Add changelog for v1.17.2 (#21089 )

Co-authored-by: John Olheiser <john+github@jolheiser.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Fix sub folder in repository missing add file dropdown (#21069 ) (#21083 )
2025-11-05 18:32:41 +09:00 · 2022-09-06 17:32:20 -04:00 · 2022-09-06 09:42:05 +01:00 · 2022-09-06 07:54:47 +01:00 · 2022-09-06 06:48:57 +08:00 · 2022-09-04 12:17:48 -04:00
3832 changed files with 66341 additions and 126932 deletions
--- a/.air.toml
+++ b/.air.toml
@@ -5,6 +5,6 @@ tmp_dir = ".air"
 cmd = "make backend"
 bin = "gitea"
 include_ext = ["go", "tmpl"]
-exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"]
+exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
-exclude_regex = ["_test.go$", "_gen.go$"]
+exclude_regex = ["_test.go$"]
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -1,3 +1,6 @@
 # config for changelog tool
 # source: https://gitea.com/gitea/changelog
 # The full repository name
 repo: go-gitea/gitea
@@ -18,6 +21,10 @@ groups:
    name: SECURITY
    labels:
      - kind/security
  -
    name: FEDERATION
    labels:
      - theme/federation
  -
    name: FEATURES
    labels:
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,114 +0,0 @@
 # Compiled Object files, Static and Dynamic libs (Shared Objects)
 *.o
 *.a
 *.so
 # Folders
 _obj
 _test
 # IntelliJ
 .idea
 # Goland's output filename can not be set manually
 /go_build_*
 # MS VSCode
 .vscode
 __debug_bin
 # Architecture specific extensions/prefixes
 *.[568vq]
 [568vq].out
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
 _cgo_gotypes.go
 _cgo_export.*
 _testmain.go
 *.exe
 *.test
 *.prof
 *coverage.out
 coverage.all
 cpu.out
 /modules/migration/bindata.go
 /modules/migration/bindata.go.hash
 /modules/options/bindata.go
 /modules/options/bindata.go.hash
 /modules/public/bindata.go
 /modules/public/bindata.go.hash
 /modules/templates/bindata.go
 /modules/templates/bindata.go.hash
 *.db
 *.log
 /gitea
 /gitea-vet
 /debug
 /integrations.test
 /bin
 /dist
 /custom/*
 !/custom/conf
 /custom/conf/*
 !/custom/conf/app.example.ini
 /data
 /indexers
 /log
 /public/img/avatar
 /tests/integration/gitea-integration-*
 /tests/integration/indexers-*
 /tests/e2e/gitea-e2e-*
 /tests/e2e/indexers-*
 /tests/e2e/reports
 /tests/e2e/test-artifacts
 /tests/e2e/test-snapshots
 /tests/*.ini
 /node_modules
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
 /public/js
 /public/serviceworker.js
 /public/css
 /public/fonts
 /public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
 !/web_src/fomantic/build/semantic.js
 !/web_src/fomantic/build/semantic.css
 !/web_src/fomantic/build/themes
 /web_src/fomantic/build/themes/*
 !/web_src/fomantic/build/themes/default
 /web_src/fomantic/build/themes/default/assets/*
 !/web_src/fomantic/build/themes/default/assets/fonts
 /web_src/fomantic/build/themes/default/assets/fonts/*
 !/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
 /.go-licenses
 # Snapcraft
 snap/.snapcraft/
 parts/
 stage/
 prime/
 *.snap
 *.snap-build
 *_source.tar.bz2
 .DS_Store
 # Make evidence files
 /.make_evidence
 # Manpage
 /man
--- a/.drone.yml
+++ b/.drone.yml
@@ -12,9 +12,6 @@ trigger:
    - push
    - tag
    - pull_request
  paths:
    exclude:
      - docs/**
 volumes:
  - name: deps
@@ -22,13 +19,13 @@ volumes:
 steps:
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -37,13 +34,13 @@ steps:
        path: /go
  - name: lint-frontend
-    image: node:18
+    image: node:16
    commands:
      - make lint-frontend
    depends_on: [deps-frontend]
  - name: lint-backend
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - make lint-backend
@@ -57,7 +54,7 @@ steps:
        path: /go
  - name: lint-backend-windows
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make golangci-lint-windows vet
    environment:
@@ -72,7 +69,7 @@ steps:
        path: /go
  - name: lint-backend-gogit
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make lint-backend
    environment:
@@ -85,36 +82,37 @@ steps:
        path: /go
  - name: checks-frontend
-    image: node:18
+    image: node:16
    commands:
      - make checks-frontend
    depends_on: [deps-frontend]
  - name: checks-backend
-    image: golang:1.20
+    image: golang:1.18
    commands:
-      - make --always-make checks-backend # ensure the 'go-licenses' make target runs
+      - make checks-backend
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go
  - name: test-frontend
-    image: node:18
+    image: node:16
    commands:
      - make test-frontend
    depends_on: [lint-frontend]
  - name: build-frontend
-    image: node:18
+    image: node:16
    commands:
      - make frontend
-    depends_on: [deps-frontend]
+    depends_on: [test-frontend]
  - name: build-backend-no-gcc
-    image: golang:1.19 # this step is kept as the lowest version of golang that we support
+    image: golang:1.18 # this step is kept as the lowest version of golang that we support
    pull: always
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
    commands:
      - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
@@ -124,8 +122,9 @@ steps:
        path: /go
  - name: build-backend-arm64
-    image: golang:1.20
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: arm64
@@ -139,8 +138,9 @@ steps:
        path: /go
  - name: build-backend-windows
-    image: golang:1.20
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: windows
      GOARCH: amd64
@@ -153,8 +153,9 @@ steps:
        path: /go
  - name: build-backend-386
-    image: golang:1.20
+    image: golang:1.18
    environment:
      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: 386
@@ -182,9 +183,6 @@ trigger:
    - push
    - tag
    - pull_request
  paths:
    exclude:
      - docs/**
 volumes:
  - name: deps
@@ -232,10 +230,6 @@ services:
      MINIO_ACCESS_KEY: 123456
      MINIO_SECRET_KEY: 12345678
  - name: smtpimap
    image: tabascoterrier/docker-imap-devel:latest
    pull: always
 steps:
  - name: fetch-tags
    image: docker:git
@@ -249,7 +243,7 @@ steps:
          - pull_request
  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -264,13 +258,13 @@ steps:
      - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
  - name: prepare-test-env
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh
  - name: build
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@@ -285,7 +279,7 @@ steps:
        path: /go
  - name: unit-test
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@@ -301,7 +295,7 @@ steps:
        path: /go
  - name: unit-test-gogit
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@@ -317,7 +311,7 @@ steps:
        path: /go
  - name: test-mysql
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mysql-migration integration-test-coverage
@@ -334,7 +328,7 @@ steps:
        path: /go
  - name: test-mysql8
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
@@ -350,7 +344,7 @@ steps:
        path: /go
  - name: test-mssql
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mssql-migration test-mssql
@@ -366,7 +360,7 @@ steps:
        path: /go
  - name: generate-coverage
-    image: golang:1.20
+    image: golang:1.18
    commands:
      - make coverage
    environment:
@@ -412,9 +406,6 @@ trigger:
    - push
    - tag
    - pull_request
  paths:
    exclude:
      - docs/**
 volumes:
  - name: deps
@@ -445,7 +436,7 @@ steps:
          - pull_request
  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -454,13 +445,13 @@ steps:
        path: /go
  - name: prepare-test-env
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh
  - name: build
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@@ -475,7 +466,7 @@ steps:
        path: /go
  - name: test-sqlite
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
@@ -491,7 +482,7 @@ steps:
        path: /go
  - name: test-pgsql
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
@@ -507,81 +498,6 @@ steps:
      - name: deps
        path: /go
 ---
 kind: pipeline
 type: docker
 name: testing-e2e
 platform:
  os: linux
  arch: amd64
 depends_on:
  - compliance
 trigger:
  event:
    - pull_request
  paths:
    exclude:
      - docs/**
 volumes:
  - name: deps
    temp: {}
 services:
  - name: pgsql
    pull: default
    image: postgres:10
    environment:
      POSTGRES_DB: testgitea-e2e
      POSTGRES_PASSWORD: postgres
      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
 steps:
  - name: deps-frontend
    image: node:18
    pull: always
    commands:
      - make deps-frontend
  - name: build-frontend
    image: node:18
    commands:
      - make frontend
    depends_on: [deps-frontend]
  - name: deps-backend
    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
    volumes:
      - name: deps
        path: /go
  # TODO: We should probably build all dependencies into a test image
  - name: test-e2e
    image: mcr.microsoft.com/playwright:v1.29.2-focal
    commands:
      - curl -sLO https://go.dev/dl/go1.20.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
      - apt-get -qq update && apt-get -qqy install build-essential
      - export TEST_PGSQL_SCHEMA=''
      - ./build/test-env-prepare.sh
      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
    environment:
      GOPROXY: https://goproxy.io
      GOSUMDB: sum.golang.org
      USE_REPO_TEST_DIR: 1
      TEST_PGSQL_DBNAME: 'testgitea-e2e'
      DEBIAN_FRONTEND: noninteractive
    depends_on: [build-frontend, deps-backend]
    volumes:
      - name: deps
        path: /go
 ---
 kind: pipeline
 name: update_translations
@@ -612,7 +528,7 @@ steps:
        from_secret: crowdin_key
  - name: update
-    image: alpine:3.17
+    image: alpine:3.13
    pull: always
    commands:
      - ./build/update-locales.sh
@@ -628,8 +544,6 @@ steps:
      commit_message: "[skip ci] Updated translations via Crowdin"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
      DRONE_COMMIT_AUTHOR: GiteaBot
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key
@@ -664,7 +578,7 @@ trigger:
 steps:
  - name: download
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore
@@ -674,14 +588,12 @@ steps:
    pull: always
    settings:
      author_email: "teabot@gitea.io"
-      author_name: "GiteaBot"
+      author_name: GiteaBot
      branch: main
      commit: true
-      commit_message: "[skip ci] Updated licenses and gitignores"
+      commit_message: "[skip ci] Updated licenses and gitignores "
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
      DRONE_COMMIT_AUTHOR: "GiteaBot"
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key
@@ -704,9 +616,6 @@ trigger:
    - "release/*"
  event:
    - push
  paths:
    exclude:
      - docs/**
 depends_on:
  - testing-amd64
@@ -725,13 +634,13 @@ steps:
      - git fetch --tags --force
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -740,17 +649,15 @@ steps:
        path: /go
  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
      DEBIAN_FRONTEND: noninteractive
    volumes:
      - name: deps
        path: /go
@@ -774,16 +681,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
+      acl: public-read
-        from_secret: aws_s3_acl
+      bucket: gitea-artifacts
-      region:
+      endpoint: https://ams3.digitaloceanspaces.com
-        from_secret: aws_s3_region
+      path_style: true
      bucket:
        from_secret: aws_s3_bucket
      endpoint:
        from_secret: aws_s3_endpoint
      path_style:
        from_secret: aws_s3_path_style
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_BRANCH##release/v}"
@@ -801,16 +702,10 @@ steps:
  - name: release-main
    image: woodpeckerci/plugin-s3:latest
    settings:
-      acl:
+      acl: public-read
-        from_secret: aws_s3_acl
+      bucket: gitea-artifacts
-      region:
+      endpoint: https://ams3.digitaloceanspaces.com
-        from_secret: aws_s3_region
+      path_style: true
      bucket:
        from_secret: aws_s3_bucket
      endpoint:
        from_secret: aws_s3_endpoint
      path_style:
        from_secret: aws_s3_path_style
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: /gitea/main
@@ -858,13 +753,13 @@ steps:
      - git fetch --tags --force
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend
  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -873,17 +768,15 @@ steps:
        path: /go
  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
      DEBIAN_FRONTEND: noninteractive
    depends_on: [fetch-tags]
    volumes:
      - name: deps
@@ -909,16 +802,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
+      acl: public-read
-        from_secret: aws_s3_acl
+      bucket: gitea-artifacts
-      region:
+      endpoint: https://ams3.digitaloceanspaces.com
-        from_secret: aws_s3_region
+      path_style: true
      bucket:
        from_secret: aws_s3_bucket
      endpoint:
        from_secret: aws_s3_endpoint
      path_style:
        from_secret: aws_s3_path_style
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_TAG##v}"
@@ -958,14 +845,13 @@ trigger:
    - push
    - tag
    - pull_request
  paths:
    include:
      - docs/**
 steps:
  - name: build-docs
-    image: golang:1.20
+    image: plugins/hugo:latest
    pull: always
    commands:
      - apk add --no-cache make bash curl
      - cd docs
      - make trans-copy clean build
@@ -999,10 +885,7 @@ depends_on:
 trigger:
  ref:
-    include:
+  - "refs/tags/**"
      - "refs/tags/**"
    exclude:
      - "refs/tags/**-rc*"
  event:
    exclude:
    - cron
@@ -1016,7 +899,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: true
@@ -1028,17 +911,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@@ -1050,80 +929,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
 ---
 kind: pipeline
 type: docker
 name: docker-linux-amd64-release-candidate-version
 platform:
  os: linux
  arch: amd64
 depends_on:
  - testing-amd64
  - testing-arm64
 trigger:
  ref:
    - "refs/tags/**-rc*"
  event:
    exclude:
    - cron
 steps:
  - name: fetch-tags
    image: docker:git
    pull: always
    commands:
      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force
  - name: publish
    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1158,7 +963,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
@@ -1170,17 +975,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@@ -1192,10 +993,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1229,7 +1026,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
@@ -1241,17 +1038,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@@ -1263,10 +1056,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1275,7 +1064,7 @@ steps:
 ---
 kind: pipeline
 type: docker
-name: docker-linux-amd64-dry-run
+name: docker-linux-arm64-dry-run
 platform:
  os: linux
@@ -1287,13 +1076,10 @@ depends_on:
 trigger:
  ref:
  - "refs/pull/**"
  paths:
    exclude:
      - docs/**
 steps:
  - name: dryrun
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      dry_run: true
@@ -1304,7 +1090,6 @@ steps:
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        - pull_request
@@ -1324,10 +1109,7 @@ depends_on:
 trigger:
  ref:
-    include:
+  - "refs/tags/**"
      - "refs/tags/**"
    exclude:
      - "refs/tags/**-rc*"
  event:
    exclude:
    - cron
@@ -1341,7 +1123,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: true
@@ -1353,17 +1135,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@@ -1375,80 +1153,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
 ---
 kind: pipeline
 type: docker
 name: docker-linux-arm64-release-candidate-version
 platform:
  os: linux
  arch: arm64
 depends_on:
  - testing-amd64
  - testing-arm64
 trigger:
  ref:
    - "refs/tags/**-rc*"
  event:
    exclude:
    - cron
 steps:
  - name: fetch-tags
    image: docker:git
    pull: always
    commands:
      - git config --global --add safe.directory /drone/src
      - git fetch --tags --force
  - name: publish
    image: plugins/docker:latest
    pull: always
    settings:
      tags: ${DRONE_TAG##v}-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
    image: plugins/docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      tags: ${DRONE_TAG##v}-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
      password:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1483,7 +1187,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
@@ -1495,17 +1199,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@@ -1517,10 +1217,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1554,7 +1250,7 @@ steps:
      - git fetch --tags --force
  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
@@ -1566,17 +1262,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request
  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
@@ -1588,10 +1280,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1639,9 +1327,7 @@ trigger:
 depends_on:
  - docker-linux-amd64-release-version
  - docker-linux-amd64-release-candidate-version
  - docker-linux-arm64-release-version
  - docker-linux-arm64-release-candidate-version
 ---
 kind: pipeline
@@ -1723,8 +1409,6 @@ depends_on:
  - docker-linux-arm64-release
  - docker-linux-amd64-release-version
  - docker-linux-arm64-release-version
  - docker-linux-amd64-release-candidate-version
  - docker-linux-arm64-release-candidate-version
  - docker-linux-amd64-release-branch
  - docker-linux-arm64-release-branch
  - docker-manifest
--- a/.editorconfig
+++ b/.editorconfig
@@ -26,3 +26,6 @@ indent_style = tab
 [*.svg]
 insert_final_newline = false
 [*.md]
 trim_trailing_whitespace = false
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -11,8 +11,12 @@ parserOptions:
 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
  - eslint-plugin-vue
  - eslint-plugin-html
  - eslint-plugin-jquery
-  - eslint-plugin-sonarjs
+
 extends:
  - plugin:vue/recommended
 env:
  es2022: true
@@ -21,20 +25,30 @@ env:
 globals:
  __webpack_public_path__: true
 settings:
  html/html-extensions: [".tmpl"]
 overrides:
-  - files: ["web_src/**/*.js", "docs/**/*.js"]
+  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
      node: false
  - files: ["templates/**/*.tmpl"]
    rules:
      no-tabs: [0]
      indent: [2, tab, {SwitchCase: 1}]
  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
-      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
  - files: ["*.test.js"]
    env:
      jest: true
  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
@@ -43,7 +57,7 @@ rules:
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
-  array-callback-return: [2, {checkForEach: true}]
+  array-callback-return: [0]
  array-element-newline: [0]
  arrow-body-style: [0]
  arrow-parens: [2, always]
@@ -84,7 +98,6 @@ rules:
  id-length: [0]
  id-match: [0]
  implicit-arrow-linebreak: [0]
  import/consistent-type-specifier-style: [0]
  import/default: [0]
  import/dynamic-import-chunkname: [0]
  import/export: [2]
@@ -104,11 +117,10 @@ rules:
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
  import/no-empty-named-blocks: [2]
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
-  import/no-mutable-exports: [0]
+  import/no-mutable-exports: [2]
  import/no-named-as-default-member: [0]
  import/no-named-as-default: [2]
  import/no-named-default: [0]
@@ -120,7 +132,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
+  import/no-unresolved: [2, {commonjs: true}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@@ -149,7 +161,7 @@ rules:
  jquery/no-global-eval: [2]
  jquery/no-grep: [2]
  jquery/no-has: [2]
-  jquery/no-hide: [2]
+  jquery/no-hide: [0]
  jquery/no-html: [0]
  jquery/no-in-array: [2]
  jquery/no-is-array: [2]
@@ -166,13 +178,13 @@ rules:
  jquery/no-proxy: [2]
  jquery/no-ready: [0]
  jquery/no-serialize: [2]
-  jquery/no-show: [2]
+  jquery/no-show: [0]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
-  jquery/no-toggle: [2]
+  jquery/no-toggle: [0]
  jquery/no-trigger: [0]
  jquery/no-trim: [2]
  jquery/no-val: [0]
@@ -184,7 +196,6 @@ rules:
  linebreak-style: [2, unix]
  lines-around-comment: [0]
  lines-between-class-members: [0]
  logical-assignment-operators: [0]
  max-classes-per-file: [0]
  max-depth: [0]
  max-len: [0]
@@ -201,7 +212,7 @@ rules:
  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
-  no-async-promise-executor: [0]
+  no-async-promise-executor: [2]
  no-await-in-loop: [0]
  no-bitwise: [0]
  no-buffer-constructor: [0]
@@ -211,7 +222,7 @@ rules:
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
  no-confusing-arrow: [0]
-  no-console: [1, {allow: [debug, info, warn, error]}]
+  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
  no-constant-binary-expression: [2]
  no-constant-condition: [0]
@@ -231,7 +242,6 @@ rules:
  no-empty-character-class: [2]
  no-empty-function: [0]
  no-empty-pattern: [2]
  no-empty-static-block: [2]
  no-empty: [2, {allowEmptyCatch: true}]
  no-eq-null: [2]
  no-eval: [2]
@@ -246,7 +256,7 @@ rules:
  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
-  no-implicit-coercion: [2]
+  no-implicit-coercion: [0]
  no-implicit-globals: [0]
  no-implied-eval: [2]
  no-import-assign: [2]
@@ -257,7 +267,7 @@ rules:
  no-irregular-whitespace: [2]
  no-iterator: [2]
  no-label-var: [2]
-  no-labels: [0] # handled by no-restricted-syntax
+  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
@@ -272,7 +282,6 @@ rules:
  no-negated-condition: [0]
  no-nested-ternary: [0]
  no-new-func: [2]
  no-new-native-nonconstructor: [2]
  no-new-object: [2]
  no-new-symbol: [2]
  no-new-wrappers: [2]
@@ -289,7 +298,7 @@ rules:
  no-redeclare: [2]
  no-regex-spaces: [2]
  no-restricted-exports: [0]
-  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
  no-restricted-imports: [0]
  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
@@ -323,8 +332,8 @@ rules:
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
-  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
+  no-use-before-define: [2, nofunc]
-  no-useless-backreference: [2]
+  no-useless-backreference: [0]
  no-useless-call: [2]
  no-useless-catch: [2]
  no-useless-computed-key: [2]
@@ -337,7 +346,7 @@ rules:
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
-  no-with: [0] # handled by no-restricted-syntax
+  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
@@ -349,13 +358,13 @@ rules:
  padded-blocks: [2, never]
  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
-  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
+  prefer-const: [2, {destructuring: all}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
  prefer-object-has-own: [0]
-  prefer-object-spread: [2]
+  prefer-object-spread: [0]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
@@ -372,38 +381,6 @@ rules:
  semi-spacing: [2, {before: false, after: true}]
  semi-style: [2, last]
  semi: [2, always, {omitLastInOneLineBlock: true}]
  sonarjs/cognitive-complexity: [0]
  sonarjs/elseif-without-else: [0]
  sonarjs/max-switch-cases: [0]
  sonarjs/no-all-duplicated-branches: [2]
  sonarjs/no-collapsible-if: [0]
  sonarjs/no-collection-size-mischeck: [2]
  sonarjs/no-duplicate-string: [0]
  sonarjs/no-duplicated-branches: [0]
  sonarjs/no-element-overwrite: [2]
  sonarjs/no-empty-collection: [2]
  sonarjs/no-extra-arguments: [2]
  sonarjs/no-gratuitous-expressions: [2]
  sonarjs/no-identical-conditions: [2]
  sonarjs/no-identical-expressions: [2]
  sonarjs/no-identical-functions: [2, 5]
  sonarjs/no-ignored-return: [2]
  sonarjs/no-inverted-boolean-check: [2]
  sonarjs/no-nested-switch: [0]
  sonarjs/no-nested-template-literals: [0]
  sonarjs/no-one-iteration-loop: [2]
  sonarjs/no-redundant-boolean: [2]
  sonarjs/no-redundant-jump: [0]
  sonarjs/no-same-line-conditional: [2]
  sonarjs/no-small-switch: [0]
  sonarjs/no-unused-collection: [2]
  sonarjs/no-use-of-empty-return-value: [2]
  sonarjs/no-useless-catch: [2]
  sonarjs/non-existent-operator: [2]
  sonarjs/prefer-immediate-return: [0]
  sonarjs/prefer-object-literal: [0]
  sonarjs/prefer-single-boolean-return: [0]
  sonarjs/prefer-while: [2]
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
@@ -447,19 +424,16 @@ rules:
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
  unicorn/no-negated-condition: [0]
  unicorn/no-nested-ternary: [0]
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
-  unicorn/no-object-as-default-parameter: [0]
+  unicorn/no-object-as-default-parameter: [2]
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
  unicorn/no-typeof-undefined: [2]
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
@@ -480,16 +454,14 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [0]
+  unicorn/prefer-code-point: [2]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
  unicorn/prefer-event-target: [2]
  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
  unicorn/prefer-modern-math-apis: [2]
@@ -497,7 +469,7 @@ rules:
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
-  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-node-protocol: [0]
  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
@@ -509,7 +481,6 @@ rules:
  unicorn/prefer-regexp-test: [2]
  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
  unicorn/prefer-set-size: [2]
  unicorn/prefer-spread: [0]
  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
@@ -525,13 +496,17 @@ rules:
  unicorn/require-number-to-fixed-digits-argument: [2]
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
  unicorn/switch-case-braces: [0]
  unicorn/template-indent: [2]
  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
  vue/attributes-order: [0]
  vue/component-definition-name-casing: [0]
  vue/html-closing-bracket-spacing: [0]
  vue/max-attributes-per-line: [0]
  vue/one-component-per-file: [0]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,6 +1,7 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
-/assets/*.json linguist-generated
+/.eslintrc linguist-language=YAML
 /.stylelintrc linguist-language=YAML
 /public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,9 @@
-<!-- start tips --> 
+<!--
 Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
+
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
+1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
-3. Describe what your pull request does and which issue you're targeting (if any).
