Match api migration behavior to web behavior (#23552 ) (#23572 )

Backport #23552 by @atomaka When attempting to migrate a repository via the API endpoint comments are always included. This can create a problem if your source repository has issues or pull requests but you do not want to import them into Gitea that displays as something like: > Error 500: We were unable to perform the request due to server-side problems. 'comment references non existent IssueIndex 4 There are only two ways to resolve this: 1. Migrate using the web interface 2. Migrate using the API including at issues or pull requests. This PR matches the behavior of the API migration router to the web migration router. Co-authored-by: Andrew Tomaka <atomaka@atomaka.com> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Handle missing README in create repos API (#23387 ) (#23509 )
2025-11-08 05:02:38 +09:00 · 2023-03-19 15:29:57 +08:00 · 2023-03-16 21:05:41 -04:00 · 2023-03-15 13:13:27 +01:00 · 2023-03-15 09:41:09 +08:00 · 2023-03-15 08:06:02 +08:00
4316 changed files with 225900 additions and 149951 deletions
--- a/.air.toml
+++ b/.air.toml
@@ -2,12 +2,9 @@ root = "."
 tmp_dir = ".air"

 [build]
-cmd = "make --no-print-directory backend"
+cmd = "make backend"
 bin = "gitea"
-delay = 1000
 include_ext = ["go", "tmpl"]
-include_file = ["main.go"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
 exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
 exclude_regex = ["_test.go$", "_gen.go$"]
-stop_on_error = true
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,113 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# IntelliJ
-.idea
-# Goland's output filename can not be set manually
-/go_build_*
-
-# MS VSCode
-.vscode
-__debug_bin
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-
-*coverage.out
-coverage.all
-cpu.out
-
-/modules/migration/bindata.go
-/modules/migration/bindata.go.hash
-/modules/options/bindata.go
-/modules/options/bindata.go.hash
-/modules/public/bindata.go
-/modules/public/bindata.go.hash
-/modules/templates/bindata.go
-/modules/templates/bindata.go.hash
-
-*.db
-*.log
-
-/gitea
-/gitea-vet
-/debug
-/integrations.test
-
-/bin
-/dist
-/custom/*
-!/custom/conf
-/custom/conf/*
-!/custom/conf/app.example.ini
-/data
-/indexers
-/log
-/public/img/avatar
-/tests/integration/gitea-integration-*
-/tests/integration/indexers-*
-/tests/e2e/gitea-e2e-*
-/tests/e2e/indexers-*
-/tests/e2e/reports
-/tests/e2e/test-artifacts
-/tests/e2e/test-snapshots
-/tests/*.ini
-/node_modules
-/yarn.lock
-/yarn-error.log
-/npm-debug.log*
-/public/js
-/public/css
-/public/fonts
-/public/img/webpack
-/vendor
-/web_src/fomantic/node_modules
-/web_src/fomantic/build/*
-!/web_src/fomantic/build/semantic.js
-!/web_src/fomantic/build/semantic.css
-!/web_src/fomantic/build/themes
-/web_src/fomantic/build/themes/*
-!/web_src/fomantic/build/themes/default
-/web_src/fomantic/build/themes/default/assets/*
-!/web_src/fomantic/build/themes/default/assets/fonts
-/web_src/fomantic/build/themes/default/assets/fonts/*
-!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
-!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
-/VERSION
-/.air
-/.go-licenses
-
-# Snapcraft
-snap/.snapcraft/
-parts/
-stage/
-prime/
-*.snap
-*.snap-build
-*_source.tar.bz2
-.DS_Store
-
-# Make evidence files
-/.make_evidence
-
-# Manpage
-/man
--- a/.drone.yml
+++ b/.drone.yml
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -9,17 +9,10 @@ parserOptions:
  ecmaVersion: latest

 plugins:
-  - "@eslint-community/eslint-plugin-eslint-comments"
-  - eslint-plugin-array-func
-  - eslint-plugin-custom-elements
+  - eslint-plugin-unicorn
  - eslint-plugin-import
  - eslint-plugin-jquery
-  - eslint-plugin-no-jquery
-  - eslint-plugin-no-use-extend-native
-  - eslint-plugin-regexp
  - eslint-plugin-sonarjs
-  - eslint-plugin-unicorn
-  - eslint-plugin-wc

 env:
  es2022: true
@@ -29,11 +22,11 @@ globals:
  __webpack_public_path__: true

 overrides:
-  - files: ["web_src/**/*", "docs/**/*"]
+  - files: ["web_src/**/*.js", "docs/**/*.js"]
    env:
      browser: true
      node: false
-  - files: ["web_src/**/*worker.*"]
+  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
@@ -42,31 +35,16 @@ overrides:
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
-  - files: ["*.config.*"]
+  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]

