyright header:

 ```
-// Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/4
+++ b/4
@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.18-alpine3.15 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.18-alpine3.15 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
--- a/3
+++ b/3
@@ -45,5 +45,4 @@ Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Gusted <williamzijl7@hotmail.com) (@Gusted)
-silentcode <silentcode@senga.org> (@silentcodeg)
-Wim <wim@42.be> (@42wim)
+singuliere <singuliere@autistici.org> (@singuliere)
--- a/54
+++ b/54
@@ -29,8 +29,8 @@ XGO_VERSION := go-1.18.x
 AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
 ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.44.2
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
 SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
@@ -67,7 +67,7 @@ endif

 EXTRA_GOFLAGS ?=

-MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
+MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence

 ifeq ($(RACE_ENABLED),true)
@@ -195,7 +195,6 @@ help:
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
-	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
 	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"
@@ -204,10 +203,13 @@ help:
 go-check:
 	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
 	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
-	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
+	$(eval GO_VERSION_STR := $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+'))
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(GO_VERSION_STR)' | tr '.' ' ')))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build, but $(GO_VERSION) was found. You can get an updated version at https://go.dev/dl/"; \
 		exit 1; \
+	else \
+		echo "WARNING: Please ensure Go $(GO_VERSION_STR) is still maintained to avoid possible security problems. You can check it at https://go.dev/dl/"; \
 	fi

 .PHONY: git-check
@@ -313,9 +315,10 @@ lint: lint-frontend lint-backend
 lint-frontend: node_modules
 	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
 	npx stylelint --color --max-warnings=0 web_src/less
+	npx editorconfig-checker templates

 .PHONY: lint-backend
-lint-backend: golangci-lint vet editorconfig-checker
+lint-backend: golangci-lint vet

 .PHONY: watch
 watch:
@@ -370,20 +373,16 @@ unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
 	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

-.PHONY: tidy
-tidy:
-	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
-
 .PHONY: vendor
-vendor: tidy
-	$(GO) mod vendor
+vendor:
+	$(GO) mod tidy && $(GO) mod vendor

 .PHONY: gomod-check
-gomod-check: tidy
+gomod-check:
+	@$(GO) mod tidy
 	@diff=$$(git diff go.sum); \
 	if [ -n "$$diff" ]; then \
-		echo "Please run 'make tidy' and commit the result:"; \
+		echo "Please run '$(GO) mod tidy' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
@@ -515,10 +514,6 @@ bench-pgsql: integrations.pgsql.test generate-ini-pgsql
 integration-test-coverage: integrations.cover.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

-.PHONY: integration-test-coverage-sqlite
-integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
-
 integrations.mysql.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test

@@ -537,9 +532,6 @@ integrations.sqlite.test: git-check $(GO_SOURCES)
 integrations.cover.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

-integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
-
 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
@@ -616,27 +608,27 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
-	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
 release-check: | $(DIST_DIRS)
@@ -651,9 +643,7 @@ release-sources: | $(DIST_DIRS)
 	echo $(VERSION) > $(STORED_VERSION_FILE)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
-# use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

 .PHONY: release-docs
@@ -703,8 +693,8 @@ fomantic:
 	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
+	cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
-	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

 .PHONY: webpack
@@ -762,7 +752,7 @@ generate-gitignore:

 .PHONY: generate-images
 generate-images: | node_modules
-	npm install --no-save --no-package-lock fabric@5 imagemin-zopfli@7
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
 	node build/generate-images.js $(TAGS)

 .PHONY: generate-manpage
--- a/README.md
+++ b/README.md
@@ -73,7 +73,7 @@ or if SQLite support is required:

 The `build` target is split into two sub-targets:

- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
+- `make backend` which requires [Go 1.17](https://go.dev/dl/) or greater.
 - `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.

 When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
--- a/assets/favicon.svg
+++ b/assets/favicon.svg
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
-</svg>
--- a/build.go
+++ b/build.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build vendor
+// +build vendor

 package main

--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

@@ -135,7 +136,7 @@ func (fc *fileCollector) collectFiles() (res [][]string, err error) {
 }

 // substArgFiles expands the {file-list} to a real file list for commands
-func substArgFiles(args, files []string) []string {
+func substArgFiles(args []string, files []string) []string {
 	for i, s := range args {
 		if s == "{file-list}" {
 			newArgs := append(args[:i], files...)
@@ -228,9 +229,9 @@ func containsString(a []string, s string) bool {
 	return false
 }

-func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
+func giteaFormatGoImports(files []string) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
+		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@@ -266,8 +267,8 @@ func main() {
 		logVerbose("batch cmd: %s %v", subCmd, substArgs)
 		switch subCmd {
 		case "gitea-fmt":
-			if containsString(subArgs, "-d") {
-				log.Print("the -d option is not supported by gitea-fmt")
+			if containsString(subArgs, "-w") {
+				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
 			}
 			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
 			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -7,7 +7,6 @@ package codeformat
 import (
 	"bytes"
 	"errors"
-	"fmt"
 	"io"
 	"os"
 	"sort"
@@ -21,10 +20,8 @@ var importPackageGroupOrders = map[string]int{

 var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")

-var (
-	importBlockBegin = []byte("\nimport (\n")
-	importBlockEnd   = []byte("\n)")
-)
+var importBlockBegin = []byte("\nimport (\n")
+var importBlockEnd = []byte("\n)")

 type importLineParsed struct {
 	group   string
@@ -62,10 +59,8 @@ func parseImportLine(line string) (*importLineParsed, error) {
 	return il, nil
 }

-type (
-	importLineGroup    []*importLineParsed
-	importLineGroupMap map[string]importLineGroup
-)
+type importLineGroup []*importLineParsed
+type importLineGroupMap map[string]importLineGroup

 func formatGoImports(contentBytes []byte) ([]byte, error) {
 	p1 := bytes.Index(contentBytes, importBlockBegin)
@@ -158,8 +153,8 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 	return formattedBytes, nil
 }

-// FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
+//FormatGoImports format the imports by our rules (see unit tests)
+func FormatGoImports(file string) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@@ -182,20 +177,11 @@ func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
 	if bytes.Equal(contentBytes, formattedBytes) {
 		return nil
 	}
-
-	if doChangedFiles {
-		fmt.Println(file)
-	}
-
-	if doWriteFile {
-		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
+	f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0644)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	_, err = f.Write(formattedBytes)
-		return err
-	}
-
 	return err
 }
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

@@ -19,7 +20,7 @@ import (
 	"github.com/shurcooL/vfsgen"
 )

-func needsUpdate(dir, filename string) (bool, []byte) {
+func needsUpdate(dir string, filename string) (bool, []byte) {
 	needRegen := false
 	_, err := os.Stat(filename)
 	if err != nil {
@@ -49,6 +50,7 @@ func needsUpdate(dir, filename string) (bool, []byte) {
 	newHash := hasher.Sum([]byte{})

 	if bytes.Compare(oldHash, newHash) != 0 {
+
 		return true, newHash
 	}

@@ -85,5 +87,5 @@ func main() {
 	if err != nil {
 		log.Fatalf("%v\n", err)
 	}
-	_ = os.WriteFile(filename+".hash", newHash, 0o666)
+	_ = os.WriteFile(filename+".hash", newHash, 0666)
 }
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -4,6 +4,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

@@ -29,7 +30,9 @@ const (
 	maxUnicodeVersion = 12
 )

-var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
+var (
+	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
+)

 // Gemoji is a set of emoji data.
 type Gemoji []Emoji
@@ -65,7 +68,7 @@ func main() {
 	}

 	// write
-	err = os.WriteFile(*flagOut, buf, 0o644)
+	err = os.WriteFile(*flagOut, buf, 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -106,7 +109,7 @@ func generate() ([]byte, error) {
 		return nil, err
 	}

-	skinTones := make(map[string]string)
+	var skinTones = make(map[string]string)

 	skinTones["\U0001f3fb"] = "Light Skin Tone"
 	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
@@ -116,7 +119,7 @@ func generate() ([]byte, error) {

 	var tmp Gemoji

-	// filter out emoji that require greater than max unicode version
+	//filter out emoji that require greater than max unicode version
 	for i := range data {
 		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
 		if int(val) <= maxUnicodeVersion {
@@ -155,7 +158,7 @@ func generate() ([]byte, error) {

 	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
 	file, _ := json.Marshal(data)
-	_ = os.WriteFile("assets/emoji.json", file, 0o644)
+	_ = os.WriteFile("assets/emoji.json", file, 0644)

 	// Add skin tones to emoji that support it
 	var (
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@@ -1,4 +1,5 @@
 //go:build ignore
+// +build ignore

 package main

@@ -33,6 +34,7 @@ func main() {
 	flag.Parse()

 	file, err := os.CreateTemp(os.TempDir(), prefix)
+
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -63,6 +65,7 @@ func main() {
 	}

 	gz, err := gzip.NewReader(file)
+
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -93,6 +96,7 @@ func main() {
 		}

 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
+
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
@@ -115,7 +119,7 @@ func main() {
 		}
 		// Write data to dst
 		dst = path.Join(destination, dst)
-		err = os.WriteFile(dst, data, 0o644)
+		err = os.WriteFile(dst, data, 0644)
 		if err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		}
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -1,8 +1,13 @@
-#!/usr/bin/env node
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'fs/promises';
+import fs from 'fs';
+import {resolve, dirname} from 'path';
+import {fileURLToPath} from 'url';
+
+const {readFile, writeFile} = fs.promises;
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const logoFile = resolve(__dirname, '../assets/logo.svg');

 function exit(err) {
  if (err) console.error(err);
@@ -17,10 +22,8 @@ function loadSvg(svg) {
  });
 }

-async function generate(svg, path, {size, bg}) {
-  const outputFile = new URL(path, import.meta.url);
-
-  if (String(outputFile).endsWith('.svg')) {
+async function generate(svg, outputFile, {size, bg}) {
+  if (outputFile.endsWith('.svg')) {
    const {data} = optimize(svg, {
      plugins: [
        'preset-default',
@@ -65,18 +68,17 @@ async function generate(svg, path, {size, bg}) {

 async function main() {
  const gitea = process.argv.slice(2).includes('gitea');
-  const logoSvg = await readFile(new URL('../assets/logo.svg', import.meta.url), 'utf8');
-  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');
+  const svg = await readFile(logoFile, 'utf8');

  await Promise.all([
-    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
-    generate(logoSvg, '../public/img/logo.png', {size: 512}),
-    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
-    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
-    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
-    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
-    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
+    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
+    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
+    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
+    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
  ]);
 }

 main().then(exit).catch(exit);
+
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -1,4 +1,5 @@
 //go:build ignore
+// +build ignore

 package main

@@ -33,6 +34,7 @@ func main() {
 	flag.Parse()

 	file, err := os.CreateTemp(os.TempDir(), prefix)
+
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -64,6 +66,7 @@ func main() {
 	}

 	gz, err := gzip.NewReader(file)
+
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -97,6 +100,7 @@ func main() {
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
+
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,14 +1,13 @@
-#!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'path';
-import {readFile, writeFile, mkdir} from 'fs/promises';
+import {resolve, parse, dirname} from 'path';
+import fs from 'fs';
 import {fileURLToPath} from 'url';

-const glob = (pattern) => fastGlob.sync(pattern, {
-  cwd: fileURLToPath(new URL('..', import.meta.url)),
-  absolute: true,
-});
+const {readFile, writeFile, mkdir} = fs.promises;
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
+const outputDir = resolve(__dirname, '../public/img/svg');

 function exit(err) {
  if (err) console.error(err);
@@ -17,6 +16,7 @@ function exit(err) {

 async function processFile(file, {prefix, fullName} = {}) {
  let name;
+
  if (fullName) {
    name = fullName;
  } else {
@@ -35,8 +35,7 @@ async function processFile(file, {prefix, fullName} = {}) {
      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
    ],
  });
-
-  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
+  await writeFile(resolve(outputDir, `${name}.svg`), data);
 }

 function processFiles(pattern, opts) {
@@ -45,14 +44,15 @@ function processFiles(pattern, opts) {

 async function main() {
  try {
-    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
+    await mkdir(outputDir);
  } catch {}

  await Promise.all([
-    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
-    ...processFiles('web_src/svg/*.svg'),
-    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
+    ...processFiles('../web_src/svg/*.svg'),
+    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }

 main().then(exit).catch(exit);
+
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -7,6 +7,7 @@
 // merges them into one profile

 //go:build ignore
+// +build ignore

 package main

@@ -21,7 +22,7 @@ import (
 	"golang.org/x/tools/cover"
 )

-func mergeProfiles(p, merge *cover.Profile) {
+func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
 	if p.Mode != merge.Mode {
 		log.Fatalf("cannot merge profiles with different modes")
 	}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -17,7 +17,6 @@ import (
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
@@ -58,7 +57,6 @@ var (
 			microcmdUserList,
 			microcmdUserChangePassword,
 			microcmdUserDelete,
-			microcmdUserGenerateAccessToken,
 		},
 	}

@@ -161,27 +159,6 @@ var (
 		Action: runDeleteUser,
 	}

-	microcmdUserGenerateAccessToken = cli.Command{
-		Name:  "generate-access-token",
-		Usage: "Generate a access token for a specific user",
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "username,u",
-				Usage: "Username",
-			},
-			cli.StringFlag{
-				Name:  "token-name,t",
-				Usage: "Token name",
-				Value: "gitea-admin",
-			},
-			cli.BoolFlag{
-				Name:  "raw",
-				Usage: "Display only the token value",
-			},
-		},
-		Action: runGenerateAccessToken,
-	}
-
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -491,7 +468,7 @@ func runChangePassword(c *cli.Context) error {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
-	user, err := user_model.GetUserByName(ctx, uname)
+	user, err := user_model.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
@@ -499,7 +476,7 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}

@@ -553,11 +530,11 @@ func runCreateUser(c *cli.Context) error {
 	}

 	// always default to true
-	changePassword := true
+	var changePassword = true

 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(nil); n == 0 {
+	if n := user_model.CountUsers(); n == 0 {
 		changePassword = false
 	}

@@ -614,6 +591,7 @@ func runListUsers(c *cli.Context) error {
 	}

 	users, err := user_model.GetAllUsers()
+
 	if err != nil {
 		return err
 	}
@@ -637,6 +615,7 @@ func runListUsers(c *cli.Context) error {

 	w.Flush()
 	return nil
+
 }

 func runDeleteUser(c *cli.Context) error {
@@ -660,7 +639,7 @@ func runDeleteUser(c *cli.Context) error {
 	if c.IsSet("email") {
 		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(ctx, c.String("username"))
+		user, err = user_model.GetUserByName(c.String("username"))
 	} else {
 		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
@@ -678,41 +657,6 @@ func runDeleteUser(c *cli.Context) error {
 	return user_service.DeleteUser(user)
 }

-func runGenerateAccessToken(c *cli.Context) error {
-	if !c.IsSet("username") {
-		return fmt.Errorf("You must provide the username to generate a token for them")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	user, err := user_model.GetUserByName(ctx, c.String("username"))
-	if err != nil {
-		return err
-	}
-
-	t := &models.AccessToken{
-		Name: c.String("token-name"),
-		UID:  user.ID,
-	}
-
-	if err := models.NewAccessToken(t); err != nil {
-		return err
-	}
-
-	if c.Bool("raw") {
-		fmt.Printf("%s\n", t.Token)
-	} else {
-		fmt.Printf("Access token was successfully created: %s\n", t.Token)
-	}
-
-	return nil
-}
-
 func runRepoSyncReleases(_ *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -723,9 +667,9 @@ func runRepoSyncReleases(_ *cli.Context) error {

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
+		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
 			ListOptions: db.ListOptions{
-				PageSize: repo_model.RepositoryListDefaultPageSize,
+				PageSize: models.RepositoryListDefaultPageSize,
 				Page:     page,
 			},
 			Private: true,
@@ -739,7 +683,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 		log.Trace("Processing next %d repos of %d", len(repos), count)
 		for _, repo := range repos {
 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
-			gitRepo, err := git.OpenRepository(ctx, repo.RepoPath())
+			gitRepo, err := git.OpenRepository(repo.RepoPath())
 			if err != nil {
 				log.Warn("OpenRepository: %v", err)
 				continue
@@ -896,6 +840,7 @@ func runUpdateOauth(c *cli.Context) error {

 	if c.IsSet("required-claim-name") {
 		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
+
 	}
 	if c.IsSet("required-claim-value") {
 		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
@@ -912,7 +857,7 @@ func runUpdateOauth(c *cli.Context) error {
 	}

 	// update custom URL mapping
-	customURLMapping := &oauth2.CustomURLMapping{}
+	var customURLMapping = &oauth2.CustomURLMapping{}

 	if oAuth2Config.CustomURLMapping != nil {
 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@@ -995,7 +940,7 @@ func runAddSMTP(c *cli.Context) error {
 	if !c.IsSet("port") {
 		return errors.New("port must be set")
 	}
-	active := true
+	var active = true
 	if c.IsSet("active") {
 		active = c.BoolT("active")
 	}
@@ -1063,6 +1008,7 @@ func runListAuth(c *cli.Context) error {
 	}

 	authSources, err := auth.Sources()
+
 	if err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -260,6 +260,7 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 	if c.IsSet("skip-local-2fa") {
 		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
 	}
+
 	return nil
 }

--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -17,12 +17,12 @@ import (

 func TestAddLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}

 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args   []string
 		source *auth.Source
 		errMsg string
@@ -243,12 +243,12 @@ func TestAddLdapBindDn(t *testing.T) {

 func TestAddLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}

 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args       []string
 		authSource *auth.Source
 		errMsg     string
@@ -474,12 +474,12 @@ func TestAddLdapSimpleAuth(t *testing.T) {

 func TestUpdateLdapBindDn(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}

 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args               []string
 		id                 int64
 		existingAuthSource *auth.Source
@@ -907,12 +907,12 @@ func TestUpdateLdapBindDn(t *testing.T) {

 func TestUpdateLdapSimpleAuth(t *testing.T) {
 	// Mock cli functions to do not exit on error
-	osExiter := cli.OsExiter
+	var osExiter = cli.OsExiter
 	defer func() { cli.OsExiter = osExiter }()
 	cli.OsExiter = func(code int) {}

 	// Test cases
-	cases := []struct {
+	var cases = []struct {
 		args               []string
 		id                 int64
 		existingAuthSource *auth.Source
@@ -1161,6 +1161,7 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			authSource: &auth.Source{
 				Type: auth.DLDAP,
 				Cfg: &ldap.Source{
+
 					AttributeMail: "mail",
 				},
 			},
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -180,7 +180,7 @@ func runCert(c *cli.Context) error {
 	}
 	log.Println("Written cert.pem")

-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
+	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -5,6 +5,7 @@
 package cmd

 import (
+	"context"
 	"fmt"
 	golog "log"
 	"os"
@@ -24,8 +25,8 @@ import (
 // CmdDoctor represents the available doctor sub-command.
 var CmdDoctor = cli.Command{
 	Name:        "doctor",
-	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Usage:       "Diagnose problems",
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
 	Action:      runDoctor,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@@ -115,12 +116,13 @@ func runRecreateTable(ctx *cli.Context) error {
 	}
 	recreateTables := migrations.RecreateTables(beans...)

-	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
+	return db.InitEngineWithMigration(context.Background(), func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
 			return err
 		}
 		return recreateTables(x)
 	})
+
 }

 func runDoctor(ctx *cli.Context) error {
@@ -203,7 +205,7 @@ func runDoctor(ctx *cli.Context) error {

 	// Now we can set up our own logger to return information about what the doctor is doing
 	if err := log.NewNamedLogger("doctorouter",
-		0,
+		1000,
 		"console",
 		"console",
 		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -7,7 +7,6 @@ package cmd

 import (
 	"fmt"
-	"io"
 	"os"
 	"path"
 	"path/filepath"
@@ -22,25 +21,14 @@ import (
 	"code.gitea.io/gitea/modules/util"

 	"gitea.com/go-chi/session"
-	"github.com/mholt/archiver/v3"
+	archiver "github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )

-func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
-	if verbose {
-		log.Info("Adding file %s", customName)
-	}
-
-	return w.Write(archiver.File{
-		FileInfo: archiver.FileInfo{
-			FileInfo:   info,
-			CustomName: customName,
-		},
-		ReadCloser: r,
-	})
-}
-
 func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
+	if verbose {
+		log.Info("Adding file %s\n", filePath)
+	}
 	file, err := os.Open(absPath)
 	if err != nil {
 		return err
@@ -51,7 +39,13 @@ func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 		return err
 	}

-	return addReader(w, file, fileInfo, filePath, verbose)
+	return w.Write(archiver.File{
+		FileInfo: archiver.FileInfo{
+			FileInfo:   fileInfo,
+			CustomName: filePath,
+		},
+		ReadCloser: file,
+	})
 }

 func isSubdir(upper, lower string) (bool, error) {
@@ -142,10 +136,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-attachment-data",
 			Usage: "Skip attachment data",
 		},
-		cli.BoolFlag{
-			Name:  "skip-package-data",
-			Usage: "Skip package data",
-		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@@ -251,7 +241,13 @@ func runDump(ctx *cli.Context) error {
 				return err
 			}

-			return addReader(w, object, info, path.Join("data", "lfs", objPath), verbose)
+			return w.Write(archiver.File{
+				FileInfo: archiver.FileInfo{
+					FileInfo:   info,
+					CustomName: path.Join("data", "lfs", objPath),
+				},
+				ReadCloser: object,
+			})
 		}); err != nil {
 			fatal("Failed to dump LFS objects: %v", err)
 		}
@@ -330,7 +326,6 @@ func runDump(ctx *cli.Context) error {
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
-		excludes = append(excludes, setting.Packages.Path)
 		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
@@ -346,24 +341,17 @@ func runDump(ctx *cli.Context) error {
 			return err
 		}

-		return addReader(w, object, info, path.Join("data", "attachments", objPath), verbose)
+		return w.Write(archiver.File{
+			FileInfo: archiver.FileInfo{
+				FileInfo:   info,
+				CustomName: path.Join("data", "attachments", objPath),
+			},
+			ReadCloser: object,
+		})
 	}); err != nil {
 		fatal("Failed to dump attachments: %v", err)
 	}

-	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
-		log.Info("Skip dumping package data")
-	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
-		info, err := object.Stat()
-		if err != nil {
-			return err
-		}
-
-		return addReader(w, object, info, path.Join("data", "packages", objPath), verbose)
-	}); err != nil {
-		fatal("Failed to dump packages: %v", err)
-	}
-
 	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
 	// ensuring that it's clear the dump is skipped whether the directory's initialized
 	// yet or not.
@@ -387,7 +375,7 @@ func runDump(ctx *cli.Context) error {
 			fatal("Failed to save %s: %v", fileName, err)
 		}

-		if err := os.Chmod(fileName, 0o600); err != nil {
+		if err := os.Chmod(fileName, 0600); err != nil {
 			log.Info("Can't change file access permissions mask to 0600: %v", err)
 		}
 	}
@@ -439,25 +427,10 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 				}
 			}
 		} else {
-			// only copy regular files and symlink regular files, skip non-regular files like socket/pipe/...
-			shouldAdd := file.Mode().IsRegular()
-			if !shouldAdd && file.Mode()&os.ModeSymlink == os.ModeSymlink {
-				target, err := filepath.EvalSymlinks(currentAbsPath)
-				if err != nil {
-					return err
-				}
-				targetStat, err := os.Stat(target)
-				if err != nil {
-					return err
-				}
-				shouldAdd = targetStat.Mode().IsRegular()
-			}
-			if shouldAdd {
 			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
 				return err
 			}
 		}
 	}
-	}
 	return nil
 }
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -7,17 +7,13 @@ package cmd
 import (
 	"context"
 	"errors"
-	"fmt"
-	"os"
 	"strings"

 	"code.gitea.io/gitea/modules/convert"
-	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
@@ -87,11 +83,6 @@ func runDumpRepository(ctx *cli.Context) error {
 		return err
 	}

-	// migrations.GiteaLocalUploader depends on git module
-	if err := git.InitSimple(context.Background()); err != nil {
-		return err
-	}
-
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
@@ -116,7 +107,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	}
 	serviceType = convert.ToGitServiceType(serviceStr)

-	opts := base.MigrateOptions{
+	var opts = base.MigrateOptions{
 		GitServiceType: serviceType,
 		CloneAddr:      cloneAddr,
 		AuthUsername:   ctx.String("auth_username"),
@@ -137,9 +128,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	} else {
 		units := strings.Split(ctx.String("units"), ",")
 		for _, unit := range units {
-			switch strings.ToLower(strings.TrimSpace(unit)) {
-			case "":
-				continue
+			switch strings.ToLower(unit) {
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
@@ -156,29 +145,13 @@ func runDumpRepository(ctx *cli.Context) error {
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
-			default:
-				return errors.New("invalid unit: " + unit)
 			}
 		}
 	}

-	// the repo_dir will be removed if error occurs in DumpRepository
-	// make sure the directory doesn't exist or is empty, prevent from deleting user files
-	repoDir := ctx.String("repo_dir")
-	if exists, err := util.IsExist(repoDir); err != nil {
-		return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err)
-	} else if exists {
-		if isDir, _ := util.IsDir(repoDir); !isDir {
-			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
-		}
-		if dir, _ := os.ReadDir(repoDir); len(dir) > 0 {
-			return fmt.Errorf("repo_dir %q is not empty", repoDir)
-		}
-	}
-
 	if err := migrations.DumpRepository(
 		context.Background(),
-		repoDir,
+		ctx.String("repo_dir"),
 		ctx.String("owner_name"),