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
+3. Describe what your pull request does and which issue you're targeting (if any)
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
+
-6. Delete all these tips before posting.
+-->  
 <!-- end tips -->
--- a/.gitignore
+++ b/.gitignore
@@ -63,14 +63,21 @@ cpu.out
 /indexers
 /log
 /public/img/avatar
-/tests/integration/gitea-integration-*
+/integrations/gitea-integration-mysql
-/tests/integration/indexers-*
+/integrations/gitea-integration-mysql8
-/tests/e2e/gitea-e2e-*
+/integrations/gitea-integration-pgsql
-/tests/e2e/indexers-*
+/integrations/gitea-integration-sqlite
-/tests/e2e/reports
+/integrations/gitea-integration-mssql
-/tests/e2e/test-artifacts
+/integrations/indexers-mysql
-/tests/e2e/test-snapshots
+/integrations/indexers-mysql8
-/tests/*.ini
+/integrations/indexers-pgsql
 /integrations/indexers-sqlite
 /integrations/indexers-mssql
 /integrations/sqlite.ini
 /integrations/mysql.ini
 /integrations/mysql8.ini
 /integrations/pgsql.ini
 /integrations/mssql.ini
 /node_modules
 /yarn.lock
 /yarn-error.log
@@ -95,7 +102,6 @@ cpu.out
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
 /.go-licenses
 # Snapcraft
 snap/.snapcraft/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -1,44 +0,0 @@
 tasks:
  - name: Setup
    init: |
      cp -r contrib/ide/vscode .vscode
      make deps
      make build
    command: |
      gp sync-done setup
      exit 0
  - name: Run backend
    command: |
      gp sync-await setup
      mkdir -p custom/conf/
      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
      export TAGS="sqlite sqlite_unlock_notify"
      make watch-backend
  - name: Run frontend
    command: |
      gp sync-await setup
      make watch-frontend
    openMode: split-right
  - name: Run docs
    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
    openMode: split-right
 vscode:
  extensions:
    - editorconfig.editorconfig
    - dbaeumer.vscode-eslint
    - golang.go
    - stylelint.vscode-stylelint
    - DavidAnson.vscode-markdownlint
    - johnsoncodehk.volar
    - ms-azuretools.vscode-docker
    - zixuanchen.vitest-explorer
    - alexcvzz.vscode-sqlite
 ports:
  - name: Gitea
    port: 3000
  - name: Docs
    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,34 +1,30 @@
 linters:
  enable:
    - bidichk
    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - depguard
    - dupl
    - errcheck
    - gocritic
    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - gofumpt
    - gosimple
-    - govet
+    - deadcode
    - ineffassign
    - nakedret
    - nolintlint
    - revive
    - staticcheck
    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
    - stylecheck
    - typecheck
-    - unconvert
+    - govet
    - errcheck
    - staticcheck
    - unused
-    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
+    - structcheck
-    # - wastedassign # disabled - https://github.com/golangci/golangci-lint/issues/2649
+    - varcheck
    - dupl
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - misspell
    - gocritic
    - bidichk
    - ineffassign
    - revive
    - gofumpt
    - depguard
  enable-all: false
  disable-all: true
  fast: false
 run:
-  go: "1.20"
+  go: 1.18
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -36,10 +32,6 @@ run:
    - web_src
 linters-settings:
  stylecheck:
    checks: ["all", "-ST1005", "-ST1003"]
  nakedret:
    max-func-lines: 0
  gocritic:
    disabled-checks:
      - ifElseChain
@@ -74,21 +66,17 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.20"
+    lang-version: "1.18"
  depguard:
    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
    # Check the list against standard lib.
    include-go-root: true
    packages-with-error-message:
      - encoding/json: "use gitea's modules/json instead of encoding/json"
      - github.com/unknwon/com: "use gitea's util and replacements"
      - io/ioutil: "use os or io instead"
      - golang.org/x/exp: "it's experimental and unreliable."
      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"
 issues:
  max-issues-per-linter: 0
  max-same-issues: 0
  exclude-rules:
    # Exclude some linters from running on tests files.
    - path: _test\.go
@@ -149,6 +137,9 @@ issues:
    - path: models/issue_comment_list.go
      linters:
        - dupl
    - linters:
        - misspell
      text: '`Unknwon` is a misspelling of `Unknown`'
    - path: models/update.go
      linters:
        - unused
@@ -171,7 +162,3 @@ issues:
    - path: models/user/openid.go
      linters:
        - golint
    - path: models/user/badge.go
      linters:
        - revive
      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -1,18 +0,0 @@
 commands-show-output: false
 fenced-code-language: false
 first-line-h1: false
 header-increment: false
 line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
 no-alt-text: false
 no-bare-urls: false
 no-blanks-blockquote: false
 no-duplicate-header: {allow_different_nesting: true}
 no-emphasis-as-header: false
 no-empty-links: false
 no-hard-tabs: {code_blocks: false}
 no-inline-html: false
 no-space-in-code: false
 no-space-in-emphasis: false
 no-trailing-punctuation: false
 no-trailing-spaces: {br_spaces: 0}
 single-h1: false
--- a/.spectral.yaml
+++ b/.spectral.yaml
@@ -1,12 +0,0 @@
 extends: [[spectral:oas, all]]
 rules:
  info-contact: off
  oas2-api-host: off
  oas2-parameter-description: off
  oas2-schema: off
  oas2-valid-schema-example: off
  openapi-tags: off
  operation-description: off
  operation-singular-tag: off
  operation-tag-defined: off
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -0,0 +1,32 @@
 extends: stylelint-config-standard
 overrides:
  - files: ["**/*.less"]
    customSyntax: postcss-less
 rules:
  alpha-value-notation: null
  at-rule-empty-line-before: null
  block-closing-brace-empty-line-before: null
  color-function-notation: null
  color-hex-length: null
  comment-empty-line-before: null
  declaration-block-no-redundant-longhand-properties: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
  function-no-unknown: null
  hue-degree-notation: null
  indentation: 2
  max-line-length: null
  no-descending-specificity: null
  no-invalid-position-at-import-rule: null
  number-leading-zero: never
  number-max-precision: null
  property-no-vendor-prefix: null
  rule-empty-line-before: null
  selector-class-pattern: null
  selector-id-pattern: null
  selector-pseudo-element-colon-notation: double
  shorthand-property-no-redundant-values: true
  string-quotes: null
  value-no-vendor-prefix: null
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@@ -1,137 +0,0 @@
 plugins:
  - stylelint-declaration-strict-value
 ignoreFiles:
  - "**/*.go"
 overrides:
  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
    rules:
      scale-unlimited/declaration-strict-value: null
  - files: ["**/chroma/*", "**/codemirror/*"]
    rules:
      block-no-empty: null
 rules:
  alpha-value-notation: null
  annotation-no-unknown: true
  at-rule-allowed-list: null
  at-rule-disallowed-list: null
  at-rule-empty-line-before: null
  at-rule-no-unknown: true
  at-rule-no-vendor-prefix: true
  at-rule-property-required-list: null
  block-no-empty: true
  color-function-notation: null
  color-hex-alpha: null
  color-hex-length: null
  color-named: null
  color-no-hex: null
  color-no-invalid-hex: true
  comment-empty-line-before: null
  comment-no-empty: true
  comment-pattern: null
  comment-whitespace-inside: null
  comment-word-disallowed-list: null
  custom-media-pattern: null
  custom-property-empty-line-before: null
  custom-property-no-missing-var-function: true
  custom-property-pattern: null
  declaration-block-no-duplicate-custom-properties: true
  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
  declaration-block-no-redundant-longhand-properties: null
  declaration-block-no-shorthand-property-overrides: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
  declaration-no-important: null
  declaration-property-max-values: null
  declaration-property-unit-allowed-list: null
  declaration-property-unit-disallowed-list: null
  declaration-property-value-allowed-list: null
  declaration-property-value-disallowed-list: null
  declaration-property-value-no-unknown: true
  font-family-name-quotes: always-where-recommended
  font-family-no-duplicate-names: true
  font-family-no-missing-generic-family-keyword: true
  font-weight-notation: null
  function-allowed-list: null
  function-calc-no-unspaced-operator: true
  function-disallowed-list: null
  function-linear-gradient-no-nonstandard-direction: true
  function-name-case: lower
  function-no-unknown: null
  function-url-no-scheme-relative: null
  function-url-quotes: always
  function-url-scheme-allowed-list: null
  function-url-scheme-disallowed-list: null
  hue-degree-notation: null
  import-notation: string
  keyframe-block-no-duplicate-selectors: true
  keyframe-declaration-no-important: true
  keyframe-selector-notation: null
  keyframes-name-pattern: null
  length-zero-no-unit: true
  max-nesting-depth: null
  media-feature-name-allowed-list: null
  media-feature-name-disallowed-list: null
  media-feature-name-no-unknown: true
  media-feature-name-no-vendor-prefix: true
  media-feature-name-unit-allowed-list: null
  media-feature-name-value-allowed-list: null
  media-feature-range-notation: null
  named-grid-areas-no-invalid: true
  no-descending-specificity: null
  no-duplicate-at-import-rules: true
  no-duplicate-selectors: true
  no-empty-source: true
  no-invalid-double-slash-comments: true
  no-invalid-position-at-import-rule: null
  no-irregular-whitespace: true
  no-unknown-animations: null
  number-max-precision: null
  property-allowed-list: null
  property-disallowed-list: null
  property-no-unknown: true
  property-no-vendor-prefix: null
  rule-empty-line-before: null
  rule-selector-property-disallowed-list: null
  scale-unlimited/declaration-strict-value: [color, {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor)$/}]
  selector-attribute-name-disallowed-list: null
  selector-attribute-operator-allowed-list: null
  selector-attribute-operator-disallowed-list: null
  selector-attribute-quotes: always
  selector-class-pattern: null
  selector-combinator-allowed-list: null
  selector-combinator-disallowed-list: null
  selector-disallowed-list: null
  selector-id-pattern: null
  selector-max-attribute: null
  selector-max-class: null
  selector-max-combinators: null
  selector-max-compound-selectors: null
  selector-max-id: null
  selector-max-pseudo-class: null
  selector-max-specificity: null
  selector-max-type: null
  selector-max-universal: null
  selector-nested-pattern: null
  selector-no-qualifying-type: null
  selector-no-vendor-prefix: true
  selector-not-notation: null
  selector-pseudo-class-allowed-list: null
  selector-pseudo-class-disallowed-list: null
  selector-pseudo-class-no-unknown: true
  selector-pseudo-element-allowed-list: null
  selector-pseudo-element-colon-notation: double
  selector-pseudo-element-disallowed-list: null
  selector-pseudo-element-no-unknown: true
  selector-type-case: lower
  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
  shorthand-property-no-redundant-values: true
  string-no-newline: true
  time-min-milliseconds: null
  unit-allowed-list: null
  unit-disallowed-list: null
  unit-no-unknown: true
  value-keyword-case: null
  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -81,15 +81,13 @@ Here's how to run the test suite:
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |
- run test code (Suggest run in Linux)
+- run test code (Suggest run in Linux)  
 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
-|[More details about integration tests](tests/integration/README.md)  |
+|[More details about integrations](integrations/README.md)  |
 |``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
 |[More details about e2e tests](tests/e2e/README.md)  |
 ## Vendoring
@@ -129,14 +127,14 @@ the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob
 it has lots of useful tips for any project you may want to contribute.
 Some of the key points:
- Make small pull requests. The smaller, the faster to review and the
+* Make small pull requests. The smaller, the faster to review and the
  more likely it will be merged soon.
- Don't make changes unrelated to your PR. Maybe there are typos on
+* Don't make changes unrelated to your PR. Maybe there are typos on
  some comments, maybe refactoring would be welcome on a function... but
  if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. An incremental change
+* Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
+* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
 If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
@@ -146,20 +144,9 @@ If your PR could cause a breaking change you must add a BREAKING section to this
 To explain how this could affect users and how to mitigate these changes.
 Once code review starts on your PR, do not rebase nor squash your branch as it makes it
 difficult to review the new changes. Only if there is a need, sync your branch by merging
 the base branch into yours. Don't worry about merge commits messing up your tree as
 the final merge process squashes all commits into one, with the visible commit message (first
 line) being the PR title + PR index and description being the PR's first comment.
 Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
 builds (unless there's a merge conflict or a request is made by a maintainer to make
 modifications). It is the maintainer team's responsibility from this point to get it merged.
 ## Styleguide
-For imports you should use the following format (*without* the comments)
+For imports you should use the following format (_without_ the comments)
 ```go
 import (
  // stdlib
@@ -180,36 +167,25 @@ import (
 To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
 - **integration:** Integrations tests
 - **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
+- **modules:** Different modules to handle specific functionality in Gitea.
 - **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
 - **services:** Support functions for common routing operations. Uses models and modules to handle the request.
 - **templates:** Golang templates for generating the html output.
 - **tests/e2e:** End to end tests
 - **tests/integration:** Integration tests
 - **tests/gitea-repositories-meta:** Sample repos used in integration tests. Adding a new repo requires editing `models/fixtures/repositories.yml` and `models/fixtures/repo_unit.yml` to match.
 - **tests/gitea-lfs-meta:** Sample LFS objects used in integration tests. Adding a new object requires editing `models/fixtures/lfs_meta_object.yml` to match.
 - **vendor:** External code that Gitea depends on.
 ## Documentation
 If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
 ## API v1
 The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
 If Gitea provides functionality that GitHub does not, a new endpoint can be created.
 If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
 Updating an existing API should not remove existing fields unless there is a really good reason to do so.
 The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
 All expected results (errors, success, fail messages) should be documented
@@ -218,33 +194,49 @@ All expected results (errors, success, fail messages) should be documented
 All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
 All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
 and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
 In general, HTTP methods are chosen as follows:
-
+ * **GET** endpoints return requested object and status **OK (200)**
- **GET** endpoints return requested object and status **OK (200)**
+ * **DELETE** endpoints return status **No Content (204)**
- **DELETE** endpoints return status **No Content (204)**
+ * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
+ * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
+ * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 - **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
 ### Endpoints returning lists should
 * support pagination (`page` & `limit` options in query)
 * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
- support pagination (`page` & `limit` options in query)
+## Large Character Comments
- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
+
 Throughout the codebase there are large-text comments for sections of code, e.g.:
 ```go
 // __________            .__               
 // \______   \ _______  _|__| ______  _  __
 //  |       _// __ \  \/ /  |/ __ \ \/ \/ /
 //  |    |   \  ___/\   /|  \  ___/\     / 
 //  |____|_  /\___  >\_/ |__|\___  >\/\_/  
 //         \/     \/             \/        
 ```
 These were created using the `figlet` tool with the `graffiti` font.