 rules:
-  "@eslint-community/eslint-comments/disable-enable-pair": [2]
-  "@eslint-community/eslint-comments/no-aggregating-enable": [2]
-  "@eslint-community/eslint-comments/no-duplicate-disable": [2]
-  "@eslint-community/eslint-comments/no-restricted-disable": [0]
-  "@eslint-community/eslint-comments/no-unlimited-disable": [2]
-  "@eslint-community/eslint-comments/no-unused-disable": [2]
-  "@eslint-community/eslint-comments/no-unused-enable": [2]
-  "@eslint-community/eslint-comments/no-use": [0]
-  "@eslint-community/eslint-comments/require-description": [0]
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
  array-callback-return: [2, {checkForEach: true}]
  array-element-newline: [0]
-  array-func/avoid-reverse: [2]
-  array-func/from-map: [2]
-  array-func/no-unnecessary-this-arg: [2]
-  array-func/prefer-array-from: [2]
-  array-func/prefer-flat-map: [0] # handled by unicorn/prefer-array-flat-map
-  array-func/prefer-flat: [0] # handled by unicorn/prefer-array-flat
  arrow-body-style: [0]
  arrow-parens: [2, always]
  arrow-spacing: [2, {before: true, after: true}]
@@ -84,19 +62,6 @@ rules:
  consistent-this: [0]
  constructor-super: [2]
  curly: [0]
-  custom-elements/expose-class-on-global: [0]
-  custom-elements/extends-correct-class: [2]
-  custom-elements/file-name-matches-element: [2]
-  custom-elements/no-constructor: [2]
-  custom-elements/no-customized-built-in-elements: [2]
-  custom-elements/no-dom-traversal-in-attributechangedcallback: [2]
-  custom-elements/no-dom-traversal-in-connectedcallback: [2]
-  custom-elements/no-exports-with-element: [2]
-  custom-elements/no-method-prefixed-with-on: [2]
-  custom-elements/no-unchecked-define: [0]
-  custom-elements/one-element-per-file: [0]
-  custom-elements/tag-name-matches-class: [2]
-  custom-elements/valid-tag-name: [2]
  default-case-last: [2]
  default-case: [0]
  default-param-last: [0]
@@ -119,7 +84,6 @@ rules:
  id-length: [0]
  id-match: [0]
  implicit-arrow-linebreak: [0]
-  import/consistent-type-specifier-style: [0]
  import/default: [0]
  import/dynamic-import-chunkname: [0]
  import/export: [2]
@@ -132,14 +96,13 @@ rules:
  import/namespace: [0]
  import/newline-after-import: [0]
  import/no-absolute-path: [0]
-  import/no-amd: [2]
+  import/no-amd: [0]
  import/no-anonymous-default-export: [0]
-  import/no-commonjs: [2]
+  import/no-commonjs: [0]
  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
-  import/no-empty-named-blocks: [2]
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
@@ -184,7 +147,7 @@ rules:
  jquery/no-global-eval: [2]
  jquery/no-grep: [2]
  jquery/no-has: [2]
-  jquery/no-hide: [2]
+  jquery/no-hide: [0]
  jquery/no-html: [0]
  jquery/no-in-array: [2]
  jquery/no-is-array: [2]
@@ -199,15 +162,15 @@ rules:
  jquery/no-parse-html: [2]
  jquery/no-prop: [0]
  jquery/no-proxy: [2]
-  jquery/no-ready: [2]
+  jquery/no-ready: [0]
  jquery/no-serialize: [2]
-  jquery/no-show: [2]
+  jquery/no-show: [0]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
-  jquery/no-toggle: [2]
+  jquery/no-toggle: [0]
  jquery/no-trigger: [0]
  jquery/no-trim: [2]
  jquery/no-val: [0]
@@ -236,7 +199,7 @@ rules:
  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
-  no-async-promise-executor: [0]
+  no-async-promise-executor: [2]
  no-await-in-loop: [0]
  no-bitwise: [0]
  no-buffer-constructor: [0]
@@ -266,7 +229,6 @@ rules:
  no-empty-character-class: [2]
  no-empty-function: [0]
  no-empty-pattern: [2]
-  no-empty-static-block: [2]
  no-empty: [2, {allowEmptyCatch: true}]
  no-eq-null: [2]
  no-eval: [2]
@@ -291,101 +253,8 @@ rules:
  no-invalid-this: [0]
  no-irregular-whitespace: [2]
  no-iterator: [2]
-  no-jquery/no-ajax-events: [2]
-  no-jquery/no-ajax: [0]
-  no-jquery/no-and-self: [2]
-  no-jquery/no-animate-toggle: [2]
-  no-jquery/no-animate: [2]
-  no-jquery/no-append-html: [0]
-  no-jquery/no-attr: [0]
-  no-jquery/no-bind: [2]
-  no-jquery/no-box-model: [2]
-  no-jquery/no-browser: [2]
-  no-jquery/no-camel-case: [2]
-  no-jquery/no-class-state: [0]
-  no-jquery/no-class: [0]
-  no-jquery/no-clone: [2]
-  no-jquery/no-closest: [0]
-  no-jquery/no-constructor-attributes: [2]
-  no-jquery/no-contains: [2]
-  no-jquery/no-context-prop: [2]
-  no-jquery/no-css: [0]
-  no-jquery/no-data: [0]
-  no-jquery/no-deferred: [2]
-  no-jquery/no-delegate: [2]
-  no-jquery/no-each-collection: [0]
-  no-jquery/no-each-util: [0]
-  no-jquery/no-each: [0]
-  no-jquery/no-error-shorthand: [2]
-  no-jquery/no-error: [2]
-  no-jquery/no-escape-selector: [2]
-  no-jquery/no-event-shorthand: [2]
-  no-jquery/no-extend: [2]
-  no-jquery/no-fade: [2]
-  no-jquery/no-filter: [0]
-  no-jquery/no-find-collection: [0]
-  no-jquery/no-find-util: [2]
-  no-jquery/no-find: [0]
-  no-jquery/no-fx-interval: [2]
-  no-jquery/no-global-eval: [2]
-  no-jquery/no-global-selector: [0]
-  no-jquery/no-grep: [2]
-  no-jquery/no-has: [2]
-  no-jquery/no-hold-ready: [2]
-  no-jquery/no-html: [0]
-  no-jquery/no-in-array: [2]
-  no-jquery/no-is-array: [2]
-  no-jquery/no-is-empty-object: [2]
-  no-jquery/no-is-function: [2]
-  no-jquery/no-is-numeric: [2]
-  no-jquery/no-is-plain-object: [2]
-  no-jquery/no-is-window: [2]
-  no-jquery/no-is: [0]
-  no-jquery/no-jquery-constructor: [0]
-  no-jquery/no-live: [2]
-  no-jquery/no-load-shorthand: [2]
-  no-jquery/no-load: [2]
-  no-jquery/no-map-collection: [0]
-  no-jquery/no-map-util: [2]
-  no-jquery/no-map: [0]
-  no-jquery/no-merge: [2]
-  no-jquery/no-node-name: [2]
-  no-jquery/no-noop: [2]
-  no-jquery/no-now: [2]
-  no-jquery/no-on-ready: [2]
-  no-jquery/no-other-methods: [0]
-  no-jquery/no-other-utils: [2]
-  no-jquery/no-param: [2]
-  no-jquery/no-parent: [0]
-  no-jquery/no-parents: [0]
-  no-jquery/no-parse-html-literal: [0]
-  no-jquery/no-parse-html: [2]
-  no-jquery/no-parse-json: [2]
-  no-jquery/no-parse-xml: [2]
-  no-jquery/no-prop: [0]
-  no-jquery/no-proxy: [2]
-  no-jquery/no-ready-shorthand: [2]
-  no-jquery/no-ready: [2]
-  no-jquery/no-selector-prop: [2]
-  no-jquery/no-serialize: [2]
-  no-jquery/no-size: [2]
-  no-jquery/no-sizzle: [0]
-  no-jquery/no-slide: [2]
-  no-jquery/no-sub: [2]
-  no-jquery/no-support: [2]
-  no-jquery/no-text: [0]
-  no-jquery/no-trigger: [0]
-  no-jquery/no-trim: [2]
-  no-jquery/no-type: [2]
-  no-jquery/no-unique: [2]
-  no-jquery/no-unload-shorthand: [2]
-  no-jquery/no-val: [0]
-  no-jquery/no-visibility: [2]
-  no-jquery/no-when: [2]
-  no-jquery/no-wrap: [2]
-  no-jquery/variable-pattern: [0]
  no-label-var: [2]
-  no-labels: [0] # handled by no-restricted-syntax
+  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
@@ -400,7 +269,6 @@ rules:
  no-negated-condition: [0]
  no-nested-ternary: [0]
  no-new-func: [2]
-  no-new-native-nonconstructor: [2]
  no-new-object: [2]
  no-new-symbol: [2]
  no-new-wrappers: [2]
@@ -452,7 +320,6 @@ rules:
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
-  no-use-extend-native/no-use-extend-native: [2]
  no-useless-backreference: [2]
  no-useless-call: [2]
  no-useless-catch: [2]
@@ -466,7 +333,7 @@ rules:
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
-  no-with: [0] # handled by no-restricted-syntax
+  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
@@ -493,80 +360,6 @@ rules:
  quote-props: [0]
  quotes: [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
  radix: [2, as-needed]
-  regexp/confusing-quantifier: [2]
-  regexp/control-character-escape: [2]
-  regexp/hexadecimal-escape: [0]
-  regexp/letter-case: [0]
-  regexp/match-any: [2]
-  regexp/negation: [2]
-  regexp/no-contradiction-with-assertion: [0]
-  regexp/no-control-character: [0]
-  regexp/no-dupe-characters-character-class: [2]
-  regexp/no-dupe-disjunctions: [2]
-  regexp/no-empty-alternative: [2]
-  regexp/no-empty-capturing-group: [2]
-  regexp/no-empty-character-class: [0]
-  regexp/no-empty-group: [2]
-  regexp/no-empty-lookarounds-assertion: [2]
-  regexp/no-escape-backspace: [2]
-  regexp/no-extra-lookaround-assertions: [0]
-  regexp/no-invalid-regexp: [2]
-  regexp/no-invisible-character: [2]
-  regexp/no-lazy-ends: [2]
-  regexp/no-legacy-features: [2]
-  regexp/no-misleading-capturing-group: [0]
-  regexp/no-misleading-unicode-character: [0]
-  regexp/no-missing-g-flag: [2]
-  regexp/no-non-standard-flag: [2]
-  regexp/no-obscure-range: [2]
-  regexp/no-octal: [2]
-  regexp/no-optional-assertion: [2]
-  regexp/no-potentially-useless-backreference: [2]
-  regexp/no-standalone-backslash: [2]
-  regexp/no-super-linear-backtracking: [0]
-  regexp/no-super-linear-move: [0]
-  regexp/no-trivially-nested-assertion: [2]
-  regexp/no-trivially-nested-quantifier: [2]
-  regexp/no-unused-capturing-group: [0]
-  regexp/no-useless-assertions: [2]
-  regexp/no-useless-backreference: [2]
-  regexp/no-useless-character-class: [2]
-  regexp/no-useless-dollar-replacements: [2]
-  regexp/no-useless-escape: [2]
-  regexp/no-useless-flag: [2]
-  regexp/no-useless-lazy: [2]
-  regexp/no-useless-non-capturing-group: [2]
-  regexp/no-useless-quantifier: [2]
-  regexp/no-useless-range: [2]
-  regexp/no-useless-two-nums-quantifier: [2]
-  regexp/no-zero-quantifier: [2]
-  regexp/optimal-lookaround-quantifier: [2]
-  regexp/optimal-quantifier-concatenation: [0]
-  regexp/prefer-character-class: [0]
-  regexp/prefer-d: [0]
-  regexp/prefer-escape-replacement-dollar-char: [0]
-  regexp/prefer-lookaround: [0]
-  regexp/prefer-named-backreference: [0]
-  regexp/prefer-named-capture-group: [0]
-  regexp/prefer-named-replacement: [0]