 		opts,
 	); err != nil {
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build bindata
+// +build bindata

 package cmd

@@ -108,6 +109,7 @@ type asset struct {
 }

 func initEmbeddedExtractor(c *cli.Context) error {
+
 	// Silence the console logger
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
@@ -258,7 +260,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s: %v", dir, err)
 	}

-	perms := os.ModePerm & 0o666
+	perms := os.ModePerm & 0666

 	fi, err := os.Lstat(dest)
 	if err != nil {
@@ -294,7 +296,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 }

 func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
-	results := make([]asset, 0, 64)
+	var results = make([]asset, 0, 64)
 	for _, name := range sec.Names() {
 		if isdir, err := sec.IsDir(name); !isdir && err == nil {
 			if sec.Path == "public" &&
@@ -305,11 +307,9 @@ func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
 			matchName := sec.Path + "/" + name
 			for _, g := range globs {
 				if g.Match(matchName) {
-					results = append(results, asset{
-						Section: sec,
+					results = append(results, asset{Section: sec,
 						Name: name,
-						Path:    sec.Path + "/" + name,
-					})
+						Path: sec.Path + "/" + name})
 					break
 				}
 			}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build !bindata
+// +build !bindata

 package cmd

--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -15,9 +15,9 @@ import (
 	"strings"
 	"time"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

@@ -162,7 +162,7 @@ func (n *nilWriter) WriteString(s string) (int, error) {
 }

 func runHookPreReceive(c *cli.Context) error {
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	ctx, cancel := installSignals()
@@ -180,12 +180,12 @@ Gitea or set your environment appropriately.`, "")
 	}

 	// the environment is set by serv command
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
-	username := os.Getenv(repo_module.EnvRepoUsername)
-	reponame := os.Getenv(repo_module.EnvRepoName)
-	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
-	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	username := os.Getenv(models.EnvRepoUsername)
+	reponame := os.Getenv(models.EnvRepoName)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
+	deployKeyID, _ := strconv.ParseInt(os.Getenv(models.EnvDeployKeyID), 10, 64)

 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -308,18 +308,18 @@ func runHookPostReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup("hooks/post-receive.log", c.Bool("debug"))
-
 	// First of all run update-server-info no matter what
-	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
+	if _, err := git.NewCommandContext(ctx, "update-server-info").Run(); err != nil {
 		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}

 	// Now if we're an internal don't do anything else
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}

+	setup("hooks/post-receive.log", c.Bool("debug"))
+
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
@@ -343,11 +343,11 @@ Gitea or set your environment appropriately.`, "")
 	}

 	// the environment is set by serv command
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
-	repoName := os.Getenv(repo_module.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
+	repoUser := os.Getenv(models.EnvRepoUsername)
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	repoName := os.Getenv(models.EnvRepoName)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	pusherName := os.Getenv(models.EnvPusherName)

 	hookOptions := private.HookOptions{
 		UserName:                        pusherName,
@@ -503,10 +503,10 @@ Gitea or set your environment appropriately.`, "")
 	}

 	reader := bufio.NewReader(os.Stdin)
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
-	repoName := os.Getenv(repo_module.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
+	repoUser := os.Getenv(models.EnvRepoUsername)
+	repoName := os.Getenv(models.EnvRepoName)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	pusherName := os.Getenv(models.EnvPusherName)

 	// 1. Version and features negotiation.
 	// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -1,23 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"testing"
-
-	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
-)
-
-func init() {
-	setting.SetCustomPathAndConf("", "", "")
-	setting.LoadForTest()
-}
-
-func TestMain(m *testing.M) {
-	unittest.MainTest(m, &unittest.TestOptions{
-		GiteaRootPath: "..",
-	})
-}
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"time"

+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"

 	"github.com/urfave/cli"
@@ -26,7 +27,6 @@ var (
 			subcmdRestart,
 			subcmdFlushQueues,
 			subcmdLogging,
-			subCmdProcesses,
 		},
 	}
 	subcmdShutdown = cli.Command{
@@ -58,8 +58,7 @@ var (
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
-			},
-			cli.BoolFlag{
+			}, cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
@@ -68,38 +67,326 @@ var (
 			},
 		},
 	}
-	subCmdProcesses = cli.Command{
-		Name:   "processes",
-		Usage:  "Display running processes within the current process",
-		Action: runProcesses,
+	defaultLoggingFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "group, g",
+			Usage: "Group to add logger to - will default to \"default\"",
+		}, cli.StringFlag{
+			Name:  "name, n",
+			Usage: "Name of the new logger - will default to mode",
+		}, cli.StringFlag{
+			Name:  "level, l",
+			Usage: "Logging level for the new logger",
+		}, cli.StringFlag{
+			Name:  "stacktrace-level, L",
+			Usage: "Stacktrace logging level",
+		}, cli.StringFlag{
+			Name:  "flags, F",
+			Usage: "Flags for the logger",
+		}, cli.StringFlag{
+			Name:  "expression, e",
+			Usage: "Matching expression for the logger",
+		}, cli.StringFlag{
+			Name:  "prefix, p",
+			Usage: "Prefix for the logger",
+		}, cli.BoolFlag{
+			Name:  "color",
+			Usage: "Use color in the logs",
+		}, cli.BoolFlag{
+			Name: "debug",
+		},
+	}
+	subcmdLogging = cli.Command{
+		Name:  "logging",
+		Usage: "Adjust logging commands",
+		Subcommands: []cli.Command{
+			{
+				Name:  "pause",
+				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					},
-			cli.BoolFlag{
-				Name:  "flat",
-				Usage: "Show processes as flat table rather than as tree",
 				},
+				Action: runPauseLogging,
+			}, {
+				Name:  "resume",
+				Usage: "Resume logging",
+				Flags: []cli.Flag{
 					cli.BoolFlag{
-				Name:  "no-system",
-				Usage: "Do not show system proceses",
+						Name: "debug",
 					},
+				},
+				Action: runResumeLogging,
+			}, {
+				Name:  "release-and-reopen",
+				Usage: "Cause Gitea to release and re-open files used for logging",
+				Flags: []cli.Flag{
 					cli.BoolFlag{
-				Name:  "stacktraces",
-				Usage: "Show stacktraces",
+						Name: "debug",
 					},
+				},
+				Action: runReleaseReopenLogging,
+			}, {
+				Name:      "remove",
+				Usage:     "Remove a logger",
+				ArgsUsage: "[name] Name of logger to remove",
+				Flags: []cli.Flag{
 					cli.BoolFlag{
-				Name:  "json",
-				Usage: "Output as json",
+						Name: "debug",
+					}, cli.StringFlag{
+						Name:  "group, g",
+						Usage: "Group to add logger to - will default to \"default\"",
 					},
+				},
+				Action: runRemoveLogger,
+			}, {
+				Name:  "add",
+				Usage: "Add a logger",
+				Subcommands: []cli.Command{
+					{
+						Name:  "console",
+						Usage: "Add a console logger",
+						Flags: append(defaultLoggingFlags,
+							cli.BoolFlag{
+								Name:  "stderr",
+								Usage: "Output console logs to stderr - only relevant for console",
+							}),
+						Action: runAddConsoleLogger,
+					}, {
+						Name:  "file",
+						Usage: "Add a file logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
 							cli.StringFlag{
-				Name:  "cancel",
-				Usage: "Process PID to cancel. (Only available for non-system processes.)",
+								Name:  "filename, f",
+								Usage: "Filename for the logger - this must be set.",
+							}, cli.BoolTFlag{
+								Name:  "rotate, r",
+								Usage: "Rotate logs",
+							}, cli.Int64Flag{
+								Name:  "max-size, s",
+								Usage: "Maximum size in bytes before rotation",
+							}, cli.BoolTFlag{
+								Name:  "daily, d",
+								Usage: "Rotate logs daily",
+							}, cli.IntFlag{
+								Name:  "max-days, D",
+								Usage: "Maximum number of daily logs to keep",
+							}, cli.BoolTFlag{
+								Name:  "compress, z",
+								Usage: "Compress rotated logs",
+							}, cli.IntFlag{
+								Name:  "compression-level, Z",
+								Usage: "Compression level to use",
+							},
+						}...),
+						Action: runAddFileLogger,
+					}, {
+						Name:  "conn",
+						Usage: "Add a net conn logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.BoolFlag{
+								Name:  "reconnect-on-message, R",
+								Usage: "Reconnect to host for every message",
+							}, cli.BoolFlag{
+								Name:  "reconnect, r",
+								Usage: "Reconnect to host when connection is dropped",
+							}, cli.StringFlag{
+								Name:  "protocol, P",
+								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
+							}, cli.StringFlag{
+								Name:  "address, a",
+								Usage: "Host address and port to connect to (defaults to :7020)",
+							},
+						}...),
+						Action: runAddConnLogger,
+					}, {
+						Name:  "smtp",
+						Usage: "Add an SMTP logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "username, u",
+								Usage: "Mail server username",
+							}, cli.StringFlag{
+								Name:  "password, P",
+								Usage: "Mail server password",
+							}, cli.StringFlag{
+								Name:  "host, H",
+								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
+							}, cli.StringSliceFlag{
+								Name:  "send-to, s",
+								Usage: "Email address(es) to send to",
+							}, cli.StringFlag{
+								Name:  "subject, S",
+								Usage: "Subject header of sent emails",
+							},
+						}...),
+						Action: runAddSMTPLogger,
+					},
+				},
 			},
 		},
 	}
 )

+func runRemoveLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	group := c.String("group")
+	if len(group) == 0 {
+		group = log.DEFAULT
+	}
+	name := c.Args().First()
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	statusCode, msg := private.RemoveLogger(ctx, group, name)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runAddSMTPLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "smtp"
+	if c.IsSet("host") {
+		vals["host"] = c.String("host")
+	} else {
+		vals["host"] = "127.0.0.1:25"
+	}
+
+	if c.IsSet("username") {
+		vals["username"] = c.String("username")
+	}
+	if c.IsSet("password") {
+		vals["password"] = c.String("password")
+	}
+
+	if !c.IsSet("send-to") {
+		return fmt.Errorf("Some recipients must be provided")
+	}
+	vals["sendTos"] = c.StringSlice("send-to")
+
+	if c.IsSet("subject") {
+		vals["subject"] = c.String("subject")
+	} else {
+		vals["subject"] = "Diagnostic message from Gitea"
+	}
+
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConnLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "conn"
+	vals["net"] = "tcp"
+	if c.IsSet("protocol") {
+		switch c.String("protocol") {
+		case "udp":
+			vals["net"] = "udp"
+		case "unix":
+			vals["net"] = "unix"
+		}
+	}
+	if c.IsSet("address") {
+		vals["address"] = c.String("address")
+	} else {
+		vals["address"] = ":7020"
+	}
+	if c.IsSet("reconnect") {
+		vals["reconnect"] = c.Bool("reconnect")
+	}
+	if c.IsSet("reconnect-on-message") {
+		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddFileLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "file"
+	if c.IsSet("filename") {
+		vals["filename"] = c.String("filename")
+	} else {
+		return fmt.Errorf("filename must be set when creating a file logger")
+	}
+	if c.IsSet("rotate") {
+		vals["rotate"] = c.Bool("rotate")
+	}
+	if c.IsSet("max-size") {
+		vals["maxsize"] = c.Int64("max-size")
+	}
+	if c.IsSet("daily") {
+		vals["daily"] = c.Bool("daily")
+	}
+	if c.IsSet("max-days") {
+		vals["maxdays"] = c.Int("max-days")
+	}
+	if c.IsSet("compress") {
+		vals["compress"] = c.Bool("compress")
+	}
+	if c.IsSet("compression-level") {
+		vals["compressionLevel"] = c.Int("compression-level")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConsoleLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "console"
+	if c.IsSet("stderr") && c.Bool("stderr") {
+		vals["stderr"] = c.Bool("stderr")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
+	if len(c.String("level")) > 0 {
+		vals["level"] = log.FromString(c.String("level")).String()
+	}
+	if len(c.String("stacktrace-level")) > 0 {
+		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
+	}
+	if len(c.String("expression")) > 0 {
+		vals["expression"] = c.String("expression")
+	}
+	if len(c.String("prefix")) > 0 {
+		vals["prefix"] = c.String("prefix")
+	}
+	if len(c.String("flags")) > 0 {
+		vals["flags"] = log.FlagsFromString(c.String("flags"))
+	}
+	if c.IsSet("color") {
+		vals["colorize"] = c.Bool("color")
+	}
+	group := "default"
+	if c.IsSet("group") {
+		group = c.String("group")
+	}
+	name := mode
+	if c.IsSet("name") {
+		name = c.String("name")
+	}
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
 func runShutdown(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -145,16 +432,47 @@ func runFlushQueues(c *cli.Context) error {
 	return nil
 }

-func runProcesses(c *cli.Context) error {
+func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

 	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
+	statusCode, msg := private.PauseLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}

+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runResumeLogging(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ResumeLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runReleaseReopenLogging(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ReleaseReopenLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -1,383 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
-
-	"github.com/urfave/cli"
-)
-
-var (
-	defaultLoggingFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "group, g",
-			Usage: "Group to add logger to - will default to \"default\"",
-		}, cli.StringFlag{
-			Name:  "name, n",
-			Usage: "Name of the new logger - will default to mode",
-		}, cli.StringFlag{
-			Name:  "level, l",
-			Usage: "Logging level for the new logger",
-		}, cli.StringFlag{
-			Name:  "stacktrace-level, L",
-			Usage: "Stacktrace logging level",
-		}, cli.StringFlag{
-			Name:  "flags, F",
-			Usage: "Flags for the logger",
-		}, cli.StringFlag{
-			Name:  "expression, e",
-			Usage: "Matching expression for the logger",
-		}, cli.StringFlag{
-			Name:  "prefix, p",
-			Usage: "Prefix for the logger",
-		}, cli.BoolFlag{
-			Name:  "color",
-			Usage: "Use color in the logs",
-		}, cli.BoolFlag{
-			Name: "debug",
-		},
-	}
-
-	subcmdLogging = cli.Command{
-		Name:  "logging",
-		Usage: "Adjust logging commands",
-		Subcommands: []cli.Command{
-			{
-				Name:  "pause",
-				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runPauseLogging,
-			}, {
-				Name:  "resume",
-				Usage: "Resume logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runResumeLogging,
-			}, {
-				Name:  "release-and-reopen",
-				Usage: "Cause Gitea to release and re-open files used for logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runReleaseReopenLogging,
-			}, {
-				Name:      "remove",
-				Usage:     "Remove a logger",
-				ArgsUsage: "[name] Name of logger to remove",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					}, cli.StringFlag{
-						Name:  "group, g",
-						Usage: "Group to add logger to - will default to \"default\"",
-					},
-				},
-				Action: runRemoveLogger,
-			}, {
-				Name:  "add",
-				Usage: "Add a logger",
-				Subcommands: []cli.Command{
-					{
-						Name:  "console",
-						Usage: "Add a console logger",
-						Flags: append(defaultLoggingFlags,
-							cli.BoolFlag{
-								Name:  "stderr",
-								Usage: "Output console logs to stderr - only relevant for console",
-							}),
-						Action: runAddConsoleLogger,
-					}, {
-						Name:  "file",
-						Usage: "Add a file logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "filename, f",
-								Usage: "Filename for the logger - this must be set.",
-							}, cli.BoolTFlag{
-								Name:  "rotate, r",
-								Usage: "Rotate logs",
-							}, cli.Int64Flag{
-								Name:  "max-size, s",
-								Usage: "Maximum size in bytes before rotation",
-							}, cli.BoolTFlag{
-								Name:  "daily, d",
-								Usage: "Rotate logs daily",
-							}, cli.IntFlag{
-								Name:  "max-days, D",
-								Usage: "Maximum number of daily logs to keep",
-							}, cli.BoolTFlag{
-								Name:  "compress, z",
-								Usage: "Compress rotated logs",
-							}, cli.IntFlag{
-								Name:  "compression-level, Z",
-								Usage: "Compression level to use",
-							},
-						}...),
-						Action: runAddFileLogger,
-					}, {
-						Name:  "conn",
-						Usage: "Add a net conn logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.BoolFlag{
-								Name:  "reconnect-on-message, R",
-								Usage: "Reconnect to host for every message",
-							}, cli.BoolFlag{
-								Name:  "reconnect, r",
-								Usage: "Reconnect to host when connection is dropped",
-							}, cli.StringFlag{
-								Name:  "protocol, P",
-								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
-							}, cli.StringFlag{
-								Name:  "address, a",
-								Usage: "Host address and port to connect to (defaults to :7020)",
-							},
-						}...),
-						Action: runAddConnLogger,
-					}, {
-						Name:  "smtp",
-						Usage: "Add an SMTP logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "username, u",
-								Usage: "Mail server username",
-							}, cli.StringFlag{
-								Name:  "password, P",
-								Usage: "Mail server password",
-							}, cli.StringFlag{
-								Name:  "host, H",
-								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
-							}, cli.StringSliceFlag{
-								Name:  "send-to, s",
-								Usage: "Email address(es) to send to",
-							}, cli.StringFlag{
-								Name:  "subject, S",
-								Usage: "Subject header of sent emails",
-							},
-						}...),
-						Action: runAddSMTPLogger,
-					},
-				},
-			},
-		},
-	}
-)
-
-func runRemoveLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	group := c.String("group")
-	if len(group) == 0 {
-		group = log.DEFAULT
-	}
-	name := c.Args().First()
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.RemoveLogger(ctx, group, name)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runAddSMTPLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "smtp"
-	if c.IsSet("host") {
-		vals["host"] = c.String("host")
-	} else {
-		vals["host"] = "127.0.0.1:25"
-	}
-
-	if c.IsSet("username") {
-		vals["username"] = c.String("username")
-	}
-	if c.IsSet("password") {
-		vals["password"] = c.String("password")
-	}
-
-	if !c.IsSet("send-to") {
-		return fmt.Errorf("Some recipients must be provided")
-	}
-	vals["sendTos"] = c.StringSlice("send-to")
-
-	if c.IsSet("subject") {
-		vals["subject"] = c.String("subject")
-	} else {
-		vals["subject"] = "Diagnostic message from Gitea"
-	}
-
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConnLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "conn"
-	vals["net"] = "tcp"
-	if c.IsSet("protocol") {
-		switch c.String("protocol") {
-		case "udp":
-			vals["net"] = "udp"
-		case "unix":
-			vals["net"] = "unix"
-		}
-	}
-	if c.IsSet("address") {
-		vals["address"] = c.String("address")
-	} else {
-		vals["address"] = ":7020"
-	}
-	if c.IsSet("reconnect") {
-		vals["reconnect"] = c.Bool("reconnect")
-	}
-	if c.IsSet("reconnect-on-message") {
-		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddFileLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "file"
-	if c.IsSet("filename") {
-		vals["filename"] = c.String("filename")
-	} else {
-		return fmt.Errorf("filename must be set when creating a file logger")
-	}
-	if c.IsSet("rotate") {
-		vals["rotate"] = c.Bool("rotate")
-	}
-	if c.IsSet("max-size") {
-		vals["maxsize"] = c.Int64("max-size")
-	}
-	if c.IsSet("daily") {
-		vals["daily"] = c.Bool("daily")
-	}
-	if c.IsSet("max-days") {
-		vals["maxdays"] = c.Int("max-days")
-	}
-	if c.IsSet("compress") {
-		vals["compress"] = c.Bool("compress")
-	}
-	if c.IsSet("compression-level") {
-		vals["compressionLevel"] = c.Int("compression-level")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConsoleLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "console"
-	if c.IsSet("stderr") && c.Bool("stderr") {
-		vals["stderr"] = c.Bool("stderr")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
-	if len(c.String("level")) > 0 {
-		vals["level"] = log.FromString(c.String("level")).String()
-	}
-	if len(c.String("stacktrace-level")) > 0 {
-		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
-	}
-	if len(c.String("expression")) > 0 {
-		vals["expression"] = c.String("expression")
-	}
-	if len(c.String("prefix")) > 0 {
-		vals["prefix"] = c.String("prefix")
-	}
-	if len(c.String("flags")) > 0 {
-		vals["flags"] = log.FlagsFromString(c.String("flags"))
-	}
-	if c.IsSet("color") {
-		vals["colorize"] = c.Bool("color")
-	}
-	group := "default"
-	if c.IsSet("group") {
-		group = c.String("group")
-	}
-	name := mode
-	if c.IsSet("name") {
-		name = c.String("name")
-	}
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runPauseLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.PauseLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runResumeLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ResumeLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runReleaseReopenLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ReleaseReopenLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -9,14 +9,12 @@ import (
 	"fmt"
 	"strings"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
-	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/migrations"
-	packages_model "code.gitea.io/gitea/models/packages"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
-	packages_module "code.gitea.io/gitea/modules/packages"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"

@@ -27,13 +25,13 @@ import (
 var CmdMigrateStorage = cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
-	Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
+	Description: "This is a command for migrating storage.",
 	Action:      runMigrateStorage,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "type, t",
 			Value: "",
-			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages'",
+			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
 		},
 		cli.StringFlag{
 			Name:  "storage, s",
@@ -82,53 +80,34 @@ var CmdMigrateStorage = cli.Command{
 	},
 }

-func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
+func migrateAttachments(dstStorage storage.ObjectStorage) error {
+	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

-func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
+func migrateLFS(dstStorage storage.ObjectStorage) error {
+	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

-func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(user *user_model.User) error {
+func migrateAvatars(dstStorage storage.ObjectStorage) error {
+	return user_model.IterateUser(func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

-func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
+func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
+	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

-func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
-		p, err := archiver.RelativePath()
-		if err != nil {
-			return err
-		}
-		_, err = storage.Copy(dstStorage, p, storage.RepoArchives, p)
-		return err
-	})
-}
-
-func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
-		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
-		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
-		return err
-	})
-}
-
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -148,6 +127,8 @@ func runMigrateStorage(ctx *cli.Context) error {
 		return err
 	}

+	goCtx := context.Background()
+
 	if err := storage.Init(); err != nil {
 		return err
 	}
@@ -164,13 +145,13 @@ func runMigrateStorage(ctx *cli.Context) error {
 			return nil
 		}
 		dstStorage, err = storage.NewLocalStorage(
-			stdCtx,
+			goCtx,
 			storage.LocalStorageConfig{
 				Path: p,
 			})
 	case string(storage.MinioStorageType):
 		dstStorage, err = storage.NewMinioStorage(
-			stdCtx,
+			goCtx,
 			storage.MinioStorageConfig{
 				Endpoint:        ctx.String("minio-endpoint"),
 				AccessKeyID:     ctx.String("minio-access-key-id"),
@@ -181,29 +162,35 @@ func runMigrateStorage(ctx *cli.Context) error {
 				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
-		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
+		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
 	}
 	if err != nil {
 		return err
 	}

-	migratedMethods := map[string]func(context.Context, storage.ObjectStorage) error{
-		"attachments":    migrateAttachments,
-		"lfs":            migrateLFS,
-		"avatars":        migrateAvatars,
-		"repo-avatars":   migrateRepoAvatars,
-		"repo-archivers": migrateRepoArchivers,
-		"packages":       migratePackages,
-	}
-
 	tp := strings.ToLower(ctx.String("type"))
-	if m, ok := migratedMethods[tp]; ok {
-		if err := m(stdCtx, dstStorage); err != nil {
+	switch tp {
+	case "attachments":
+		if err := migrateAttachments(dstStorage); err != nil {
 			return err
 		}
-		log.Info("%s files have successfully been copied to the new storage.", tp)
-		return nil
+	case "lfs":
+		if err := migrateLFS(dstStorage); err != nil {
+			return err
+		}
+	case "avatars":
+		if err := migrateAvatars(dstStorage); err != nil {
+			return err
+		}
+	case "repo-avatars":
+		if err := migrateRepoAvatars(dstStorage); err != nil {
+			return err
+		}
+	default:
+		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
 	}

-	return fmt.Errorf("unsupported storage: %s", ctx.String("type"))
+	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
+
+	return nil
 }
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -1,74 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"context"
-	"os"
-	"strings"
-	"testing"
-
-	"code.gitea.io/gitea/models/packages"
-	"code.gitea.io/gitea/models/unittest"
-	user_model "code.gitea.io/gitea/models/user"
-	packages_module "code.gitea.io/gitea/modules/packages"
-	"code.gitea.io/gitea/modules/storage"
-	packages_service "code.gitea.io/gitea/services/packages"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestMigratePackages(t *testing.T) {
-	assert.NoError(t, unittest.PrepareTestDatabase())
-
-	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
-
-	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
-	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
-	assert.NoError(t, err)
-	defer buf.Close()
-
-	v, f, err := packages_service.CreatePackageAndAddFile(&packages_service.PackageCreationInfo{
-		PackageInfo: packages_service.PackageInfo{
-			Owner:       creator,
-			PackageType: packages.TypeGeneric,
-			Name:        "test",
-			Version:     "1.0.0",
-		},
-		Creator:           creator,
-		SemverCompatible:  true,
-		VersionProperties: map[string]string{},
-	}, &packages_service.PackageFileCreationInfo{
-		PackageFileInfo: packages_service.PackageFileInfo{
-			Filename: "a.go",
-		},
-		Data:   buf,
-		IsLead: true,
-	})
-	assert.NoError(t, err)
-	assert.NotNil(t, v)
-	assert.NotNil(t, f)
-
-	ctx := context.Background()
-
-	p, err := os.MkdirTemp(os.TempDir(), "migrated_packages")
-	assert.NoError(t, err)
-
-	dstStorage, err := storage.NewLocalStorage(
-		ctx,
-		storage.LocalStorageConfig{
-			Path: p,
-		})
-	assert.NoError(t, err)
-
-	err = migratePackages(ctx, dstStorage)
-	assert.NoError(t, err)
-
-	entries, err := os.ReadDir(p)
-	assert.NoError(t, err)
-	assert.EqualValues(t, 2, len(entries))
-	assert.EqualValues(t, "01", entries[0].Name())
-	assert.EqualValues(t, "tmp", entries[1].Name())
-}
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -7,7 +7,6 @@ package cmd
 import (
 	"errors"
 	"net/http"
-	"strings"

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
@@ -44,10 +43,6 @@ var CmdRestoreRepository = cli.Command{
 			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
-		cli.BoolFlag{
-			Name:  "validation",
-			Usage: "Sanity check the content of the files before trying to load them",
-		},
 	},
 }

@@ -56,17 +51,13 @@ func runRestoreRepository(c *cli.Context) error {
 	defer cancel()

 	setting.LoadFromExisting()
-	var units []string
-	if s := c.String("units"); s != "" {
-		units = strings.Split(s, ",")
-	}
+
 	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
 		c.String("repo_name"),
-		units,
-		c.Bool("validation"),
+		c.StringSlice("units"),
 	)
 	if statusCode == http.StatusOK {
 		return nil