 A simple way of creating these is to use the following:
 ```bash
 figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
 ```
 ## Backports and Frontports
@@ -267,10 +259,26 @@ with the rest of the summary matching the original PR. Similarly for frontports
 ---
-A command to help create backports can be found in `contrib/backport` and can be installed (from inside the gitea repo root directory) using:
+The below is a script that may be helpful in creating backports. YMMV.
 ```bash
-go install contrib/backport/backport.go
+#!/bin/sh
 PR="$1"
 SHA="$2"
 VERSION="$3"
 if [ -z "$SHA" ]; then
    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
 fi
 if [ -z "$VERSION" ]; then
    VERSION="v1.16"
 fi
 echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
 git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
 git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
 ```
 ## Developer Certificate of Origin (DCO)
@@ -299,7 +307,9 @@ known as the release freeze. All the feature pull requests should be
 merged before feature freeze. And, during the frozen period, a corresponding
 release branch is open for fixes backported from main branch. Release candidates
 are made during this period for user testing to
-obtain a final version that is maintained in this branch.
+obtain a final version that is maintained in this branch. A release is
 maintained by issuing patch releases to only correct critical problems
 such as crashes or security issues.
 Major release cycles are seasonal. They always begin on the 25th and end on
 the 24th (i.e., the 25th of December to March 24th).
@@ -309,16 +319,6 @@ for the previous version. For example, if the latest, published release is
 v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
 still possible.
 The previous release gets fixes for:
 - Security issues
 - Critical bugs
 - Regressions
 - Build issues
 - Necessary enhancements (including necessary UI/UX fixes)
 The backported fixes should avoid breaking downgrade between minor releases as much as possible.
 ## Maintainers
 To make sure every PR is checked, we have [team
@@ -368,35 +368,35 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:
- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
+* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
+  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
+* 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
+* 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
+* 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
- 2016-11-04 ~ 2017-12-31
+* 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
+  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
 ## Versions
@@ -413,29 +413,29 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea
- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
+* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.io/gitea/version.json
+  * bump the version of https://dl.gitea.io/gitea/version.json
-  - merge the blog post PR
+  * merge the blog post PR
-  - announce the release in discord `#announcements`
+  * announce the release in discord `#announcements`
 ## Copyright
 Code that you contribute should use the standard copyright header:
 ```
-// Copyright <year> The Gitea Authors. All rights reserved.
+// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
-
+// license that can be found in the LICENSE file.
 ```
 Files in the repository contain copyright from the year they are added
--- a/4
+++ b/4
@@ -2,6 +2,8 @@ Developer Certificate of Origin
 Version 1.1
 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
 660 York Street, Suite 102,
 San Francisco, CA 94110 USA
 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
@@ -31,4 +33,4 @@ By making a contribution to this project, I certify that:
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+    this project or the open source license(s) involved.
--- a/6
+++ b/6
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.17 AS build-env
+FROM golang:1.18-alpine3.16 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM docker.io/library/alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 22 3000
@@ -64,7 +64,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
 RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.17 AS build-env
+FROM golang:1.18-alpine3.16 AS build-env
 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go
-FROM docker.io/library/alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"
 EXPOSE 2222 3000
@@ -31,7 +31,6 @@ EXPOSE 2222 3000
 RUN apk --no-cache add \
    bash \
    ca-certificates \
    dumb-init \
    gettext \
    git \
    curl \
@@ -54,9 +53,7 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
 #git:git
 USER 1000:1000
@@ -65,12 +62,12 @@ ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea
-#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea
-ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD []
--- a/9
+++ b/9
@@ -6,6 +6,7 @@ Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
 Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
 Morgan Bazalgette <the@howl.moe> (@thehowl)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@@ -43,10 +44,6 @@ Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
 Gusted <williamzijl7@hotmail.com) (@Gusted)
 silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
 Xinyu Zhou <i@sourcehut.net> (@xin-u)
 Jason Song <i@wolfogre.com> (@wolfogre)
 Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
 Yu Tian <zettat123@gmail.com> (@Zettat123)
 Eddie Yang <576951401@qq.com> (@yp05327)
 Dong Ge <gedong_1994@163.com> (@sillyguodong)
--- a/396
+++ b/396
@@ -17,25 +17,24 @@ else
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
 export GO111MODULE=on
 GO ?= go
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,
-XGO_VERSION := go-1.20.x
+XGO_VERSION := go-1.18.x
-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.6.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.2
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.4.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.3
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.5.0
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -77,7 +76,6 @@ ifeq ($(RACE_ENABLED),true)
 endif
 STORED_VERSION_FILE := VERSION
 HUGO_VERSION ?= 0.111.3
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
@@ -101,12 +99,11 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G
 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
 GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
 FOMANTIC_WORK_DIR := web_src/fomantic
-WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
+WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
 WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
@@ -114,39 +111,25 @@ WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack pub
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
 GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go
 SVG_DEST_DIR := public/img/svg
 AIR_TMP_DIR := .air
 GO_LICENSE_TMP_DIR := .go-licenses
 GO_LICENSE_FILE := assets/go-licenses.json
 TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags
 TEST_TAGS ?= sqlite sqlite_unlock_notify
-TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)
+TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)
-GO_DIRS := cmd tests models modules routers build services tools
+GO_DIRS := cmd integrations models modules routers build services tools
 WEB_DIRS := web_src/js web_src/css
 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)
 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
 	GENERATED_GO_DEST += $(BINDATA_DEST)
 endif
 # Force installation of playwright dependencies by setting this flag
 ifdef DEPS_PLAYWRIGHT
 	PLAYWRIGHT_FLAGS += --with-deps
 endif
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
@@ -200,7 +183,6 @@ help:
 	@echo " - test                             test everything"
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@@ -212,7 +194,6 @@ help:
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - go-licenses                      regenerate go licenses"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
@@ -221,9 +202,9 @@ help:
 .PHONY: go-check
 go-check:
-	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
+	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
+	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
-	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
 		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
 		exit 1; \
@@ -256,33 +237,14 @@ clean:
 	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
 		integrations*.test \
-		e2e*.test \
+		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
-		tests/integration/gitea-integration-pgsql/ tests/integration/gitea-integration-mysql/ tests/integration/gitea-integration-mysql8/ tests/integration/gitea-integration-sqlite/ \
+		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		tests/integration/gitea-integration-mssql/ tests/integration/indexers-mysql/ tests/integration/indexers-mysql8/ tests/integration/indexers-pgsql tests/integration/indexers-sqlite \
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/
 		tests/integration/indexers-mssql tests/mysql.ini tests/mysql8.ini tests/pgsql.ini tests/mssql.ini man/ \
 		tests/e2e/gitea-e2e-pgsql/ tests/e2e/gitea-e2e-mysql/ tests/e2e/gitea-e2e-mysql8/ tests/e2e/gitea-e2e-sqlite/ \
 		tests/e2e/gitea-e2e-mssql/ tests/e2e/indexers-mysql/ tests/e2e/indexers-mysql8/ tests/e2e/indexers-pgsql/ tests/e2e/indexers-sqlite/ \
 		tests/e2e/indexers-mssql/ tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/
 .PHONY: fmt
 fmt:
-	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	@echo "Running gitea-fmt (with gofumpt)..."
-	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
+	@MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
 	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)
 .PHONY: fmt-check
 fmt-check: fmt
 	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
 	if [ -n "$$diff" ]; then \
 	  echo "Please run 'make fmt' and commit the result:"; \
 	  echo "$${diff}"; \
 	  exit 1; \
 	fi
 .PHONY: misspell-check
 misspell-check:
 	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)
 .PHONY: vet
 vet:
@@ -300,9 +262,7 @@ TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif
 .PHONY: generate-swagger
-generate-swagger: $(SWAGGER_SPEC)
+generate-swagger:
 $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
@@ -327,6 +287,16 @@ errcheck:
 	@echo "Running errcheck..."
 	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)
 .PHONY: fmt-check
 fmt-check:
 	# get all go files and run gitea-fmt (with gofmt) on them
 	@diff=$$(MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
 .PHONY: checks
 checks: checks-frontend checks-backend
@@ -334,17 +304,15 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check
 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: gomod-check swagger-check swagger-validate
 .PHONY: lint
 lint: lint-frontend lint-backend
 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
+	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
-	npx stylelint --color --max-warnings=0 web_src/css
+	npx stylelint --color --max-warnings=0 web_src/less
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
 	npx markdownlint docs *.md
 .PHONY: lint-backend
 lint-backend: golangci-lint vet editorconfig-checker
@@ -360,7 +328,7 @@ watch-frontend: node-check node_modules
 .PHONY: watch-backend
 watch-backend: go-check
-	GITEA_RUN_MODE=dev $(GO) run $(AIR_PACKAGE) -c .air.toml
+	$(GO) run $(AIR_PACKAGE) -c .air.toml
 .PHONY: test
 test: test-frontend test-backend
@@ -368,11 +336,11 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)
 .PHONY: test-frontend
 test-frontend: node_modules
-	npx vitest
+	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color
 .PHONY: test-check
 test-check:
@@ -389,62 +357,58 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
 .PHONY: coverage
 coverage:
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	$(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all
+	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 .PHONY: tidy
 tidy:
 	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
 	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
 	@$(MAKE) --no-print-directory $(GO_LICENSE_FILE)
-vendor: go.mod go.sum
+.PHONY: vendor
 vendor: tidy
 	$(GO) mod vendor
 	@touch vendor
-.PHONY: tidy-check
+.PHONY: gomod-check
-tidy-check: tidy
+gomod-check: tidy
-	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
+	@diff=$$(git diff go.sum); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
 .PHONY: go-licenses
 go-licenses: $(GO_LICENSE_FILE)
 $(GO_LICENSE_FILE): go.mod go.sum
 	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
 	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
 	@rm -rf $(GO_LICENSE_TMP_DIR)
 generate-ini-sqlite:
 	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/sqlite.ini.tmpl > integrations/sqlite.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/sqlite.ini.tmpl > tests/sqlite.ini
 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
 .PHONY: test-sqlite-migration\#%
 test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@@ -452,20 +416,20 @@ generate-ini-mysql:
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mysql.ini.tmpl > integrations/mysql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mysql.ini.tmpl > tests/mysql.ini
 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.individual.mysql.test
 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@@ -473,20 +437,20 @@ generate-ini-mysql8:
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mysql8.ini.tmpl > tests/mysql8.ini
 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.individual.mysql8.test
 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@@ -495,20 +459,20 @@ generate-ini-pgsql:
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/pgsql.ini.tmpl > integrations/pgsql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/pgsql.ini.tmpl > tests/pgsql.ini
 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.individual.pgsql.test
 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@@ -516,205 +480,105 @@ generate-ini-mssql:
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
+			integrations/mssql.ini.tmpl > integrations/mssql.ini
 		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
 			tests/mssql.ini.tmpl > tests/mssql.ini
 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
-
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
-.PHONY: playwright
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.individual.mssql.test -test.failfast
 playwright: $(PLAYWRIGHT_DIR)
 	npm install --no-save @playwright/test
 	npx playwright install $(PLAYWRIGHT_FLAGS)
 .PHONY: test-e2e%
 test-e2e%: TEST_TYPE ?= e2e
 	# Clear display env variable. Otherwise, chromium tests can fail.
 	DISPLAY=
 .PHONY: test-e2e
 test-e2e: test-e2e-sqlite
 .PHONY: test-e2e-sqlite
 test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test
 .PHONY: test-e2e-sqlite\#%
 test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*
 .PHONY: test-e2e-mysql
 test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test
 .PHONY: test-e2e-mysql\#%
 test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*
 .PHONY: test-e2e-mysql8
 test-e2e-mysql8: playwright e2e.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test
 .PHONY: test-e2e-mysql8\#%
 test-e2e-mysql8\#%: playwright e2e.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test -test.run TestE2e/$*
 .PHONY: test-e2e-pgsql
 test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test
 .PHONY: test-e2e-pgsql\#%
 test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*
 .PHONY: test-e2e-mssql
 test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test
 .PHONY: test-e2e-mssql\#%
 test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*
 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
 .PHONY: integration-test-coverage-sqlite
 integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
 integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
 integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: migrations.mysql.test
-migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
+migrations.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
 .PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
+migrations.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
 .PHONY: migrations.pgsql.test
-migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
+migrations.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
 .PHONY: migrations.mssql.test
-migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test
 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.mysql8.test
 migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.mysql8.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.pgsql.test\#%
 migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.individual.mssql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg -test.failfast; \
 	done
 .PHONY: migrations.individual.mssql.test\#%
 migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.individual.sqlite.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'
 		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
 	done
 .PHONY: migrations.individual.sqlite.test\#%
 migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
 e2e.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
 e2e.mysql8.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql8.test
 e2e.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
 e2e.mssql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
 e2e.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
 .PHONY: check
 check: test
@@ -730,38 +594,27 @@ build: frontend backend
 frontend: $(WEBPACK_DEST)
 .PHONY: backend
-backend: go-check generate-backend $(EXECUTABLE)
+backend: go-check generate $(EXECUTABLE)
 # We generate the backend before the frontend in case we in future we want to generate things in the frontend from generated files in backend
 .PHONY: generate
-generate: generate-backend
+generate: $(TAGS_PREREQ)
 .PHONY: generate-backend
 generate-backend: $(TAGS_PREREQ) generate-go
 .PHONY: generate-go
 generate-go: $(TAGS_PREREQ)
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
 .PHONY: security-check
 security-check:
 	go run $(GOVULNCHECK_PACKAGE) -v ./...
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)
 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq (,$(findstring gogit,$(TAGS)))
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
@@ -781,13 +634,6 @@ ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
 	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
@@ -817,7 +663,7 @@ release-docs: | $(DIST_DIRS) docs
 .PHONY: docs
 docs:
 	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		curl -sL https://github.com/gohugoio/hugo/releases/download/v$(HUGO_VERSION)/hugo_$(HUGO_VERSION)_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
 	fi
 	cd docs; make trans-copy clean build-offline;
@@ -839,8 +685,6 @@ deps-backend:
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
 node_modules: package-lock.json
 	npm install --no-save
@@ -860,8 +704,6 @@ fomantic:
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
 	$(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*
@@ -912,11 +754,11 @@ update-translations:
 .PHONY: generate-license
 generate-license:
-	$(GO) run build/generate-licenses.go
+	GO111MODULE=on $(GO) run build/generate-licenses.go
 .PHONY: generate-gitignore
 generate-gitignore:
-	$(GO) run build/generate-gitignores.go
+	GO111MODULE=on $(GO) run build/generate-gitignores.go
 .PHONY: generate-images
 generate-images: | node_modules
@@ -929,7 +771,7 @@ generate-manpage:
 	@mkdir -p man/man1/ man/man5
 	@./gitea docs --man > man/man1/gitea.1
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
-	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page
+	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page
 .PHONY: pr\#%
 pr\#%: clean-all
--- a/README.md
+++ b/README.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -33,39 +33,33 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
  <img
    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
    alt="Contribute with Gitpod"
  />
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
 <p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
+  <a href="README_ZH.md">View the chinese version of this document</a>
 </p>
 ## Purpose
 The goal of this project is to make the easiest, fastest, and most
 painless way of setting up a self-hosted Git service.
-
+Using Go, this can be done with an independent binary distribution across
-As Gitea is written in Go, it works across **all** the platforms and
+**all platforms** which Go supports, including Linux, macOS, and Windows
-architectures that are supported by Go, including Linux, macOS, and
+on x86, amd64, ARM and PowerPC architectures.
-Windows on x86, amd64, ARM and PowerPC architectures.
+Want to try it before doing anything else?
-You can try it out using [the online demo](https://try.gitea.io/).
+Do it [with the online demo](https://try.gitea.io/)!
 This project has been
 [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+[Gogs](https://gogs.io) since 2016.11 but changed a lot.
 ## Building
@@ -106,9 +100,9 @@ NOTES:
 ## Translating
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
+Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
+You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
 https://docs.gitea.io/en-us/translation-guidelines/
@@ -119,17 +113,15 @@ https://docs.gitea.io/en-us/translation-guidelines/
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
+We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
-
+The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
 The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
 ## Authors
- [Maintainers](https://github.com/orgs/go-gitea/people)
+* [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
+* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
+* [Translators](options/locale/TRANSLATORS)
 ## Backers
@@ -151,7 +143,6 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
 <a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>
 ## FAQ
@@ -170,7 +161,6 @@ See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
 for the full license text.
 ## Screenshots
 Looking for an overview of the interface? Check it out!
 |![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -33,25 +33,19 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
  <img
    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
    alt="Contribute with Gitpod"
  />
  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
 <p align="center">
-  <a href="README.md">View this document in English</a>
+  <a href="README.md">View the english version of this document</a>
 </p>
 ## 目标
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,83 +1,10 @@
 # Reporting security issues
-The Gitea maintainers take security seriously.
+The Gitea maintainers take security seriously.  
 If you discover a security issue, please bring it to their attention right away!
-## Reporting a Vulnerability
+### Reporting a Vulnerability
 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
 ## Protecting Security Information
 Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
 The PGP key is valid until June 24, 2024.
 ```
 Key ID: 6FCD2D5B
 Key Type: RSA
 Expires: 6/24/2024
 Key Size: 4096/4096
 Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
 ```
 UserID: Gitea Security <security@gitea.io>
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
 4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
 OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
 k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
 kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
 rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
 3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
 q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
 CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
 lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
 AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
 tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
 PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
 CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
 njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
 4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
 bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
 ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
 i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
 Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
 srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
 a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
 JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
 kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
 AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
 T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
 GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
 XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
 ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
 03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
 RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
 qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
 s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
 axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
 D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
 Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
 YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
 Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
 D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
 O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
 6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
 GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
 7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
 q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
 ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
 GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
 i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
 zgS/ZdziCvdAutqnGA==
 =gZWO
 -----END PGP PUBLIC KEY BLOCK-----
 ```
 Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build.go
+++ b/build.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build vendor
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
@@ -19,7 +20,7 @@ import (
 )
 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt) batch by batch
+// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
 // We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
@@ -60,7 +61,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"build",
 			"cmd",
 			"contrib",
-			"tests",
+			"integrations",
 			"models",
 			"modules",
 			"routers",
@@ -70,8 +71,8 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
@@ -194,6 +195,7 @@ Options:
 Commands:
  %[1]s gofmt ...
  %[1]s misspell ...