-  regexp/prefer-plus-quantifier: [2]
-  regexp/prefer-predefined-assertion: [2]
-  regexp/prefer-quantifier: [0]
-  regexp/prefer-question-quantifier: [2]
-  regexp/prefer-range: [2]
-  regexp/prefer-regexp-exec: [2]
-  regexp/prefer-regexp-test: [2]
-  regexp/prefer-result-array-groups: [0]
-  regexp/prefer-star-quantifier: [2]
-  regexp/prefer-unicode-codepoint-escapes: [2]
-  regexp/prefer-w: [0]
-  regexp/require-unicode-regexp: [0]
-  regexp/sort-alternatives: [0]
-  regexp/sort-character-class-elements: [0]
-  regexp/sort-flags: [0]
-  regexp/strict: [2]
-  regexp/unicode-escape: [0]
-  regexp/use-ignore-case: [0]
  require-atomic-updates: [0]
  require-await: [0]
  require-unicode-regexp: [0]
@@ -585,23 +378,23 @@ rules:
  sonarjs/no-duplicated-branches: [0]
  sonarjs/no-element-overwrite: [2]
  sonarjs/no-empty-collection: [2]
-  sonarjs/no-extra-arguments: [2]
+  sonarjs/no-extra-arguments: [0]
  sonarjs/no-gratuitous-expressions: [2]
  sonarjs/no-identical-conditions: [2]
-  sonarjs/no-identical-expressions: [2]
-  sonarjs/no-identical-functions: [2, 5]
+  sonarjs/no-identical-expressions: [0]
+  sonarjs/no-identical-functions: [0]
  sonarjs/no-ignored-return: [2]
  sonarjs/no-inverted-boolean-check: [2]
  sonarjs/no-nested-switch: [0]
  sonarjs/no-nested-template-literals: [0]
  sonarjs/no-one-iteration-loop: [2]
  sonarjs/no-redundant-boolean: [2]
-  sonarjs/no-redundant-jump: [2]
+  sonarjs/no-redundant-jump: [0]
  sonarjs/no-same-line-conditional: [2]
  sonarjs/no-small-switch: [0]
  sonarjs/no-unused-collection: [2]
  sonarjs/no-use-of-empty-return-value: [2]
-  sonarjs/no-useless-catch: [2]
+  sonarjs/no-useless-catch: [0]
  sonarjs/non-existent-operator: [2]
  sonarjs/prefer-immediate-return: [0]
  sonarjs/prefer-object-literal: [0]
@@ -636,32 +429,30 @@ rules:
  unicorn/import-style: [0]
  unicorn/new-for-builtins: [2]
  unicorn/no-abusive-eslint-disable: [0]
-  unicorn/no-array-callback-reference: [0]
  unicorn/no-array-for-each: [2]
+  unicorn/no-array-instanceof: [0]
  unicorn/no-array-method-this-argument: [2]
  unicorn/no-array-push-push: [2]
-  unicorn/no-array-reduce: [2]
  unicorn/no-await-expression-member: [0]
  unicorn/no-console-spaces: [0]
  unicorn/no-document-cookie: [2]
  unicorn/no-empty-file: [2]
+  unicorn/no-fn-reference-in-iterator: [0]
  unicorn/no-for-loop: [0]
  unicorn/no-hex-escape: [0]
-  unicorn/no-instanceof-array: [0]
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
-  unicorn/no-negated-condition: [0]
  unicorn/no-nested-ternary: [0]
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
  unicorn/no-object-as-default-parameter: [0]
  unicorn/no-process-exit: [0]
+  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
-  unicorn/no-typeof-undefined: [2]
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
@@ -683,19 +474,15 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-blob-reading-methods: [2]
  unicorn/prefer-code-point: [0]
+  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
-  unicorn/prefer-dom-node-append: [2]
-  unicorn/prefer-dom-node-dataset: [0]
-  unicorn/prefer-dom-node-remove: [2]
-  unicorn/prefer-dom-node-text-content: [2]
+  unicorn/prefer-event-key: [2]
  unicorn/prefer-event-target: [2]
-  unicorn/prefer-export-from: [2, {ignoreUsedVariables: true}]
+  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
-  unicorn/prefer-keyboard-event-key: [2]
  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
@@ -703,7 +490,9 @@ rules:
  unicorn/prefer-module: [2]
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
-  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-node-append: [0]
+  unicorn/prefer-node-protocol: [0]
+  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
  unicorn/prefer-object-has-own: [0]
@@ -712,17 +501,16 @@ rules:
  unicorn/prefer-query-selector: [0]
  unicorn/prefer-reflect-apply: [0]
  unicorn/prefer-regexp-test: [2]
+  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
-  unicorn/prefer-set-size: [2]
  unicorn/prefer-spread: [0]
-  unicorn/prefer-string-replace-all: [0]
+  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
-  unicorn/prefer-string-starts-ends-with: [2]
-  unicorn/prefer-string-trim-start-end: [2]
  unicorn/prefer-switch: [0]
  unicorn/prefer-ternary: [0]
  unicorn/prefer-text-content: [2]
  unicorn/prefer-top-level-await: [0]
+  unicorn/prefer-trim-start-end: [2]
  unicorn/prefer-type-error: [0]
  unicorn/prevent-abbreviations: [0]
  unicorn/relative-url-style: [2]
@@ -737,15 +525,6 @@ rules:
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
-  wc/attach-shadow-constructor: [2]
-  wc/guard-super-call: [2]
-  wc/no-closed-shadow-root: [2]
-  wc/no-constructor-attributes: [2]
-  wc/no-constructor-params: [2]
-  wc/no-invalid-element-name: [0] # covered by custom-elements/valid-tag-name
-  wc/no-self-class: [2]
-  wc/no-typos: [2]
-  wc/require-listener-teardown: [2]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,10 +1,8 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
 /assets/*.json linguist-generated
-/public/img/svg/*.svg linguist-generated
-/templates/swagger/v1_json.tmpl linguist-generated
+/public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
-/web_src/fomantic/_site/globals/site.variables linguist-language=Less
 /web_src/js/vendor/** -text -eol linguist-vendored
 Dockerfile.* linguist-language=Dockerfile
--- a/.github/lock.yml
+++ b/.github/lock.yml
@@ -0,0 +1,23 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 60
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored.
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. `false` is disabled
+lockLabel: false
+
+# Comment to post before locking.
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs and link to relevant comments in this thread.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,9 @@
-<!-- start tips --> 
+<!--
+
 Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
+
+1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+3. Describe what your pull request does and which issue you're targeting (if any)
+
+-->  
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@@ -1,28 +0,0 @@
-name: cron-licenses
-
-on:
-  schedule:
-    - cron: "7 0 * * 1" # every Monday at 00:07 UTC
-  workflow_dispatch:
-
-jobs:
-  cron-licenses:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v3
-        with:
-          go-version: ">=1.20.1"
-      - run: make generate-license generate-gitignore
-        timeout-minutes: 40
-      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
-        with:
-          author_email: "teabot@gitea.io"
-          author_name: GiteaBot
-          branch: main
-          commit: true
-          commit_message: "[skip ci] Updated licenses and gitignores"
-          remote: "git@github.com:go-gitea/gitea.git"
-          ssh_key: ${{ secrets.DEPLOY_KEY }}
--- a/.github/workflows/cron-lock.yml
+++ b/.github/workflows/cron-lock.yml
@@ -1,22 +0,0 @@
-name: cron-lock
-
-on:
-  schedule:
-    - cron: "0 0 * * *" # every day at 00:00 UTC
-  workflow_dispatch:
-
-permissions:
-  issues: write
-  pull-requests: write
-
-concurrency:
-  group: lock
-
-jobs:
-  action:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: dessant/lock-threads@v4
-        with:
-          issue-inactive-days: 45
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@@ -1,49 +0,0 @@
-name: cron-translations
-
-on:
-  schedule:
-    - cron: "7 0 * * *" # every day at 00:07 UTC
-  workflow_dispatch:
-
-jobs:
-  crowdin-pull:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v3
-      - name: download from crowdin
-        uses: docker://jonasfranz/crowdin
-        env:
-          CROWDIN_KEY: ${{ secrets.CROWDIN_KEY }}
-          PLUGIN_DOWNLOAD: true
-          PLUGIN_EXPORT_DIR: options/locale/
-          PLUGIN_IGNORE_BRANCH: true
-          PLUGIN_PROJECT_IDENTIFIER: gitea
-      - name: update locales
-        run: ./build/update-locales.sh
-      - name: push translations to repo
-        uses: appleboy/git-push-action@v0.0.2
-        with:
-          author_email: "teabot@gitea.io"
-          author_name: GiteaBot
-          branch: main
-          commit: true
-          commit_message: "[skip ci] Updated translations via Crowdin"
-          remote: "git@github.com:go-gitea/gitea.git"
-          ssh_key: ${{ secrets.DEPLOY_KEY }}
-  crowdin-push:
-    runs-on: ubuntu-latest
-    if: github.repository == 'go-gitea/gitea'
-    steps:
-      - uses: actions/checkout@v3
-      - name: push translations to crowdin
-        uses: docker://jonasfranz/crowdin
-        env:
-          CROWDIN_KEY: ${{ secrets.CROWDIN_KEY }}
-          PLUGIN_UPLOAD: true
-          PLUGIN_EXPORT_DIR: options/locale/
-          PLUGIN_IGNORE_BRANCH: true
-          PLUGIN_PROJECT_IDENTIFIER: gitea
-          PLUGIN_FILES: |
-            locale_en-US.ini: options/locale/locale_en-US.ini
-          PLUGIN_BRANCH: main
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@@ -1,53 +0,0 @@
-name: files-changed
-
-on:
-  workflow_call:
-    outputs:
-      backend:
-        description: "whether backend files changed"
-        value: ${{ jobs.detect.outputs.backend }}
-      frontend:
-        description: "whether frontend files changed"
-        value: ${{ jobs.detect.outputs.frontend }}
-      docs:
-        description: "whether docs files changed"
-        value: ${{ jobs.detect.outputs.docs }}
-      actions:
-        description: "whether actions files changed"
-        value: ${{ jobs.detect.outputs.actions }}