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -6,7 +6,6 @@
 package cmd

 import (
-	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -17,16 +16,14 @@ import (
 	"strings"
 	"time"

+	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/perm"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/process"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"

@@ -66,21 +63,6 @@ func setup(logPath string, debug bool) {
 	if debug {
 		setting.RunMode = "dev"
 	}
-
-	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
-	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
-	if _, err := os.Stat(setting.RepoRootPath); err != nil {
-		if os.IsNotExist(err) {
-			_ = fail("Incorrect configuration, no repository directory.", "Directory `[repository].ROOT` %q was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository].ROOT` an absolute value.", setting.RepoRootPath)
-		} else {
-			_ = fail("Incorrect configuration, repository directory is inaccessible", "Directory `[repository].ROOT` %q is inaccessible. err: %v", setting.RepoRootPath, err)
-		}
-		return
-	}
-
-	if err := git.InitSimple(context.Background()); err != nil {
-		_ = fail("Failed to init git", "Failed to init git, err: %v", err)
-	}
 }

 var (
@@ -96,12 +78,12 @@ var (
 func fail(userMessage, logMessage string, args ...interface{}) error {
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
-	_, _ = fmt.Fprintln(os.Stdout, "")
-	_, _ = fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
+	fmt.Fprintln(os.Stdout, "")
+	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)

 	if len(logMessage) > 0 {
 		if !setting.IsProd {
-			_, _ = fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
+			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}
 	ctx, cancel := installSignals()
@@ -253,16 +235,28 @@ func runServ(c *cli.Context) error {
 		}
 		return fail("Internal Server Error", "%s", err.Error())
 	}
+	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	os.Setenv(models.EnvRepoName, results.RepoName)
+	os.Setenv(models.EnvRepoUsername, results.OwnerName)
+	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherEmail, results.UserEmail)
+	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
+	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
+	os.Setenv(models.EnvDeployKeyID, fmt.Sprintf("%d", results.DeployKeyID))
+	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
+	os.Setenv(models.EnvAppURL, setting.AppURL)

-	// LFS token authentication
+	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
 		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
 		claims := lfs.Claims{
-			RegisteredClaims: jwt.RegisteredClaims{
-				ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
-				NotBefore: jwt.NewNumericDate(now),
+			// FIXME: we need to migrate to RegisteredClaims
+			StandardClaims: jwt.StandardClaims{ // nolint
+				ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
+				NotBefore: now.Unix(),
 			},
 			RepoID: results.RepoID,
 			Op:     lfsVerb,
@@ -276,7 +270,7 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to sign JWT token: %v", err)
 		}

-		tokenAuthentication := &git_model.LFSTokenResponse{
+		tokenAuthentication := &models.LFSTokenResponse{
 			Header: make(map[string]string),
 			Href:   url,
 		}
@@ -303,29 +297,19 @@ func runServ(c *cli.Context) error {
 		gitcmd = exec.CommandContext(ctx, verb, repoPath)
 	}

-	process.SetSysProcAttribute(gitcmd)
+	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
+	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
+	if _, err := os.Stat(setting.RepoRootPath); err != nil {
+		if os.IsNotExist(err) {
+			return fail("Incorrect configuration.",
+				"Directory `[repository]` `ROOT` was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository]` `ROOT` an absolute value.")
+		}
+	}
+
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
 	gitcmd.Stderr = os.Stderr
-	gitcmd.Env = append(gitcmd.Env, os.Environ()...)
-	gitcmd.Env = append(gitcmd.Env,
-		repo_module.EnvRepoIsWiki+"="+strconv.FormatBool(results.IsWiki),
-		repo_module.EnvRepoName+"="+results.RepoName,
-		repo_module.EnvRepoUsername+"="+results.OwnerName,
-		repo_module.EnvPusherName+"="+results.UserName,
-		repo_module.EnvPusherEmail+"="+results.UserEmail,
-		repo_module.EnvPusherID+"="+strconv.FormatInt(results.UserID, 10),
-		repo_module.EnvRepoID+"="+strconv.FormatInt(results.RepoID, 10),
-		repo_module.EnvPRID+"="+fmt.Sprintf("%d", 0),
-		repo_module.EnvDeployKeyID+"="+fmt.Sprintf("%d", results.DeployKeyID),
-		repo_module.EnvKeyID+"="+fmt.Sprintf("%d", results.KeyID),
-		repo_module.EnvAppURL+"="+setting.AppURL,
-	)
-	// to avoid breaking, here only use the minimal environment variables for the "gitea serv" command.
-	// it could be re-considered whether to use the same git.CommonGitCmdEnvs() as "git" command later.
-	gitcmd.Env = append(gitcmd.Env, git.CommonCmdServEnvs()...)
-
 	if err = gitcmd.Run(); err != nil {
 		return fail("Internal error", "Failed to execute git command: %v", err)
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -16,12 +16,10 @@ import (

 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/install"

-	"github.com/felixge/fgprof"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@@ -61,9 +59,6 @@ and it takes care of all the other things for you`,
 }

 func runHTTPRedirector() {
-	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: HTTP Redirector", process.SystemProcessType, true)
-	defer finished()
-
 	source := fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.PortToRedirect)
 	dest := strings.TrimSuffix(setting.AppURL, "/")
 	log.Info("Redirecting: %s to %s", source, dest)
@@ -76,7 +71,8 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})

-	err := runHTTP("tcp", source, "HTTP Redirector", handler)
+	var err = runHTTP("tcp", source, "HTTP Redirector", handler)
+
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@@ -92,7 +88,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 	defer func() {
 		if panicked := recover(); panicked != nil {
-			log.Fatal("PANIC: %v\n%s", panicked, log.Stack(2))
+			log.Fatal("PANIC: %v\n%s", panicked, string(log.Stack(2)))
 		}
 	}()

@@ -146,11 +142,8 @@ func runWeb(ctx *cli.Context) error {

 	if setting.EnablePprof {
 		go func() {
-			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
-			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
 			log.Info("Starting pprof server on localhost:6060")
 			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
-			finished()
 		}()
 	}

@@ -212,8 +205,6 @@ func listen(m http.Handler, handleRedirector bool) error {
 	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
 		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
 	}
-	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: Gitea Server", process.SystemProcessType, true)
-	defer finished()
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
 	// A user may fix the configuration mistake when he sees this log.
@@ -232,10 +223,10 @@ func listen(m http.Handler, handleRedirector bool) error {
 		}
 		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
-		if setting.EnableAcme {
-			err = runACME(listenAddr, m)
+		if setting.EnableLetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, m)
 			break
-		} else {
+		}
 		if handleRedirector {
 			if setting.RedirectOtherPort {
 				go runHTTPRedirector()
@@ -244,7 +235,6 @@ func listen(m http.Handler, handleRedirector bool) error {
 			}
 		}
 		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
-		}
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -5,41 +5,19 @@
 package cmd

 import (
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
 	"net/http"
-	"os"
 	"strconv"
 	"strings"

 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/caddyserver/certmagic"
 )

-func getCARoot(path string) (*x509.CertPool, error) {
-	r, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	block, _ := pem.Decode(r)
-	if block == nil {
-		return nil, fmt.Errorf("no PEM found in the file %s", path)
-	}
-	caRoot, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	certPool := x509.NewCertPool()
-	certPool.AddCert(caRoot)
-	return certPool, nil
-}
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {

-func runACME(listenAddr string, m http.Handler) error {
 	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
 	// Due to docker port mapping this can't be checked programmatically
 	// TODO: these are placeholders until we add options for each in settings with appropriate warning
@@ -56,21 +34,10 @@ func runACME(listenAddr string, m http.Handler) error {
 	}

 	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
-	// Try to use private CA root if provided, otherwise defaults to system's trust
-	var certPool *x509.CertPool
-	if setting.AcmeCARoot != "" {
-		var err error
-		certPool, err = getCARoot(setting.AcmeCARoot)
-		if err != nil {
-			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
-		}
-	}
-	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
-		CA:                      setting.AcmeURL,
-		TrustedRoots:            certPool,
-		Email:                   setting.AcmeEmail,
-		Agreed:                  setting.AcmeTOS,
+	magic.Storage = &certmagic.FileStorage{Path: directory}
+	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
+		Email:                   email,
+		Agreed:                  setting.LetsEncryptTOS,
 		DisableHTTPChallenge:    !enableHTTPChallenge,
 		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
 		ListenHost:              setting.HTTPAddr,
@@ -81,7 +48,7 @@ func runACME(listenAddr string, m http.Handler) error {
 	magic.Issuers = []certmagic.Issuer{myACME}

 	// this obtains certificates or renews them if necessary
-	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
+	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
 	if err != nil {
 		return err
 	}
@@ -108,12 +75,9 @@ func runACME(listenAddr string, m http.Handler) error {

 	if enableHTTPChallenge {
 		go func() {
-			_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: ACME HTTP challenge server", process.SystemProcessType, true)
-			defer finished()
-
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
@@ -132,5 +96,5 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 	// URI always contains a leading slash, which would result in a double
 	// slash
 	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusTemporaryRedirect)
+	http.Redirect(w, r, target, http.StatusFound)
 }
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -66,7 +66,7 @@ func generate(name string) error {
 				return err
 			}
 			path := filepath.Join(fixturesDir, name+".yml")
-			if err := os.WriteFile(path, []byte(data), 0o644); err != nil {
+			if err := os.WriteFile(path, []byte(data), 0644); err != nil {
 				return fmt.Errorf("%s: %+v", path, err)
 			}
 			fmt.Printf("%s created.\n", path)
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -7,10 +7,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "",
+      "port": 2345,
+      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
-        "GITEA_WORK_DIR": "${workspaceRoot}",
-      },
+      "env": {},
      "args": ["web"],
      "showLog": true
    },
@@ -20,10 +20,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
+      "port": 2345,
+      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
-        "GITEA_WORK_DIR": "${workspaceRoot}",
-      },
+      "env": {},
      "args": ["web"],
      "showLog": true
    }
--- a/contrib/init/openwrt/gitea
+++ b/contrib/init/openwrt/gitea
@@ -1,35 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-
-# PROCD_DEBUG=1
-
-START=90
-STOP=10
-
-PROG=/opt/gitea/gitea
-GITEA_WORK_DIR=/opt/gitea
-CONF_FILE=$GITEA_WORK_DIR/app.ini
-
-start_service(){
-    procd_open_instance gitea
-    procd_set_param env GITEA_WORK_DIR=$GITEA_WORK_DIR
-    procd_set_param env HOME=$GITEA_WORK_DIR
-    procd_set_param command $PROG web -c $CONF_FILE
-    procd_set_param file $CONF_FILE
-    procd_set_param user git
-    procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} # respawn automatically if something died, be careful if you have an alternative process supervisor
-    procd_close_instance
-}
-
-start(){
-    service_start $PROG
-}
-
-stop(){
-    service_stop $PROG
-}
-
-reload(){
-    service_reload $PROG
-}
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -24,12 +24,12 @@ import (
 	"strconv"
 	"time"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	gitea_git "code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
@@ -93,13 +93,13 @@ func runPR() {

 	routers.InitGitServices()
 	setting.Database.LogSQL = true
-	// x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")

 	db.InitEngineWithMigration(context.Background(), func(_ *xorm.Engine) error {
 		return nil
 	})
 	db.HasEngine = true
-	// x.ShowSQL(true)
+	//x.ShowSQL(true)
 	err = unittest.InitFixtures(
 		unittest.FixturesOptions{
 			Dir: path.Join(curDir, "models/fixtures/"),
@@ -111,11 +111,11 @@ func runPR() {
 	}
 	unittest.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
-	util.RemoveAll(repo_module.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+	util.RemoveAll(models.LocalCopyPath())
+	util.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)

 	log.Printf("[PR] Setting up router\n")
-	// routers.GlobalInit()
+	//routers.GlobalInit()
 	external.RegisterRenderers()
 	markup.Init()
 	c := routers.NormalRoutes()
@@ -137,7 +137,7 @@ func runPR() {
 		}
 	*/

-	// Start the server
+	//Start the server
 	http.ListenAndServe(":8080", c)

 	log.Printf("[PR] Cleaning up ...\n")
@@ -160,7 +160,7 @@ func runPR() {
 }

 func main() {
-	runPRFlag := flag.Bool("run", false, "Run the PR code")
+	var runPRFlag = flag.Bool("run", false, "Run the PR code")
 	flag.Parse()
 	if *runPRFlag {
 		runPR()
@@ -173,15 +173,15 @@ func main() {
 		force = false
 	}

-	// Otherwise checkout PR
+	//Otherwise checkout PR
 	if len(os.Args) != 2 {
 		log.Fatal("Need only one arg: the PR number")
 	}
 	pr := os.Args[1]

-	codeFilePath = filepath.FromSlash(codeFilePath) // Convert to running OS
+	codeFilePath = filepath.FromSlash(codeFilePath) //Convert to running OS

-	// Copy this file if it will not exist in the PR branch
+	//Copy this file if it will not exist in the PR branch
 	dat, err := os.ReadFile(codeFilePath)
 	if err != nil {
 		log.Fatalf("Failed to cache this code file : %v", err)
@@ -192,16 +192,16 @@ func main() {
 		log.Fatalf("Failed to open the repo : %v", err)
 	}

-	// Find remote upstream
+	//Find remote upstream
 	remotes, err := repo.Remotes()
 	if err != nil {
 		log.Fatalf("Failed to list remotes of repo : %v", err)
 	}
-	remoteUpstream := "origin" // Default
+	remoteUpstream := "origin" //Default
 	for _, r := range remotes {
 		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea.git" ||
 			r.Config().URLs[0] == "https://github.com/go-gitea/gitea" ||
-			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { // fetch at index 0
+			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
 			remoteUpstream = r.Config().Name
 			break
 		}
@@ -212,7 +212,7 @@ func main() {

 	log.Printf("Fetching PR #%s in %s\n", pr, branch)
 	if runtime.GOOS == "windows" {
-		// Use git cli command for windows
+		//Use git cli command for windows
 		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
 	} else {
 		ref := fmt.Sprintf("%s%s/head:%s", gitea_git.PullPrefix, pr, branchRef)
@@ -240,23 +240,22 @@ func main() {
 		log.Fatalf("Failed to checkout %s : %v", branch, err)
 	}

-	// Copy this file if not exist
+	//Copy this file if not exist
 	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
-		err = os.MkdirAll(filepath.Dir(codeFilePath), 0o755)
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
-		err = os.WriteFile(codeFilePath, dat, 0o644)
+		err = os.WriteFile(codeFilePath, dat, 0644)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
 	}
-	// Force build of js, css, bin, ...
+	//Force build of js, css, bin, ...
 	runCmd("make", "build")
-	// Start with integration test
+	//Start with integration test
 	runCmd("go", "run", "-mod", "vendor", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
 }
-
 func runCmd(cmd ...string) {
 	log.Printf("Executing : %s ...\n", cmd)
 	c := exec.Command(cmd[0], cmd[1:]...)
--- a/contrib/update_dependencies.sh
+++ b/contrib/update_dependencies.sh
@@ -4,5 +4,5 @@ grep 'git' go.mod | grep '\.com' | grep -v indirect | grep -v replace | cut -f 2
  go get -u "$line"
  make vendor
  git add .
-  git commit -m "update $line"
+  git commit -S -m "update $line"
 done
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@@ -1,126 +0,0 @@
-#!/usr/bin/env bash
-# This is an update script for gitea installed via the binary distribution
-# from dl.gitea.io on linux as systemd service. It performs a backup and updates
-# Gitea in place.
-# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
-# Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
-#   See section below for available environment vars.
-#   When no version is specified, updates to the latest release.
-# Examples:
-#   upgrade.sh 1.15.10
-#   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
-
-# apply variables from environment
-: "${giteabin:="/usr/local/bin/gitea"}"
-: "${giteahome:="/var/lib/gitea"}"
-: "${giteaconf:="/etc/gitea/app.ini"}"
-: "${giteauser:="git"}"
-: "${sudocmd:="sudo"}"
-: "${arch:="linux-amd64"}"
-: "${service_start:="$sudocmd systemctl start gitea"}"
-: "${service_stop:="$sudocmd systemctl stop gitea"}"
-: "${service_status:="$sudocmd systemctl status gitea"}"
-: "${backupopts:=""}" # see `gitea dump --help` for available options
-
-function giteacmd {
-  if [[ $sudocmd = "su" ]]; then
-    # `-c` only accept one string as argument.
-    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
-  else
-    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
-  fi
-}
-
-function require {
-  for exe in "$@"; do
-    command -v "$exe" &>/dev/null || (echo "missing dependency '$exe'"; exit 1)
-  done
-}
-
-# parse command line arguments
-while true; do
-  case "$1" in
-    -v | --version ) giteaversion="$2"; shift 2 ;;
-    -y | --yes ) no_confirm="yes"; shift ;;
-    --ignore-gpg) ignore_gpg="yes"; shift ;;
-    "" | -- ) shift; break ;;
-    * ) echo "Usage:  [<environment vars>] upgrade.sh [-v <version>] [-y] [--ignore-gpg]"; exit 1;; 
-  esac
-done
-
-# exit once any command fails. this means that each step should be idempotent!
-set -euo pipefail
-
-if [[ -f /etc/os-release ]]; then
-  os_release=$(cat /etc/os-release)
-
-  if [[ "$os_release" =~ "OpenWrt" ]]; then
-    sudocmd="su"
-    service_start="/etc/init.d/gitea start"
-    service_stop="/etc/init.d/gitea stop"
-    service_status="/etc/init.d/gitea status"
-  else
-    require systemctl
-  fi
-fi
-
-require curl xz sha256sum "$sudocmd"
-
-# select version to install
-if [[ -z "${giteaversion:-}" ]]; then
-  require jq
-  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
-  echo "Latest available version is $giteaversion"
-fi
-
-# confirm update
-echo "Checking currently installed version..."
-current=$(giteacmd --version | cut -d ' ' -f 3)
-[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
-if [[ -z "${no_confirm:-}"  ]]; then
-  echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
-  echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
-  read -r confirm
-  [[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
-fi
-
-echo "Upgrading gitea from $current to $giteaversion ..."
-
-pushd "$(pwd)" &>/dev/null
-cd "$giteahome" # needed for gitea dump later
-
-# download new binary
-binname="gitea-${giteaversion}-${arch}"
-binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
-echo "Downloading $binurl..."
-curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"
-
-# validate checksum & gpg signature
-sha256sum -c "${binname}.xz.sha256"
-if [[ -z "${ignore_gpg:-}" ]]; then
-  require gpg
-  gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
-  gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
-fi
-rm "${binname}".xz.{sha256,asc}
-
-# unpack binary + make executable
-xz --decompress --force "${binname}.xz"
-chown "$giteauser" "$binname"
-chmod +x "$binname"
-
-# stop gitea, create backup, replace binary, restart gitea
-echo "Flushing gitea queues at $(date)"
-giteacmd manager flush-queues
-echo "Stopping gitea at $(date)"
-$service_stop
-echo "Creating backup in $giteahome"
-giteacmd dump $backupopts
-echo "Updating binary at $giteabin"
-cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
-$service_start
-$service_status
-
-echo "Upgrade to $giteaversion successful!"
-
-popd
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -61,7 +61,7 @@ RUN_MODE = ; prod
 ;; SSL Cipher Suites
 ;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
 ;;
-;; Timeout for any write to the connection. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to the connection. (Set to 0 to disable all timeouts.)
 ;PER_WRITE_TIMEOUT = 30s
 ;;
 ;; Timeout per Kb written to connections.
@@ -82,15 +82,12 @@ RUN_MODE = ; prod
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
-;; Username to use for the builtin SSH server.
-;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
+;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+;BUILTIN_SSH_SERVER_USER =
 ;;
 ;; Domain name to be exposed in clone URL
 ;SSH_DOMAIN = %(DOMAIN)s
 ;;
-;; SSH username displayed in clone URLs.
-;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
-;;
 ;; The network interface the builtin SSH server should listen on
 ;SSH_LISTEN_HOST =
 ;;
@@ -113,15 +110,15 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the ciphers to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+;SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ;;
 ;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+;SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
 ;;
 ;; For the built-in SSH server, choose the MACs to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
@@ -163,7 +160,7 @@ RUN_MODE = ; prod
 ;; Enable exposure of SSH clone URL to anonymous visitors, default is false
 ;SSH_EXPOSE_ANONYMOUS = false
 ;;
-;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to ssh connections. (Set to 0 to disable all timeouts.)
 ;; Will default to the PER_WRITE_TIMEOUT.
 ;SSH_PER_WRITE_TIMEOUT = 30s
 ;;
@@ -178,36 +175,6 @@ RUN_MODE = ; prod
 ;OFFLINE_MODE = false
 ;DISABLE_ROUTER_LOG = false
 ;;
-;; TLS Settings: Either ACME or manual
-;; (Other common TLS configuration are found before)
-;ENABLE_ACME = false
-;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; ACME automatic TLS settings
-;;
-;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
-;; Leave empty to default to LetsEncrypt's (production) URL
-;ACME_URL =
-;;
-;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
-;ACME_ACCEPTTOS = false
-;;
-;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
-;ACME_CA_ROOT =
-;;
-;; Email used for the ACME registration service
-;; Can be left blank to initialize at first run and use the cached value
-;ACME_EMAIL =
-;;
-;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
-;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
-;ACME_DIRECTORY = https
-;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;;  Manual TLS settings: (Only applicable if ENABLE_ACME=false)
-;;
 ;; Generate steps:
 ;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;;
@@ -237,13 +204,15 @@ RUN_MODE = ; prod
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
 ;PPROF_DATA_PATH = data/tmp/pprof
 ;;
-;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
+;; Landing page, can be "home", "explore", "organizations" or "login"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
 ;LANDING_PAGE = home
 ;;
 ;; Enables git-lfs support. true or false, default is false.
 ;LFS_START_SERVER = false
 ;;
+;; Where your lfs files reside, default is data/lfs.
+;LFS_CONTENT_PATH = data/lfs
 ;;
 ;; LFS authentication secret, change this yourself
 LFS_JWT_SECRET =
@@ -398,7 +367,6 @@ INTERNAL_TOKEN=
 ;; By modifying the Gitea database, users can gain Gitea administrator privileges.
 ;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
 ;; WARNING: This maybe harmful to you website or your operating system.
-;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 ;DISABLE_GIT_HOOKS = true
 ;;
 ;; Set to true to disable webhooks feature.
@@ -425,23 +393,6 @@ INTERNAL_TOKEN=
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[camo]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; At the moment we only support images
-;;
-;; if the camo is enabled
-;ENABLED = false
-;; url to a camo image proxy, it **is required** if camo is enabled.
-;SERVER_URL =
-;; HMAC to encode urls with, it **is required** if camo is enabled.
-;HMAC_KEY =
-;; Set to true to use camo for https too lese only non https urls are proxyed
-;ALLWAYS = false
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [oauth2]
@@ -504,35 +455,26 @@ APP_ID = ; e.g. http://localhost:3000/
 ;; Use comma to separate multiple modes, e.g. "console, file"
 MODE = console
 ;;
-;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
+;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
 LEVEL = Info
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Router Logger
 ;;
 ;; Switch off the router log
-;DISABLE_ROUTER_LOG=false
+;DISABLE_ROUTER_LOG= ; false
 ;;
 ;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
 ROUTER = console
 ;;
-;; The router will log different things at different levels.
+;; The level at which the router logs
+;ROUTER_LOG_LEVEL = Info
 ;;
-;; * started messages will be logged at TRACE level
-;; * polling/completed routers will be logged at INFO
-;; * slow routers will be logged at WARN
-;; * failed routers will be logged at WARN
-;;
-;; The routing level will default to that of the system but individual router level can be set in
-;; [log.<mode>.router] LEVEL
-;;
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Access Logger (Creates log in NCSA common log format)
 ;;
 ;ENABLE_ACCESS_LOG = false
-;;
 ;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
 ;ACCESS = file
 ;;
@@ -617,10 +559,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; The path of git executable. If empty, Gitea searches through the PATH environment.
-;PATH =
-;;
-;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)/home
+PATH =
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -816,8 +755,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
-;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
+;; Root path for storing all repository data. It must be an absolute path. By default, it is stored in a sub-directory of `APP_DATA_PATH`.
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -884,7 +822,7 @@ ROUTER = console
 ;DISABLE_STARS = false
 ;;
 ;; The default branch name of new repositories
-;DEFAULT_BRANCH = main
+;DEFAULT_BRANCH = master
 ;;
 ;; Allow adoption of unadopted repositories
 ;ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
@@ -892,9 +830,6 @@ ROUTER = console
 ;; Allow deletion of unadopted repositories
 ;ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES = false

-;; Don't allow download source archive files from UI
-;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@@ -915,7 +850,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
+;; Path for local repository copy. Defaults to `tmp/local-repo`
 ;LOCAL_COPY_PATH = tmp/local-repo

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -927,7 +862,7 @@ ROUTER = console
 ;; Whether repository file uploads are enabled. Defaults to `true`
 ;ENABLED = true
 ;;
-;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
+;; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
 ;TEMP_PATH = data/tmp/uploads
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
@@ -945,7 +880,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; List of prefixes used in Pull Request title to mark them as Work In Progress (matched in a case-insensitive manner)
+;; List of prefixes used in Pull Request title to mark them as Work In Progress
 ;WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
 ;;
 ;; List of keywords used in Pull Request comments to automatically close a related issue
@@ -954,9 +889,6 @@ ROUTER = console
 ;; List of keywords used in Pull Request comments to automatically reopen a related issue
 ;REOPEN_KEYWORDS = reopen,reopens,reopened
 ;;
-;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
-;DEFAULT_MERGE_STYLE = merge
-;;
 ;; In the default merge message for squash commits include at most this many commits
 ;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
 ;;
@@ -1188,7 +1120,7 @@ ROUTER = console
 ;;
 ;; Control how often the notification endpoint is polled to update the notification
 ;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
-;; Set MIN_TIMEOUT to -1 to turn off
+;; Set MIN_TIMEOUT to 0 to turn off