 Arguments:
  {file-list}     the file list
@@ -204,17 +206,6 @@ Example:
 `, "file-batch-exec")
 }
 func getGoVersion() string {
 	goModFile, err := os.ReadFile("go.mod")
 	if err != nil {
 		log.Fatalf(`Faild to read "go.mod": %v`, err)
 		os.Exit(1)
 	}
 	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
 	goModVersionLine := goModVersionRegex.Find(goModFile)
 	return string(goModVersionLine[3:])
 }
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@@ -237,9 +228,9 @@ func containsString(a []string, s string) bool {
 	return false
 }
-func giteaFormatGoImports(files []string, doWriteFile bool) error {
+func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, doWriteFile); err != nil {
+		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@@ -278,8 +269,10 @@ func main() {
 			if containsString(subArgs, "-d") {
 				log.Print("the -d option is not supported by gitea-fmt")
 			}
-			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
+			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
 		case "misspell":
 			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,11 +1,13 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
 import (
 	"bytes"
 	"errors"
 	"fmt"
 	"io"
 	"os"
 	"sort"
@@ -157,7 +159,7 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 }
 // FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doWriteFile bool) error {
+func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@@ -181,6 +183,10 @@ func FormatGoImports(file string, doWriteFile bool) error {
 		return nil
 	}
 	if doChangedFiles {
 		fmt.Println(file)
 	}
 	if doWriteFile {
 		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
 		if err != nil {
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package codeformat
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
@@ -32,15 +33,11 @@ func needsUpdate(dir, filename string) (bool, []byte) {
 	hasher := sha1.New()
-	err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
+	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
-		info, err := d.Info()
+		_, _ = hasher.Write([]byte(info.Name()))
 		if err != nil {
 			return err
 		}
 		_, _ = hasher.Write([]byte(d.Name()))
 		_, _ = hasher.Write([]byte(info.ModTime().String()))
 		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
 		return nil
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
@@ -25,7 +26,7 @@ import (
 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 14
+	maxUnicodeVersion = 12
 )
 var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
@@ -189,10 +190,6 @@ func generate() ([]byte, error) {
 		}
 	}
 	sort.Slice(data, func(i, j int) bool {
 		return data[i].Aliases[0] < data[j].Aliases[0]
 	})
 	// add header
 	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))
@@ -212,12 +209,13 @@ func generate() ([]byte, error) {
 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
-
+// license that can be found in the LICENSE file.
 package emoji
-// Code generated by build/generate-emoji.go. DO NOT EDIT.
+// Code generated by gen.go. DO NOT EDIT.
 // Sourced from %s
 //
 var GemojiData = %#v
 `
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@@ -1,84 +0,0 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 //go:build ignore
 package main
 import (
 	"encoding/json"
 	"io/fs"
 	"os"
 	goPath "path"
 	"path/filepath"
 	"regexp"
 	"sort"
 	"strings"
 )
 // regexp is based on go-license, excluding README and NOTICE
 // https://github.com/google/go-licenses/blob/master/licenses/find.go
 var licenseRe = regexp.MustCompile(`^(?i)((UN)?LICEN(S|C)E|COPYING).*$`)
 type LicenseEntry struct {
 	Name        string `json:"name"`
 	Path        string `json:"path"`
 	LicenseText string `json:"licenseText"`
 }
 func main() {
 	base, out := os.Args[1], os.Args[2]
 	paths := []string{}
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
 		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
 			return nil
 		}
 		paths = append(paths, path)
 		return nil
 	})
 	if err != nil {
 		panic(err)
 	}
 	sort.Strings(paths)
 	entries := []LicenseEntry{}
 	for _, path := range paths {
 		path := filepath.ToSlash(path)
 		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}
 		path = strings.Replace(path, base+"/", "", 1)
 		name := goPath.Dir(path)
 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
 		// removing both of them for the sake of stable output.
 		if name == "." || name == "code.gitea.io/gitea" {
 			continue
 		}
 		entries = append(entries, LicenseEntry{
 			Name:        name,
 			Path:        path,
 			LicenseText: string(licenseText),
 		})
 	}
 	jsonBytes, err := json.MarshalIndent(entries, "", "  ")
 	if err != nil {
 		panic(err)
 	}
 	err = os.WriteFile(out, jsonBytes, 0o644)
 	if err != nil {
 		panic(err)
 	}
 }
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -2,7 +2,7 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'node:fs/promises';
+import {readFile, writeFile} from 'fs/promises';
 function exit(err) {
  if (err) console.error(err);
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -39,14 +39,6 @@ func main() {
 	defer util.Remove(file.Name())
 	if err := os.RemoveAll(destination); err != nil {
 		log.Fatalf("Cannot clean destination folder: %v", err)
 	}
 	if err := os.MkdirAll(destination, 0o755); err != nil {
 		log.Fatalf("Cannot create destination: %v", err)
 	}
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'node:path';
+import {parse} from 'path';
-import {readFile, writeFile, mkdir} from 'node:fs/promises';
+import {readFile, writeFile, mkdir} from 'fs/promises';
-import {fileURLToPath} from 'node:url';
+import {fileURLToPath} from 'url';
 const glob = (pattern) => fastGlob.sync(pattern, {
  cwd: fileURLToPath(new URL('..', import.meta.url)),
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -0,0 +1,26 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build ignore
 package main
 import (
 	"log"
 	"os"
 	"code.gitea.io/gitea/build/codeformat"
 )
 func main() {
 	if len(os.Args) <= 1 {
 		log.Fatalf("Usage: gitea-format-imports [files...]")
 	}
 	for _, file := range os.Args[1:] {
 		if err := codeformat.FormatGoImports(file); err != nil {
 			log.Fatalf("can not format file %s, err=%v", file, err)
 		}
 	}
 }
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -1,30 +1,37 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
 	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	pwd "code.gitea.io/gitea/modules/password"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/auth/source/smtp"
 	repo_service "code.gitea.io/gitea/services/repository"
 	user_service "code.gitea.io/gitea/services/user"
 	"github.com/urfave/cli"
 )
@@ -43,6 +50,138 @@ var (
 		},
 	}
 	subcmdUser = cli.Command{
 		Name:  "user",
 		Usage: "Modify users",
 		Subcommands: []cli.Command{
 			microcmdUserCreate,
 			microcmdUserList,
 			microcmdUserChangePassword,
 			microcmdUserDelete,
 			microcmdUserGenerateAccessToken,
 		},
 	}
 	microcmdUserList = cli.Command{
 		Name:   "list",
 		Usage:  "List users",
 		Action: runListUsers,
 		Flags: []cli.Flag{
 			cli.BoolFlag{
 				Name:  "admin",
 				Usage: "List only admin users",
 			},
 		},
 	}
 	microcmdUserCreate = cli.Command{
 		Name:   "create",
 		Usage:  "Create a new user in database",
 		Action: runCreateUser,
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "name",
 				Usage: "Username. DEPRECATED: use username instead",
 			},
 			cli.StringFlag{
 				Name:  "username",
 				Usage: "Username",
 			},
 			cli.StringFlag{
 				Name:  "password",
 				Usage: "User password",
 			},
 			cli.StringFlag{
 				Name:  "email",
 				Usage: "User email address",
 			},
 			cli.BoolFlag{
 				Name:  "admin",
 				Usage: "User is an admin",
 			},
 			cli.BoolFlag{
 				Name:  "random-password",
 				Usage: "Generate a random password for the user",
 			},
 			cli.BoolFlag{
 				Name:  "must-change-password",
 				Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
 			},
 			cli.IntFlag{
 				Name:  "random-password-length",
 				Usage: "Length of the random password to be generated",
 				Value: 12,
 			},
 			cli.BoolFlag{
 				Name:  "access-token",
 				Usage: "Generate access token for the user",
 			},
 			cli.BoolFlag{
 				Name:  "restricted",
 				Usage: "Make a restricted user account",
 			},
 		},
 	}
 	microcmdUserChangePassword = cli.Command{
 		Name:   "change-password",
 		Usage:  "Change a user's password",
 		Action: runChangePassword,
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "username,u",
 				Value: "",
 				Usage: "The user to change password for",
 			},
 			cli.StringFlag{
 				Name:  "password,p",
 				Value: "",
 				Usage: "New password to set for user",
 			},
 		},
 	}
 	microcmdUserDelete = cli.Command{
 		Name:  "delete",
 		Usage: "Delete specific user by id, name or email",
 		Flags: []cli.Flag{
 			cli.Int64Flag{
 				Name:  "id",
 				Usage: "ID of user of the user to delete",
 			},
 			cli.StringFlag{
 				Name:  "username,u",
 				Usage: "Username of the user to delete",
 			},
 			cli.StringFlag{
 				Name:  "email,e",
 				Usage: "Email of the user to delete",
 			},
 		},
 		Action: runDeleteUser,
 	}
 	microcmdUserGenerateAccessToken = cli.Command{
 		Name:  "generate-access-token",
 		Usage: "Generate a access token for a specific user",
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "username,u",
 				Usage: "Username",
 			},
 			cli.StringFlag{
 				Name:  "token-name,t",
 				Usage: "Token name",
 				Value: "gitea-admin",
 			},
 			cli.BoolFlag{
 				Name:  "raw",
 				Usage: "Display only the token value",
 			},
 		},
 		Action: runGenerateAccessToken,
 	}
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -162,11 +301,6 @@ var (
 			Value: "false",
 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
 		},
 		cli.StringFlag{
 			Name:  "custom-tenant-id",
 			Value: "",
 			Usage: "Use custom Tenant ID for OAuth endpoints",
 		},
 		cli.StringFlag{
 			Name:  "custom-auth-url",
 			Value: "",
@@ -226,15 +360,6 @@ var (
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
 		cli.StringFlag{
 			Name:  "group-team-map",
 			Value: "",
 			Usage: "JSON mapping between groups and org teams",
 		},
 		cli.BoolFlag{
 			Name:  "group-team-map-removal",
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
 	}
 	microcmdAuthUpdateOauth = cli.Command{
@@ -340,6 +465,254 @@ var (
 	}
 )
 func runChangePassword(c *cli.Context) error {
 	if err := argsSet(c, "username", "password"); err != nil {
 		return err
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	if len(c.String("password")) < setting.MinPasswordLength {
 		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
 	}
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
 	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
 	if err != nil {
 		return err
 	}
 	if pwned {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
 	user, err := user_model.GetUserByName(ctx, uname)
 	if err != nil {
 		return err
 	}
 	if err = user.SetPassword(c.String("password")); err != nil {
 		return err
 	}
 	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
 	return nil
 }
 func runCreateUser(c *cli.Context) error {
 	if err := argsSet(c, "email"); err != nil {
 		return err
 	}
 	if c.IsSet("name") && c.IsSet("username") {
 		return errors.New("Cannot set both --name and --username flags")
 	}
 	if !c.IsSet("name") && !c.IsSet("username") {
 		return errors.New("One of --name or --username flags must be set")
 	}
 	if c.IsSet("password") && c.IsSet("random-password") {
 		return errors.New("cannot set both -random-password and -password flags")
 	}
 	var username string
 	if c.IsSet("username") {
 		username = c.String("username")
 	} else {
 		username = c.String("name")
 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	var password string
 	if c.IsSet("password") {
 		password = c.String("password")
 	} else if c.IsSet("random-password") {
 		var err error
 		password, err = pwd.Generate(c.Int("random-password-length"))
 		if err != nil {
 			return err
 		}
 		fmt.Printf("generated random password is '%s'\n", password)
 	} else {
 		return errors.New("must set either password or random-password flag")
 	}
 	// always default to true
 	changePassword := true
 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
 	if n := user_model.CountUsers(nil); n == 0 {
 		changePassword = false
 	}
 	if c.IsSet("must-change-password") {
 		changePassword = c.Bool("must-change-password")
 	}
 	restricted := util.OptionalBoolNone
 	if c.IsSet("restricted") {
 		restricted = util.OptionalBoolOf(c.Bool("restricted"))
 	}
 	u := &user_model.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
 		IsAdmin:            c.Bool("admin"),
 		MustChangePassword: changePassword,
 	}
 	overwriteDefault := &user_model.CreateUserOverwriteOptions{
 		IsActive:     util.OptionalBoolTrue,
 		IsRestricted: restricted,
 	}
 	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}
 	if c.Bool("access-token") {
 		t := &models.AccessToken{
 			Name: "gitea-admin",
 			UID:  u.ID,
 		}
 		if err := models.NewAccessToken(t); err != nil {
 			return err
 		}
 		fmt.Printf("Access token was successfully created... %s\n", t.Token)
 	}
 	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }
 func runListUsers(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	users, err := user_model.GetAllUsers()
 	if err != nil {
 		return err
 	}
 	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
 	if c.IsSet("admin") {
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
 		for _, u := range users {
 			if u.IsAdmin {
 				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
 			}
 		}
 	} else {
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
 		for _, u := range users {
 			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
 		}
 	}
 	w.Flush()
 	return nil
 }
 func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
 		return fmt.Errorf("You must provide the id, username or email of a user to delete")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	if err := storage.Init(); err != nil {
 		return err
 	}
 	var err error
 	var user *user_model.User
 	if c.IsSet("email") {
 		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
 		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
 		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
 	if err != nil {
 		return err
 	}
 	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
 		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
 	}
 	if c.IsSet("id") && user.ID != c.Int64("id") {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}
 	return user_service.DeleteUser(user)
 }
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
 		return fmt.Errorf("You must provide the username to generate a token for them")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	user, err := user_model.GetUserByName(ctx, c.String("username"))
 	if err != nil {
 		return err
 	}
 	t := &models.AccessToken{
 		Name: c.String("token-name"),
 		UID:  user.ID,
 	}
 	if err := models.NewAccessToken(t); err != nil {
 		return err
 	}
 	if c.Bool("raw") {
 		fmt.Printf("%s\n", t.Token)
 	} else {
 		fmt.Printf("Access token was successfully created: %s\n", t.Token)
 	}
 	return nil
 }
 func runRepoSyncReleases(_ *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -350,7 +723,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
 				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
@@ -358,7 +731,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			Private: true,
 		})
 		if err != nil {
-			return fmt.Errorf("SearchRepositoryByName: %w", err)
+			return fmt.Errorf("SearchRepositoryByName: %v", err)
 		}
 		if len(repos) == 0 {
 			break
@@ -401,10 +774,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 }
 func getReleaseCount(id int64) (int64, error) {
-	return repo_model.GetReleaseCountByRepoID(
+	return models.GetReleaseCountByRepoID(
 		db.DefaultContext,
 		id,
-		repo_model.FindReleasesOptions{
+		models.FindReleasesOptions{
 			IncludeTags: true,
 		},
 	)
@@ -438,7 +810,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 			AuthURL:    c.String("custom-auth-url"),
 			ProfileURL: c.String("custom-profile-url"),
 			EmailURL:   c.String("custom-email-url"),
 			Tenant:     c.String("custom-tenant-id"),
 		}
 	} else {
 		customURLMapping = nil
@@ -457,8 +828,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 		GroupClaimName:                c.String("group-claim-name"),
 		AdminGroup:                    c.String("admin-group"),
 		RestrictedGroup:               c.String("restricted-group"),
 		GroupTeamMap:                  c.String("group-team-map"),
 		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
 	}
 }
@@ -470,19 +839,11 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}
-	config := parseOAuth2Config(c)
+	return auth.CreateSource(&auth.Source{
-	if config.Provider == "openidConnect" {
+		Type:     auth.OAuth2,
 		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
 		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
 			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
 		}
 	}
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      config,
+		Cfg:      parseOAuth2Config(c),
 	})
 }
@@ -498,7 +859,7 @@ func runUpdateOauth(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@@ -549,12 +910,6 @@ func runUpdateOauth(c *cli.Context) error {
 	if c.IsSet("restricted-group") {
 		oAuth2Config.RestrictedGroup = c.String("restricted-group")
 	}
 	if c.IsSet("group-team-map") {
 		oAuth2Config.GroupTeamMap = c.String("group-team-map")
 	}
 	if c.IsSet("group-team-map-removal") {
 		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
 	}
 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
@@ -564,7 +919,6 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
 		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
 		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
 		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant
 	}
 	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
 		customURLMapping.TokenURL = c.String("custom-token-url")
@@ -582,21 +936,17 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.EmailURL = c.String("custom-email-url")
 	}
 	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {
 		customURLMapping.Tenant = c.String("custom-tenant-id")
 	}
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config
-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }
 func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 	if c.IsSet("auth-type") {
 		conf.Auth = c.String("auth-type")
 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
+		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
 			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
 		}
 		conf.Auth = c.String("auth-type")
@@ -660,8 +1010,8 @@ func runAddSMTP(c *cli.Context) error {
 		smtpConfig.Auth = "PLAIN"
 	}
-	return auth_model.CreateSource(&auth_model.Source{
+	return auth.CreateSource(&auth.Source{
-		Type:     auth_model.SMTP,
+		Type:     auth.SMTP,
 		Name:     c.String("name"),
 		IsActive: active,
 		Cfg:      &smtpConfig,
@@ -680,7 +1030,7 @@ func runUpdateSMTP(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@@ -701,7 +1051,7 @@ func runUpdateSMTP(c *cli.Context) error {
 	source.Cfg = smtpConfig
-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }
 func runListAuth(c *cli.Context) error {
@@ -712,7 +1062,7 @@ func runListAuth(c *cli.Context) error {
 		return err
 	}
-	authSources, err := auth_model.Sources()
+	authSources, err := auth.Sources()
 	if err != nil {
 		return err
 	}
@@ -750,7 +1100,7 @@ func runDeleteAuth(c *cli.Context) error {
 		return err
 	}
-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -33,10 +34,6 @@ var (
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
 		cli.BoolFlag{
 			Name:  "active",
 			Usage: "Activate the authentication source.",
 		},
 		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
@@ -120,10 +117,6 @@ var (
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
 		cli.BoolFlag{
 			Name:  "disable-synchronize-users",
 			Usage: "Disable user synchronization.",
 		},
 		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
@@ -190,15 +183,9 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("not-active") {
 		authSource.IsActive = !c.Bool("not-active")
 	}
 	if c.IsSet("active") {
 		authSource.IsActive = c.Bool("active")
 	}
 	if c.IsSet("synchronize-users") {
 		authSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
 	if c.IsSet("disable-synchronize-users") {
 		authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users")
 	}
 }
 // parseLdapConfig assigns values on config according to command line flags.