-
-jobs:
-  detect:
-    name: detect which files changed
-    runs-on: ubuntu-latest
-    timeout-minutes: 3
-    # Map a step output to a job output
-    outputs:
-      backend: ${{ steps.changes.outputs.backend }}
-      frontend: ${{ steps.changes.outputs.frontend }}
-      docs: ${{ steps.changes.outputs.docs }}
-      actions: ${{ steps.changes.outputs.actions }}
-    steps:
-      - uses: actions/checkout@v3
-      - uses: dorny/paths-filter@v2
-        id: changes
-        with:
-          filters: |
-            backend:
-              - "**/*.go"
-              - "**/*.tmpl"
-              - "go.mod"
-              - "go.sum"
-
-            frontend:
-              - "**/*.js"
-              - "web_src/**"
-              - "package.json"
-              - "package-lock.json"
-
-            docs:
-              - "**/*.md"
-              - "docs/**"
-
-            actions:
-              - ".github/workflows/*"
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -1,140 +0,0 @@
-name: compliance
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  lint-backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-backend
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-
-  lint-go-windows:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-go-windows lint-go-vet
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-          GOOS: windows
-          GOARCH: amd64
-
-  lint-go-gogit:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make lint-go
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-
-  checks-backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - run: make deps-backend deps-tools
-      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
-
-  frontend:
-    if: needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-frontend
-      - run: make checks-frontend
-      - run: make frontend
-
-  backend:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      # no frontend build here as backend should be able to build
-      # even without any frontend files
-      - run: make deps-backend deps-tools
-      - run: go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
-      - name: build-backend-arm64
-        run: make backend # test cross compile
-        env:
-          GOOS: linux
-          GOARCH: arm64
-          TAGS: bindata gogit
-      - name: build-backend-windows
-        run: go build -o gitea_windows
-        env:
-          GOOS: windows
-          GOARCH: amd64
-          TAGS: bindata gogit
-      - name: build-backend-386
-        run: go build -o gitea_linux_386 # test if compatible with 32 bit
-        env:
-          GOOS: linux
-          GOARCH: 386
-
-  docs:
-    if: needs.files-changed.outputs.docs == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-md
-      - run: make docs # test if build could succeed
-
-  actions:
-    if: needs.files-changed.outputs.actions == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-      - run: make lint-actions
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -1,247 +0,0 @@
-name: db-tests
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  test-pgsql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      pgsql:
-        image: postgres:15
-        env:
-          POSTGRES_DB: test
-          POSTGRES_PASSWORD: postgres
-        ports:
-          - "5432:5432"
-      ldap:
-        image: gitea/test-openldap:latest
-        ports:
-          - "389:389"
-          - "636:636"
-      minio:
-        # as github actions doesn't support "entrypoint", we need to use a non-official image
-        # that has a custom entrypoint set to "minio server /data"
-        image: bitnami/minio:2021.3.17
-        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
-        ports:
-          - "9000:9000"
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-pgsql-migration test-pgsql
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit
-          RACE_ENABLED: true
-          TEST_TAGS: gogit
-          TEST_LDAP: 1
-          USE_REPO_TEST_DIR: 1
-
-  test-sqlite:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-      - run: make test-sqlite-migration test-sqlite
-        timeout-minutes: 50
-        env:
-          TAGS: bindata gogit sqlite sqlite_unlock_notify
-          RACE_ENABLED: true
-          TEST_TAGS: gogit sqlite sqlite_unlock_notify
-          USE_REPO_TEST_DIR: 1
-
-  test-unit:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: test
-        ports:
-          - "3306:3306"
-      elasticsearch:
-        image: elasticsearch:7.5.0
-        env:
-          discovery.type: single-node
-        ports:
-          - "9200:9200"
-      smtpimap:
-        image: tabascoterrier/docker-imap-devel:latest
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
-      redis:
-        image: redis
-        options: >- # wait until redis has started
-          --health-cmd "redis-cli ping"
-          --health-interval 5s
-          --health-timeout 3s
-          --health-retries 10
-        ports:
-          - 6379:6379
-      minio:
-        image: bitnami/minio:2021.3.17
-        env:
-          MINIO_ACCESS_KEY: 123456
-          MINIO_SECRET_KEY: 12345678
-        ports:
-          - "9000:9000"
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - name: unit-tests
-        run: make unit-test-coverage test-check
-        env:
-          TAGS: bindata
-          RACE_ENABLED: true
-          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
-      - name: unit-tests-gogit
-        run: make unit-test-coverage test-check
-        env:
-          TAGS: bindata gogit
-          RACE_ENABLED: true
-          GITHUB_READ_TOKEN: ${{ secrets.GITHUB_READ_TOKEN }}
-
-  test-mysql5:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql:
-        image: mysql:5.7
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: test
-        ports:
-          - "3306:3306"
-      elasticsearch:
-        image: elasticsearch:7.5.0
-        env:
-          discovery.type: single-node
-        ports:
-          - "9200:9200"
-      smtpimap:
-        image: tabascoterrier/docker-imap-devel:latest
-        ports:
-          - "25:25"
-          - "143:143"
-          - "587:587"
-          - "993:993"
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - name: run tests
-        run: make test-mysql-migration integration-test-coverage
-        env:
-          TAGS: bindata
-          RACE_ENABLED: true
-          USE_REPO_TEST_DIR: 1
-          TEST_INDEXER_CODE_ES_URL: "http://elastic:changeme@elasticsearch:9200"
-
-  test-mysql8:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mysql8:
-        image: mysql:8
-        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: yes
-          MYSQL_DATABASE: testgitea
-        ports:
-          - "3306:3306"
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql8" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-mysql8-migration test-mysql8
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
-
-  test-mssql:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    services:
-      mssql:
-        image: mcr.microsoft.com/mssql/server:latest
-        env:
-          ACCEPT_EULA: Y
-          MSSQL_PID: Standard
-          SA_PASSWORD: MwantsaSecurePassword1
-        ports:
-          - "1433:1433"
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20.0"
-      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql" | sudo tee -a /etc/hosts'
-      - run: make deps-backend
-      - run: make backend
-        env:
-          TAGS: bindata
-      - run: make test-mssql-migration test-mssql
-        timeout-minutes: 50
-        env:
-          TAGS: bindata
-          USE_REPO_TEST_DIR: 1
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@@ -1,23 +0,0 @@
-name: docker-dryrun
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  docker-dryrun:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
-        with:
-          push: false
-          tags: gitea/gitea:linux-amd64
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@@ -1,32 +0,0 @@
-name: e2e-tests
-
-on:
-  pull_request:
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  files-changed:
-    uses: ./.github/workflows/files-changed.yml
-
-  test-e2e:
-    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend frontend deps-backend
-      - run: npx playwright install --with-deps
-      - run: make test-e2e-sqlite
-        timeout-minutes: 40
-        env:
-          USE_REPO_TEST_DIR: 1
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -1,92 +0,0 @@
-name: release-nightly-assets
-
-on:
-  push:
-    branches: [ main, release/v* ]
-
-jobs:
-  nightly-binary:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: ">=1.20"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: upload binaries to s3
-        uses: jakejarvis/s3-sync-action@master
-        env:
-          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
-          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          AWS_REGION: ${{ secrets.AWS_REGION }}
-          SOURCE_DIR: dist/release
-          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
-  nightly-docker:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          # if main then say nightly otherwise cleanup name
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "branch=nightly" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}-rootless
--- a/.gitignore
+++ b/.gitignore
@@ -16,6 +16,10 @@ _test
 .vscode
 __debug_bin