 ;MIN_TIMEOUT = 10s
 ;MAX_TIMEOUT = 60s
 ;TIMEOUT_STEP = 10s
@@ -1248,7 +1180,7 @@ ROUTER = console
 ;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 ;ED25519 = 256
 ;ECDSA = 256
-;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
+;RSA = 2048
 ;DSA = -1 ; set to 1024 to switch on

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1273,7 +1205,7 @@ ROUTER = console
 ;ISSUE_INDEXER_NAME = gitea_issues
 ;;
 ;; Timeout the indexer if it takes longer than this to start.
-;; Set to -1 to disable timeout.
+;; Set to zero to disable timeout.
 ;STARTUP_TIMEOUT = 30s
 ;;
 ;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
@@ -1561,7 +1493,6 @@ ROUTER = console
 ;SENDMAIL_PATH = sendmail
 ;;
 ;; Specify any extra sendmail arguments
-;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
 ;SENDMAIL_ARGS =
 ;;
 ;; Timeout for Sendmail
@@ -1592,7 +1523,7 @@ ROUTER = console
 ;HOST =
 ;;
 ;; Time to keep items in cache if not used, default is 16 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 16h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1606,7 +1537,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Time to keep items in cache if not used, default is 8760 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 8760h
 ;;
 ;; Only enable the cache when repository's commits count great than
@@ -1618,8 +1549,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
-;; Default is "memory". "db" will reuse the configuration in [database]
+;; Either "memory", "file", or "redis", default is "memory"
 ;PROVIDER = memory
 ;;
 ;; Provider config options
@@ -1693,7 +1623,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -1781,8 +1711,8 @@ ROUTER = console
 ;ENABLED = true
 ;; Whether to always run at least once at start up time (if ENABLED)
 ;RUN_AT_START = true
-;; Whether to emit notice on successful execution too
-;NOTICE_ON_SUCCESS = false
+;; Notice if not success
+;NO_SUCCESS_NOTICE = false
 ;; Time interval for job to run
 ;SCHEDULE = @midnight
 ;; Archives created more than OLDER_THAN ago are subject to deletion
@@ -1801,7 +1731,7 @@ ROUTER = console
 ;; Run Update mirrors task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = true
 ;; Limit the number of mirrors added to the queue to this number
 ;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
 ;PULL_LIMIT=50
@@ -1822,7 +1752,7 @@ ROUTER = console
 ;; Run Repository health check task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;TIMEOUT = 60s
 ;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
 ;; see more on http://git-scm.com/docs/git-fsck
@@ -1840,7 +1770,7 @@ ROUTER = console
 ;; Run check repository statistics task when Gitea starts.
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @midnight

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1853,7 +1783,7 @@ ROUTER = console
 ;; Update migrated repositories' issues and comments' posterid when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization. (default every 24h)
 ;SCHEDULE = @midnight

@@ -1868,7 +1798,7 @@ ROUTER = console
 ;; Synchronize external user data when starting server (default false)
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
 ;SCHEDULE = @midnight
 ;; Create new users, update existing user data and disable users that are not in external source anymore (default)
@@ -1886,7 +1816,7 @@ ROUTER = console
 ;; Clean-up deleted branches when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
 ;SCHEDULE = @midnight
 ;; deleted branches than OLDER_THAN ago are subject to deletion
@@ -1912,24 +1842,6 @@ ROUTER = console
 ;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
 ;NUMBER_TO_KEEP = 10

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Cleanup expired packages
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.cleanup_packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Whether to enable the job
-;ENABLED = true
-;; Whether to always run at least once at start up time (if ENABLED)
-;RUN_AT_START = true
-;; Whether to emit notice on successful execution too
-;NOTICE_ON_SUCCESS = false
-;; Time interval for job to run
-;SCHEDULE = @midnight
-;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
-;OLDER_THAN = 24h
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1947,7 +1859,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually
 ;OLDER_THAN = 168h

@@ -1960,7 +1872,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually;

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1972,7 +1884,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;TIMEOUT = 60s
 ;; Arguments for command 'git gc'
@@ -1988,7 +1900,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2000,7 +1912,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2012,7 +1924,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2024,7 +1936,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2036,7 +1948,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2048,7 +1960,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h

@@ -2065,19 +1977,6 @@ ROUTER = console
 ;SCHEDULE = @every 168h
 ;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Delete all old system notices from database
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.delete_old_system_notices]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;RUN_AT_START = false
-;NO_SUCCESS_NOTICE = false
-;SCHEDULE = @every 168h
-;OLDER_THAN = 8760h
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Operation timeout in seconds
@@ -2097,7 +1996,7 @@ ROUTER = console
 ;[mirror]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
+;; Enables the mirror functionality. Set to **false** to disable all mirrors.
 ;ENABLED = true
 ;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 ;DISABLE_NEW_PULL = false
@@ -2129,9 +2028,8 @@ ROUTER = console
 ;[i18n]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 ;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2187,11 +2085,6 @@ ROUTER = console
 ;RENDER_COMMAND = "asciidoc --out-file=- -"
 ;; Don't pass the file on STDIN, pass the filename as argument instead.
 ;IS_INPUT_FILE = false
-;; How the content will be rendered.
-;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
-;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
-;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
-;RENDER_CONTENT_MODE=sanitized

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2253,22 +2146,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Enable/Disable federation capabilities
-;ENABLED = false
-;;
-;; Enable/Disable user statistics for nodeinfo if federation is enabled
-;SHARE_USER_STATISTICS = true
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable/Disable package registry capabilities
-;ENABLED = true
-;;
-;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
-;CHUNKED_UPLOAD_PATH = tmp/package-upload
+; ENABLED = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2296,19 +2174,6 @@ ROUTER = console
 ;;
 ;[lfs]
 ;STORAGE_TYPE = local
-;;
-;; Where your lfs files reside, default is data/lfs.
-;PATH = data/lfs
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for packages, will override storage setting
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[storage.packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; storage type
-;STORAGE_TYPE = local

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -49,8 +49,6 @@ if [ -d /etc/ssh ]; then
    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
-    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
-    SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \
    envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config

    chmod 0644 /etc/ssh/sshd_config
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -20,6 +20,7 @@ DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = /data/git/lfs

 [database]
 PATH = /data/gitea/gitea.db
@@ -58,6 +59,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
-
-[lfs]
-PATH = /data/git/lfs
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -8,7 +8,7 @@ ListenAddress ::
 ${SSH_MAX_STARTUPS}
 ${SSH_MAX_SESSIONS}

-LogLevel ${SSH_LOG_LEVEL}
+LogLevel INFO

 HostKey /data/ssh/ssh_host_ed25519_key
 ${SSH_ED25519_CERT}
@@ -41,5 +41,3 @@ Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server

 AcceptEnv GIT_PROTOCOL
-
-${SSH_INCLUDE_FILE}
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -1,11 +1,5 @@
 #!/bin/sh

-# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
-if [ ! -x /bin/sh ]; then
-  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
-  exit 1;
-fi
-
 if [ "${USER}" != "git" ]; then
    # rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
--- a/docker/root/usr/local/bin/gitea
+++ b/docker/root/usr/local/bin/gitea
@@ -13,3 +13,5 @@ CUSTOM_PATH="/data/gitea"

 # Provide docker defaults
 GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"
+
+
--- a/docker/rootless/etc/templates/app.ini
+++ b/docker/rootless/etc/templates/app.ini
@@ -23,6 +23,7 @@ SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 BUILTIN_SSH_SERVER_USER = $RUN_USER
 LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs

 [database]
 PATH = $GITEA_WORK_DIR/data/gitea.db
@@ -54,6 +55,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
-
-[lfs]
-PATH = $GITEA_WORK_DIR/git/lfs
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@@ -1,11 +1,5 @@
 #!/bin/sh

-# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
-if [ ! -x /bin/sh ]; then
-  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
-  exit 1;
-fi
-
 if [ -x /usr/local/bin/docker-setup.sh ]; then
    /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
 fi
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -18,10 +18,10 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.16.8
-  minGoVersion: 1.18
+  version: 1.16.4
+  minGoVersion: 1.16
  goVersion: 1.18
-  minNodeVersion: 14
+  minNodeVersion: 12.17

 outputs:
  home:
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -42,8 +42,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 ## Repository (`repository`)

- `ROOT`: **%(APP_DATA_PATH)/gitea-repositories**: Root path for storing all repository data.
-   A relative path is interpreted as **%(GITEA_WORK_DIR)/%(ROOT)**.
+- `ROOT`: **data/gitea-repositories/**: Root path for storing all repository data. It must be
+   an absolute path. By default it is stored in a sub-directory of `APP_DATA_PATH`.
 - `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
   but some users report that only `sh` is available.
 - `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
@@ -75,10 +75,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
 - `DISABLE_STARS`: **false**: Disable stars feature.
- `DEFAULT_BRANCH`: **main**: Default branch name of all repositories.
+- `DEFAULT_BRANCH`: **master**: Default branch name of all repositories.
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
- `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI

 ### Repository - Editor (`repository.editor`)

@@ -88,12 +87,11 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ### Repository - Pull Request (`repository.pull-request`)

 - `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
- title to mark them as Work In Progress. These are matched in a case-insensitive manner.
+ title to mark them as Work In Progress
 - `CLOSE_KEYWORDS`: **close**, **closes**, **closed**, **fix**, **fixes**, **fixed**, **resolve**, **resolves**, **resolved**: List of
 keywords used in Pull Request comments to automatically close a related issue
 - `REOPEN_KEYWORDS`: **reopen**, **reopens**, **reopened**: List of keywords used in Pull Request comments to automatically reopen
 a related issue
- `DEFAULT_MERGE_STYLE`: **merge**: Set default merge style for repository creating, valid options: `merge`, `rebase`, `rebase-merge`, `squash`
 - `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT`: **50**: In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits
 - `DEFAULT_MERGE_MESSAGE_SIZE`: **5120**: In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit. Only used if `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES` is `true`.
 - `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS`: **false**: In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
@@ -109,7 +107,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ### Repository - Upload (`repository.upload`)

 - `ENABLED`: **true**: Whether repository file uploads are enabled
- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart)
+- `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (tmp gets deleted on Gitea restart)
 - `ALLOWED_TYPES`: **\<empty\>**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
 - `MAX_FILES`: **5**: Max number of files per upload
@@ -146,7 +144,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 ## Repository - Local (`repository.local`)

- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo` (content gets deleted on Gitea restart)
+- `LOCAL_COPY_PATH`: **tmp/local-repo**: Path for temporary local repository copies. Defaults to `tmp/local-repo`

 ## Repository -  MIME type mapping (`repository.mimetype_mapping`)

@@ -208,7 +206,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a

 ### UI - Notification (`ui.notification`)

- `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to -1 to turn off.
+- `MIN_TIMEOUT`: **10s**: These options control how often notification endpoint is polled to update the notification count. On page load the notification count will be checked after `MIN_TIMEOUT`. The timeout will increase to `MAX_TIMEOUT` by `TIMEOUT_STEP` if the notification count is unchanged. Set MIN_TIMEOUT to 0 to turn off.
 - `MAX_TIMEOUT`: **60s**.
 - `TIMEOUT_STEP`: **10s**.
 - `EVENT_SOURCE_UPDATE_TIME`: **10s**: This setting determines how often the database is queried to update notification counts. If the browser client supports `EventSource` and `SharedWorker`, a `SharedWorker` will be used in preference to polling notification endpoint. Set to **-1** to disable the `EventSource`.
@@ -260,14 +258,13 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   most cases you do not need to change the default value. Alter it only if
   your SSH server node is not the same as HTTP node. Do not set this variable
   if `PROTOCOL` is set to `http+unix`.
- `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
+- `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to 0 to
   disable all timeouts.)
 - `PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to connections.

 - `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
 - `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
 - `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
@@ -281,28 +278,30 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
- `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
- `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
+- `SSH_SERVER_CIPHERS`: **aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_KEY_EXCHANGES`: **diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
+- `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
 - `SSH_SERVER_HOST_KEYS`: **ssh/gitea.rsa, ssh/gogs.rsa**: For the built-in SSH server, choose the keypairs to offer as the host key. The private key should be at `SSH_SERVER_HOST_KEY` and the public `SSH_SERVER_HOST_KEY.pub`. Relative paths are made absolute relative to the `APP_DATA_PATH`. If no key exists a 4096 bit RSA key will be created for you.
 - `SSH_KEY_TEST_PATH`: **/tmp**: Directory to create temporary files in when testing public keys using ssh-keygen, default is the system temporary directory.
 - `SSH_KEYGEN_PATH`: **ssh-keygen**: Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
 - `SSH_EXPOSE_ANONYMOUS`: **false**: Enable exposure of SSH clone URL to anonymous visitors, default is false.
 - `SSH_PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the SSH connections. (Set to
-  -1 to disable all timeouts.)
+  0 to disable all timeouts.)
 - `SSH_PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to SSH connections.
 - `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.

 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). From 1.11 paths are relative to `CUSTOM_PATH`.
+- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
 - `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
+- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login\].
+
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
 - `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
@@ -316,8 +315,8 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
 - `SSL_CURVE_PREFERENCES`: **X25519,P256**: Set the preferred curves,
 - `SSL_CIPHER_SUITES`: **ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305**: Set the preferred cipher suites.
-  - If there is no hardware support for AES suites, by default the ChaCha suites will be preferred over the AES suites.
-  - supported suites as of Go 1.18 are:
+  - If there is not hardware support for AES suites by default the cha cha suites will be preferred over the AES suites
+  - supported suites as of go 1.17 are:
    - TLS 1.0 - 1.2 cipher suites
      - "rsa_with_rc4_128_sha"
      - "rsa_with_3des_ede_cbc_sha"
@@ -348,12 +347,11 @@ The following configuration set `Content-Type: application/vnd.android.package-a
    - Aliased names
      - "ecdhe_rsa_with_chacha20_poly1305" is an alias for "ecdhe_rsa_with_chacha20_poly1305_sha256"
      - "ecdhe_ecdsa_with_chacha20_poly1305" is alias for "ecdhe_ecdsa_with_chacha20_poly1305_sha256"
- `ENABLE_ACME`: **false**: Flag to enable automatic certificate management via an ACME capable Certificate Authority (CA) server (default: Lets Encrypt). If enabled, `CERT_FILE` and `KEY_FILE` are ignored, and the CA must resolve `DOMAIN` to this gitea server. Ensure that DNS records are set and either port `80` or port `443` are accessible by the CA server (the public internet by default), and redirected to the appropriate ports `PORT_TO_REDIRECT` or `HTTP_PORT` respectively.
- `ACME_URL`: **\<empty\>**: The CA's ACME directory URL, e.g. for a self-hosted [smallstep CA server](https://github.com/smallstep/certificates), it can look like `https://ca.example.com/acme/acme/directory`. If left empty, it defaults to using Let's Encerypt's production CA (check `LETSENCRYPT_ACCEPTTOS` as well).
- `ACME_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service of the ACME provider. The default is Lets Encrypt [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
- `ACME_DIRECTORY`: **https**: Directory that the certificate manager will use to cache information such as certs and private keys.
- `ACME_EMAIL`: **\<empty\>**: Email used for the ACME registration. Usually it is to notify about problems with issued certificates.
- `ACME_CA_ROOT`: **\<empty\>**: The CA's root certificate. If left empty, it defaults to using the system's trust chain.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
+   By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
 - `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP
 - `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
 - `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
@@ -417,7 +415,7 @@ relation to port exhaustion.
 - `REPO_INDEXER_EXCLUDE_VENDORED`: **true**: Exclude vendored files from index.
 - `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 - `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to -1 to never timeout.
+- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to zero to never timeout.

 ## Queue (`queue` and `queue.*`)

@@ -499,7 +497,6 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   It also enables them to access other resources available to the user on the operating system that is running the
   Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
   This maybe harmful to you website or your operating system.
-   Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 - `DISABLE_WEBHOOKS`: **false**: Set to `true` to disable webhooks feature.
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
@@ -517,13 +514,6 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security. 

-## Camo (`camo`)
-
- `ENABLED`: **false**: Enable media proxy, we support images only at the moment.
- `SERVER_URL`: **<empty>**: url of camo server, it **is required** if camo is enabled.
- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding urls, it **is required** if camo is enabled.
- `ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed
-
 ## OpenID (`openid`)

 - `ENABLE_OPENID_SIGNIN`: **false**: Allow authentication in via OpenID.
@@ -621,7 +611,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 - `ED25519`: **256**
 - `ECDSA`: **256**
- `RSA`: **2047**: We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
+- `RSA`: **2048**
 - `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider

 ## Webhook (`webhook`)
@@ -675,7 +665,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
 - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
   command or full path).
- `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
+- `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments.
 - `SENDMAIL_TIMEOUT`: **5m**: default timeout for sending email through sendmail
 - `SENDMAIL_CONVERT_CRLF`: **true**: Most versions of sendmail prefer LF line endings rather than CRLF line endings. Set this to false if your version of sendmail requires CRLF line endings.
 - `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
@@ -689,17 +679,17 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type
   - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
   - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to -1 disables caching.
+- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to 0 disables caching.

 ## Cache - LastCommitCache settings (`cache.last_commit`)

 - `ENABLED`: **true**: Enable the cache.
- `ITEM_TTL`: **8760h**: Time to keep items in cache if not used, Setting it to -1 disables caching.
+- `ITEM_TTL`: **8760h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
 - `COMMITS_COUNT`: **1000**: Only enable the cache when repository's commits count great than.

 ## Session (`session`)

- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\]. Setting `db` will reuse the configuration in `[database]`
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
@@ -742,7 +732,7 @@ Default templates for project boards:
 ## Issue and pull request attachments (`attachment`)

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
- `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
+- `ALLOWED_TYPES`: **.docx,.gif,.gz,.jpeg,.jpg,mp4,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 - `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
@@ -762,16 +752,11 @@ Default templates for project boards:
 - `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
 - `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
 - `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
- `ENABLE_SSH_LOG`: **false**: save ssh log to log file
- `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
-
-### Router Log (`log`)
- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
+- `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
-  NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
-
-### Access Log (`log`)
+NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
+- `ENABLE_SSH_LOG`: **false**: save ssh log to log file
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default Gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
  - The following variables are available:
@@ -780,6 +765,7 @@ Default templates for project boards:
  - `Start`: the start time of the request.
  - `ResponseWriter`: the responseWriter from the request.
  - You must be very careful to ensure that this template does not throw errors or panics as this template runs outside of the panic/recovery script.
+- `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.

 ### Log subsections (`log.name`, `log.name.*`)

@@ -825,7 +811,7 @@ Default templates for project boards:

 - `ENABLED`: **false**: Enable to run all cron tasks periodically with default settings.
 - `RUN_AT_START`: **false**: Run cron tasks at application start-up.
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.

 - `SCHEDULE` accept formats
   - Full crontab specs, e.g. `* * * * * ?`
@@ -844,6 +830,7 @@ Default templates for project boards:
 #### Cron - Update Mirrors (`cron.update_mirrors`)

 - `SCHEDULE`: **@every 10m**: Cron syntax for scheduling update mirrors, e.g. `@every 3h`.
+- `NO_SUCCESS_NOTICE`: **true**: The cron task for update mirrors success report is not very useful - as it just means that the mirrors have been queued. Therefore this is turned off by default.
 - `PULL_LIMIT`: **50**: Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling pull mirror updating).
 - `PUSH_LIMIT`: **50**: Limit the number of mirrors added to the queue to this number (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating).

@@ -858,7 +845,7 @@ Default templates for project boards:
 - `RUN_AT_START`: **true**: Run repository statistics check at start time.
 - `SCHEDULE`: **@midnight**: Cron syntax for scheduling repository statistics check.

-#### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)
+### Cron - Cleanup hook_task Table (`cron.cleanup_hook_task_table`)

 - `ENABLED`: **true**: Enable cleanup hook_task job.
 - `RUN_AT_START`: **false**: Run cleanup hook_task at start time (if ENABLED).
@@ -867,14 +854,6 @@ Default templates for project boards:
 - `OLDER_THAN`: **168h**: If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
 - `NUMBER_TO_KEEP`: **10**: If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).

-#### Cron - Cleanup expired packages (`cron.cleanup_packages`)
-
- `ENABLED`: **true**: Enable cleanup expired packages job.
- `RUN_AT_START`: **true**: Run job at start time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Notify every time this job runs.
- `SCHEDULE`: **@midnight**: Cron syntax for the job.
- `OLDER_THAN`: **24h**: Unreferenced package data created more than OLDER_THAN ago is subject to deletion.
-
 #### Cron - Update Migration Poster ID (`cron.update_migration_poster_id`)

 - `SCHEDULE`: **@midnight** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
@@ -891,43 +870,43 @@ Default templates for project boards:
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
 - `TIMEOUT`: **60s**: Time duration syntax for garbage collection execution timeout.
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS

 #### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete all old actions from database ('cron.delete_old_actions')
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
+- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
 - `OLDER_THAN`: **@every 8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.

@@ -938,18 +917,9 @@ Default templates for project boards:
 - `SCHEDULE`: **@every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h`.
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions

-#### Cron -  Delete all old system notices from database ('cron.delete_old_system_notices')
- `ENABLED`: **false**: Enable service.
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
- `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
- `OLDER_THAN`: **@every 8760h**: any system notice older than this expression will be deleted from database.
-
 ## Git (`git`)

 - `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
- `HOME_PATH`: **%(APP_DATA_PATH)/home**: The HOME directory for Git.
-	  This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
 - `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
 - `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
@@ -1001,9 +971,8 @@ Default templates for project boards:

 ## i18n (`i18n`)

- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
-     List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**: List of locales shown in language selector
+- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어,ελληνικά,فارسی,magyar nyelv,bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales

 ## U2F (`U2F`) **DEPRECATED**
 - `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
@@ -1029,16 +998,13 @@ IS_INPUT_FILE = false
   command. Multiple extensions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
- RENDER_CONTENT_MODE: **sanitized** How the content will be rendered.
-  - sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in `[markup.sanitizer.*]`.
-  - no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
-  - iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.

 Two special environment variables are passed to the render command:
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.

-If `RENDER_CONTENT_MODE` is `sanitized`, Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
+
+Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.