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -857,36 +858,6 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
 		},
 		// case 24
 		{
 			args: []string{
 				"ldap-test",
 				"--id", "24",
 				"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 				"--active",
 				"--disable-synchronize-users",
 			},
 			id: 24,
 			existingAuthSource: &auth.Source{
 				Type:          auth.LDAP,
 				IsActive:      false,
 				IsSyncEnabled: true,
 				Cfg: &ldap.Source{
 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 					Enabled: true,
 				},
 			},
 			authSource: &auth.Source{
 				Type:          auth.LDAP,
 				Name:          "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 				IsActive:      true,
 				IsSyncEnabled: false,
 				Cfg: &ldap.Source{
 					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
 					Enabled: true,
 				},
 			},
 		},
 	}
 	for n, c := range cases {
@@ -1250,33 +1221,6 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
 		},
 		// case 20
 		{
 			args: []string{
 				"ldap-test",
 				"--id", "20",
 				"--name", "ldap (simple auth) flip 'active' attribute",
 				"--active",
 			},
 			id: 20,
 			existingAuthSource: &auth.Source{
 				Type:     auth.DLDAP,
 				IsActive: false,
 				Cfg: &ldap.Source{
 					Name:    "ldap (simple auth) flip 'active' attribute",
 					Enabled: true,
 				},
 			},
 			authSource: &auth.Source{
 				Type:     auth.DLDAP,
 				Name:     "ldap (simple auth) flip 'active' attribute",
 				IsActive: true,
 				Cfg: &ldap.Source{
 					Name:    "ldap (simple auth) flip 'active' attribute",
 					Enabled: true,
 				},
 			},
 		},
 	}
 	for n, c := range cases {
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@@ -1,21 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"github.com/urfave/cli"
 )
 var subcmdUser = cli.Command{
 	Name:  "user",
 	Usage: "Modify users",
 	Subcommands: []cli.Command{
 		microcmdUserCreate,
 		microcmdUserList,
 		microcmdUserChangePassword,
 		microcmdUserDelete,
 		microcmdUserGenerateAccessToken,
 		microcmdUserMustChangePassword,
 	},
 }
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -1,76 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"context"
 	"errors"
 	"fmt"
 	user_model "code.gitea.io/gitea/models/user"
 	pwd "code.gitea.io/gitea/modules/auth/password"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/urfave/cli"
 )
 var microcmdUserChangePassword = cli.Command{
 	Name:   "change-password",
 	Usage:  "Change a user's password",
 	Action: runChangePassword,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "username,u",
 			Value: "",
 			Usage: "The user to change password for",
 		},
 		cli.StringFlag{
 			Name:  "password,p",
 			Value: "",
 			Usage: "New password to set for user",
 		},
 	},
 }
 func runChangePassword(c *cli.Context) error {
 	if err := argsSet(c, "username", "password"); err != nil {
 		return err
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	if len(c.String("password")) < setting.MinPasswordLength {
 		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
 	}
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
 	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
 	if err != nil {
 		return err
 	}
 	if pwned {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
 	user, err := user_model.GetUserByName(ctx, uname)
 	if err != nil {
 		return err
 	}
 	if err = user.SetPassword(c.String("password")); err != nil {
 		return err
 	}
 	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
 	return nil
 }
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -1,169 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"errors"
 	"fmt"
 	"os"
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	pwd "code.gitea.io/gitea/modules/auth/password"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"github.com/urfave/cli"
 )
 var microcmdUserCreate = cli.Command{
 	Name:   "create",
 	Usage:  "Create a new user in database",
 	Action: runCreateUser,
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "name",
 			Usage: "Username. DEPRECATED: use username instead",
 		},
 		cli.StringFlag{
 			Name:  "username",
 			Usage: "Username",
 		},
 		cli.StringFlag{
 			Name:  "password",
 			Usage: "User password",
 		},
 		cli.StringFlag{
 			Name:  "email",
 			Usage: "User email address",
 		},
 		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "User is an admin",
 		},
 		cli.BoolFlag{
 			Name:  "random-password",
 			Usage: "Generate a random password for the user",
 		},
 		cli.BoolFlag{
 			Name:  "must-change-password",
 			Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
 		},
 		cli.IntFlag{
 			Name:  "random-password-length",
 			Usage: "Length of the random password to be generated",
 			Value: 12,
 		},
 		cli.BoolFlag{
 			Name:  "access-token",
 			Usage: "Generate access token for the user",
 		},
 		cli.BoolFlag{
 			Name:  "restricted",
 			Usage: "Make a restricted user account",
 		},
 	},
 }
 func runCreateUser(c *cli.Context) error {
 	if err := argsSet(c, "email"); err != nil {
 		return err
 	}
 	if c.IsSet("name") && c.IsSet("username") {
 		return errors.New("Cannot set both --name and --username flags")
 	}
 	if !c.IsSet("name") && !c.IsSet("username") {
 		return errors.New("One of --name or --username flags must be set")
 	}
 	if c.IsSet("password") && c.IsSet("random-password") {
 		return errors.New("cannot set both -random-password and -password flags")
 	}
 	var username string
 	if c.IsSet("username") {
 		username = c.String("username")
 	} else {
 		username = c.String("name")
 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	var password string
 	if c.IsSet("password") {
 		password = c.String("password")
 	} else if c.IsSet("random-password") {
 		var err error
 		password, err = pwd.Generate(c.Int("random-password-length"))
 		if err != nil {
 			return err
 		}
 		fmt.Printf("generated random password is '%s'\n", password)
 	} else {
 		return errors.New("must set either password or random-password flag")
 	}
 	// always default to true
 	changePassword := true
 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
 	if n := user_model.CountUsers(nil); n == 0 {
 		changePassword = false
 	}
 	if c.IsSet("must-change-password") {
 		changePassword = c.Bool("must-change-password")
 	}
 	restricted := util.OptionalBoolNone
 	if c.IsSet("restricted") {
 		restricted = util.OptionalBoolOf(c.Bool("restricted"))
 	}
 	// default user visibility in app.ini
 	visibility := setting.Service.DefaultUserVisibilityMode
 	u := &user_model.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
 		IsAdmin:            c.Bool("admin"),
 		MustChangePassword: changePassword,
 		Visibility:         visibility,
 	}
 	overwriteDefault := &user_model.CreateUserOverwriteOptions{
 		IsActive:     util.OptionalBoolTrue,
 		IsRestricted: restricted,
 	}
 	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}
 	if c.Bool("access-token") {
 		t := &auth_model.AccessToken{
 			Name: "gitea-admin",
 			UID:  u.ID,
 		}
 		if err := auth_model.NewAccessToken(t); err != nil {
 			return err
 		}
 		fmt.Printf("Access token was successfully created... %s\n", t.Token)
 	}
 	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -1,78 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"fmt"
 	"strings"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/storage"
 	user_service "code.gitea.io/gitea/services/user"
 	"github.com/urfave/cli"
 )
 var microcmdUserDelete = cli.Command{
 	Name:  "delete",
 	Usage: "Delete specific user by id, name or email",
 	Flags: []cli.Flag{
 		cli.Int64Flag{
 			Name:  "id",
 			Usage: "ID of user of the user to delete",
 		},
 		cli.StringFlag{
 			Name:  "username,u",
 			Usage: "Username of the user to delete",
 		},
 		cli.StringFlag{
 			Name:  "email,e",
 			Usage: "Email of the user to delete",
 		},
 		cli.BoolFlag{
 			Name:  "purge",
 			Usage: "Purge user, all their repositories, organizations and comments",
 		},
 	},
 	Action: runDeleteUser,
 }
 func runDeleteUser(c *cli.Context) error {
 	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
 		return fmt.Errorf("You must provide the id, username or email of a user to delete")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	if err := storage.Init(); err != nil {
 		return err
 	}
 	var err error
 	var user *user_model.User
 	if c.IsSet("email") {
 		user, err = user_model.GetUserByEmail(ctx, c.String("email"))
 	} else if c.IsSet("username") {
 		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
 		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
 	}
 	if err != nil {
 		return err
 	}
 	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
 		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
 	}
 	if c.IsSet("id") && user.ID != c.Int64("id") {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}
 	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
 }
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -1,80 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"fmt"
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
 	"github.com/urfave/cli"
 )
 var microcmdUserGenerateAccessToken = cli.Command{
 	Name:  "generate-access-token",
 	Usage: "Generate an access token for a specific user",
 	Flags: []cli.Flag{
 		cli.StringFlag{
 			Name:  "username,u",
 			Usage: "Username",
 		},
 		cli.StringFlag{
 			Name:  "token-name,t",
 			Usage: "Token name",
 			Value: "gitea-admin",
 		},
 		cli.BoolFlag{
 			Name:  "raw",
 			Usage: "Display only the token value",
 		},
 		cli.StringFlag{
 			Name:  "scopes",
 			Value: "",
 			Usage: "Comma separated list of scopes to apply to access token",
 		},
 	},
 	Action: runGenerateAccessToken,
 }
 func runGenerateAccessToken(c *cli.Context) error {
 	if !c.IsSet("username") {
 		return fmt.Errorf("You must provide a username to generate a token for")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	user, err := user_model.GetUserByName(ctx, c.String("username"))
 	if err != nil {
 		return err
 	}
 	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
 	if err != nil {
 		return err
 	}
 	t := &auth_model.AccessToken{
 		Name:  c.String("token-name"),
 		UID:   user.ID,
 		Scope: accessTokenScope,
 	}
 	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}
 	if c.Bool("raw") {
 		fmt.Printf("%s\n", t.Token)
 	} else {
 		fmt.Printf("Access token was successfully created: %s\n", t.Token)
 	}
 	return nil
 }
--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@@ -1,60 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"fmt"
 	"os"
 	"text/tabwriter"
 	user_model "code.gitea.io/gitea/models/user"
 	"github.com/urfave/cli"
 )
 var microcmdUserList = cli.Command{
 	Name:   "list",
 	Usage:  "List users",
 	Action: runListUsers,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "List only admin users",
 		},
 	},
 }
 func runListUsers(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	users, err := user_model.GetAllUsers()
 	if err != nil {
 		return err
 	}
 	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
 	if c.IsSet("admin") {
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
 		for _, u := range users {
 			if u.IsAdmin {
 				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
 			}
 		}
 	} else {
 		twofa := user_model.UserList(users).GetTwoFaStatus()
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
 			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
 		}
 	}
 	w.Flush()
 	return nil
 }
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@@ -1,58 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package cmd
 import (
 	"errors"
 	"fmt"
 	user_model "code.gitea.io/gitea/models/user"
 	"github.com/urfave/cli"
 )
 var microcmdUserMustChangePassword = cli.Command{
 	Name:   "must-change-password",
 	Usage:  "Set the must change password flag for the provided users or all users",
 	Action: runMustChangePassword,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
 			Name:  "all,A",
 			Usage: "All users must change password, except those explicitly excluded with --exclude",
 		},
 		cli.StringSliceFlag{
 			Name:  "exclude,e",
 			Usage: "Do not change the must-change-password flag for these users",
 		},
 		cli.BoolFlag{
 			Name:  "unset",
 			Usage: "Instead of setting the must-change-password flag, unset it",
 		},
 	},
 }
 func runMustChangePassword(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	if c.NArg() == 0 && !c.IsSet("all") {
 		return errors.New("either usernames or --all must be provided")
 	}
 	mustChangePassword := !c.Bool("unset")
 	all := c.Bool("all")
 	exclude := c.StringSlice("exclude")
 	if err := initDB(ctx); err != nil {
 		return err
 	}
 	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args(), exclude)
 	if err != nil {
 		return err
 	}
 	fmt.Printf("Updated %d users setting MustChangePassword to %t\n", n, mustChangePassword)
 	return nil
 }
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -1,7 +1,8 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".
@@ -57,10 +58,9 @@ func confirm() (bool, error) {
 }
 func initDB(ctx context.Context) error {
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
-	setting.LoadCommonSettings()
+	setting.InitDBConfig()
-	setting.LoadDBSetting()
+	setting.NewXORMLogService(false)
 	setting.InitSQLLog(false)
 	if setting.Database.Type == "" {
 		log.Fatal(`Database settings are missing from the configuration file: %q.
@@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -32,10 +33,10 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
-	if !setting.Database.Type.IsMySQL() {
+	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -13,7 +14,6 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	migrate_base "code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -87,16 +87,14 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
-	setting.LoadCommonSettings()
+	setting.InitDBConfig()
 	setting.LoadDBSetting()
-	setting.Log.EnableXORMLog = ctx.Bool("debug")
+	setting.EnableXORMLog = ctx.Bool("debug")
 	setting.Database.LogSQL = ctx.Bool("debug")
-	// FIXME: don't use CfgProvider directly
+	setting.Cfg.Section("log").Key("XORM").SetValue(",")
 	setting.CfgProvider.Section("log").Key("XORM").SetValue(",")
-	setting.InitSQLLog(!ctx.Bool("debug"))
+	setting.NewXORMLogService(!ctx.Bool("debug"))
 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -116,7 +114,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	recreateTables := migrate_base.RecreateTables(beans...)
+	recreateTables := migrations.RecreateTables(beans...)
 	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
@@ -168,13 +166,13 @@ func setDoctorLogger(ctx *cli.Context) {
 }
 func runDoctor(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Silence the default loggers
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)
 	stdCtx, cancel := installSignals()
 	defer cancel()
 	// Now setup our own
 	setDoctorLogger(ctx)
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -91,7 +92,7 @@ func (o outputType) String() string {
 }
 var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4", "tar.zst"},
+	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
 	Default: "zip",
 }
@@ -145,10 +146,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-package-data",
 			Usage: "Skip package data",
 		},
 		cli.BoolFlag{
 			Name:  "skip-index",
 			Usage: "Skip bleve index data",
 		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@@ -181,22 +178,20 @@ func runDump(ctx *cli.Context) error {
 		}
 		fileName += "." + outType
 	}
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
 	setting.LoadCommonSettings()
 	// make sure we are logging to the console no matter what the configuration tells us do to
-	// FIXME: don't use CfgProvider directly
+	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 	if _, err := setting.CfgProvider.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
 	}
-	if _, err := setting.CfgProvider.Section("log.console").NewKey("STDERR", "true"); err != nil {
+	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
 		return fmt.Errorf("gitea is not initialized")
 	}
-	setting.LoadSettings() // cannot access session settings otherwise
+	setting.NewServices() // cannot access session settings otherwise
 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -250,8 +245,6 @@ func runDump(ctx *cli.Context) error {
 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
 			log.Info("Skip dumping LFS data")
 		} else if !setting.LFS.StartServer {
 			log.Info("LFS isn't enabled. Skip dumping LFS data")
 		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
@@ -274,14 +267,13 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
 		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
 			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()
 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")
@@ -327,7 +319,7 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Packing data directory...%s", setting.AppDataPath)
 		var excludes []string
-		if setting.SessionConfig.OriginalProvider == "file" {
+		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
@@ -335,16 +327,11 @@ func runDump(ctx *cli.Context) error {
 			excludes = append(excludes, opts.ProviderConfig)
 		}
 		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
 			excludes = append(excludes, setting.Indexer.RepoPath)
 			excludes = append(excludes, setting.Indexer.IssuePath)
 		}
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.Packages.Path)
-		excludes = append(excludes, setting.Log.RootPath)
+		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
@@ -366,8 +353,6 @@ func runDump(ctx *cli.Context) error {
 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
 		log.Info("Skip dumping package data")
 	} else if !setting.Packages.Enabled {
 		log.Info("Packages isn't enabled. Skip dumping package data")
 	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
@@ -385,12 +370,12 @@ func runDump(ctx *cli.Context) error {
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
 	} else {
-		isExist, err := util.IsExist(setting.Log.RootPath)
+		isExist, err := util.IsExist(setting.LogRootPath)
 		if err != nil {
-			log.Error("Unable to check if %s exists. Error: %v", setting.Log.RootPath, err)
+			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
 		}
 		if isExist {
-			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
+			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
 				fatal("Failed to include log: %v", err)
 			}
 		}
@@ -416,6 +401,15 @@ func runDump(ctx *cli.Context) error {
 	return nil
 }
 func contains(slice []string, s string) bool {
 	for _, v := range slice {
 		if v == s {
 			return true
 		}
 	}
 	return false
 }
 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
 func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
@@ -436,7 +430,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		currentAbsPath := path.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
-			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
+			if !contains(excludeAbsPath, currentAbsPath) {
 				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
 					return err
 				}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -10,13 +11,13 @@ import (
 	"os"
 	"strings"
 	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/services/convert"
 	"code.gitea.io/gitea/services/migrations"
 	"github.com/urfave/cli"
@@ -94,7 +95,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	var (
@@ -165,7 +166,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	// make sure the directory doesn't exist or is empty, prevent from deleting user files
 	repoDir := ctx.String("repo_dir")
 	if exists, err := util.IsExist(repoDir); err != nil {
-		return fmt.Errorf("unable to stat repo_dir %q: %w", repoDir, err)
+		return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err)
 	} else if exists {
 		if isDir, _ := util.IsDir(repoDir); !isDir {
 			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build bindata
@@ -112,8 +113,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	log.DelNamedLogger(log.DEFAULT)
 	// Read configuration file
-	setting.InitProviderAllowEmpty()
+	setting.LoadAllowEmpty()
 	setting.LoadCommonSettings()
 	pats, err := getPatterns(c.Args())
 	if err != nil {
@@ -123,7 +123,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
 	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
-	sections["templates"] = &section{Path: "templates", Names: templates.BuiltinAssetNames, IsDir: templates.BuiltinAssetIsDir, Asset: templates.BuiltinAsset}
+	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}
 	for _, sec := range sections {
 		assets = append(assets, buildAssetList(sec, pats, c)...)
@@ -186,11 +186,11 @@ func runViewDo(c *cli.Context) error {
 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}
 	return nil
@@ -251,11 +251,11 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", a.Path, err)
+		return fmt.Errorf("%s: %v", a.Path, err)
 	}
 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %w", dir, err)
+		return fmt.Errorf("%s: %v", dir, err)
 	}
 	perms := os.ModePerm & 0o666
@@ -263,7 +263,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %w", dest, err)
+			return fmt.Errorf("%s: %v", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
@@ -272,7 +272,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
@@ -280,12 +280,12 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}
 	defer file.Close()
 	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}
 	fmt.Println(dest)
@@ -325,7 +325,7 @@ func getPatterns(args []string) ([]glob.Glob, error) {
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
+			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
 		} else {
 			pat[i] = g
 		}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 //go:build !bindata
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -185,7 +186,6 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
 	actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64)
 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -195,7 +195,6 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
 		ActionPerm:                      int(actionPerm),
 	}
 	scanner := bufio.NewScanner(os.Stdin)
@@ -219,9 +218,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}
-	supportProcReceive := false
+	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcReceive = true
+		supportProcRecive = true
 	}
 	for scanner.Scan() {
@@ -242,9 +241,9 @@ Gitea or set your environment appropriately.`, "")
 		lastline++
 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcReceive all ref should be checked because
+		// if supportProcRecive all ref should be checked because
 		// permission check was delayed
-		if supportProcReceive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -313,7 +312,7 @@ func runHookPostReceive(c *cli.Context) error {
 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %w", err)
+		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}
 	// Now if we're an internal don't do anything else
@@ -793,7 +792,7 @@ func writeDataPktLine(out io.Writer, data []byte) error {
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
-	if lr != 4 {
+	if 4 != lr {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -17,8 +18,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
 	setting.LoadCommonSettings()
 	if err := argsSet(c, "title"); err != nil {
 		return err
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -12,7 +13,7 @@ import (
 func init() {
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	setting.LoadForTest()
 }
 func TestMain(m *testing.M) {
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -81,7 +82,7 @@ var (
 			},
 			cli.BoolFlag{
 				Name:  "no-system",
-				Usage: "Do not show system processes",
+				Usage: "Do not show system proceses",
 			},
 			cli.BoolFlag{
 				Name:  "stacktraces",
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -173,18 +174,6 @@ var (
 						Action: runAddSMTPLogger,
 					},
 				},
 			}, {
 				Name:  "log-sql",
 				Usage: "Set LogSQL",
 				Flags: []cli.Flag{
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.BoolFlag{
 						Name:  "off",
 						Usage: "Switch off SQL logging",
 					},
 				},
 				Action: runSetLogSQL,
 			},
 		},
 	}
@@ -392,18 +381,3 @@ func runReleaseReopenLogging(c *cli.Context) error {
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
 func runSetLogSQL(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	setup("manager", c.Bool("debug"))
 	statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off"))
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -33,7 +34,7 @@ func runMigrate(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -72,54 +73,45 @@ var CmdMigrateStorage = cli.Command{
 		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
-			Usage: "Minio storage base path on the bucket",
+			Usage: "Minio storage basepath on the bucket",
 		},
 		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
 		cli.BoolFlag{
 			Name:  "minio-insecure-skip-verify",
 			Usage: "Skip SSL verification",
 		},
 		cli.StringFlag{
 			Name:  "minio-checksum-algorithm",
 			Value: "",
 			Usage: "Minio checksum algorithm (default/md5)",
 		},
 	},
 }
 func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, attach *repo_model.Attachment) error {
+	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }
 func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, mo *git_model.LFSMetaObject) error {
+	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }
 func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+	return db.IterateObjects(ctx, func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }
 func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }
 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, archiver *repo_model.RepoArchiver) error {
+	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
 		p := archiver.RelativePath()
 		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
@@ -127,7 +119,7 @@ func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage)
 }
 func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, pb *packages_model.PackageBlob) error {
+	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
 		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
 		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
 		return err
@@ -145,7 +137,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
@@ -177,15 +169,13 @@ func runMigrateStorage(ctx *cli.Context) error {
 		dstStorage, err = storage.NewMinioStorage(
 			stdCtx,
 			storage.MinioStorageConfig{
-				Endpoint:           ctx.String("minio-endpoint"),
+				Endpoint:        ctx.String("minio-endpoint"),
-				AccessKeyID:        ctx.String("minio-access-key-id"),
+				AccessKeyID:     ctx.String("minio-access-key-id"),
-				SecretAccessKey:    ctx.String("minio-secret-access-key"),
+				SecretAccessKey: ctx.String("minio-secret-access-key"),
-				Bucket:             ctx.String("minio-bucket"),
+				Bucket:          ctx.String("minio-bucket"),
-				Location:           ctx.String("minio-location"),
+				Location:        ctx.String("minio-location"),
-				BasePath:           ctx.String("minio-base-path"),
+				BasePath:        ctx.String("minio-base-path"),
-				UseSSL:             ctx.Bool("minio-use-ssl"),
+				UseSSL:          ctx.Bool("minio-use-ssl"),
 				InsecureSkipVerify: ctx.Bool("minio-insecure-skip-verify"),
 				ChecksumAlgorithm:  ctx.String("minio-checksum-algorithm"),
 			})
 	default:
 		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -22,7 +23,7 @@ import (
 func TestMigratePackages(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())
-	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)
 	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
 	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
@@ -43,9 +44,8 @@ func TestMigratePackages(t *testing.T) {
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
-		Creator: creator,
+		Data:   buf,
-		Data:    buf,
+		IsLead: true,
 		IsLead:  true,
 	})
 	assert.NoError(t, err)
 	assert.NotNil(t, v)
@@ -53,7 +53,8 @@ func TestMigratePackages(t *testing.T) {
 	ctx := context.Background()
-	p := t.TempDir()
+	p, err := os.MkdirTemp(os.TempDir(), "migrated_packages")
 	assert.NoError(t, err)
 	dstStorage, err := storage.NewLocalStorage(
 		ctx,
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -54,8 +55,7 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
 	setting.LoadCommonSettings()
 	var units []string
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -11,7 +12,6 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@@ -43,7 +43,7 @@ const (
 var CmdServ = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
-	Description: "Serv provides access auth for repositories",
+	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@@ -62,8 +62,7 @@ func setup(logPath string, debug bool) {
 	} else {
 		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
 	setting.LoadCommonSettings()
 	if debug {
 		setting.RunMode = "dev"
 	}
@@ -291,21 +290,17 @@ func runServ(c *cli.Context) error {
 		return nil
 	}
-	var gitcmd *exec.Cmd
+	// Special handle for Windows.