+# Architecture specific extensions/prefixes
+*.[568vq]
+[568vq].out
+
 *.cgo1.go
 *.cgo2.c
 _cgo_defun.c
@@ -43,7 +47,6 @@ cpu.out

 *.db
 *.log
-*.log.*.gz

 /gitea
 /gitea-vet
@@ -53,6 +56,8 @@ cpu.out
 /bin
 /dist
 /custom/*
+!/custom/conf
+/custom/conf/*
 !/custom/conf/app.example.ini
 /data
 /indexers
@@ -66,12 +71,12 @@ cpu.out
 /tests/e2e/test-artifacts
 /tests/e2e/test-snapshots
 /tests/*.ini
-/tests/**/*.git/**/*.sample
 /node_modules
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
 /public/js
+/public/serviceworker.js
 /public/css
 /public/fonts
 /public/img/webpack
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -7,22 +7,21 @@ tasks:
    command: |
      gp sync-done setup
      exit 0
-  - name: Run backend
-    command: |
-      gp sync-await setup
-      if [ ! -f custom/conf/app.ini ]
-      then
-        mkdir -p custom/conf/
-        echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
-        echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
-      fi
-      export TAGS="sqlite sqlite_unlock_notify"
-      make watch-backend
  - name: Run frontend
    command: |
      gp sync-await setup
      make watch-frontend
-    openMode: split-right
+  - name: Run backend
+    command: |
+      gp sync-await setup
+      mkdir -p custom/conf/
+      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
+      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
+      export TAGS="sqlite sqlite_unlock_notify"
+      make watch-backend
+  - name: Run docs
+    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
+    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0

 vscode:
  extensions:
@@ -31,7 +30,7 @@ vscode:
    - golang.go
    - stylelint.vscode-stylelint
    - DavidAnson.vscode-markdownlint
-    - Vue.volar
+    - johnsoncodehk.volar
    - ms-azuretools.vscode-docker
    - zixuanchen.vitest-explorer
    - alexcvzz.vscode-sqlite
@@ -39,3 +38,5 @@ vscode:
 ports:
  - name: Gitea
    port: 3000
+  - name: Docs
+    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,35 +1,34 @@
 linters:
  enable:
-    - bidichk
-    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - depguard
-    - dupl
-    - errcheck
-    - forbidigo
-    - gocritic
-    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
-    - gofmt
-    - gofumpt
    - gosimple
-    - govet
-    - ineffassign
-    - nakedret
-    - nolintlint
-    - revive
-    - staticcheck
-    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - stylecheck
+    - deadcode
    - typecheck
-    - unconvert
+    - govet
+    - errcheck
+    - staticcheck
    - unused
-    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
+    - structcheck
+    - varcheck
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - gocritic
+    - bidichk
+    - ineffassign
+    - revive
+    - gofumpt
+    - depguard
+    - nakedret
+    - unconvert
    - wastedassign
+    - nolintlint
+    - stylecheck
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: "1.20"
+  go: 1.19
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -75,18 +74,15 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.20"
+    lang-version: "1.19"
  depguard:
+    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
    # Check the list against standard lib.
    include-go-root: true
    packages-with-error-message:
      - encoding/json: "use gitea's modules/json instead of encoding/json"
      - github.com/unknwon/com: "use gitea's util and replacements"
-      - io/ioutil: "use os or io instead"
-      - golang.org/x/exp: "it's experimental and unreliable."
-      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"
-      - gopkg.in/ini.v1: "do not use the ini package, use gitea's config system instead"

 issues:
  max-issues-per-linter: 0
@@ -107,25 +103,76 @@ issues:
        - errcheck
        - dupl
        - gosec
-    - path: cmd
-      linters:
-        - forbidigo
    - linters:
        - dupl
      text: "webhook"
    - linters:
        - gocritic
      text: "`ID' should not be capitalized"
+    - path: modules/templates/helper.go
+      linters:
+        - gocritic
    - linters:
        - unused
        - deadcode
      text: "swagger"
+    - path: contrib/pr/checkout.go
+      linters:
+        - errcheck
+    - path: models/issue.go
+      linters:
+        - errcheck
+    - path: models/migrations/
+      linters:
+        - errcheck
+    - path: modules/log/
+      linters:
+        - errcheck
+    - path: routers/api/v1/repo/issue_subscription.go
+      linters:
+        - dupl
+    - path: routers/repo/view.go
+      linters:
+        - dupl
+    - path: models/migrations/
+      linters:
+        - unused
    - linters:
        - staticcheck
      text: "argument x is overwritten before first use"
+    - path: modules/httplib/httplib.go
+      linters:
+        - staticcheck
+    # Enabling this would require refactoring the methods and how they are called.
+    - path: models/issue_comment_list.go
+      linters:
+        - dupl
+    - path: models/update.go
+      linters:
+        - unused
+    - path: cmd/dump.go
+      linters:
+        - dupl
+    - path: services/webhook/webhook.go
+      linters:
+        - structcheck
    - text: "commentFormatting: put a space between `//` and comment text"
      linters:
        - gocritic
    - text: "exitAfterDefer:"
      linters:
        - gocritic
+    - path: modules/graceful/manager_windows.go
+      linters:
+        - staticcheck
+      text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
+    - path: models/user/openid.go
+      linters:
+        - golint
+    - path: models/user/badge.go
+      linters:
+        - revive
+      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
+    - path: models/db/sql_postgres_with_schema.go
+      linters:
+        - nolintlint
--- a/.ignore
+++ b/.ignore
@@ -1,8 +1,8 @@
 *.min.css
 *.min.js
-/assets/*.json
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
+/public/vendor/plugins
 /vendor
 node_modules
--- a/.lgtm
+++ b/.lgtm
@@ -0,0 +1,3 @@
+pattern = "(?)LGTM"
+self_approval_off = true
+ignore_maintainers_file = true
--- a/.npmrc
+++ b/.npmrc
@@ -3,4 +3,3 @@ fund=false
 update-notifier=false
 package-lock=true
 save-exact=true
-lockfile-version=3
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@@ -1,141 +1,32 @@
-plugins:
-  - stylelint-declaration-strict-value
-
-ignoreFiles:
-  - "**/*.go"
+extends: stylelint-config-standard