 ```ini
 [markup.sanitizer.TeX]
@@ -1091,17 +1057,11 @@ Task queue configuration has been moved to `queue.task`. However, the below conf

 ## Federation (`federation`)

- `ENABLED`: **false**: Enable/Disable federation capabilities
- `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
-
-## Packages (`packages`)
-
- `ENABLED`: **true**: Enable/Disable package registry capabilities
- `CHUNKED_UPLOAD_PATH`: **tmp/package-upload**: Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
+- `ENABLED`: **true**: Enable/Disable federation capabilities

 ## Mirror (`mirror`)

- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
+- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
 - `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 - `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
 - `DEFAULT_INTERVAL`: **8h**: Default interval between each check
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -80,7 +80,7 @@ menu:

 - `LFS_START_SERVER`: 是否启用 git-lfs 支持. 可以为 `true` 或 `false`， 默认是 `false`。
 - `LFS_JWT_SECRET`: LFS 认证密钥，改成自己的。
- `LFS_CONTENT_PATH`: **已废弃**, 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。**废弃** 请使用 `[lfs]` 的设置。
+- `LFS_CONTENT_PATH`: **已废弃**, 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。

 ## Database (`database`)

@@ -175,12 +175,12 @@ menu:
 - `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
    - Memache: `127.0.0.1:9090;127.0.0.1:9091`
- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 -1 则禁用缓存。
+- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 0 则禁用缓存。

 ## Cache - LastCommitCache settings (`cache.last_commit`)

 - `ENABLED`: **true**: 是否启用。
- `ITEM_TTL`: **8760h**: 缓存项目失效时间，设置为 -1 则禁用缓存。
+- `ITEM_TTL`: **8760h**: 缓存项目失效时间，设置为 0 则禁用缓存。
 - `COMMITS_COUNT`: **1000**: 仅当仓库的提交数大于时才启用缓存。

 ## Session (`session`)
@@ -318,36 +318,6 @@ IS_INPUT_FILE = false
 - FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
- RENDER_CONTENT_MODE: **sanitized** 内容如何被渲染。
-  - sanitized: 对内容进行净化并渲染到当前页面中，仅有一部分 HTML 标签和属性是被允许的。
-  - no-sanitizer: 禁用净化器，把内容渲染到当前页面中。此模式是**不安全**的，如果内容中含有恶意代码，可能会导致 XSS 攻击。
-  - iframe: 把内容渲染在一个独立的页面中并使用 iframe 嵌入到当前页面中。使用的 iframe 工作在沙箱模式并禁用了同源请求，JS 代码被安全的从父页面中隔离出去。
-
-以下两个环境变量将会被传递给渲染命令：
-
- `GITEA_PREFIX_SRC`：包含当前的`src`路径的URL前缀，可以被用于链接的前缀。
- `GITEA_PREFIX_RAW`：包含当前的`raw`路径的URL前缀，可以被用于图片的前缀。
-
-如果 `RENDER_CONTENT_MODE` 为 `sanitized`，则 Gitea 支持自定义渲染 HTML 的净化策略。以下例子将用 pandoc 支持 KaTeX 输出。
-
-```ini
-[markup.sanitizer.TeX]
-; Pandoc renders TeX segments as <span>s with the "math" class, optionally
-; with "inline" or "display" classes depending on context.
-ELEMENT = span
-ALLOW_ATTR = class
-REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
-ALLOW_DATA_URI_IMAGES = true
-```
-
- `ELEMENT`: 将要被应用到该策略的 HTML 元素，不能为空。
- `ALLOW_ATTR`: 将要被应用到该策略的属性，不能为空。
- `REGEXP`: 正则表达式，用来匹配属性的内容。如果为空，则跟属性内容无关。
- `ALLOW_DATA_URI_IMAGES`: **false** 允许 data uri 图片 (`<img src="data:image/png;base64,..."/>`)。
-
-多个净化规则可以被同时定义，只要section名称最后一位不重复即可。如： `[markup.sanitizer.TeX-2]`。
-为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 seciton。
-如果此规则没有匹配到任何渲染类型，它将会被应用到所有的渲染类型。

 ## Time (`time`)

--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@@ -60,15 +60,14 @@ the url `http://gitea.domain.tld/assets/image.png`.

 ## Changing the logo

-To build a custom logo and/or favicon clone the Gitea source repository, replace `assets/logo.svg` and/or `assets/favicon.svg` and run
-`make generate-images`. `assets/favicon.svg` is used for the favicon only. This will update below output files which you can then place in `$GITEA_CUSTOM/public/img` on your server:
+To build a custom logo clone the Gitea source repository, replace `assets/logo.svg` and run
+`make generate-images`. This will update below output files which you can then place in `$GITEA_CUSTOM/public/img` on your server:

- `public/img/logo.svg` - Used for site icon, app icon
+- `public/img/logo.svg` - Used for favicon, site icon, app icon
 - `public/img/logo.png` - Used for Open Graph
+- `public/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons
 - `public/img/avatar_default.png` - Used as the default avatar image
 - `public/img/apple-touch-icon.png` - Used on iOS devices for bookmarks
- `public/img/favicon.svg` - Used for favicon
- `public/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons

 In case the source image is not in vector format, you can attempt to convert a raster image using tools like [this](https://www.aconvert.com/image/png-to-svg/).

@@ -133,18 +132,15 @@ copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highl
 `$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:

 ```html
+{{if .RequireHighlightJS}}
+<script src="https://your-server.com/deflate.js"></script>
+<script src="https://your-server.com/encode.js"></script>
+<script src="https://your-server.com/plantuml_codeblock_parse.js"></script>
 <script>
-  $(async () => {
-    if (!$('.language-plantuml').length) return;
-    await Promise.all([
-      $.getScript('https://your-server.com/deflate.js'), 
-      $.getScript('https://your-server.com/encode.js'),
-      $.getScript('https://your-server.com/plantuml_codeblock_parse.js'),
-    ]);
-    // Replace call with address to your plantuml server
-    parsePlantumlCodeBlocks("https://www.plantuml.com/plantuml");
-  });
+  <!-- Replace call with address to your plantuml server-->
+  parsePlantumlCodeBlocks("http://www.plantuml.com/plantuml");
 </script>
+{{end}}
 ```

 You can then add blocks like the following to your markdown:
@@ -303,8 +299,6 @@ LANGS = en-US,foo-BAR
 NAMES = English,FooBar
 ```

-The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-
 Locales may change between versions, so keeping track of your customized locales is highly encouraged.

 ### Readmes
--- a/docs/content/doc/advanced/external-renderers.en-us.md
+++ b/docs/content/doc/advanced/external-renderers.en-us.md
@@ -103,27 +103,6 @@ Once your configuration changes have been made, restart Gitea to have changes ta
 **Note**: Prior to Gitea 1.12 there was a single `markup.sanitiser` section with keys that were redefined for multiple rules, however,
 there were significant problems with this method of configuration necessitating configuration through multiple sections.

-### Example: HTML
-
-Render HTML files directly:
-
-```ini
-[markup.html]
-ENABLED         = true
-FILE_EXTENSIONS = .html,.htm
-RENDER_COMMAND  = cat
-; Input is not a standard input but a file
-IS_INPUT_FILE   = true
-
-[markup.sanitizer.html.1]
-ELEMENT = div
-ALLOW_ATTR = class
-
-[markup.sanitizer.html.2]
-ELEMENT = a
-ALLOW_ATTR = class
-```
-
 ### Example: Office DOCX

 Display Office DOCX files with [`pandoc`](https://pandoc.org/):
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@@ -68,23 +68,16 @@ multiple subloggers that will log to files.

 ### The "Router" logger

-The Router logger has been substantially changed in v1.17. If you are using the router logger for fail2ban or other monitoring
-you will need to update this configuration.
-
-You can disable Router log by setting `DISABLE_ROUTER_LOG` or by setting all of its sublogger configurations to `none`.
+You can disable Router log by setting `DISABLE_ROUTER_LOG`.

 You can configure the outputs of this
 router log by setting the `ROUTER` value in the `[log]` section of the
-configuration. `ROUTER` will default to `console` if unset and will default to same level as main logger.
+configuration. `ROUTER` will default to `console` if unset. The Gitea
+Router logs at the `Info` level by default, but this can be
+changed if desired by setting the `ROUTER_LOG_LEVEL` value.

-The Router logger logs the following:
-
- `started` messages will be logged at TRACE level
- `polling`/`completed` routers will be logged at INFO
- `slow` routers will be logged at WARN
- `failed` routers will be logged at WARN
-
-The logging level for the router will default to that of the main configuration. Set `[log.<mode>.router]` `LEVEL` to change this.
+Please note, setting the `LEVEL` of this logger to a level above
+`ROUTER_LOG_LEVEL` will result in no router logs.

 Each output sublogger for this logger is configured in
 `[log.sublogger.router]` sections. There are certain default values
@@ -287,7 +280,6 @@ MODE = console
 LEVEL = debug ; please set the level to debug when we are debugging a problem
 ROUTER = console
 COLORIZE = false ; this can be true if you can strip out the ansi coloring
-ENABLE_SSH_LOG = true ; shows logs related to git over SSH.
 ```

 Sometimes it will be helpful get some specific `TRACE` level logging restricted
@@ -349,7 +341,7 @@ recommended that pausing only done for a very short period of time.

 It is possible to add and remove logging whilst Gitea is running using the `gitea manager logging add` and `remove` subcommands.
 This functionality can only adjust running log systems and cannot be used to start the access or router loggers if they
-were not already initialized. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
+were not already initialised. If you wish to start these systems you are advised to adjust the app.ini and (gracefully) restart
 the Gitea service.

 The main intention of these commands is to easily add a temporary logger to investigate problems on running systems where a restart
--- a/docs/content/doc/advanced/signing.en-us.md
+++ b/docs/content/doc/advanced/signing.en-us.md
@@ -83,7 +83,8 @@ The first option to discuss is the `SIGNING_KEY`. There are three main
 options:

 - `none` - this prevents Gitea from signing any commits
- `default` - Gitea will default to the key configured within `git config`
+- `default` - Gitea will default to the key configured within
+  `git config`
 - `KEYID` - Gitea will sign commits with the gpg key with the ID
  `KEYID`. In this case you should provide a `SIGNING_NAME` and
  `SIGNING_EMAIL` to be displayed for this key.
@@ -97,13 +98,6 @@ repositories, `SIGNING_KEY=default` could be used to provide different
 signing keys on a per-repository basis. However, this is clearly not an
 ideal UI and therefore subject to change.