-	gitBinPath := filepath.Dir(git.GitExecutable) // e.g. /usr/bin
+	if setting.IsWindows {
-	gitBinVerb := filepath.Join(gitBinPath, verb) // e.g. /usr/bin/git-upload-pack
+		verb = strings.Replace(verb, "-", " ", 1)
 	if _, err := os.Stat(gitBinVerb); err != nil {
 		// if the command "git-upload-pack" doesn't exist, try to split "git-upload-pack" to use the sub-command with git
 		// ps: Windows only has "git.exe" in the bin path, so Windows always uses this way
 		verbFields := strings.SplitN(verb, "-", 2)
 		if len(verbFields) == 2 {
 			// use git binary with the sub-command part: "C:\...\bin\git.exe", "upload-pack", ...
 			gitcmd = exec.CommandContext(ctx, git.GitExecutable, verbFields[1], repoPath)
 		}
 	}
-	if gitcmd == nil {
+
-		// by default, use the verb (it has been checked above by allowedCommands)
+	var gitcmd *exec.Cmd
-		gitcmd = exec.CommandContext(ctx, gitBinVerb, repoPath)
+	verbs := strings.Split(verb, " ")
 	if len(verbs) == 2 {
 		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
 	} else {
 		gitcmd = exec.CommandContext(ctx, verb, repoPath)
 	}
 	process.SetSysProcAttribute(gitcmd)
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -75,7 +76,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
-	err := runHTTP("tcp", source, "HTTP Redirector", handler, setting.RedirectorUseProxyProtocol)
+	err := runHTTP("tcp", source, "HTTP Redirector", handler)
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@@ -125,10 +126,8 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		installCtx, cancel := context.WithCancel(graceful.GetManager().HammerContext())
+		c := install.Routes()
 		c := install.Routes(installCtx)
 		err := listen(c, false)
 		cancel()
 		if err != nil {
 			log.Critical("Unable to open listener for installer. Is Gitea already running?")
 			graceful.GetManager().DoGracefulShutdown()
@@ -149,17 +148,15 @@ func runWeb(ctx *cli.Context) error {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
 			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}
 	log.Info("Global init")
 	// Perform global initialization
-	setting.InitProviderFromExistingFile()
+	setting.LoadFromExisting()
 	setting.LoadCommonSettings()
 	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
 	// We check that AppDataPath exists here (it should have been created during installation)
@@ -177,7 +174,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 	// Set up Chi routes
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	c := routers.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
@@ -203,7 +200,7 @@ func setPort(port string) error {
 		defaultLocalURL += ":" + setting.HTTPPort + "/"
 		// Save LOCAL_ROOT_URL if port changed
-		setting.CreateOrAppendToCustomConf("server.LOCAL_ROOT_URL", func(cfg *ini.File) {
+		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 		})
 	}
@@ -233,38 +230,40 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
 		if setting.EnableAcme {
 			err = runACME(listenAddr, m)
 			break
-		}
+		} else {
-		if handleRedirector {
+			if handleRedirector {
-			if setting.RedirectOtherPort {
+				if setting.RedirectOtherPort {
-				go runHTTPRedirector()
+					go runHTTPRedirector()
-			} else {
+				} else {
-				NoHTTPRedirector()
+					NoHTTPRedirector()
 				}
 			}
 			err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 		}
 		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m, setting.UseProxyProtocol)
+		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
 	case setting.HTTPUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("unix", listenAddr, "Web", m)
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runFCGI("unix", listenAddr, "Web", m)
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
 	if err != nil {
 		log.Critical("Failed to start server: %v", err)
 	}
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -112,14 +113,14 @@ func runACME(listenAddr string, m http.Handler) error {
 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)), setting.RedirectorUseProxyProtocol)
+			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}
-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
 }
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -14,8 +15,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )
-func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+func runHTTP(network, listenAddr, name string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m, useProxyProtocol)
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }
 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -35,7 +36,7 @@ func NoInstallListener() {
 	graceful.GetManager().InformCleanup()
 }
-func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+func runFCGI(network, listenAddr, name string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
 	fcgiServer := graceful.NewServer(network, listenAddr, name)
@@ -46,7 +47,7 @@ func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol
 			}
 			m.ServeHTTP(resp, req)
 		}))
-	}, useProxyProtocol)
+	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package cmd
@@ -128,14 +129,14 @@ var (
 	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
 )
-// runHTTPS listens on the provided network address and then calls
+// runHTTPs listens on the provided network address and then calls
 // Serve to handle requests on incoming TLS connections.
 //
 // Filenames containing a certificate and matching private key for the server must
 // be provided. If the certificate is signed by a certificate authority, the
 // certFile should be the concatenation of the server's certificate followed by the
 // CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
 	tlsConfig := &tls.Config{}
 	if tlsConfig.NextProtos == nil {
 		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
@@ -183,9 +184,9 @@ func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handle
 		return err
 	}
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
--- a/contrib/autocompletion/README
+++ b/contrib/autocompletion/README
@@ -1,17 +0,0 @@
 Bash and Zsh completion
 =======================
 From within the gitea root run:
 ```bash
 source contrib/autocompletion/bash_autocomplete
 ```
 or for zsh run:
 ```bash
 source contrib/autocompletion/zsh_autocomplete
 ```
 These scripts will check if gitea is on the path and if so add autocompletion for `gitea`. Or if not autocompletion will work for `./gitea`.
 If gitea has been installed as a different program pass in the `PROG` environment variable to set the correct program name.
--- a/contrib/autocompletion/bash_autocomplete
+++ b/contrib/autocompletion/bash_autocomplete
@@ -1,30 +0,0 @@
 #! /bin/bash
 # Heavily inspired by https://github.com/urfave/cli
 _cli_bash_autocomplete() {
  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
    local cur opts base
    COMPREPLY=()
    cur="${COMP_WORDS[COMP_CWORD]}"
    if [[ "$cur" == "-"* ]]; then
      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
    else
      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
    fi
    COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
    return 0
  fi
 }
 if [ -z "$PROG" ] && [ ! "$(command -v gitea &> /dev/null)" ] ; then
  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete gitea
 elif [ -z "$PROG" ]; then
  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete ./gitea
  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PWD/gitea"
 else
  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PROG"
  unset PROG
 fi
--- a/contrib/autocompletion/zsh_autocomplete
+++ b/contrib/autocompletion/zsh_autocomplete
@@ -1,30 +0,0 @@
 #compdef ${PROG:=gitea}
 # Heavily inspired by https://github.com/urfave/cli
 _cli_zsh_autocomplete() {
  local -a opts
  local cur
  cur=${words[-1]}
  if [[ "$cur" == "-"* ]]; then
    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
  else
    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}")
  fi
  if [[ "${opts[1]}" != "" ]]; then
    _describe 'values' opts
  else
    _files
  fi
  return
 }
 if [ -z $PROG ] ; then
  compdef _cli_zsh_autocomplete gitea
 else
  compdef _cli_zsh_autocomplete $(basename $PROG)
 fi
--- a/contrib/backport/README
+++ b/contrib/backport/README
@@ -1,41 +0,0 @@
 `backport`
 ==========
 `backport` is a command to help create backports of PRs. It backports a
 provided PR from main on to a released version.
 It will create a backport branch, cherry-pick the PR's merge commit, adjust
 the commit message and then push this back up to your fork's remote.
 The default version will read from `docs/config.yml`. You can override this
 using the option `--version`.
 The upstream branches will be fetched, using the remote `origin`. This can
 be overrided using `--upstream`, and fetching can be avoided using
 `--no-fetch`.
 By default the branch created will be called `backport-$PR-$VERSION`. You
 can override this using the option `--backport-branch`. This branch will
 be created from `--release-branch` which is `release/$(VERSION)`
 by default and will be pulled from `$(UPSTREAM)`.
 The merge-commit as determined by the github API will be used as the SHA to
 cherry-pick. You can override this using `--cherry-pick`.
 The commit message will be amended to add the `Backport` header.
 `--no-amend-message` can be set to stop this from happening.
 If cherry-pick is successful the backported branch will be pushed up to your
 fork using your remote. These will be determined using `git remote -v`. You
 can set your fork name using `--fork-user` and your remote name using
 `--remote`. You can avoid pushing using `--no-push`.
 If the push is successful, `xdg-open` will be called to open a backport url.
 You can stop this using `--no-xdg-open`.
 Installation
 ============
 ```bash
 go install contrib/backport/backport.go
 ```
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@@ -1,473 +0,0 @@
 // Copyright 2023 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 package main
 import (
 	"context"
 	"fmt"
 	"log"
 	"net/http"
 	"os"
 	"os/exec"
 	"os/signal"
 	"path"
 	"strconv"
 	"strings"
 	"syscall"
 	"github.com/google/go-github/v45/github"
 	"github.com/urfave/cli"
 	"gopkg.in/yaml.v3"
 )
 const defaultVersion = "v1.18" // to backport to
 func main() {
 	app := cli.NewApp()
 	app.Name = "backport"
 	app.Usage = "Backport provided PR-number on to the current or previous released version"
 	app.Description = `Backport will look-up the PR in Gitea's git log and attempt to cherry-pick it on the current version`
 	app.ArgsUsage = "<PR-to-backport>"
 	app.Flags = []cli.Flag{
 		cli.StringFlag{
 			Name:  "version",
 			Usage: "Version branch to backport on to",
 		},
 		cli.StringFlag{
 			Name:  "upstream",
 			Value: "origin",
 			Usage: "Upstream remote for the Gitea upstream",
 		},
 		cli.StringFlag{
 			Name:  "release-branch",
 			Value: "",
 			Usage: "Release branch to backport on. Will default to release/<version>",
 		},
 		cli.StringFlag{
 			Name:  "cherry-pick",
 			Usage: "SHA to cherry-pick as backport",
 		},
 		cli.StringFlag{
 			Name:  "backport-branch",
 			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
 		},
 		cli.StringFlag{
 			Name:  "remote",
 			Value: "",
 			Usage: "Remote for your fork of the Gitea upstream",
 		},
 		cli.StringFlag{
 			Name:  "fork-user",
 			Value: "",
 			Usage: "Forked user name on Github",
 		},
 		cli.BoolFlag{
 			Name:  "no-fetch",
 			Usage: "Set this flag to prevent fetch of remote branches",
 		},
 		cli.BoolFlag{
 			Name:  "no-amend-message",
 			Usage: "Set this flag to prevent automatic amendment of the commit message",
 		},
 		cli.BoolFlag{
 			Name:  "no-push",
 			Usage: "Set this flag to prevent pushing the backport up to your fork",
 		},
 		cli.BoolFlag{
 			Name:  "no-xdg-open",
 			Usage: "Set this flag to not use xdg-open to open the PR URL",
 		},
 		cli.BoolFlag{
 			Name:  "continue",
 			Usage: "Set this flag to continue from a git cherry-pick that has broken",
 		},
 	}
 	cli.AppHelpTemplate = `NAME:
 	{{.Name}} - {{.Usage}}
 USAGE:
 	{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
 	{{if len .Authors}}
 AUTHOR:
 	{{range .Authors}}{{ . }}{{end}}
 	{{end}}{{if .Commands}}
 OPTIONS:
 	{{range .VisibleFlags}}{{.}}
 	{{end}}{{end}}
 `
 	app.Action = runBackport
 	if err := app.Run(os.Args); err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to backport: %v\n", err)
 	}
 }
 func runBackport(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
 	continuing := c.Bool("continue")
 	var pr string
 	version := c.String("version")
 	if version == "" && continuing {
 		// determine version from current branch name
 		var err error
 		pr, version, err = readCurrentBranch(ctx)
 		if err != nil {
 			return err
 		}
 	}
 	if version == "" {
 		version = readVersion()
 	}
 	if version == "" {
 		version = defaultVersion
 	}
 	upstream := c.String("upstream")
 	if upstream == "" {
 		upstream = "origin"
 	}
 	forkUser := c.String("fork-user")
 	remote := c.String("remote")
 	if remote == "" && !c.Bool("--no-push") {
 		var err error
 		remote, forkUser, err = determineRemote(ctx, forkUser)
 		if err != nil {
 			return err
 		}
 	}
 	upstreamReleaseBranch := c.String("release-branch")
 	if upstreamReleaseBranch == "" {
 		upstreamReleaseBranch = path.Join("release", version)
 	}
 	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)
 	args := c.Args()
 	if len(args) == 0 && pr == "" {
 		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
 	} else if len(args) != 1 && pr == "" {
 		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
 	}
 	if pr == "" {
 		pr = args[0]
 	}
 	backportBranch := c.String("backport-branch")
 	if backportBranch == "" {
 		backportBranch = "backport-" + pr + "-" + version
 	}
 	fmt.Printf("* Backporting %s to %s as %s\n", pr, localReleaseBranch, backportBranch)
 	sha := c.String("cherry-pick")
 	if sha == "" {
 		var err error
 		sha, err = determineSHAforPR(ctx, pr)
 		if err != nil {
 			return err
 		}
 	}
 	if sha == "" {
 		return fmt.Errorf("unable to determine sha for cherry-pick of %s", pr)
 	}
 	if !c.Bool("no-fetch") {
 		if err := fetchRemoteAndMain(ctx, upstream, upstreamReleaseBranch); err != nil {
 			return err
 		}
 	}
 	if !continuing {
 		if err := checkoutBackportBranch(ctx, backportBranch, localReleaseBranch); err != nil {
 			return err
 		}
 	}
 	if err := cherrypick(ctx, sha); err != nil {
 		return err
 	}
 	if !c.Bool("no-amend-message") {
 		if err := amendCommit(ctx, pr); err != nil {
 			return err
 		}
 	}
 	if !c.Bool("no-push") {
 		url := "https://github.com/go-gitea/gitea/compare/" + upstreamReleaseBranch + "..." + forkUser + ":" + backportBranch
 		if err := gitPushUp(ctx, remote, backportBranch); err != nil {
 			return err
 		}
 		if !c.Bool("no-xdg-open") {
 			if err := xdgOpen(ctx, url); err != nil {
 				return err
 			}
 		} else {
 			fmt.Printf("* Navigate to %s to open PR\n", url)
 		}
 	}
 	return nil
 }
 func xdgOpen(ctx context.Context, url string) error {
 	fmt.Printf("* `xdg-open %s`\n", url)
 	out, err := exec.CommandContext(ctx, "xdg-open", url).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to xdg-open to %s: %w", url, err)
 	}
 	return nil
 }
 func gitPushUp(ctx context.Context, remote, backportBranch string) error {
 	fmt.Printf("* `git push -u %s %s`\n", remote, backportBranch)
 	out, err := exec.CommandContext(ctx, "git", "push", "-u", remote, backportBranch).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to push up to %s: %w", remote, err)
 	}
 	return nil
 }
 func amendCommit(ctx context.Context, pr string) error {
 	fmt.Printf("* Amending commit to prepend `Backport #%s` to body\n", pr)
 	out, err := exec.CommandContext(ctx, "git", "log", "-1", "--pretty=format:%B").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to get last log message: %w", err)
 	}
 	parts := strings.SplitN(string(out), "\n", 2)
 	if len(parts) != 2 {
 		return fmt.Errorf("unable to interpret log message:\n%s", string(out))
 	}
 	subject, body := parts[0], parts[1]
 	if !strings.HasSuffix(subject, " (#"+pr+")") {
 		subject = subject + " (#" + pr + ")"
 	}
 	out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "%s", string(out))
 		return fmt.Errorf("unable to amend last log message: %w", err)
 	}
 	return nil
 }
 func cherrypick(ctx context.Context, sha string) error {
 	// Check if a CHERRY_PICK_HEAD exists
 	if _, err := os.Stat(".git/CHERRY_PICK_HEAD"); err == nil {
 		// Assume that we are in the middle of cherry-pick - continue it
 		fmt.Println("* Attempting git cherry-pick --continue")
 		out, err := exec.CommandContext(ctx, "git", "cherry-pick", "--continue").Output()
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "git cherry-pick --continue failed:\n%s\n", string(out))
 			return fmt.Errorf("unable to continue cherry-pick: %w", err)
 		}
 		return nil
 	}
 	fmt.Printf("* Attempting git cherry-pick %s\n", sha)
 	out, err := exec.CommandContext(ctx, "git", "cherry-pick", sha).Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "git cherry-pick %s failed:\n%s\n", sha, string(out))
 		return fmt.Errorf("git cherry-pick %s failed: %w", sha, err)
 	}
 	return nil
 }
 func checkoutBackportBranch(ctx context.Context, backportBranch, releaseBranch string) error {
 	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
 	if err != nil {
 		return fmt.Errorf("unable to check current branch %w", err)
 	}
 	currentBranch := strings.TrimSpace(string(out))
 	fmt.Printf("* Current branch is %s\n", currentBranch)
 	if currentBranch == backportBranch {
 		fmt.Printf("* Current branch is %s - not checking out\n", currentBranch)
 		return nil
 	}
 	if _, err := exec.CommandContext(ctx, "git", "rev-list", "-1", backportBranch).Output(); err == nil {
 		fmt.Printf("* Branch %s already exists. Checking it out...\n", backportBranch)
 		return exec.CommandContext(ctx, "git", "checkout", "-f", backportBranch).Run()
 	}
 	fmt.Printf("* `git checkout -b %s %s`\n", backportBranch, releaseBranch)
 	return exec.CommandContext(ctx, "git", "checkout", "-b", backportBranch, releaseBranch).Run()
 }
 func fetchRemoteAndMain(ctx context.Context, remote, releaseBranch string) error {
 	fmt.Printf("* `git fetch %s main`\n", remote)
 	out, err := exec.CommandContext(ctx, "git", "fetch", remote, "main").Output()
 	if err != nil {
 		fmt.Println(string(out))
 		return fmt.Errorf("unable to fetch %s from %s: %w", "main", remote, err)
 	}
 	fmt.Println(string(out))
 	fmt.Printf("* `git fetch %s %s`\n", remote, releaseBranch)
 	out, err = exec.CommandContext(ctx, "git", "fetch", remote, releaseBranch).Output()
 	if err != nil {
 		fmt.Println(string(out))
 		return fmt.Errorf("unable to fetch %s from %s: %w", releaseBranch, remote, err)
 	}
 	fmt.Println(string(out))
 	return nil
 }
 func determineRemote(ctx context.Context, forkUser string) (string, string, error) {
 	out, err := exec.CommandContext(ctx, "git", "remote", "-v").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to list git remotes:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to determine forked remote: %w", err)
 	}
 	lines := strings.Split(string(out), "\n")
 	for _, line := range lines {
 		fields := strings.Split(line, "\t")
 		name, remote := fields[0], fields[1]
 		// only look at pushers
 		if !strings.HasSuffix(remote, " (push)") {
 			continue
 		}
 		// only look at github.com pushes
 		if !strings.Contains(remote, "github.com") {
 			continue
 		}
 		// ignore go-gitea/gitea
 		if strings.Contains(remote, "go-gitea/gitea") {
 			continue
 		}
 		if !strings.Contains(remote, forkUser) {
 			continue
 		}
 		if strings.HasPrefix(remote, "git@github.com:") {
 			forkUser = strings.TrimPrefix(remote, "git@github.com:")
 		} else if strings.HasPrefix(remote, "https://github.com/") {
 			forkUser = strings.TrimPrefix(remote, "https://github.com/")
 		} else if strings.HasPrefix(remote, "https://www.github.com/") {
 			forkUser = strings.TrimPrefix(remote, "https://www.github.com/")
 		} else if forkUser == "" {
 			return "", "", fmt.Errorf("unable to extract forkUser from remote %s: %s", name, remote)
 		}
 		idx := strings.Index(forkUser, "/")
 		if idx >= 0 {
 			forkUser = forkUser[:idx]
 		}
 		return name, forkUser, nil
 	}
 	return "", "", fmt.Errorf("unable to find appropriate remote in:\n%s", string(out))
 }
 func readCurrentBranch(ctx context.Context) (pr, version string, err error) {
 	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to read current git branch:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to read current git branch: %w", err)
 	}
 	parts := strings.Split(strings.TrimSpace(string(out)), "-")
 	if len(parts) != 3 || parts[0] != "backport" {
 		fmt.Fprintf(os.Stderr, "Unable to continue from git branch:\n%s\n", string(out))
 		return "", "", fmt.Errorf("unable to continue from git branch:\n%s", string(out))
 	}
 	return parts[1], parts[2], nil
 }
 func readVersion() string {
 	bs, err := os.ReadFile("docs/config.yaml")
 	if err != nil {
 		if err == os.ErrNotExist {
 			log.Println("`docs/config.yaml` not present")
 			return ""
 		}
 		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
 		return ""
 	}
 	type params struct {
 		Version string
 	}
 	type docConfig struct {
 		Params params
 	}
 	dc := &docConfig{}
 	if err := yaml.Unmarshal(bs, dc); err != nil {
 		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
 		return ""
 	}
 	if dc.Params.Version == "" {
 		fmt.Fprintf(os.Stderr, "No version in `docs/config.yaml`")
 		return ""
 	}
 	version := dc.Params.Version
 	if version[0] != 'v' {
 		version = "v" + version
 	}
 	split := strings.SplitN(version, ".", 3)
 	return strings.Join(split[:2], ".")