 overrides:
-  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console.css", "font_i18n.css"]
-    rules:
-      scale-unlimited/declaration-strict-value: null
-  - files: ["**/chroma/*", "**/codemirror/*"]
-    rules:
-      block-no-empty: null
-  - files: ["**/*.vue"]
-    customSyntax: postcss-html
+  - files: ["**/*.less"]
+    customSyntax: postcss-less

 rules:
  alpha-value-notation: null
-  annotation-no-unknown: true
-  at-rule-allowed-list: null
-  at-rule-disallowed-list: null
  at-rule-empty-line-before: null
-  at-rule-no-unknown: true
-  at-rule-no-vendor-prefix: true
-  at-rule-property-required-list: null
-  block-no-empty: true
+  block-closing-brace-empty-line-before: null
  color-function-notation: null
-  color-hex-alpha: null
  color-hex-length: null
-  color-named: null
-  color-no-hex: null
-  color-no-invalid-hex: true
  comment-empty-line-before: null
-  comment-no-empty: true
-  comment-pattern: null
-  comment-whitespace-inside: null
-  comment-word-disallowed-list: null
-  custom-media-pattern: null
-  custom-property-empty-line-before: null
-  custom-property-no-missing-var-function: true
-  custom-property-pattern: null
-  declaration-block-no-duplicate-custom-properties: true
-  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
  declaration-block-no-redundant-longhand-properties: null
-  declaration-block-no-shorthand-property-overrides: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
-  declaration-no-important: null
-  declaration-property-max-values: null
-  declaration-property-unit-allowed-list: null
-  declaration-property-unit-disallowed-list: null
-  declaration-property-value-allowed-list: null
-  declaration-property-value-disallowed-list: null
-  declaration-property-value-no-unknown: true
-  font-family-name-quotes: always-where-recommended
-  font-family-no-duplicate-names: true
-  font-family-no-missing-generic-family-keyword: true
-  font-weight-notation: null
-  function-allowed-list: null
-  function-calc-no-unspaced-operator: true
-  function-disallowed-list: null
-  function-linear-gradient-no-nonstandard-direction: true
-  function-name-case: lower
  function-no-unknown: null
-  function-url-no-scheme-relative: null
-  function-url-quotes: always
-  function-url-scheme-allowed-list: null
-  function-url-scheme-disallowed-list: null
  hue-degree-notation: null
-  import-notation: string
-  keyframe-block-no-duplicate-selectors: true
-  keyframe-declaration-no-important: true
-  keyframe-selector-notation: null
-  keyframes-name-pattern: null
-  length-zero-no-unit: true
-  max-nesting-depth: null
-  media-feature-name-allowed-list: null
-  media-feature-name-disallowed-list: null
-  media-feature-name-no-unknown: true
-  media-feature-name-no-vendor-prefix: true
-  media-feature-name-unit-allowed-list: null
-  media-feature-name-value-allowed-list: null
-  media-feature-name-value-no-unknown: true
-  media-feature-range-notation: null
-  named-grid-areas-no-invalid: true
+  indentation: 2
+  max-line-length: null
  no-descending-specificity: null
-  no-duplicate-at-import-rules: true
-  no-duplicate-selectors: true
-  no-empty-source: true
-  no-invalid-double-slash-comments: true
  no-invalid-position-at-import-rule: null
-  no-irregular-whitespace: true
-  no-unknown-animations: null
-  no-unknown-custom-properties: null
+  number-leading-zero: never
  number-max-precision: null
-  property-allowed-list: null
-  property-disallowed-list: null
-  property-no-unknown: true
  property-no-vendor-prefix: null
  rule-empty-line-before: null
-  rule-selector-property-disallowed-list: null
-  scale-unlimited/declaration-strict-value: [[color, background-color, border-color, font-weight], {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor|none)$/, ignoreFunctions: false, disableFix: true}]
-  selector-attribute-name-disallowed-list: null
-  selector-attribute-operator-allowed-list: null
-  selector-attribute-operator-disallowed-list: null
-  selector-attribute-quotes: always
  selector-class-pattern: null
-  selector-combinator-allowed-list: null
-  selector-combinator-disallowed-list: null
-  selector-disallowed-list: null
  selector-id-pattern: null
-  selector-max-attribute: null
-  selector-max-class: null
-  selector-max-combinators: null
-  selector-max-compound-selectors: null
-  selector-max-id: null
-  selector-max-pseudo-class: null
-  selector-max-specificity: null
-  selector-max-type: null
-  selector-max-universal: null
-  selector-nested-pattern: null
-  selector-no-qualifying-type: null
-  selector-no-vendor-prefix: true
-  selector-not-notation: null
-  selector-pseudo-class-allowed-list: null
-  selector-pseudo-class-disallowed-list: null
-  selector-pseudo-class-no-unknown: true
-  selector-pseudo-element-allowed-list: null
  selector-pseudo-element-colon-notation: double
-  selector-pseudo-element-disallowed-list: null
-  selector-pseudo-element-no-unknown: true
-  selector-type-case: lower
-  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
  shorthand-property-no-redundant-values: true
-  string-no-newline: true
-  time-min-milliseconds: null
-  unit-allowed-list: null
-  unit-disallowed-list: null
-  unit-no-unknown: true
-  value-keyword-case: null
-  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]
+  string-quotes: null
+  value-no-vendor-prefix: null
--- a/33
+++ b/33
@@ -1,7 +1,6 @@
 # GNU makefile proxy script for BSD make
-#
 # Written and maintained by Mahmoud Al-Qudsi <mqudsi@neosmart.net>
-# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2019
+# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2018
 # Obtain updates from <https://github.com/neosmart/gmake-proxy>
 #
 # Redistribution and use in source and binary forms, with or without
@@ -27,32 +26,26 @@

 JARG =
 GMAKE = "gmake"
-# When gmake is called from another make instance, -w is automatically added
-# which causes extraneous messages about directory changes to be emitted.
-# Running with --no-print-directory silences these messages.
+#When gmake is called from another make instance, -w is automatically added
+#which causes extraneous messages about directory changes to be emitted.
+#--no-print-directory silences these messages.
 GARGS = "--no-print-directory"

 .if "$(.MAKE.JOBS)" != ""
-    JARG = -j$(.MAKE.JOBS)
+JARG = -j$(.MAKE.JOBS)
 .endif

-# bmake prefers out-of-source builds and tries to cd into ./obj (among others)
-# where possible. GNU Make doesn't, so override that value.
+#by default bmake will cd into ./obj first
 .OBJDIR: ./

-# The GNU convention is to use the lowercased `prefix` variable/macro to
-# specify the installation directory. Humor them.
-GPREFIX = ""
-.if defined(PREFIX) && ! defined(prefix)
-    GPREFIX = 'prefix = "$(PREFIX)"'
-.endif
-
-.BEGIN: .SILENT
-	which $(GMAKE) || printf "Error: GNU Make is required!\n\n" 1>&2 && false
-
 .PHONY: FRC
 $(.TARGETS): FRC
-	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)