-**Since 1.17**, Gitea runs git in its own home directory `[git].HOME_PATH` (default to `%(APP_DATA_PATH)/home`)
-and uses its own config `{[git].HOME_PATH}/.gitconfig`.
-If you have your own customized git config for Gitea, you should set these configs in system git config (aka `/etc/gitconfig`)
-or the Gitea internal git config `{[git].HOME_PATH}/.gitconfig`. 
-Related home files for git command (like `.gnupg`) should also be put in Gitea's git home directory `[git].HOME_PATH`. 
-
-
 ### `INITIAL_COMMIT`

 This option determines whether Gitea should sign the initial commit
@@ -124,7 +118,7 @@ The possible values are:

 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `parentsigned`: Only sign if the parent commit is signed.
 - `always`: Always sign

@@ -138,7 +132,7 @@ editor or API CRUD actions. The possible values are:

 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `parentsigned`: Only sign if the parent commit is signed.
 - `always`: Always sign

@@ -152,7 +146,7 @@ The possible options are:

 - `never`: Never sign
 - `pubkey`: Only sign if the user has a public key
- `twofa`: Only sign if the user logs in with two-factor authentication
+- `twofa`: Only sign if the user logs in with two factor authentication
 - `basesigned`: Only sign if the parent commit in the base repo is signed.
 - `headsigned`: Only sign if the head commit in the head branch is signed.
 - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
--- a/docs/content/doc/developers.en-us.md
+++ b/docs/content/doc/developers.en-us.md
@@ -8,6 +8,6 @@ draft: false
 menu:
  sidebar:
    name: "Developers"
-    weight: 55
+    weight: 50
    identifier: "developers"
 ---
--- a/docs/content/doc/developers.zh-tw.md
+++ b/docs/content/doc/developers.zh-tw.md
@@ -8,6 +8,6 @@ draft: false
 menu:
  sidebar:
    name: "開發人員"
-    weight: 55
+    weight: 50
    identifier: "developers"
 ---
--- a/docs/content/doc/developers/guidelines-frontend.md
+++ b/docs/content/doc/developers/guidelines-frontend.md
@@ -23,13 +23,7 @@ menu:

 Gitea uses [Less CSS](https://lesscss.org), [Fomantic-UI](https://fomantic-ui.com/introduction/getting-started.html) (based on [jQuery](https://api.jquery.com)) and [Vue2](https://vuejs.org/v2/guide/) for its frontend.

-The HTML pages are rendered by [Go HTML Template](https://pkg.go.dev/html/template).
-
-The source files can be found in the following directories:
-* **Less styles:** `web_src/less/`
-* **JavaScript files:** `web_src/js/`
-* **Vue components:** `web_src/js/components/`
-* **Go HTML templates:** `templates/`
+The HTML pages are rendered by [Go HTML Template](https://pkg.go.dev/html/template)

 ## General Guidelines

@@ -40,29 +34,24 @@ We recommend [Google HTML/CSS Style Guide](https://google.github.io/styleguide/h
 1. Every feature (Fomantic-UI/jQuery module) should be put in separate files/directories.
 2. HTML ids and classes should use kebab-case.
 3. HTML ids and classes used in JavaScript should be unique for the whole project, and should contain 2-3 feature related keywords. We recommend to use the `js-` prefix for classes that are only used in JavaScript.
-4. jQuery events across different features could use their own namespaces if there are potential conflicts.
-5. CSS styling for classes provided by frameworks should not be overwritten. Always use new class-names with 2-3 feature related keywords to overwrite framework styles.  
+4. jQuery events across different features should use their own namespaces.
+5. CSS styling for classes provided by frameworks should not be overwritten. Always use new class-names to overwrite framework styles. We recommend to use the `us-` prefix for user defined styles.  
 6. The backend can pass complex data to the frontend by using `ctx.PageData["myModuleData"] = map[]{}`
 7. Simple pages and SEO-related pages use Go HTML Template render to generate static Fomantic-UI HTML output. Complex pages can use Vue2 (or Vue3 in future).


 ### Framework Usage

-Mixing different frameworks together is discouraged, it makes the code difficult to be maintained.
-A JavaScript module should follow one major framework and follow the framework's best practice.
+Mixing different frameworks together is highly discouraged. A JavaScript module should follow one major framework and follow the framework's best practice.

 Recommended implementations:
-* Vue + Vanilla JS
+* Vue + Native
 * Fomantic-UI (jQuery)
-* Vanilla JS
+* Native only

 Discouraged implementations:
-* Vue + Fomantic-UI (jQuery)
-* jQuery + Vanilla JS
-
-To make UI consistent, Vue components can use Fomantic-UI CSS classes.
-Although mixing different frameworks is discouraged, 
-it should also work if the mixing is necessary and the code is well-designed and maintainable. 
+* Vue + jQuery
+* jQuery + Native

 ### `async` Functions

@@ -78,10 +67,53 @@ it's recommended to use `const _promise = asyncFoo()` to tell readers
 that this is done by purpose, we want to call the async function and ignore the Promise.
 Some lint rules and IDEs also have warnings if the returned Promise is not handled.

+#### DOM Event Listener
+
+```js
+el.addEventListener('click', (e) => {
+  (async () => {
+    await asyncFoo(); // recommended
+    // then we shound't do e.preventDefault() after await, no effect
+  })(); 
+  
+  const _promise = asyncFoo(); // recommended
+
+  e.preventDefault(); // correct
+});
+
+el.addEventListener('async', async (e) => { // not recommended but acceptable
+  e.preventDefault(); // acceptable
+  await asyncFoo();   // skip out event dispatch
+  e.preventDefault(); // WRONG
+});
+```
+
+#### jQuery Event Listener
+
+```js
+$('#el').on('click', (e) => {
+  (async () => {
+    await asyncFoo(); // recommended
+    // then we shound't do e.preventDefault() after await, no effect
+  })();
+
+  const _promise = asyncFoo(); // recommended
+
+  e.preventDefault();  // correct
+  return false;        // correct
+});
+
+$('#el').on('click', async (e) => {  // not recommended but acceptable
+  e.preventDefault();  // acceptable
+  return false;        // WRONG, jQuery expects the returned value is a boolean, not a Promise
+  await asyncFoo();    // skip out event dispatch
+  return false;        // WRONG
+});
+```
+
 ### HTML Attributes and `dataset`

-The usage of `dataset` is forbidden, its camel-casing behaviour makes it hard to grep for attributes.
-However, there are still some special cases, so the current guideline is:
+We forbid `dataset` usage, its camel-casing behaviour makes it hard to grep for attributes. However there are still some special cases, so the current guideline is:

 * For legacy code:
  * `$.data()` should be refactored to `$.attr()`.
@@ -92,10 +124,6 @@ However, there are still some special cases, so the current guideline is:
  * never bind any user data to a DOM node, use a suitable design pattern to describe the relation between node and data.


-### Legacy Code
-
-A lot of legacy code already existed before this document's written. It's recommended to refactor legacy code to follow the guidelines.
-
 ### Vue2/Vue3 and JSX

 Gitea is using Vue2 now, we plan to upgrade to Vue3. We decided not to introduce JSX to keep the HTML and the JavaScript code separated.
--- a/docs/content/doc/developers/hacking-on-gitea.en-us.md
+++ b/docs/content/doc/developers/hacking-on-gitea.en-us.md
@@ -185,27 +185,6 @@ Before committing, make sure the linters pass:
 make lint-frontend
 ```

-### Configuring local ElasticSearch instance
-
-Start local ElasticSearch instance using docker:
-
-```sh
-mkdir -p $(pwd)/data/elasticsearch
-sudo chown -R 1000:1000 $(pwd)/data/elasticsearch
-docker run --rm --memory="4g" -p 127.0.0.1:9200:9200 -p 127.0.0.1:9300:9300 -e "discovery.type=single-node" -v "$(pwd)/data/elasticsearch:/usr/share/elasticsearch/data" docker.elastic.co/elasticsearch/elasticsearch:7.16.3
-```
-
-Configure `app.ini`:
-
-```ini
-[indexer]
-ISSUE_INDEXER_TYPE = elasticsearch
-ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
-REPO_INDEXER_ENABLED = true
-REPO_INDEXER_TYPE = elasticsearch
-REPO_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
-```
-
 ### Building and adding SVGs

 SVG icons are built using the `make svg` target which compiles the icon sources defined in `build/generate-svg.js` into the output directory `public/img/svg`. Custom icons can be added in the `web_src/svg` directory.
--- a/docs/content/doc/features/comparison.en-us.md
+++ b/docs/content/doc/features/comparison.en-us.md
@@ -34,7 +34,7 @@ _Symbols used in table:_
 ## General Features

 | Feature                             | Gitea                                              | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket      | RhodeCode CE |
-| ----------------------------------- | ---------------------------------------------------| ---- | --------- | --------- | --------- | -------------- | ------------ |
+| ----------------------------------- | -------------------------------------------------- | ---- | --------- | --------- | --------- | -------------- | ------------ |
 | Open source and free                | ✓                                                  | ✓    | ✘         | ✓         | ✘         | ✘              | ✓            |
 | Low resource usage (RAM/CPU)        | ✓                                                  | ✓    | ✘         | ✘         | ✘         | ✘              | ✘            |
 | Multiple database support           | ✓                                                  | ✓    | ✘         | ⁄         | ⁄         | ✓              | ✓            |
@@ -48,9 +48,9 @@ _Symbols used in table:_
 | Integrated Git-powered wiki         | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓ (cloud only) | ✘            |
 | Deploy Tokens                       | ✓                                                  | ✓    | ✓         | ✓         | ✓         | ✓              | ✓            |
 | Repository Tokens with write rights | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓              | ✓            |
-| Built-in Package/Container Registry | ✓                                                 | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
+| Built-in Container Registry         | [✘](https://github.com/go-gitea/gitea/issues/2316) | ✘    | ✘         | ✓         | ✓         | ✘              | ✘            |
 | External git mirroring              | ✓                                                  | ✓    | ✘         | ✘         | ✓         | ✓              | ✓            |
-| WebAuthn (2FA)                      | ✓                                                 | ✘    | ✓         | ✓         | ✓         | ✓              | ?            |
+| FIDO U2F (2FA)                      | ✓                                                  | ✘    | ✓         | ✓         | ✓         | ✓              | ✘            |
 | Built-in CI/CD                      | ✘                                                  | ✘    | ✓         | ✓         | ✓         | ✘              | ✘            |
 | Subgroups: groups within groups     | ✘                                                  | ✘    | ✘         | ✓         | ✓         | ✘              | ✓            |

@@ -66,7 +66,6 @@ _Symbols used in table:_
 | Granular user roles (Code, Issues, Wiki etc) | ✓                                                | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
 | Verified Committer                           | ⁄                                                | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
 | GPG Signed Commits                           | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| SSH Signed Commits                           | ✓                                                | ✘    | ✘         | ✘         | ✘         | ?         | ?            |
 | Reject unsigned commits                      | [✓](https://github.com/go-gitea/gitea/pull/9708) | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | Repository Activity page                     | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | Branch manager                               | ✓                                                | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
--- a/docs/content/doc/features/comparison.zh-cn.md
+++ b/docs/content/doc/features/comparison.zh-cn.md
@@ -48,7 +48,7 @@ _表格中的符号含义:_
 | 仓库写权限令牌        | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
 | 内置容器 Registry     | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
 | 外部 Git 镜像         | ✓     | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
-| WebAuthn (2FA)       | ✓       | ✘    | ✓         | ✓         | ✓         | ✓              | ?            |
+| FIDO U2F (2FA)        | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 内置 CI/CD            | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
 | 子组织：组织内的组织  | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✓            |

@@ -64,7 +64,6 @@ _表格中的符号含义:_
 | 细粒度用户角色 (例如 Code, Issues, Wiki) | ✓     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
 | 提交人的身份验证                         | ✘     | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
 | GPG 签名的提交                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
-| SSH 签名的提交                           | ✓      | ✘    | ✘         | ✘         | ✘         | ?         | ?            |
 | 拒绝未用通过验证的提交                   | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
 | 仓库活跃度页面                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | 分支管理                                 | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
--- a/docs/content/doc/features/webhooks.en-us.md
+++ b/docs/content/doc/features/webhooks.en-us.md
@@ -28,7 +28,6 @@ All event pushes are POST requests. The methods currently supported are:
 - Microsoft Teams
 - Feishu
 - Wechatwork
- Packagist

 ### Event information

--- a/docs/content/doc/features/webhooks.zh-cn.md
+++ b/docs/content/doc/features/webhooks.zh-cn.md
@@ -27,6 +27,5 @@ Gitea 的存储 webhook。这可以有存储库管路设定页 `/:username/:repo
 - Microsoft Teams
 - Feishu
 - Wechatwork
- Packagist

 ## TBD
--- a/docs/content/doc/features/webhooks.zh-tw.md
+++ b/docs/content/doc/features/webhooks.zh-tw.md
@@ -27,7 +27,6 @@ Gitea 的儲存庫事件支援 web hook。這可以有儲存庫管理員在設
 - Microsoft Teams
 - Feishu
 - Wechatwork
- Packagist

 ### 事件資訊

--- a/docs/content/doc/help/faq.en-us.md
+++ b/docs/content/doc/help/faq.en-us.md
@@ -52,8 +52,7 @@ https://github.com/loganinak/MigrateGitlabToGogs

 - WorkPath
  - Environment variable `GITEA_WORK_DIR`
-  - Else `--work-path` flag
-  - Else the directory that contains the Gitea binary
+  - Else binary location
 - AppDataPath (default for database, indexers, etc.)
  - `APP_DATA_PATH` from `app.ini`
  - Else `%(WorkPath)/data`
@@ -64,9 +63,8 @@ https://github.com/loganinak/MigrateGitlabToGogs
  - Unix: Environment variable `HOME`
  - Windows: Environment variable `USERPROFILE`, else environment variables `HOMEDRIVE`+`HOMEPATH`
 - RepoRootPath
-  - `ROOT` in the \[repository] section of `app.ini` if absolute
-  - Else `%(AppWorkPath)/ROOT` if `ROOT` in the \[repository] section of `app.ini` if relative
-  - Default `%(AppDataPath)/gitea-repositories`
+  - `ROOT` in `app.ini`
+  - Else `%(AppDataPath)/gitea-repositories`
 - INI (config file)
  - `-c` flag
  - Else `%(CustomPath)/conf/app.ini`
@@ -355,51 +353,3 @@ You will also need to change the app.ini database charset to `CHARSET=utf8mb4`.
 ## Why are Emoji displaying only as placeholders or in monochrome

 Gitea requires the system or browser to have one of the supported Emoji fonts installed, which are Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol, Noto Color Emoji and Twemoji Mozilla. Generally, the operating system should already provide one of these fonts, but especially on Linux, it may be necessary to install them manually.
-
-## Stdout logging on SystemD and Docker
-
-Stdout on systemd goes to the journal by default. Try using `journalctl`, `journalctl  -u gitea`, or `journalctl <path-to-gitea-binary>`.
-
-Similarly stdout on docker can be viewed using `docker logs <container>`
-
-## Initial logging
-
-Before Gitea has read the configuration file and set-up its logging it will log a number of things to stdout in order to help debug things if logging does not work.
-
-You can stop this logging by setting the `--quiet` or `-q` option. Please note this will only stop logging until Gitea has set-up its own logging.
-
-If you report a bug or issue you MUST give us logs with this information restored.
-
-You should only set this option once you have completely configured everything.
-
-## Warnings about struct defaults during database startup
-
-Sometimes when there are migrations the old columns and default values may be left
-unchanged in the database schema. This may lead to warning such as:
-
-```
-2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
-```
-
-These can safely be ignored but you may able to stop these warnings by getting Gitea to recreate these tables using:
-
-```
-gitea doctor recreate-table user
-```
-
-This will cause Gitea to recreate the user table and copy the old data into the new table
-with the defaults set appropriately.
-
-You can ask Gitea to recreate multiple tables using:
-
-```
-gitea doctor recreate-table table1 table2 ...
-```
-
-And if you would like Gitea to recreate all tables simply call:
-
-```
-gitea doctor recreate-table
-```
-
-It is highly recommended to back-up your database before running these commands.
--- a/docs/content/doc/installation/from-binary.en-us.md
+++ b/docs/content/doc/installation/from-binary.en-us.md
@@ -50,8 +50,7 @@ Of note, configuring `GITEA_WORK_DIR` will tell Gitea where to base its working

 ### Prepare environment

-Check that Git is installed on the server. If it is not, install it first. Gitea requires Git version >= 2.0.
-
+Check that Git is installed on the server. If it is not, install it first.
 ```sh
 git --version
 ```
--- a/docs/content/doc/installation/on-cloud-provider.md
+++ b/docs/content/doc/installation/on-cloud-provider.md
@@ -48,9 +48,3 @@ To deploy Gitea to DigitalOcean, have a look at the [DigitalOcean Marketplace](h
 [Linode](https://www.linode.com/) has Gitea as an app in their marketplace.

 To deploy Gitea to Linode, have a look at the [Linode Marketplace](https://www.linode.com/marketplace/apps/linode/gitea/).
-
-## alwaysdata
-
-[alwaysdata](https://www.alwaysdata.com/) has Gitea as an app in their marketplace.
-
-To deploy Gitea to alwaysdata, have a look at the [alwaysdata Marketplace](https://www.alwaysdata.com/en/marketplace/gitea/).
--- a/docs/content/doc/installation/on-kubernetes.en-us.md
+++ b/docs/content/doc/installation/on-kubernetes.en-us.md
@@ -25,47 +25,3 @@ helm install gitea gitea-charts/gitea
 ```

 If you would like to customize your install, which includes kubernetes ingress, please refer to the complete [Gitea helm chart configuration details](https://gitea.com/gitea/helm-chart/)
-
-## Health check endpoint
-
-Gitea comes with a health check endpoint `/api/healthz`, you can configure it in kubernetes like this:
-
-```yaml
-  livenessProbe:
-    httpGet:
-      path: /api/healthz
-      port: http
-    initialDelaySeconds: 200
-    timeoutSeconds: 5
-    periodSeconds: 10
-    successThreshold: 1
-    failureThreshold: 10
-```
-
-a successful health check response will respond with http code `200`, here's example:
-
-```
-HTTP/1.1 200 OK
-
-
-{
-  "status": "pass",
-  "description": "Gitea: Git with a cup of tea",
-  "checks": {
-    "cache:ping": [
-      {
-        "status": "pass",
-        "time": "2022-02-19T09:16:08Z"
-      }
-    ],
-    "database:ping": [
-      {
-        "status": "pass",
-        "time": "2022-02-19T09:16:08Z"
-      }
-    ]
-  }
-}
-```
-
-for more information, please reference to kubernetes documentation [Define a liveness HTTP request](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-liveness-http-request)
--- a/docs/content/doc/installation/on-kubernetes.zh-tw.md
+++ b/docs/content/doc/installation/on-kubernetes.zh-tw.md
@@ -25,47 +25,3 @@ helm install gitea gitea-charts/gitea
 ```

 若您想自訂安裝（包括使用 kubernetes ingress），請前往完整的 [Gitea helm chart configuration details](https://gitea.com/gitea/helm-chart/)
-
-##運行狀況檢查終端節點
-
-Gitea 附帶了一個運行狀況檢查端點 `/api/healthz`，你可以像這樣在 kubernetes 中配置它:
-
-```yaml
-  livenessProbe:
-    httpGet:
-      path: /api/healthz
-      port: http
-    initialDelaySeconds: 200
-    timeoutSeconds: 5
-    periodSeconds: 10
-    successThreshold: 1
-    failureThreshold: 10
-```
-
-成功的運行狀況檢查回應將使用 HTTP 代碼 `200` 進行回應，下面是示例:
-
-```
-HTTP/1.1 200 OK
-
-
-{
-  "status": "pass",
-  "description": "Gitea: Git with a cup of tea",
-  "checks": {
-    "cache:ping": [
-      {
-        "status": "pass",
-        "time": "2022-02-19T09:16:08Z"
-      }
-    ],
-    "database:ping": [
-      {
-        "status": "pass",
-        "time": "2022-02-19T09:16:08Z"
-      }
-    ]
-  }
-}
-```
-
-有關更多信息，請參考kubernetes文檔[定義一個存活態 HTTP請求接口]（https://kubernetes.io/zh/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/）
--- a/docs/content/doc/installation/with-docker-rootless.en-us.md
+++ b/docs/content/doc/installation/with-docker-rootless.en-us.md
@@ -147,7 +147,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:14
+    image: postgres:13
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea
@@ -322,15 +322,8 @@ Match User git
  AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /etc/gitea/app.ini -e git -u %u -t %t -k %k
 ```

-(From 1.16.0 you will not need to set the `-c /etc/gitea/app.ini` option.)
-
 All that is left to do is restart the SSH server:

 ```bash
 sudo systemctl restart sshd
 ```
-
-**Notes**
-
-This isn't actually using the docker SSH - it is simply using the commands around it.
-You could theoretically not run the internal SSH server.
--- a/docs/content/doc/installation/with-docker.en-us.md
+++ b/docs/content/doc/installation/with-docker.en-us.md
@@ -187,7 +187,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:14
+    image: postgres:13
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea
@@ -307,312 +307,77 @@ To set required TOKEN and SECRET values, consider using Gitea's built-in [genera

 ## SSH Container Passthrough

-Since SSH is running inside the container, SSH needs to be passed through from the host to the container if SSH support is desired. One option would be to run the container SSH on a non-standard port (or moving the host port to a non-standard port). Another option which might be more straightforward is for Gitea users to ssh to a Gitea user on the host which will then relay those connections to the docker.
+Since SSH is running inside the container, SSH needs to be passed through from the host to the container if SSH support is desired. One option would be to run the container SSH on a non-standard port (or moving the host port to a non-standard port). Another option which might be more straightforward is to forward SSH connections from the host to the container. This setup is explained in the following.