 }
 func determineSHAforPR(ctx context.Context, prStr string) (string, error) {
 	prNum, err := strconv.Atoi(prStr)
 	if err != nil {
 		return "", err
 	}
 	client := github.NewClient(http.DefaultClient)
 	pr, _, err := client.PullRequests.Get(ctx, "go-gitea", "gitea", prNum)
 	if err != nil {
 		return "", err
 	}
 	if pr.Merged == nil || !*pr.Merged {
 		return "", fmt.Errorf("PR #%d is not yet merged - cannot determine sha to backport", prNum)
 	}
 	if pr.MergeCommitSHA != nil {
 		return *pr.MergeCommitSHA, nil
 	}
 	return "", nil
 }
 func installSignals() (context.Context, context.CancelFunc) {
 	ctx, cancel := context.WithCancel(context.Background())
 	go func() {
 		// install notify
 		signalChannel := make(chan os.Signal, 1)
 		signal.Notify(
 			signalChannel,
 			syscall.SIGINT,
 			syscall.SIGTERM,
 		)
 		select {
 		case <-signalChannel:
 		case <-ctx.Done():
 		}
 		cancel()
 		signal.Reset()
 	}()
 	return ctx, cancel
 }
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -29,7 +29,7 @@ local addIssueLabelsOverrides(labels) =
  grafanaDashboards+:: {
-    local giteaSelector = 'job=~"$job", instance=~"$instance"',
+    local giteaSelector = 'job="$job", instance="$instance"',
    local giteaStatsPanel =
      grafana.statPanel.new(
        'Gitea stats',
@@ -399,31 +399,25 @@ local addIssueLabelsOverrides(labels) =
      .addTemplate(
        {
          hide: 0,
-          label: 'job',
+          label: null,
          name: 'job',
          options: [],
          datasource: '$datasource',
          query: 'label_values(gitea_organizations, job)',
          refresh: 1,
          regex: '',
          type: 'query',
          multi: true,
          allValue: '.+'
        },
      )
      .addTemplate(
        {
          hide: 0,
-          label: 'instance',
+          label: null,
          name: 'instance',
          options: [],
          datasource: '$datasource',
          query: 'label_values(gitea_organizations{job="$job"}, instance)',
          refresh: 1,
          regex: '',
          type: 'query',
          multi: true,
          allValue: '.+'
        },
      )
      .addTemplate(
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@@ -2,43 +2,14 @@
 DIR=/var/lib/gitea
 USER=git
 HOME=/home/${USER}
 GITEA_WORK_DIR=${DIR}
 EXECUTABLE=/usr/local/bin/gitea
 export USER
 export HOME
 export GITEA_WORK_DIR
 name=$RC_SVCNAME
 cfgfile="/etc/$RC_SVCNAME/app.ini"
 command="${EXECUTABLE}"
 command_user="${USER}"
 command_args="web -c /etc/$RC_SVCNAME/app.ini"
 command_background="yes"
 pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
 start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
 command="/usr/local/bin/gitea"
 command_args="web -c /etc/gitea/app.ini"
 command_background=yes
 pidfile=/run/gitea.pid
 depend()
 {
    need net
    ###
    # Don't forget to add the database service requirements
    ###
    #after postgresql
    #after mysql
    #after mariadb
    #after memcached
    #after redis
 }
 start_pre()
 {
        checkpath --directory --owner $command_user:$command_user --mode 0750 \
                /run/$RC_SVCNAME /var/log/$RC_SVCNAME
        ##
        # If you want to bind Gitea to a port below 1024, uncomment
        # the value below
        ##
        #setcap cap_net_bind_service=+ep "${EXECUTABLE}"
 }
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 package main
@@ -13,6 +14,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
@@ -25,14 +27,12 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	gitea_git "code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
 	markup_service "code.gitea.io/gitea/services/markup"
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@@ -49,8 +49,7 @@ func runPR() {
 		log.Fatal(err)
 	}
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAllowEmpty()
+	setting.LoadAllowEmpty()
 	setting.LoadCommonSettings()
 	setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
 	if err != nil {
@@ -62,7 +61,11 @@ func runPR() {
 	}
 	setting.AppWorkPath = curDir
 	setting.StaticRootPath = curDir
-	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
+	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
 	if err != nil {
 		log.Fatalf("url.Parse: %v\n", err)
 	}
 	setting.AppURL = "http://localhost:8080/"
 	setting.HTTPPort = "8080"
 	setting.SSH.Domain = "localhost"
@@ -77,13 +80,14 @@ func runPR() {
 	setting.RunUser = curUser.Username
 	log.Printf("[PR] Loading fixtures data ...\n")
 	gitea_git.CheckLFSVersion()
 	//models.LoadConfigs()
 	/*
 		setting.Database.Type = "sqlite3"
 		setting.Database.Path = ":memory:"
 		setting.Database.Timeout = 500
 	*/
-	dbCfg := setting.CfgProvider.Section("database")
+	dbCfg := setting.Cfg.Section("database")
 	dbCfg.NewKey("DB_TYPE", "sqlite3")
 	dbCfg.NewKey("PATH", ":memory:")
@@ -108,13 +112,13 @@ func runPR() {
 	unittest.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
 	util.RemoveAll(repo_module.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "tests/gitea-repositories-meta"), setting.RepoRootPath)
+	unittest.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
 	log.Printf("[PR] Setting up router\n")
 	// routers.GlobalInit()
 	external.RegisterRenderers()
-	markup.Init(markup_service.ProcessorHelper())
+	markup.Init()
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	c := routers.NormalRoutes()
 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -49,8 +49,12 @@ After=network.target
 ###
 [Service]
-# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
+# Modify these two values and uncomment them if you have
-# LimitNOFILE=524288:524288
+# repos with lots of files and get an HTTP error 500 because
 # of that
 ###
 #LimitMEMLOCK=infinity
 #LimitNOFILE=65535
 RestartSec=2s
 Type=simple
 User=git
@@ -74,13 +78,6 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
 # In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
 # set the following value to false to allow capabilities to be applied on gitea process. The following
 # value if set to true sandboxes gitea service and prevent any processes from running with privileges
 # in the host user namespace.
 ###
 #PrivateUsers=false
 ###
 [Install]
 WantedBy=multi-user.target
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -7,38 +7,6 @@
 ;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Default Configuration (non-`app.ini` configuration)
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; These values are environment-dependent but form the basis of a lot of values. They will be
 ;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
 ;;
 ;; - _`AppPath`_: This is the absolute path of the running gitea binary.
 ;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
 ;;   - The `--work-path` flag passed to the binary
 ;;   - The environment variable `$GITEA_WORK_DIR`
 ;;   - A built-in value set at build time (see building from source)
 ;;   - Otherwise it defaults to the directory of the _`AppPath`_
 ;;   - If any of the above are relative paths then they are made absolute against the
 ;; the directory of the _`AppPath`_
 ;; - _`CustomPath`_: This is the base directory for custom templates and other options.
 ;; It is determined by using the first set thing in the following hierarchy:
 ;;   - The `--custom-path` flag passed to the binary
 ;;   - The environment variable `$GITEA_CUSTOM`
 ;;   - A built-in value set at build time (see building from source)
 ;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
 ;;   - If any of the above are relative paths then they are made absolute against the
 ;; the directory of the _`AppWorkPath`_
 ;; - _`CustomConf`_: This is the path to the `app.ini` file.
 ;;   - The `--config` flag passed to the binary
 ;;   - A built-in value set at build time (see building from source)
 ;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
 ;;   - If any of the above are relative paths then they are made absolute against the
 ;; the directory of the _`CustomPath`_
 ;;
 ;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; General Settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -58,21 +26,9 @@ RUN_MODE = ; prod
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
+;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
 ;USE_PROXY_PROTOCOL = false
 ;;
 ;; Use PROXY protocol in TLS Bridging mode
 ;PROXY_PROTOCOL_TLS_BRIDGING = false
 ;;
 ; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
 ;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
 ;;
 ; Accept PROXY protocol headers with UNKNOWN type
 ;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
 ;;
 ;; Set the domain for the server
 ;DOMAIN = localhost
 ;;
@@ -83,8 +39,6 @@ RUN_MODE = ; prod
 ;STATIC_URL_PREFIX =
 ;;
 ;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
 ;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
 ;; Relative paths will be made absolute against the _`AppWorkPath`_.
 ;HTTP_ADDR = 0.0.0.0
 ;;
 ;; The port to listen on. Leave empty when using a unix socket.
@@ -97,8 +51,6 @@ RUN_MODE = ; prod
 ;REDIRECT_OTHER_PORT = false
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; expect PROXY protocol header on connections to https redirector.
 ;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@@ -124,19 +76,13 @@ RUN_MODE = ; prod
 ;; Do not set this variable if PROTOCOL is set to 'unix'.
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
 ;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
 ;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
 ;;
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
-;; Expect PROXY protocol header on connections to the built-in SSH server
+;; Username to use for the builtin SSH server.
 ;SSH_SERVER_USE_PROXY_PROTOCOL = false
 ;;
 ;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
 ;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
 ;;
 ;; Domain name to be exposed in clone URL
@@ -179,7 +125,7 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
-;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
+;; relative paths are made absolute relative to the APP_DATA_PATH
 ;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ;;
 ;; Directory to create temporary files in when testing public keys using ssh-keygen,
@@ -275,10 +221,10 @@ RUN_MODE = ; prod
 ;;
 ;; Root directory containing templates and static files.
 ;; default is the path where Gitea is executed
-;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
+;STATIC_ROOT_PATH =
 ;;
 ;; Default path for App data
-;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
+;APP_DATA_PATH = data
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -289,7 +235,7 @@ RUN_MODE = ; prod
 ;ENABLE_PPROF = false
 ;;
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
+;PPROF_DATA_PATH = data/tmp/pprof
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ -367,7 +313,6 @@ USER = root
 ;DB_TYPE = sqlite3
 ;PATH= ; defaults to data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
 ;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -403,9 +348,6 @@ LOG_SQL = false ; if unset defaults to true
 ;;
 ;; Database maximum number of open connections, default is 0 meaning no maximum
 ;MAX_OPEN_CONNS = 0
 ;;
 ;; Whether execute database models migrations automatically
 ;AUTO_MIGRATION = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -416,19 +358,14 @@ LOG_SQL = false ; if unset defaults to true
 ;; Whether the installer is disabled (set to true to disable the installer)
 INSTALL_LOCK = false
 ;;
-;; Global secret key that will be used
+;; Global secret key that will be used - if blank will be regenerated.
 ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 SECRET_KEY =
 ;;
 ;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
 ;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
 ;SECRET_KEY_URI = file:/etc/gitea/secret_key
 ;;
 ;; Secret used to validate communication within Gitea binary.
 INTERNAL_TOKEN=
 ;;
-;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
+;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
-;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
+;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
 ;;
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 7
@@ -439,10 +376,9 @@ INTERNAL_TOKEN=
 ;; Name of cookie used to store authentication information.
 ;COOKIE_REMEMBER_NAME = gitea_incredible
 ;;
-;; Reverse proxy authentication header name of user name, email, and full name
+;; Reverse proxy authentication header name of user name and email
 ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 ;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
 ;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
 ;;
 ;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
 ;REVERSE_PROXY_LIMIT = 1
@@ -539,6 +475,20 @@ ENABLE = true
 ;; Maximum length of oauth2 token/cookie stored on server
 ;MAX_TOKEN_LENGTH = 32767
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [U2F]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
 ;; Two Factor authentication with security keys
 ;; https://developers.yubico.com/U2F/App_ID.html
 ;;
 ;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
 APP_ID = ; e.g. http://localhost:3000/
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [log]
@@ -670,7 +620,7 @@ ROUTER = console
 ;PATH =
 ;;
 ;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)s/home
+;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -695,7 +645,6 @@ ROUTER = console
 ;GC_ARGS =
 ;;
 ;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
 ;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 ;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
 ;;
 ;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
@@ -757,19 +706,13 @@ ROUTER = console
 ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ;ENABLE_REVERSE_PROXY_EMAIL = false
 ;ENABLE_REVERSE_PROXY_FULL_NAME = false
 ;;
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Enable this to require captcha validation for login
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
 ;REQUIRE_CAPTCHA_FOR_LOGIN = false
 ;;
 ;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
 ;CAPTCHA_TYPE = image
 ;;
 ;; Change this to use recaptcha.net or other recaptcha service
 ;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;; Enable recaptcha to use Google's recaptcha service
 ;; Go to https://www.google.com/recaptcha/admin to sign up for a key
 ;RECAPTCHA_SECRET =
@@ -779,17 +722,8 @@ ROUTER = console
 ;HCAPTCHA_SECRET =
 ;HCAPTCHA_SITEKEY =
 ;;
-;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
+;; Change this to use recaptcha.net or other recaptcha service
-;MCAPTCHA_URL = https://demo.mcaptcha.org
+;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;;
 ;; Go to your configured mCaptcha instance and register a sitekey
 ;; and use your account's secret.
 ;MCAPTCHA_SECRET =
 ;MCAPTCHA_SITEKEY =
 ;;
 ;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
 ;CF_TURNSTILE_SITEKEY =
 ;CF_TURNSTILE_SECRET =
 ;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
@@ -882,8 +816,8 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
-;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
+;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -931,18 +865,14 @@ ROUTER = console
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
 ;DISABLED_REPO_UNITS =
 ;;
-;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
 ;;
 ;; Comma separated list of default forked repo units.
 ;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
 ;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
 ;;
 ;; Prefix archive files by placing them in a directory named after the repository
 ;PREFIX_ARCHIVE_FILES = true
@@ -965,9 +895,6 @@ ROUTER = console
 ;; Don't allow download source archive files from UI
 ;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false
 ;; Allow fork repositories without maximum number limit
 ;ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@@ -1047,9 +974,6 @@ ROUTER = console
 ;;
 ;; Add co-authored-by and co-committed-by trailers if committer does not match author
 ;ADD_CO_COMMITTER_TRAILERS = true
 ;;
 ;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
 ;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1158,9 +1082,6 @@ ROUTER = console
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
 ;; headers to permit
 ;HEADERS = Content-Type,User-Agent
 ;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN
@@ -1174,7 +1095,7 @@ ROUTER = console
 ;EXPLORE_PAGING_NUM = 20
 ;;
 ;; Number of issues that are displayed on one page
-;ISSUE_PAGING_NUM = 20
+;ISSUE_PAGING_NUM = 10
 ;;
 ;; Number of maximum commits displayed in one activity feed
 ;FEED_MAX_COMMIT_NUM = 5
@@ -1182,9 +1103,6 @@ ROUTER = console
 ;; Number of items that are displayed in home feed
 ;FEED_PAGING_NUM = 20
 ;;
 ;; Number of items that are displayed in a single subsitemap
 ;SITEMAP_PAGING_NUM = 20
 ;;
 ;; Number of maximum commits displayed in commit graph.