 .DONE .DEFAULT: .SILENT
-	$(GMAKE) $(GPREFIX) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.ERROR: .SILENT
+	if ! which $(GMAKE) > /dev/null; then \
+		echo "GNU Make is required!"; \
+	fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,505 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.19.3](https://github.com/go-gitea/gitea/releases/tag/1.19.3) - 2023-05-03
-
-* SECURITY
-  * Use golang 1.20.4 to fix CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400
-* ENHANCEMENTS
-  * Enable whitespace rendering on selection in Monaco (#24444) (#24485)
-  * Improve milestone filter on issues page (#22423) (#24440)
-* BUGFIXES
-  * Fix api error message if fork exists (#24487) (#24493)
-  * Fix user-cards format (#24428) (#24431)
-  * Fix incorrect CurrentUser check for docker rootless (#24435)
-  * Getting the tag list does not require being signed in (#24413) (#24416)
-
-## [1.19.2](https://github.com/go-gitea/gitea/releases/tag/1.19.2) - 2023-04-26
-
-* SECURITY
-  * Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
-  * Only delete secrets belonging to its owner (#24284) (#24286)
-* API
-  * Fix typo in API route (#24310) (#24332)
-  * Fix access token issue on some public endpoints (#24194) (#24259)
-* ENHANCEMENTS
-  * Fix broken clone script on an empty archived repo (#24339) (#24348)
-  * Fix Monaco IOS keyboard button (#24341) (#24347)
-  * Don't set meta `theme-color` by default (#24340) (#24346)
-  * Wrap too long push mirror addresses (#21120) (#24334)
-  * Add --font-weight-bold and set previous bold to 601 (#24307) (#24331)
-  * Unify nightly naming across binaries and docker images (#24116) (#24308)
-  * Fix footer display (#24251) (#24269)
-  * Fix label color, fix divider in dropdown (#24215) (#24244)
-  * Vertical widths of containers removed (#24184) (#24211)
-  * Use correct locale key for forks page (#24172) (#24175)
-  * Sort repo topic labels by name (#24123) (#24153)
-  * Highlight selected file in the PR file tree (#23947) (#24126)
-* BUGFIXES
-  * Fix auth check bug (#24382) (#24387)
-  * Add tags list for repos whose release setting is disabled (#23465) (#24369)
-  * Fix wrong error info in RepoRefForAPI (#24344) (#24351)
-  * Fix no edit/close/delete button in org repo project view page (#24349)
-  * Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (#24035) (#24333)
-  * Remove org users who belong to no teams (#24247) (#24313)
-  * Fix bug when deleting wiki with no code write permission (#24274) (#24295)
-  * Handle canceled workflow as a warning instead of a fail (#24282) (#24292)
-  * Load reviewer for comments when dismissing a review (#24281) (#24288)
-  * Show commit history for closed/merged PRs (#24238) (#24261)
-  * Fix owner team access mode value in team_unit table (#24224)
-  * Fix issue attachment handling (#24202) (#24221)
-  * Fix incorrect CORS default values (#24206) (#24217)
-  * Fix template error in pull request with deleted head repo (#24192) (#24216)
-  * Don't list root repository on compare page if pulls not allowed (#24183) (#24210)
-  * Fix calReleaseNumCommitsBehind (#24148) (#24197)
-  * Fix Org edit page bugs: renaming detection, maxlength (#24161) (#24171)
-  * Update redis library to support redis v7 (#24114) (#24156)
-  * Use 1.18's aria role for dropdown menus (#24144) (#24155)
-  * Fix 2-dot direct compare to use the right base commit (#24133) (#24150)
-  * Fix incorrect server error content in RunnersList (#24118) (#24121)
-  * Fix mismatch between hook events and github event types (#24048) (#24091)
-* BUILD
-  * Support converting varchar to nvarchar for mssql database (#24105) (#24168)
-
-## [1.19.1](https://github.com/go-gitea/gitea/releases/tag/v1.19.1) - 2023-04-12
-
-* BREAKING
-  * Rename actions unit to `repo.actions` and add docs for it (#23733) (#23881)
-* ENHANCEMENTS
-  * Add card type to org/user level project on creation, edit and view (#24043) (#24066)
-  * Refactor commit status for Actions jobs (#23786) (#24060)
-  * Show errors for KaTeX and mermaid on the preview tab (#24009) (#24019)
-  * Show protected branch rule names again (#23907) (#24018)
-  * Adjust sticky PR header to cover background (#23956) (#23999)
-  * Discolor pull request tab labels (#23950) (#23987)
-  * Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
-  * Left-align review comments (#23937)
-  * Fix image border-radius (#23886) (#23930)
-  * Scroll collapsed file into view (#23702) (#23929)
-  * Fix code view (diff) broken layout (#23096) (#23918)
-  * Org pages style fixes (#23901) (#23914)
-  * Fix user profile description rendering (#23882) (#23902)
-  * Fix review box viewport overflow issue (#23800) (#23898)
-  * Prefill input values in OAuth settings as intended (#23829) (#23871)
-  * CSS color tweaks (#23828) (#23842)
-  * Fix incorrect visibility dropdown list in add/edit user page (#23804) (#23833)
-  * Add CSS rules for basic colored labels (#23774) (#23777)
-  * Add creation time in tag list page (#23693) (#23773)
-  * Fix br display for packages curls (#23737) (#23764)
-  * Fix issue due date edit toggle bug (#23723) (#23758)
-  * Improve commit graph page UI alignment (#23751) (#23754)
-  * Use GitHub Actions compatible globbing for `branches`, `tag`, `path` filter (#22804) (#23740)
-  * Redirect to project again after editing it (#23326) (#23739)
-  * Remove row clicking from notification table (#22695) (#23706)
-  * Remove conflicting CSS rules on notifications, improve notifications table (#23565) (#23621)
-  * Fix diff tree height and adjust target file style (#23616)
-* BUGFIXES
-  * Improve error logging for LFS (#24072) (#24082)
-  * Fix custom mailer template on Windows platform (#24081)
-  * Update the value of `diffEnd` when clicking the `Show More` button in the DiffFileTree (#24069) (#24078)
-  * Make label templates have consistent behavior and priority (#23749)
-  * Fix accidental overwriting of LDAP team memberships (#24050) (#24065)
-  * Fix branch protection priority (#24045) (#24061)
-  * Use actions job link as commit status URL instead of run link (#24023) (#24032)
-  * Add actions support to package auth verification (#23729) (#24028)
-  * Fix protected branch for API (#24013) (#24027)
-  * Do not escape space between PyPI repository URL and package name… (#23981) (#24008)
-  * Fix redirect bug when creating issue from a project (#23971) (#23997)
-  * Set `ref` to fully-formed of the tag when trigger event is `release` (#23944) (#23989)
-  * Use Get/Set instead of Rename when regenerating session ID (#23975) (#23983)
-  * Ensure RSS icon is present on all repo tabs (#23904) (#23973)
-  * Remove `Repository.getFilesChanged` to fix Actions `paths` and `paths-ignore` filter (#23920) (#23969)
-  * Delete deleted release attachments immediately from storage (#23913) (#23958)
-  * Use ghost user if package creator does not exist (#23822) (#23915)
-  * User/Org Feed render description as per web (#23887) (#23906)
-  * Fix `cases.Title` crash for concurrency (#23885) (#23903)
-  * Convert .Source.SkipVerify to $cfg.SkipVerify (#23839) (#23899)
-  * Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS path ... (#23874) (#23878)
-  * Fix JS error when changing PR's target branch (#23862) (#23864)
-  * Fix 500 error if there is a name conflict when editing authentication source (#23832) (#23852)
-  * Fix closed PR also triggers Webhooks and actions (#23782) (#23834)
-  * Fix checks for `needs` in Actions (#23789) (#23831)
-  * Fix "Updating branch by merge" bug in "update_branch_by_merge.tmpl" (#23790) (#23825)
-  * Fix cancel button in the page of project edit not work (#23655) (#23813)
-  * Don't apply the group filter when listing LDAP group membership if it is empty (#23745) (#23788)
-  * Fix profile page email display, respect settings (#23747) (#23756)
-  * Fix project card preview select and template select (#23684) (#23731)
-  * Check LFS/Packages settings in dump and doctor command (#23631) (#23730)
-  * Add git dashes separator to some "log" and "diff" commands (#23606) (#23720)
-  * Create commit status when event is `pull_request_sync` (#23683) (#23691)