-To understand what needs to happen, you first need to understand what happens without passthrough. So we will try to explain this:
+This guide assumes that you have created a user on the host called `git` which shares the same `UID`/ `GID` as the container values `USER_UID`/ `USER_GID`. These values can be set as environment variables in the `docker-compose.yml`:

-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`.
-3. This entry has the public key, but also has a `command=` option. It is this command that Gitea uses to match this key to the client user and manages authentication.
-4. The client then makes an SSH request to the SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-5. The client will attempt to authenticate with the server, passing one or more public keys one at a time to the server.
-6. For each key the client provides, the SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the `git` user's `authorized_keys` file.
-7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
-8. The SSH server creates a user session for the `git` user, and using the shell for the `git` user runs the `command=`
-9. This runs `gitea serv` which takes over control of the rest of the SSH session and manages gitea authentication & authorization of the git commands.
-
-Now, for the SSH passthrough to work, we need the host SSH to match the public keys and then run the `gitea serv` on the docker. There are multiple ways of doing this. However, all of these require some information about the docker being passed to the host.
-
-### SSHing Shim (with authorized_keys)
-
-In this option, the idea is that the host simply uses the `authorized_keys` that gitea creates but at step 9 the `gitea` command that the host runs is a shim that actually runs ssh to go into the docker and then run the real docker `gitea` itself.
-
- To make the forwarding work, the SSH port of the container (22) needs to be mapped to the host port 2222 in `docker-compose.yml` . Since this port does not need to be exposed to the outside world, it can be mapped to the `localhost` of the host machine:
-
-  ```yaml
-  ports:
-    # [...]
-    - "127.0.0.1:2222:22"
-  ```
-
- Next on the host create the `git` user which shares the same `UID`/ `GID` as the container values `USER_UID`/ `USER_GID`. These values can be set as environment variables in the `docker-compose.yml`:
-
-  ```yaml
-  environment:
+```bash
+environment:
  - USER_UID=1000
  - USER_GID=1000
-  ```
+```

- Mount `/home/git/.ssh` of the host into the container. This ensures that the `authorized_keys` file is shared between the host `git` user and the container `git` user otherwise the SSH authentication cannot work inside the container.
+Next mount `/home/git/.ssh` of the host into the container. Otherwise the SSH authentication cannot work inside the container.

-  ```yaml
-  volumes:
+```bash
+volumes:
  - /home/git/.ssh/:/data/git/.ssh
-  ```
+```

- Now a SSH key pair needs to be created on the host. This key pair will be used to authenticate the `git` user on the host to the container. As an administrative user on the host run: (by administrative user we mean a user that can sudo to root)
-
-  ```bash
-  sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
-  ```
-
- Please note depending on the local version of ssh you may want to consider using `-t ecdsa` here.
-
- `/home/git/.ssh/authorized_keys` on the host now needs to be modified. It needs to act in the same way as `authorized_keys` within the Gitea container. Therefore add the public key of the key you created above ("Gitea Host Key") to `~/git/.ssh/authorized_keys`. As an administrative user on the host run:
-
-  ```bash
-  sudo -u git cat /home/git/.ssh/id_rsa.pub | sudo -u git tee -a /home/git/.ssh/authorized_keys
-  sudo -u git chmod 600 /home/git/.ssh/authorized_keys
-  ```
-
-  Important: The pubkey from the `git` user needs to be added "as is" while all other pubkeys added via the Gitea web interface will be prefixed with `command="/usr [...]`.
-
-  `/home/git/.ssh/authorized_keys` should then look somewhat like
-
-  ```bash
-  # SSH pubkey from git user
-  ssh-rsa <Gitea Host Key>
-
-  # other keys from users
-  command="/usr/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
-  ```
-
- The next step is to create the fake host `gitea` command that will forward commands from the host to the container. The name of this file depends on your version of Gitea:
-
-  - For Gitea v1.16.0+. As an administrative user on the host run:
-
-    ```bash
-    cat <<"EOF" | sudo tee /usr/local/bin/gitea
-    #!/bin/sh
-    ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
-    EOF
-    sudo chmod +x /usr/local/bin/gitea
-    ```
-
-Here is a detailed explanation what is happening when a SSH request is made:
-
-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`. 
-    - However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
-3. This entry has the public key, but also has a `command=` option. 
-    - This command matches the location of the Gitea binary on the container, but also the location of the shim on the host.
-4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
-6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
-    - Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
-7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
-8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
-9. This means that the host runs the host `/usr/local/bin/gitea` shim that opens an SSH from the host to container passing the rest of the command arguments directly to `/usr/local/bin/gitea` on the container.
-10. Meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
-
-**Notes**
-
-SSH container passthrough using `authorized_keys` will work only if
-
- `opensshd` is used in the container
- if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
-
-If you try to run `gitea` on the host, you will attempt to ssh to the container and thence run the `gitea` command there.
-
-Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
-
-### SSHing Shell (with authorized_keys)
-
-In this option, the idea is that the host simply uses the `authorized_keys` that gitea creates but at step 8 above we change the shell that the host runs to ssh directly into the docker and then run the shell there. This means that the `gitea` that is then run is the real docker `gitea`.
-
- In this case we setup as per SSHing Shim except instead of creating `/usr/local/bin/gitea`
-we create a new shell for the git user. As an administrative user on the host run:
-
-  ```bash
-  cat <<"EOF" | sudo tee /home/git/ssh-shell
-  #!/bin/sh
-  shift
-  ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $@"
-  EOF
-  sudo chmod +x /home/git/ssh-shell
-  sudo usermod -s /home/git/ssh-shell git
-  ```
-
-  Be careful here - if you try to login as the git user in future you will ssh directly to the docker.
-
-Here is a detailed explanation what is happening when a SSH request is made:
-
-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`. 
-    - However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
-3. This entry has the public key, but also has a `command=` option.
-    - This command matches the location of the Gitea binary on the container.
-4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
-6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
-    - Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
-7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
-8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
-9. The shell of the host `git` user is now our `ssh-shell` which opens an SSH connection from the host to container, (which opens a shell on the container for the container `git`).
-10. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
-
-**Notes**
-
-SSH container passthrough using `authorized_keys` will work only if
-
- `opensshd` is used in the container
- if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
-
-If you try to login as the `git` user on the host in future you will ssh directly to the docker.
-
-Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
-
-### Docker Shell (with authorized_keys)
-
-Similar to the above ssh shell technique we can use a shell which simply uses `docker exec`. As an administrative user on the host run:
+Now a SSH key pair needs to be created on the host. This key pair will be used to authenticate the `git` user on the host to the container.
+
+```bash
+sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
+```
+
+In the next step a file named `/app/gitea/gitea` (with executable permissions) needs to be created on the host. This file will issue the SSH forwarding from the host to the container. Add the following contents to `/app/gitea/gitea`:

 ```bash
-cat <<"EOF" | sudo tee /home/git/docker-shell
 #!/bin/sh
-/usr/bin/docker exec -i -u git --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
-EOF
-sudo chmod +x /home/git/docker-shell
-sudo usermod -s /home/git/docker-shell git
+ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+```
+
+Here you should also make sure that you've set the permission of `/app/gitea/gitea` correctly:
+
+```bash
+sudo chmod +x /app/gitea/gitea
+```
+
+To make the forwarding work, the SSH port of the container (22) needs to be mapped to the host port 2222 in `docker-compose.yml` . Since this port does not need to be exposed to the outside world, it can be mapped to the `localhost` of the host machine:
+
+```bash
+ports:
+  # [...]
+  - "127.0.0.1:2222:22"
+```
+
+In addition, `/home/git/.ssh/authorized_keys` on the host needs to be modified. It needs to act in the same way as `authorized_keys` within the Gitea container. Therefore add the public key of the key you created above ("Gitea Host Key") to `~/git/.ssh/authorized_keys`.
+This can be done via `echo "$(cat /home/git/.ssh/id_rsa.pub)" >> /home/git/.ssh/authorized_keys`.
+Important: The pubkey from the `git` user needs to be added "as is" while all other pubkeys added via the Gitea web interface will be prefixed with `command="/app [...]`.
+
+The file should then look somewhat like
+
+```bash
+# SSH pubkey from git user
+ssh-rsa <Gitea Host Key>
+
+# other keys from users
+command="/app/gitea/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
 ```

 Here is a detailed explanation what is happening when a SSH request is made:

-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea in the container will add an entry for this key to the `.ssh/authorized_keys` file of its running user, `git`. 
-    - However, because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key has been added to the host `git` user's `authorized_keys` file too.
-3. This entry has the public key, but also has a `command=` option.
-    - This command matches the location of the Gitea binary on the container.
-4. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-5. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
-6. For each key the client provides, the host SSH server will first check its configuration for an `AuthorizedKeysCommand` to see if the public key matches, and then the host `git` user's `authorized_keys` file.
-    - Because `/home/git/.ssh/` on the host is mounted as `/data/git/.ssh` this means that the key they added to the Gitea web will be found
-7. The first entry that matches will be selected, and assuming this is a Gitea entry, the `command=` will now be executed.
-8. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`
-9. The shell of the host `git` user is now our `docker-shell` which uses `docker exec` to open a shell for the `git` user on the container.
-10. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
+1. A SSH request is made against the host (usually port 22) using the `git` user, e.g. `git clone git@domain:user/repo.git`.
+2. In `/home/git/.ssh/authorized_keys` , the command executes the `/app/gitea/gitea` script.
+3. `/app/gitea/gitea` forwards the SSH request to port 2222 which is mapped to the SSH port (22) of the container.
+4. Due to the existence of the public key of the `git` user in `/home/git/.ssh/authorized_keys` the authentication host → container succeeds and the SSH request get forwarded to Gitea running in the docker container.

-Note that `gitea` in the docker command above is the name of the container. If you named yours differently, don't forget to change that. The host `git` user also has to have
-permission to run `docker exec`.
+If a new SSH key is added in the Gitea web interface, it will be appended to `.ssh/authorized_keys` in the same way as the already existing key.

 **Notes**

-Docker shell passthrough using `authorized_keys` will work only if
+SSH container passthrough will work only if

 - `opensshd` is used in the container
 - if `AuthorizedKeysCommand` is _not used_ in combination with `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable authorized files key generation
- `LOCAL_ROOT_URL` is not changed (depending on the changes)
-
-If you try to login as the `git` user on the host in future you will `docker exec` directly to the docker.
-
-A Docker execing shim could be created similarly to above.
-
-### Docker Shell with AuthorizedKeysCommand
-
-The AuthorizedKeysCommand route provides another option that does not require many changes to the compose file or the `authorized_keys` - but does require changes to the host `/etc/sshd_config`.
-
-In this option, the idea is that the host SSH uses an `AuthorizedKeysCommand` instead of relying on sharing the `authorized_keys` file that gitea creates. We continue to use a special shell at step 8 above to exec into the docker and then run the shell there. This means that the `gitea` that is then run is the real docker `gitea`.
-
- On the host create a `git` user with permission to run `docker exec`.
- We will again assume that the Gitea container is called `gitea`.
- Modify the `git` user's shell to forward commands to the `sh` executable inside the container using `docker exec`.  As an administrative user on the host run:
-
-  ```bash
-  cat <<"EOF" | sudo tee /home/git/docker-shell
-  #!/bin/sh
-  /usr/bin/docker exec -i --env SSH_ORIGINAL_COMMAND="$SSH_ORIGINAL_COMMAND" gitea sh "$@"
-  EOF
-  sudo chmod +x /home/git/docker-shell
-  sudo usermod -s /home/git/docker-shell git
-  ```
-
-Now all attempts to login as the `git` user on the host will be forwarded to the docker - including the `SSH_ORIGINAL_COMMAND`. We now need to set-up SSH authentication on the host.
-
-We will do this by leveraging the [SSH AuthorizedKeysCommand](https://docs.gitea.io/en-us/command-line/#keys) to match the keys against those accepted by Gitea. 
-
-Add the following block to `/etc/ssh/sshd_config`, on the host:
-
-```bash
-Match User git
-  AuthorizedKeysCommandUser git
-  AuthorizedKeysCommand /usr/bin/docker exec -i gitea /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
-```
-
-(From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.)
-
-Finally restart the SSH server. As an administrative user on the host run:
-
-```bash
-sudo systemctl restart sshd
-```
-
-Here is a detailed explanation what is happening when a SSH request is made:
-
-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea in the container will add an entry for this key to its database.
-3. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-4. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
-5. For each key the client provides, the host SSH server will checks its configuration for an `AuthorizedKeysCommand`.
-6. The host runs the above `AuthorizedKeysCommand`, which execs in to the docker and then runs the `gitea keys` command.
-7. Gitea on the docker will look in it's database to see if the public key matches and will return an entry like that of an `authorized_keys` command.
-8. This entry has the public key, but also has a `command=` option which matches the location of the Gitea binary on the container.
-9. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`.
-10. The shell of the host `git` user is now our `docker-shell` which uses `docker exec` to open a shell for the `git` user on the container.
-11. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
-
-**Notes**
-
-Docker shell passthrough using `AuthorizedKeysCommand` will work only if
-
- The host `git` user is allowed to run the `docker exec` command.
-
-If you try to login as the `git` user on the host in future you will `docker exec` directly to the docker.
-
-A Docker execing shim could be created similarly to above.
-
-### SSH Shell with AuthorizedKeysCommand
-
-Create a key for the host `git` user as above, add it to the docker `/data/git/.ssh/authorized_keys` then finally create and set the `ssh-shell` as above.
-
-Add the following block to `/etc/ssh/sshd_config`, on the host:
-
-```bash
-Match User git
-  AuthorizedKeysCommandUser git
-  AuthorizedKeysCommand /usr/bin/ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 /usr/local/bin/gitea keys -c /data/gitea/conf/app.ini -e git -u %u -t %t -k %k
-```
-
-(From 1.16.0 you will not need to set the `-c /data/gitea/conf/app.ini` option.)
-
-Finally restart the SSH server. As an administrative user on the host run:
-
-```bash
-sudo systemctl restart sshd
-```
-
-Here is a detailed explanation what is happening when a SSH request is made:
-
-1. The client adds their SSH public key to Gitea using the webpage.
-2. Gitea in the container will add an entry for this key to its database.
-3. The client then makes an SSH request to the host SSH server using the `git` user, e.g. `git clone git@domain:user/repo.git`.
-4. The client will attempt to authenticate with the server, passing one or more public keys in turn to the host.
-5. For each key the client provides, the host SSH server will checks its configuration for an `AuthorizedKeysCommand`.
-6. The host runs the above `AuthorizedKeysCommand`, which will SSH in to the docker and then run the `gitea keys` command.
-7. Gitea on the docker will look in it's database to see if the public key matches and will return an entry like that of an `authorized_keys` command.
-8. This entry has the public key, but also has a `command=` option which matches the location of the Gitea binary on the container.
-9. The host SSH server creates a user session for the `git` user, and using the shell for the host `git` user runs the `command=`.
-10. The shell of the host `git` user is now our `git-shell` which uses SSH to open a shell for the `git` user on the container.
-11. The container shell now runs the `command=` option meaning that the container `gitea serv` is run, taking over control of the rest of the SSH session and managing gitea authentication & authorization of the git commands.
-
-**Notes**
-
-SSH container passthrough using `AuthorizedKeysCommand` will work only if
-
- `opensshd` is running on the container
-
-If you try to login as the `git` user on the host in future you will `ssh` directly to the docker.
-
-Never add the `Gitea Host Key` as a SSH key to a user on the Gitea interface.
-
-SSHing shims could be created similarly to above.
+- `LOCAL_ROOT_URL` is not changed
--- a/docs/content/doc/installation/with-docker.zh-cn.md
+++ b/docs/content/doc/installation/with-docker.zh-cn.md
@@ -172,7 +172,7 @@ services:
 +      - db
 +
 +  db:
-+    image: postgres:14
+    image: postgres:13
 +    restart: always
 +    environment:
 +      - POSTGRES_USER=gitea
@@ -301,7 +301,7 @@ volumes:
 sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
 ```

-在下一步中，需要在主机上创建一个名为 `/user/local/bin/gitea` 的文件（具有可执行权限）。该文件将发出从主机到容器的 SSH 转发。将以下内容添加到 `/user/local/bin/gitea`：
+在下一步中，需要在主机上创建一个名为 `/app/gitea/gitea` 的文件（具有可执行权限）。该文件将发出从主机到容器的 SSH 转发。将以下内容添加到 `/app/gitea/gitea`：

 ```bash
 ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
@@ -324,14 +324,14 @@ ports:
 ssh-rsa <Gitea Host Key>