 ;GRAPH_MAX_COMMIT_NUM = 100
 ;;
@@ -1226,10 +1144,6 @@ ROUTER = console
 ;;
 ;; Whether to enable a Service Worker to cache frontend assets
 ;USE_SERVICE_WORKER = false
 ;;
 ;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
 ;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
 ;ONLY_SHOW_RELEVANT_REPOS = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1324,9 +1238,6 @@ ROUTER = console
 ;; List of file extensions that should be rendered/edited as Markdown
 ;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
 ;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
 ;;
 ;; Enables math inline and block detection
 ;ENABLE_MATH = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1353,7 +1264,7 @@ ROUTER = console
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+;ISSUE_INDEXER_PATH = indexers/issues.bleve
 ;;
 ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
@@ -1371,7 +1282,7 @@ ROUTER = console
 ;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
 ;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ;; default is queues/common
-;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
 ;;
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
@@ -1427,7 +1338,7 @@ ROUTER = console
 ;TYPE = persistable-channel
 ;;
 ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
-;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;DATADIR = queues/
 ;;
 ;; Default queue length before a channel queue will block
 ;LENGTH = 20
@@ -1594,11 +1505,6 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
 ;; please refer to
 ;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
 ;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
 ;;
 ;ENABLED = false
 ;;
 ;; Buffer length of channel, keep it as it is if you don't know what it is.
@@ -1607,42 +1513,30 @@ ROUTER = console
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
+;; Mail server
-;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
+;; Gmail: smtp.gmail.com:587
-;; - dummy: send email messages to the log as a testing phase.
+;; QQ: smtp.qq.com:465
-;; If your provider does not explicitly say which protocol it uses but does provide a port,
+;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
-;; you can set SMTP_PORT instead and this will be inferred.
+;; otherwise STARTTLS on port 587 should be used.
-;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
+;HOST =
 ;PROTOCOL =
 ;;
-;; Mail server address, e.g. smtp.gmail.com.
+;; Disable HELO operation when hostnames are different.
-;; For smtp+unix, this should be a path to a unix socket instead.
+;DISABLE_HELO =
 ;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
 ;SMTP_ADDR =
 ;;
-;; Mail server port. Common ports are:
+;; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
 ;;   25:  insecure SMTP
 ;;   465: SMTP Secure
 ;;   587: StartTLS
 ;; If no protocol is specified, it will be inferred by this setting.
 ;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
 ;SMTP_PORT =
 ;;
 ;; Enable HELO operation. Defaults to true.
 ;ENABLE_HELO = true
 ;;
 ;; Custom hostname for HELO operation.
 ;; If no value is provided, one is retrieved from system.
 ;HELO_HOSTNAME =
 ;;
-;; If set to `true`, completely ignores server certificate validation errors.
+;; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
-;; This option is unsafe. Consider adding the certificate to the system trust store instead.
+;SKIP_VERIFY = false
 ;FORCE_TRUST_SERVER_CERT = false
 ;;
-;; Use client certificate in connection.
+;; Use client certificate
-;USE_CLIENT_CERT = false
+;USE_CERTIFICATE = false
-;CLIENT_CERT_FILE = custom/mailer/cert.pem
+;CERT_FILE = custom/mailer/cert.pem
-;CLIENT_KEY_FILE = custom/mailer/key.pem
+;KEY_FILE = custom/mailer/key.pem
 ;;
 ;; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
 ;; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
 ;IS_TLS_ENABLED = false
 ;;
 ;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 ;FROM =
@@ -1650,15 +1544,19 @@ ROUTER = console
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; Mailer user name and password, if required by provider.
+;; Mailer user name and password
 ;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
 ;USER =
 ;;
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Send mails only in plain text, without HTML alternative
+;; Send mails as plain text
 ;SEND_AS_PLAIN_TEXT = false
 ;;
 ;; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
 ;MAILER_TYPE = smtp
 ;;
 ;; Specify an alternative sendmail binary
 ;SENDMAIL_PATH = sendmail
 ;;
@@ -1672,47 +1570,6 @@ ROUTER = console
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[email.incoming]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Enable handling of incoming emails.
 ;ENABLED = false
 ;;
 ;; The email address including the %{token} placeholder that will be replaced per user/action.
 ;; Example: incoming+%{token}@example.com
 ;; The placeholder must appear in the user part of the address (before the @).
 ;REPLY_TO_ADDRESS =
 ;;
 ;; IMAP server host
 ;HOST =
 ;;
 ;; IMAP server port
 ;PORT =
 ;;
 ;; Username of the receiving account
 ;USERNAME =
 ;;
 ;; Password of the receiving account
 ;PASSWORD =
 ;;
 ;; Whether the IMAP server uses TLS.
 ;USE_TLS = false
 ;;
 ;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
 ;SKIP_TLS_VERIFY = true
 ;;
 ;; The mailbox name where incoming mail will end up.
 ;MAILBOX = INBOX
 ;;
 ;; Whether handled messages should be deleted from the mailbox.
 ;DELETE_HANDLED_MESSAGE = true
 ;;
 ;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
 ;MAXIMUM_MESSAGE_SIZE = 10485760
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cache]
@@ -1729,7 +1586,7 @@ ROUTER = console
 ;INTERVAL = 60
 ;;
 ;; For "redis" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@@ -1768,9 +1625,9 @@ ROUTER = console
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
+;PROVIDER_CONFIG = data/sessions
 ;;
 ;; Session cookie name
 ;COOKIE_NAME = i_like_gitea
@@ -1836,7 +1693,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -1875,12 +1732,6 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
 ;;
 ;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
 ;MINIO_INSECURE_SKIP_VERIFY = false
 ;;
 ;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
 ;MINIO_CHECKSUM_ALGORITHM = default
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2208,7 +2059,7 @@ ROUTER = console
 ;[cron.update_checker]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = true
+;ENABLED = false
 ;RUN_AT_START = false
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
@@ -2227,28 +2078,6 @@ ROUTER = console
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Garbage collect LFS pointers in repositories
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cron.gc_lfs]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;; Garbage collect LFS pointers in repositories (default false)
 ;RUN_AT_START = false
 ;; Interval as a duration between each gc run (default every 24h)
 ;SCHEDULE = @every 24h
 ;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
 ;OLDER_THAN = 168h
 ;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
 ;LAST_UPDATED_MORE_THAN_AGO = 72h
 ; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
 ;NUMBER_TO_CHECK_PER_REPO = 100
 ;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
 ;PROPORTION_TO_CHECK_PER_REPO = 0.6
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Operation timeout in seconds
@@ -2263,17 +2092,6 @@ ROUTER = console
 ;PULL = 300
 ;GC = 60
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Reflog timeout in days
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[git.reflog]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = true
 ;EXPIRATION = 90
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[mirror]
@@ -2295,7 +2113,7 @@ ROUTER = console
 ;[api]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false.
+;; Enables Swagger. True or false; default is true.
 ;ENABLE_SWAGGER = true
 ;; Max number of items in a page
 ;MAX_RESPONSE_ITEMS = 50
@@ -2303,7 +2121,7 @@ ROUTER = console
 ;DEFAULT_PAGING_NUM = 30
 ;; Default and maximum number of items per page for git trees api
 ;DEFAULT_GIT_TREES_PER_PAGE = 1000
-;; Default max size of a blob returned by the blobs API (default is 10MiB)
+;; Default size of a blob returned by the blobs API (default is 10MiB)
 ;DEFAULT_MAX_BLOB_SIZE = 10485760
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2312,7 +2130,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
 ;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2333,10 +2151,7 @@ ROUTER = console
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Generate sitemap. Defaults to `true`.
+
 ;ENABLE_SITEMAP = true
 ;; Enable/Disable RSS/Atom feed
 ;ENABLE_FEED = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2405,8 +2220,8 @@ ROUTER = console
 ;QUEUE_LENGTH = 1000
 ;;
 ;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`.
+;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
-;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
+;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2422,16 +2237,13 @@ ROUTER = console
 ;;
 ;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
 ;; Multiple domains could be separated by commas.
 ;; Wildcard is supported: "github.com, *.github.com"
 ;ALLOWED_DOMAINS =
 ;;
 ;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
 ;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
 ;; Wildcard is supported.
 ;BLOCKED_DOMAINS =
 ;;
 ;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
 ;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
 ;ALLOW_LOCALNETWORKS = false
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2445,23 +2257,6 @@ ROUTER = console
 ;;
 ;; Enable/Disable user statistics for nodeinfo if federation is enabled
 ;SHARE_USER_STATISTICS = true
 ;;
 ;; Maximum federation request and response size (MB)
 ;MAX_SIZE = 4
 ;;
 ;; WARNING: Changing the settings below can break federation.
 ;;
 ;; HTTP signature algorithms
 ;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
 ;;
 ;; HTTP signature digest algorithm
 ;DIGEST_ALGORITHM = SHA-256
 ;;
 ;; GET headers for federation requests
 ;GET_HEADERS = (request-target), Date
 ;;
 ;; POST headers for federation requests
 ;POST_HEADERS = (request-target), Date, Digest
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2474,41 +2269,6 @@ ROUTER = console
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
 ;;
 ;; Maximum count of package versions a single owner can have (`-1` means no limits)
 ;LIMIT_TOTAL_OWNER_COUNT = -1
 ;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_TOTAL_OWNER_SIZE = -1
 ;; Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CARGO = -1
 ;; Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CHEF = -1
 ;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_COMPOSER = -1
 ;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONAN = -1
 ;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONDA = -1
 ;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_CONTAINER = -1
 ;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_GENERIC = -1
 ;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_HELM = -1
 ;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_MAVEN = -1
 ;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NPM = -1
 ;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_NUGET = -1
 ;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PUB = -1
 ;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_PYPI = -1
 ;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_RUBYGEMS = -1
 ;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
 ;LIMIT_SIZE_VAGRANT = -1
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2573,9 +2333,6 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
 ;;
 ;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
 ;MINIO_INSECURE_SKIP_VERIFY = false
 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
@@ -2584,19 +2341,3 @@ ROUTER = console
 ;PROXY_URL =
 ;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 ;PROXY_HOSTS =
 ; [actions]
 ;; Enable/Disable actions capabilities
 ;ENABLED = false
 ;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
 ;DEFAULT_ACTIONS_URL = https://gitea.com
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; settings for action logs, will override storage setting
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[storage.actions_log]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; storage type
 ;STORAGE_TYPE = local
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@@ -1,12 +1,10 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
 {{#if build.tags}}
 {{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
  - "latest-rootless"
 {{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -1,12 +1,10 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
 {{#if build.tags}}
 {{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
  - "latest"
 {{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -14,6 +14,11 @@ if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi
 if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
    echo "Generating /data/ssh/ssh_host_dsa_key..."
    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
 fi
 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
@@ -31,12 +36,17 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi
 if [ -e /data/ssh/ssh_host_dsa_cert ]; then
  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
 fi
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -16,6 +16,8 @@ HostKey /data/ssh/ssh_host_rsa_key
 ${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
 ${SSH_ECDSA_CERT}
 HostKey /data/ssh/ssh_host_dsa_key
 ${SSH_DSA_CERT}
 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals
--- a/docker/rootless/etc/templates/app.ini
+++ b/docker/rootless/etc/templates/app.ini
@@ -37,7 +37,7 @@ PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions
 [picture]
 AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/repo-avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars
 [attachment]
 PATH = $GITEA_WORK_DIR/data/attachments
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -2,6 +2,3 @@ public/
 templates/swagger/v1_json.tmpl
 themes/
 resources/
 # Temporary lock file while building
 /.hugo_build.lock
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -1,8 +1,6 @@
 THEME := themes/gitea
 PUBLIC := public
-ARCHIVE := https://dl.gitea.com/theme/main.tar.gz
+ARCHIVE := https://dl.gitea.io/theme/master.tar.gz
 HUGO_PACKAGE := github.com/gohugoio/hugo@v0.111.3
 .PHONY: all
 all: build
@@ -13,19 +11,19 @@ clean:
 .PHONY: trans-copy
 trans-copy:
-	bash scripts/trans-copy.sh
+	@bash scripts/trans-copy
 .PHONY: server
 server: $(THEME)
-	go run $(HUGO_PACKAGE) server
+	hugo server
 .PHONY: build
 build: $(THEME)
-	go run $(HUGO_PACKAGE) --cleanDestinationDir
+	hugo --cleanDestinationDir
 .PHONY: build-offline
 build-offline: $(THEME)
-	go run $(HUGO_PACKAGE) --baseURL="/" --cleanDestinationDir
+	hugo --baseURL="/" --cleanDestinationDir
 .PHONY: update
 update: $(THEME)
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -18,18 +18,10 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.18.5
+  version: 1.16.8
-  minGoVersion: 1.19
+  minGoVersion: 1.18
-  goVersion: 1.20
+  goVersion: 1.18
-  minNodeVersion: 16
+  minNodeVersion: 14
  search: nav
  repo: "https://github.com/go-gitea/gitea"
  docContentPath: "docs/content"
 markup:
  tableOfContents:
    startLevel: 1
    endLevel: 9
 outputs:
  home:
--- a/docs/content/doc/administration.en-us.md
+++ b/docs/content/doc/administration.en-us.md
@@ -1,14 +0,0 @@
 ---
 date: "2016-12-01T16:00:00+02:00"
 title: "Administration"
 slug: "administration"
 weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
    name: "Administration"
    weight: 20
    collapse: true
    identifier: "administration"
 ---
--- a/docs/content/doc/administration.zh-cn.md
+++ b/docs/content/doc/administration.zh-cn.md
@@ -1,13 +0,0 @@
 ---
 date: "2016-12-01T16:00:00+02:00"
 title: "运维"
 slug: "administration"
 weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
    name: "运维"
    weight: 20
    identifier: "administration"
 ---
--- a/docs/content/doc/administration.zh-tw.md
+++ b/docs/content/doc/administration.zh-tw.md
@@ -1,13 +0,0 @@
 ---
 date: "2016-12-01T16:00:00+02:00"
 title: "運維"
 slug: "administration"
 weight: 30
 toc: false
 draft: false
 menu:
  sidebar:
    name: "運維"
    weight: 20
    identifier: "administration"
 ---
--- a/docs/content/doc/administration/environment-variables.zh-cn.md
+++ b/docs/content/doc/administration/environment-variables.zh-cn.md
@@ -1,55 +0,0 @@
 ---
 date: "2017-04-08T11:34:00+02:00"
 title: "环境变量清单"
 slug: "environment-variables"
 weight: 10
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "administration"
    name: "环境变量清单"
    weight: 10
    identifier: "environment-variables"
 ---
 # 环境变量清单
 这里是用来控制 Gitea 行为表现的的环境变量清单，您需要在执行如下 Gitea 启动命令前设置它们来确保配置生效：
 ```
 GITEA_CUSTOM=/home/gitea/custom ./gitea web
 ```
 ## Go 的配置
 因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
 * `GOOS`
 * `GOARCH`
 * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
 您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
 ## Gitea 的文件目录
 * `GITEA_WORK_DIR`：工作目录的绝对路径
 * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
 * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
 * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
 ## 操作系统配置
 * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
 * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
 * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
 ### 仅限于 Windows 的配置
 * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
 * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
 * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
 ## Miscellaneous
 * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
--- a/docs/content/doc/administration/fail2ban-setup.zh-cn.md
+++ b/docs/content/doc/administration/fail2ban-setup.zh-cn.md
@@ -1,92 +0,0 @@
 ---
 date: "2022-08-01T00:00:00+00:00"
 title: "使用: 设置 Fail2ban"
 slug: "fail2ban-setup"
 weight: 16
 toc: false
 draft: false
 menu:
  sidebar:
    parent: "administration"
    name: "设置 Fail2ban"
    weight: 16
    identifier: "fail2ban-setup"
 ---
 # 使用 Fail2ban 阻止攻击者的暴力登录
 **Fail2ban 检查客户端登录日志，将多次登录失败的客户端识别为攻击者并在一段时间内阻止其访问服务。如果你的实例是公开的，这一点尤其重要。请管理员仔细设置 fail2ban，错误的配置将导致防火墙阻止你访问自己的服务器。**
 Gitea 会在日志文件 `log/gitea.log` 中记录登录失败的 CLI、SSH 或 HTTP 客户端 IP 地址，而你需要将 Gitea 的日志输出模式从默认的 `console` 更改为 `file`。这表示将日志输出到文件，使得 fail2ban 可以定期扫描日志内容。
 当用户的身份验证失败时，日志中会记录此类信息：
 ```log
 2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx
 ```
 ```log
 2020/10/15 16:08:44 [E] invalid credentials from xxx.xxx.xxx.xxx
 ```
 ## 设置 Fail2ban
 添加日志过滤器规则到配置文件 `/etc/fail2ban/filter.d/gitea.conf`:
 ```ini
 [Definition]
 failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
 ignoreregex =
 ```
 添加监狱规则到配置文件 `/etc/fail2ban/jail.d/gitea.conf`:
 ```ini
 [gitea]
 enabled = true
 filter = gitea
 logpath = /var/lib/gitea/log/gitea.log
 maxretry = 10
 findtime = 3600
 bantime = 900
 action = iptables-allports
 ```
 如果你的 Gitea 实例运行在 Docker 容器中，并且直接将容器端口暴露到外部网络，
 你还需要添加 `chain="FORWARD"` 到监狱规则配置文件 `/etc/fail2ban/jail.d/gitea-docker.conf`
 以适应 Docker 的网络转发规则。但如果你在容器的宿主机上使用 Nginx 反向代理连接到 Gitea 则无需这样配置。
 ```ini
 [gitea-docker]
 enabled = true
 filter = gitea
 logpath = /var/lib/gitea/log/gitea.log
 maxretry = 10
 findtime = 3600
 bantime = 900
 action = iptables-allports[chain="FORWARD"]
 ```
 最后，运行 `systemctl restart fail2ban` 即可应用更改。现在，你可以使用 `systemctl status fail2ban` 检查 fail2ban 运行状态。
 上述规则规定客户端在 1 小时内，如果登录失败的次数达到 10 次，则通过 iptables 锁定该客户端 IP 地址 15 分钟。
 ## 设置反向代理
 如果你使用 Nginx 反向代理到 Gitea 实例，你还需要设置 Nginx 的 HTTP 头部值 `X-Real-IP` 将真实的客户端 IP 地址传递给 Gitea。否则 Gitea 程序会将客户端地址错误解析为反向代理服务器的地址，例如回环地址 `127.0.0.1`。
 ```
 proxy_set_header X-Real-IP $remote_addr;
 ```
 额外注意，在 Gitea 的配置文件 `app.ini` 中存在下列默认值：
 ```
 REVERSE_PROXY_LIMIT = 1
 REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ```
 `REVERSE_PROXY_LIMIT` 限制反向代理服务器的层数，设置为 `0` 表示不使用这些标头。
 `REVERSE_PROXY_TRUSTED_PROXIES` 表示受信任的反向代理服务器网络地址，
 经过该网络地址转发来的流量会经过解析 `X-Real-IP` 头部得到真实客户端地址。
 （参考 [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet/#security-security)）
--- a/Show More
+++ b/Show More