 # other keys from users
-command="/user/local/bin/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
+command="/app/gitea/gitea --config=/data/gitea/conf/app.ini serv key-1",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty <user pubkey>
 ```

 这是详细的说明，当发出 SSH 请求时会发生什么：

 1. 使用 `git` 用户向主机发出 SSH 请求，例如 `git clone git@domain:user/repo.git`。
-2. 在 `/home/git/.ssh/authorized_keys` 中，该命令执行 `/user/local/bin/gitea` 脚本。
-3. `/user/local/bin/gitea` 将 SSH 请求转发到端口 2222，该端口已映射到容器的 SSH 端口（22）。
+2. 在 `/home/git/.ssh/authorized_keys` 中，该命令执行 `/app/gitea/gitea` 脚本。
+3. `/app/gitea/gitea` 将 SSH 请求转发到端口 2222，该端口已映射到容器的 SSH 端口（22）。
 4. 由于 `/home/git/.ssh/authorized_keys` 中存在 `git` 用户的公钥，因此身份验证主机 → 容器成功，并且 SSH 请求转发到在 docker 容器中运行的 Gitea。

 如果在 Gitea Web 界面中添加了新的 SSH 密钥，它将以与现有密钥相同的方式附加到 `.ssh/authorized_keys` 中。
--- a/docs/content/doc/packages.en-us.md
+++ b/docs/content/doc/packages.en-us.md
@@ -1,12 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Package Registry"
-slug: "packages"
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Package Registry"
-    weight: 45
-    identifier: "packages"
---
--- a/docs/content/doc/packages/composer.en-us.md
+++ b/docs/content/doc/packages/composer.en-us.md
@@ -1,120 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Composer Packages Repository"
-slug: "packages/composer"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Composer"
-    weight: 10
-    identifier: "composer"
---
-
-# Composer Packages Repository
-
-Publish [Composer](https://getcomposer.org/) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the Composer package registry, you can use [Composer](https://getcomposer.org/download/) to consume and a HTTP upload client like `curl` to publish packages.
-
-## Publish a package
-
-To publish a Composer package perform a HTTP PUT operation with the package content in the request body.
-The package content must be the zipped PHP project with the `composer.json` file.
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-```
-PUT https://gitea.example.com/api/packages/{owner}/composer
-```
-
-| Parameter  | Description |
-| ---------- | ----------- |
-| `owner`    | The owner of the package. |
-
-If the `composer.json` file does not contain a `version` property, you must provide it as a query parameter:
-
-```
-PUT https://gitea.example.com/api/packages/{owner}/composer?version={x.y.z}
-```
-
-Example request using HTTP Basic authentication:
-
-```shell
-curl --user your_username:your_password_or_token \
-     --upload-file path/to/project.zip \
-     https://gitea.example.com/api/packages/testuser/composer
-```
-
-Or specify the package version as query parameter:
-
-```shell
-curl --user your_username:your_password_or_token \
-     --upload-file path/to/project.zip \
-     https://gitea.example.com/api/packages/testuser/composer?version=1.0.3
-```
-
-The server responds with the following HTTP Status codes.
-
-| HTTP Status Code  | Meaning |
-| ----------------- | ------- |
-| `201 Created`     | The package has been published. |
-| `400 Bad Request` | The package name and/or version are invalid or a package with the same name and version already exist. |
-
-## Configuring the package registry
-
-To register the package registry you need to add it to the Composer `config.json` file (which can usually be found under `<user-home-dir>/.composer/config.json`):
-
-```json
-{
-  "repositories": [{
-      "type": "composer",
-      "url": "https://gitea.example.com/api/packages/{owner}/composer"
-   }
-  ]
-}
-```
-
-To access the package registry using credentials, you must specify them in the `auth.json` file as follows:
-
-```json
-{
-  "http-basic": {
-    "gitea.example.com": {
-      "username": "{username}",
-      "password": "{password}"
-    }
-  }
-}
-```
-
-| Parameter  | Description |
-| ---------- | ----------- |
-| `owner`    | The owner of the package. |
-| `username` | Your Gitea username. |
-| `password` | Your Gitea password or a personal access token. |
-
-## Install a package
-
-To install a package from the package registry, execute the following command:
-
-```shell
-composer require {package_name}
-```
-
-Optional you can specify the package version:
-
-```shell
-composer require {package_name}:{package_version}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `package_name`    | The package name. |
-| `package_version` | The package version. |
--- a/docs/content/doc/packages/conan.en-us.md
+++ b/docs/content/doc/packages/conan.en-us.md
@@ -1,101 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Conan Packages Repository"
-slug: "packages/conan"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Conan"
-    weight: 20
-    identifier: "conan"
---
-
-# Conan Packages Repository
-
-Publish [Conan](https://conan.io/) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the Conan package registry, you need to use the [conan](https://conan.io/downloads.html) command line tool to consume and publish packages.
-
-## Configuring the package registry
-
-To register the package registry you need to configure a new Conan remote:
-
-```shell
-conan remote add {remote} https://gitea.example.com/api/packages/{owner}/conan
-conan user --remote {remote} --password {password} {username}
-```
-
-| Parameter  | Description |
-| -----------| ----------- |
-| `remote`   | The remote name. |
-| `username` | Your Gitea username. |
-| `password` | Your Gitea password or a personal access token. |
-| `owner`    | The owner of the package. |
-
-For example:
-
-```shell
-conan remote add gitea https://gitea.example.com/api/packages/testuser/conan
-conan user --remote gitea --password password123 testuser
-```
-
-## Publish a package
-
-Publish a Conan package by running the following command:
-
-```shell
-conan upload --remote={remote} {recipe}
-```
-
-| Parameter | Description |
-| ----------| ----------- |
-| `remote`  | The remote name. |
-| `recipe`  | The recipe to upload. |
-
-For example:
-
-```shell
-conan upload --remote=gitea ConanPackage/1.2@gitea/final
-```
-
-The Gitea Conan package registry has full [revision](https://docs.conan.io/en/latest/versioning/revisions.html) support.
-
-## Install a package
-
-To install a Conan package from the package registry, execute the following command:
-
-```shell
-conan install --remote={remote} {recipe}
-```
-
-| Parameter | Description |
-| ----------| ----------- |
-| `remote`  | The remote name. |
-| `recipe`  | The recipe to download. |
-
-For example:
-
-```shell
-conan install --remote=gitea ConanPackage/1.2@gitea/final
-```
-
-## Supported commands
-
-```
-conan install
-conan get
-conan info
-conan search
-conan upload
-conan user
-conan download
-conan remove
-```
--- a/docs/content/doc/packages/container.en-us.md
+++ b/docs/content/doc/packages/container.en-us.md
@@ -1,91 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Container Registry"
-slug: "packages/container"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Container Registry"
-    weight: 30
-    identifier: "container"
---
-
-# Container Registry
-
-Publish [Open Container Initiative](https://opencontainers.org/) compliant images for your user or organization.
-The container registry follows the OCI specs and supports all compatible images like [Docker](https://www.docker.com/) and [Helm Charts](https://helm.sh/).
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the Container registry, you can use the tools for your specific image type.
-The following examples use the `docker` client.
-
-## Login to the container registry
-
-To push an image or if the image is in a private registry, you have to authenticate:
-
-```shell
-docker login gitea.example.com
-```
-
-## Image naming convention
-
-Images must follow this naming convention:
-
-`{registry}/{owner}/{image}`
-
-For example, these are all valid image names for the owner `testuser`:
-
-`gitea.example.com/testuser/myimage`
-
-`gitea.example.com/testuser/my-image`
-
-`gitea.example.com/testuser/my/image`
-
-**NOTE:** The registry only supports case-insensitive tag names. So `image:tag` and `image:Tag` get treated as the same image and tag.
-
-## Push an image
-
-Push an image by executing the following command:
-
-```shell
-docker push gitea.example.com/{owner}/{image}:{tag}
-```
-
-| Parameter | Description |
-| ----------| ----------- |
-| `owner`   | The owner of the image. |
-| `image`   | The name of the image. |
-| `tag`     | The tag of the image. |
-
-For example:
-
-```shell
-docker push gitea.example.com/testuser/myimage:latest
-```
-
-## Pull an image
-
-Pull an image by executing the following command:
-
-```shell
-docker pull gitea.example.com/{owner}/{image}:{tag}
-```
-
-| Parameter | Description |
-| ----------| ----------- |
-| `owner`   | The owner of the image. |
-| `image`   | The name of the image. |
-| `tag`     | The tag of the image. |
-
-For example:
-
-```shell
-docker pull gitea.example.com/testuser/myimage:latest
-```
--- a/docs/content/doc/packages/generic.en-us.md
+++ b/docs/content/doc/packages/generic.en-us.md
@@ -1,80 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Generic Packages Repository"
-slug: "packages/generic"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Generic"
-    weight: 40
-    identifier: "generic"
---
-
-# Generic Packages Repository
-
-Publish generic files, like release binaries or other output, for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Authenticate to the package registry
-
-To authenticate to the Package Registry, you need to provide [custom HTTP headers or use HTTP Basic authentication]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}).
-
-## Publish a package
-
-To publish a generic package perform a HTTP PUT operation with the package content in the request body.
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-```
-PUT https://gitea.example.com/api/packages/{owner}/generic/{package_name}/{package_version}/{file_name}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `owner`           | The owner of the package. |
-| `package_name`    | The package name. It can contain only lowercase letters (`a-z`), uppercase letter (`A-Z`), numbers (`0-9`), dots (`.`), hyphens (`-`), or underscores (`_`). |
-| `package_version` | The package version, a non-empty string. |
-| `file_name`       | The filename. It can contain only lowercase letters (`a-z`), uppercase letter (`A-Z`), numbers (`0-9`), dots (`.`), hyphens (`-`), or underscores (`_`). |
-
-Example request using HTTP Basic authentication:
-
-```shell
-curl --user your_username:your_password_or_token \
-     --upload-file path/to/file.bin \
-     https://gitea.example.com/api/packages/testuser/generic/test_package/1.0.0/file.bin
-```
-
-The server reponds with the following HTTP Status codes.
-
-| HTTP Status Code  | Meaning |
-| ----------------- | ------- |
-| `201 Created`     | The package has been published. |
-| `400 Bad Request` | The package name and/or version are invalid or a package with the same name and version already exist. |
-
-## Download a package
-
-To download a generic package perform a HTTP GET operation.
-
-```
-GET https://gitea.example.com/api/packages/{owner}/generic/{package_name}/{package_version}/{file_name}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `owner`           | The owner of the package. |
-| `package_name`    | The package name. |
-| `package_version` | The package version. |
-| `file_name`       | The filename. |
-
-The file content is served in the response body. The response content type is `application/octet-stream`.
-
-Example request using HTTP Basic authentication:
-
-```shell
-curl --user your_username:your_token_or_password \
-     https://gitea.example.com/api/packages/testuser/generic/test_package/1.0.0/file.bin
-```
--- a/docs/content/doc/packages/helm.en-us.md
+++ b/docs/content/doc/packages/helm.en-us.md
@@ -1,67 +0,0 @@
---
-date: "2022-04-14T00:00:00+00:00"
-title: "Helm Chart Registry"
-slug: "packages/helm"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Helm"
-    weight: 50
-    identifier: "helm"
---
-
-# Helm Chart Registry
-
-Publish [Helm](https://helm.sh/) charts for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the Helm Chart registry use a simple HTTP client like `curl` or the [`helm cm-push`](https://github.com/chartmuseum/helm-push/) plugin.
-
-## Publish a package
-
-Publish a package by running the following command:
-
-```shell
-curl --user {username}:{password} -X POST --upload-file ./{chart_file}.tgz https://gitea.example.com/api/packages/{owner}/helm/api/charts
-```
-
-or with the `helm cm-push` plugin:
-
-```shell
-helm repo add  --username {username} --password {password} {repo} https://gitea.example.com/api/packages/{owner}/helm
-helm cm-push ./{chart_file}.tgz {repo}
-```
-
-| Parameter    | Description |
-| ------------ | ----------- |
-| `username`   | Your Gitea username. |
-| `password`   | Your Gitea password or a personal access token. |
-| `repo`       | The name for the repository. |
-| `chart_file` | The Helm Chart archive. |
-| `owner`      | The owner of the package. |
-
-## Install a package
-
-To install a Helm char from the registry, execute the following command:
-
-```shell
-helm repo add  --username {username} --password {password} {repo} https://gitea.example.com/api/packages/{owner}/helm
-helm repo update
-helm install {name} {repo}/{chart}
-```
-
-| Parameter  | Description |
-| ---------- | ----------- |
-| `username` | Your Gitea username. |
-| `password` | Your Gitea password or a personal access token. |
-| `repo`     | The name for the repository. |
-| `owner`    | The owner of the package. |
-| `name`     | The local name. |
-| `chart`    | The name Helm Chart. |
--- a/docs/content/doc/packages/maven.en-us.md
+++ b/docs/content/doc/packages/maven.en-us.md
@@ -1,110 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Maven Packages Repository"
-slug: "packages/maven"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Maven"
-    weight: 60
-    identifier: "maven"
---
-
-# Maven Packages Repository
-
-Publish [Maven](https://maven.apache.org) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the Maven package registry, you can use [Maven](https://maven.apache.org/install.html) or [Gradle](https://gradle.org/install/).
-The following examples use `Maven`.
-
-## Configuring the package registry
-
-To register the package registry you first need to add your access token to the [`settings.xml`](https://maven.apache.org/settings.html) file:
-
-```xml
-<settings>
-  <servers>
-    <server>
-      <id>gitea</id>
-      <configuration>
-        <httpHeaders>
-          <property>
-            <name>Authorization</name>
-            <value>token {access_token}</value>
-          </property>
-        </httpHeaders>
-      </configuration>
-    </server>
-  </servers>
-</settings>
-```
-
-Afterwards add the following sections to your project `pom.xml` file:
-
-```xml
-<repositories>
-  <repository>
-    <id>gitea</id>
-    <url>https://gitea.example.com/api/packages/{owner}/maven</url>
-  </repository>
-</repositories>
-<distributionManagement>
-  <repository>
-    <id>gitea</id>
-    <url>https://gitea.example.com/api/packages/{owner}/maven</url>
-  </repository>
-  <snapshotRepository>
-    <id>gitea</id>
-    <url>https://gitea.example.com/api/packages/{owner}/maven</url>
-  </snapshotRepository>
-</distributionManagement>
-```
-
-| Parameter      | Description |
-| -------------- | ----------- |
-| `access_token` | Your [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). |
-| `owner`        | The owner of the package. |
-
-## Publish a package
-
-To publish a package simply run:
-
-```shell
-mvn deploy
-```
-
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-## Install a package
-
-To install a Maven package from the package registry, add a new dependency to your project `pom.xml` file:
-
-```xml
-<dependency>
-  <groupId>com.test.package</groupId>
-  <artifactId>test_project</artifactId>
-  <version>1.0.0</version>
-</dependency>
-```
-
-Afterwards run:
-
-```shell
-mvn install
-```
-
-## Supported commands
-
-```
-mvn install
-mvn deploy
-mvn dependency:get:
-```
--- a/docs/content/doc/packages/npm.en-us.md
+++ b/docs/content/doc/packages/npm.en-us.md
@@ -1,118 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "npm Packages Repository"
-slug: "packages/npm"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "npm"
-    weight: 70
-    identifier: "npm"
---
-
-# npm Packages Repository
-
-Publish [npm](https://www.npmjs.com/) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the npm package registry, you need [Node.js](https://nodejs.org/en/download/) coupled with a package manager such as [Yarn](https://classic.yarnpkg.com/en/docs/install) or [npm](https://docs.npmjs.com/downloading-and-installing-node-js-and-npm/) itself.
-
-The registry supports [scoped](https://docs.npmjs.com/misc/scope/) and unscoped packages.
-
-The following examples use the `npm` tool with the scope `@test`.
-
-## Configuring the package registry
-
-To register the package registry you need to configure a new package source.
-
-```shell
-npm config set {scope}:registry https://gitea.example.com/api/packages/{owner}/npm/
-npm config set -- '//gitea.example.com/api/packages/{owner}/npm/:_authToken' "{token}"
-```
-
-| Parameter    | Description |
-| ------------ | ----------- |
-| `scope`      | The scope of the packages. |
-| `owner`      | The owner of the package. |
-| `token`      | Your [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). |
-
-For example:
-
-```shell
-npm config set @test:registry https://gitea.example.com/api/packages/testuser/npm/
-npm config set -- '//gitea.example.com/api/packages/testuser/npm/:_authToken' "personal_access_token"
-```
-
-or without scope:
-
-```shell
-npm config set registry https://gitea.example.com/api/packages/testuser/npm/
-npm config set -- '//gitea.example.com/api/packages/testuser/npm/:_authToken' "personal_access_token"
-```
-
-## Publish a package
-
-Publish a package by running the following command in your project:
-
-```shell
-npm publish
-```
-
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-## Install a package
-
-To install a package from the package registry, execute the following command:
-
-```shell
-npm install {package_name}
-```
-
-| Parameter      | Description |
-| -------------- | ----------- |
-| `package_name` | The package name. |
-
-For example:
-
-```shell
-npm install @test/test_package
-```
-
-## Tag a package
-
-The registry supports [version tags](https://docs.npmjs.com/adding-dist-tags-to-packages/) which can be managed by `npm dist-tag`:
-
-```shell
-npm dist-tag add {package_name}@{version} {tag}
-```
-
-| Parameter      | Description |
-| -------------- | ----------- |
-| `package_name` | The package name. |
-| `version`      | The version of the package. |
-| `tag`          | The tag name. |
-
-For example:
-
-```shell
-npm dist-tag add test_package@1.0.2 release
-```
-
-The tag name must not be a valid version. All tag names which are parsable as a version are rejected.
-
-## Supported commands
-
-```
-npm install
-npm ci
-npm publish
-npm dist-tag
-npm view
-```
--- a/docs/content/doc/packages/nuget.en-us.md
+++ b/docs/content/doc/packages/nuget.en-us.md
@@ -1,118 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "NuGet Packages Repository"
-slug: "packages/nuget"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "NuGet"
-    weight: 80
-    identifier: "nuget"
---
-
-# NuGet Packages Repository
-
-Publish [NuGet](https://www.nuget.org/) packages for your user or organization. The package registry supports [NuGet Symbol Packages](https://docs.microsoft.com/en-us/nuget/create-packages/symbol-packages-snupkg) too.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the NuGet package registry, you can use command-line interface tools as well as NuGet features in various IDEs like Visual Studio.
-More informations about NuGet clients can be found in [the official documentation](https://docs.microsoft.com/en-us/nuget/install-nuget-client-tools).
-The following examples use the `dotnet nuget` tool.
-
-## Configuring the package registry
-
-To register the package registry you need to configure a new NuGet feed source:
-
-```shell
-dotnet nuget add source --name {source_name} --username {username} --password {password} https://gitea.example.com/api/packages/{owner}/nuget/index.json
-```
-
-| Parameter     | Description |
-| ------------- | ----------- |
-| `source_name` | The desired source name. |
-| `username`    | Your Gitea username. |
-| `password`    | Your Gitea password or a personal access token. |
-| `owner`       | The owner of the package. |
-
-For example:
-
-```shell
-dotnet nuget add source --name gitea --username testuser --password password123 https://gitea.example.com/api/packages/testuser/nuget/index.json
-```
-
-You can add the source without credentials and use the [`--api-key`](https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-nuget-push) parameter when publishing packages. In this case you need to provide a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}).
-
-## Publish a package
-
-Publish a package by running the following command:
-
-```shell
-dotnet nuget push --source {source_name} {package_file}
-```
-
-| Parameter      | Description |
-| -------------- | ----------- |
-| `source_name`  | The desired source name. |
-| `package_file` | Path to the package `.nupkg` file. |
-
-For example:
-
-```shell
-dotnet nuget push --source gitea test_package.1.0.0.nupkg
-```
-
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-### Symbol Packages
-
-The NuGet package registry has build support for a symbol server. The PDB files embedded in a symbol package (`.snupkg`) can get requested by clients.
-To do so, register the NuGet package registry as symbol source:
-
-```
-https://gitea.example.com/api/packages/{owner}/nuget/symbols
-```
-
-| Parameter | Description |
-| --------- | ----------- |
-| `owner`   | The owner of the package registry. |
-
-For example:
-
-```
-https://gitea.example.com/api/packages/testuser/nuget/symbols
-```
-
-## Install a package
-
-To install a NuGet package from the package registry, execute the following command:
-
-```shell
-dotnet add package --source {source_name} --version {package_version} {package_name}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `source_name`     | The desired source name. |
-| `package_name`    | The package name. |
-| `package_version` | The package version. |
-
-For example:
-
-```shell
-dotnet add package --source gitea --version 1.0.0 test_package
-```
-
-## Supported commands
-
-```
-dotnet add
-dotnet nuget push
-dotnet nuget delete
-```
--- a/docs/content/doc/packages/overview.en-us.md
+++ b/docs/content/doc/packages/overview.en-us.md
@@ -1,100 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "Package Registry"
-slug: "packages/overview"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "Overview"
-    weight: 1
-    identifier: "overview"
---
-
-# Package Registry
-
-Starting with Gitea **1.17**, the Package Registry can be used as a public or private registry for common package managers.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Supported package managers
-
-The following package managers are currently supported:
-
-| Name | Language | Package client |
-| ---- | -------- | -------------- |
-| [Composer]({{< relref "doc/packages/composer.en-us.md" >}}) | PHP | `composer` |
-| [Conan]({{< relref "doc/packages/conan.en-us.md" >}}) | C++ | `conan` |
-| [Container]({{< relref "doc/packages/container.en-us.md" >}}) | - | any OCI compliant client |
-| [Generic]({{< relref "doc/packages/generic.en-us.md" >}}) | - | any HTTP client |
-| [Helm]({{< relref "doc/packages/helm.en-us.md" >}}) | - | any HTTP client, `cm-push` |
-| [Maven]({{< relref "doc/packages/maven.en-us.md" >}}) | Java | `mvn`, `gradle` |
-| [npm]({{< relref "doc/packages/npm.en-us.md" >}}) | JavaScript | `npm`, `yarn` |
-| [NuGet]({{< relref "doc/packages/nuget.en-us.md" >}}) | .NET | `nuget` |
-| [PyPI]({{< relref "doc/packages/pypi.en-us.md" >}}) | Python | `pip`, `twine` |
-| [RubyGems]({{< relref "doc/packages/rubygems.en-us.md" >}}) | Ruby | `gem`, `Bundler` |
-
-**The following paragraphs only apply if Packages are not globally disabled!**
-
-## Repository-Packages
-
-A package always belongs to an owner (a user or organisation), not a repository.
-To link an (already uploaded) package to a repository, open the settings page
-on that package and choose a repository to link this package to.
-The entire package will be linked, not just a single version.
-
-Linking a package results in showing that package in the repository's package list,
-and shows a link to the repository on the package site (as well as a link to the repository issues).
-
-## Access Restrictions
-
-| Package owner type | User | Organization |
-|--------------------|------|--------------|
-| **read** access    | public, if user is public too; otherwise for this user only | public, if org is public, otherwise org members only |
-| **write** access   | owner only | org members with admin or write access to the org |
-
-N.B.: These access restrictions are [subject to change](https://github.com/go-gitea/gitea/issues/19270), where more finegrained control will be added via a dedicated organization team permission.
-
-## Create or upload a package
-
-Depending on the type of package, use the respective package-manager for that. Check out the sub-page of a specific package manager for instructions.
-
-## View packages
-
-You can view the packages of a repository on the repository page.
-
-1. Go to the repository.
-1. Go to **Packages** in the navigation bar.
-
-To view more details about a package, select the name of the package.
-
-## Download a package
-
-To download a package from your repository:
-
-1. Go to **Packages** in the navigation bar.
-1. Select the name of the package to view the details.
-1. In the **Assets** section, select the name of the package file you want to download.
-
-## Delete a package
-
-You cannot edit a package after you published it in the Package Registry. Instead, you
-must delete and recreate it.
-
-To delete a package from your repository:
-
-1. Go to **Packages** in the navigation bar.
-1. Select the name of the package to view the details.
-1. Click **Delete package** to permanently delete the package.
-
-## Disable the Package Registry
-
-The Package Registry is automatically enabled. To disable it for a single repository:
-
-1. Go to **Settings** in the navigation bar.
-1. Disable **Enable Repository Packages Registry**.
-
-Previously published packages are not deleted by disabling the Package Registry.
--- a/docs/content/doc/packages/pypi.en-us.md
+++ b/docs/content/doc/packages/pypi.en-us.md
@@ -1,85 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "PyPI Packages Repository"
-slug: "packages/pypi"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "PyPI"
-    weight: 90
-    identifier: "pypi"
---
-
-# PyPI Packages Repository
-
-Publish [PyPI](https://pypi.org/) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the PyPI package registry, you need to use the tools [pip](https://pypi.org/project/pip/) to consume and [twine](https://pypi.org/project/twine/) to publish packages.
-
-## Configuring the package registry
-
-To register the package registry you need to edit your local `~/.pypirc` file. Add
-
-```ini
-[distutils]
-index-servers = gitea
-
-[gitea]
-repository = https://gitea.example.com/api/packages/{owner}/pypi
-username = {username}
-password = {password}
-```
-
-| Placeholder  | Description |
-| ------------ | ----------- |
-| `owner`      | The owner of the package. |
-| `username`   | Your Gitea username. |
-| `password`   | Your Gitea password or a [personal access token]({{< relref "doc/developers/api-usage.en-us.md#authentication" >}}). |
-
-## Publish a package
-
-Publish a package by running the following command:
-
-```shell
-python3 -m twine upload --repository gitea /path/to/files/*
-```
-
-The package files have the extensions `.tar.gz` and `.whl`.
-
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-## Install a package
-
-To install a PyPI package from the package registry, execute the following command:
-
-```shell
-pip install --index-url https://{username}:{password}@gitea.example.com/api/packages/{owner}/pypi/simple --no-deps {package_name}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `username`        | Your Gitea username. |
-| `password`        | Your Gitea password or a personal access token. |
-| `owner`           | The owner of the package. |
-| `package_name`    | The package name. |
-
-For example:
-
-```shell
-pip install --index-url https://testuser:password123@gitea.example.com/api/packages/testuser/pypi/simple --no-deps test_package
-```
-
-## Supported commands
-
-```
-pip install
-twine upload
-```
--- a/docs/content/doc/packages/rubygems.en-us.md
+++ b/docs/content/doc/packages/rubygems.en-us.md
@@ -1,127 +0,0 @@
---
-date: "2021-07-20T00:00:00+00:00"
-title: "RubyGems Packages Repository"
-slug: "packages/rubygems"
-draft: false
-toc: false
-menu:
-  sidebar:
-    parent: "packages"
-    name: "RubyGems"
-    weight: 100
-    identifier: "rubygems"
---
-
-# RubyGems Packages Repository
-
-Publish [RubyGems](https://guides.rubygems.org/) packages for your user or organization.
-
-**Table of Contents**
-
-{{< toc >}}
-
-## Requirements
-
-To work with the RubyGems package registry, you need to use the [gem](https://guides.rubygems.org/command-reference/) command line tool to consume and publish packages.
-
-## Configuring the package registry
-
-To register the package registry edit the `~/.gem/credentials` file and add:
-
-```ini
---
-https://gitea.example.com/api/packages/{owner}/rubygems: Bearer {token}
-```
-
-| Parameter     | Description |
-| ------------- | ----------- |
-| `owner`       | The owner of the package. |
-| `token`       | Your personal access token. |
-
-For example:
-
-```
---
-https://gitea.example.com/api/packages/testuser/rubygems: Bearer 3bd626f84b01cd26b873931eace1e430a5773cc4
-```
-
-## Publish a package
-
-Publish a package by running the following command:
-
-```shell
-gem push --host {host} {package_file}
-```
-
-| Parameter      | Description |
-| -------------- | ----------- |
-| `host`         | URL to the package registry. |
-| `package_file` | Path to the package `.gem` file. |
-
-For example:
-
-```shell
-gem push --host https://gitea.example.com/api/packages/testuser/rubygems test_package-1.0.0.gem
-```
-
-You cannot publish a package if a package of the same name and version already exists. You must delete the existing package first.
-
-## Install a package
-
-To install a package from the package registry you can use [Bundler](https://bundler.io) or `gem`.
-
-### Bundler
-
-Add a new `source` block to your `Gemfile`:
-
-```
-source "https://gitea.example.com/api/packages/{owner}/rubygems" do
-  gem "{package_name}"
-end
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `owner`           | The owner of the package. |
-| `package_name`    | The package name. |
-
-For example:
-
-```
-source "https://gitea.example.com/api/packages/testuser/rubygems" do
-  gem "test_package"
-end
-```
-
-Afterwards run the following command:
-
-```shell
-bundle install
-```
-
-### gem
-
-Execute the following command:
-
-```shell
-gem install --host https://gitea.example.com/api/packages/{owner}/rubygems {package_name}
-```
-
-| Parameter         | Description |
-| ----------------- | ----------- |
-| `owner`           | The owner of the package. |
-| `package_name`    | The package name. |
-
-For example:
-
-```shell
-gem install --host https://gitea.example.com/api/packages/testuser/rubygems test_package
-```
-
-## Supported commands
-
-```
-gem install
-bundle install
-gem push
-```
--- a/docs/content/doc/translation.de-de.md
+++ b/docs/content/doc/translation.de-de.md
@@ -8,6 +8,6 @@ draft: false
 menu:
  sidebar:
    name: "Übersetzung"
-    weight: 50
+    weight: 45
    identifier: "translation"
 ---
--- a/Show More
+++ b/Show More