-  * Fix incorrect `HookEventType` of pull request review comments (#23650) (#23678)
-  * Fix incorrect `show-modal` and `show-panel` class (#23660) (#23663)
-  * Improve workflow event triggers (#23613) (#23648)
-  * Introduce path Clean/Join helper functions, partially backport&refactor (#23495) (#23607)
-  * Fix pagination on `/notifications/watching` (#23564) (#23603)
-  * Fix submodule is nil panic (#23588) (#23601)
-  * Polyfill the window.customElements (#23592) (#23595)
-  * Avoid too long names for actions (#23162) (#23190)
-* TRANSLATION
-  * Backport locales (with manual fixes) (#23808, #23634, #24083)
-* BUILD
-  * Hardcode the path to docker images (#23955) (#23968)
-* DOCS
-  * Update documentation to explain which projects allow Gitea to host static pages (#23993) (#24058)
-  * Merge `push to create`, `open PR from push`, and `push options` docs articles into one (#23744) (#23959)
-  * Fix code blocks in the cheat sheet (#23664) (#23669)
-* MISC
-  * Do not crash when parsing an invalid workflow file (#23972) (#23976)
-  * Remove assertion debug code for show/hide refactoring (#23576) (#23868)
-  * Add ONLY_SHOW_RELEVANT_REPOS back, fix explore page bug, make code more strict (#23766) (#23791)
-  * Make minio package support legacy MD5 checksum (#23768) (#23770)
-  * Improve template error reporting (#23396) (#23600)
-
-## [1.19.0](https://github.com/go-gitea/gitea/releases/tag/v1.19.0) - 2023-03-19
-
-* BREAKING
-  * Add loading yaml label template files (#22976) (#23232)
-  * Make issue and code search support camel case for Bleve (#22829)
-  * Repositories: by default disable all units except code and pulls on forks (#22541)
-  * Support template for merge message description (#22248)
-  * Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
-  * Implement actions (#21937)
-  * Remove deprecated DSA host key from Docker Container (#21522)
-  * Improve valid user name check (#20136)
-* SECURITY
-  * Return 404 instead of 403 if user can not access the repo (#23155) (#23158)
-  * Support scoped access tokens (#20908)
-* FEATURES
-  * Add support for commit cross references (#22645)
-  * Scoped labels (#22585)
-  * Add Chef package registry (#22554)
-  * Support asciicast files as new markup (#22448)
-  * cgo cross-compile for freebsd (#22397)
-  * Add cron method to gc LFS MetaObjects (#22385)
-  * Add new captcha: cloudflare turnstile (#22369)
-  * Enable `@<user>`- completion popup on the release description textarea (#22359)
-  * make /{username}.png redirect to user/org avatar (#22356)
-  * Add Conda package registry (#22262)
-  * Support org/user level projects (#22235)
-  * Add Mermaid copy button (#22225)
-  * Add user secrets (#22191)
-  * Secrets storage with SecretKey encrypted (#22142)
-  * Preview images for Issue cards in Project Board view (#22112)
-  * Add support for incoming emails (#22056)
-  * Add Cargo package registry (#21888)
-  * Add option to prohibit fork if user reached maximum limit of repositories (#21848)
-  * Add attention blocks within quote blocks for `Note` and `Warning` (#21711)
-  * Add Feed for Releases and Tags (#21696)
-  * Add package registry cleanup rules (#21658)
-  * Add "Copy" button to file view of raw text (#21629)
-  * Allow disable sitemap (#21617)
-  * Add package registry quota limits (#21584)
-  * Map OIDC groups to Orgs/Teams (#21441)
-  * Keep languages defined in .gitattributes (#21403)
-  * Add Webhook authorization header (#20926)
-  * Supports wildcard protected branch (#20825)
-  * Copy citation file content, in APA and BibTex format, on repo home page (#19999)
-* API
-  * Match api migration behavior to web behavior (#23552) (#23573)
-  * Purge API comment (#23451) (#23452)
-  * User creation API: allow custom "created" timestamps (#22549)
-  * Add `updated_at` field to PullReview API object (#21812)
-  * Add API management for issue/pull and comment attachments (#21783)
-  * Add API endpoint to get latest release (#21267)
-  * Support system hook API (#14537)
-* ENHANCEMENTS
-  * Add `.patch` to `attachment.ALLOWED_TYPES` (#23580) (#23582)
-  * Fix sticky header in diff view (#23554) (#23568)
-  * Refactor merge/update git command calls (#23366) (#23544)
-  * Fix review comment context menu clipped bug (#23523) (#23543)
-  * Imrove scroll behavior to hash issuecomment(scroll position, auto expand if file is folded, and on refreshing) (#23513) (#23540)
-  * Increase horizontal page padding (#23507) (#23537)
-  * Use octicon-verified for gpg signatures (#23529) (#23536)
-  * Make time tooltips interactive (#23526) (#23527)
-  * Replace Less with CSS (#23508)
-  * Fix 'View File' button in code search (#23478) (#23483)
-  * Convert GitHub event on actions and fix some pull_request events. (#23037) (#23471)
-  * Support reflogs (#22451) (#23438)
-  * Fix actions frontend bugs (pagination, long name alignment) and small simplify (#23370) (#23436)
-  * Scoped label display and documentation tweaks (#23430) (#23433)
-  * Add missing tabs to org projects page (#22705) (#23412)
-  * Fix and move "Use this template" button (#23398) (#23408)
-  * Handle OpenID discovery URL errors a little nicer when creating/editing sources (#23397) (#23403)
-  * Rename `canWriteUnit` to `canWriteProjects` (#23386) (#23399)
-  * Refactor and tidy-up the merge/update branch code (#22568) (#23365)
-  * Refactor `setting.Database.UseXXX` to methods (#23354) (#23356)
-  * Fix incorrect project links and use symlink icon for org-wide projects (#23325) (#23336)
-  * Fix PR view misalignment caused by long name file (#23321) (#23335)
-  * Scoped labels: don't require holding alt key to remove (#23303) (#23331)
-  * Add context when rendering labels or emojis (#23281) (#23319)
-  * Change interactiveBorder to fix popup preview  (#23169) (#23314)
-  * Scoped labels: set aria-disabled on muted Exclusive option for a11y (#23306) (#23311)
-  * update to mermaid v10 (#23178) (#23299)
-  * Fix code wrap for unbroken lines (#23268) (#23293)
-  * Use async await to fix empty quote reply at first time (#23168) (#23256)
-  * Fix switched citation format (#23250) (#23253)
-  * Allow `<video>` in MarkDown (#22892) (#23236)
-  * Order pull request conflict checking by recently updated, for each push (#23220) (#23225)
-  * Fix Fomantic UI's `touchstart` fastclick, always use `click` for click events (#23065) (#23195)
-  * Add word-break to sidebar-item-link (#23146) (#23180)
-  * Add InsecureSkipVerify to Minio Client for Storage (#23166) (#23177)
-  * Fix height for sticky head on large screen on PR page (#23111) (#23123)
-  * Change style to improve whitespaces trimming inside inline markdown code (#23093) (#23120)
-  * Avoid warning for system setting when start up (#23054) (#23116)
-  * Add accessibility to the menu on the navbar (#23059) (#23095)
-  * Improve accessibility for issue comments (#22612) (#23083)
-  * Remove delete button for review comment (#23036)
-  * Remove dashes between organization member avatars on hover (#23034)
-  * Use `gt-relative` class instead of the ambiguous `gt-pr` class  (#23008)
-  * handle deprecated settings (#22992)
-  * Add scopes to API to create token and display them (#22989)
-  * Improve PR Review Box UI (#22986)
-  * Improve issues.LoadProject (#22982)
-  * Add all units to the units permission list in org team members sidebar (#22971)
-  * Rename `GetUnits` to `LoadUnits` (#22970)
-  * Rename `repo.GetOwner` to `repo.LoadOwner` (#22967)
-  * Rename "People" to "Members" in organization page and use a better icon (#22960)
-  * Fix avatar misalignment (#22955)
-  * Sort issues and pulls by recently updated in user and organization home (#22925)
-  * Add `title` to PR file tree items (#22918)
-  * First step to refactor the `.hide` to `.gt-hidden` (#22916)
-  * Add tooltip to issue reference (#22913)
-  * Always show the `command line instructions` button even if there are conflicts (#22909)
-  * Fix dark-colored description text in arc-green theme (#22908)
-  * Remove Fomantic-UI's `.hidden` CSS class for menu elements (#22895)
-  * Move helpers to be prefixed with `gt-` (#22879)
-  * Move `IsReadmeFile*` from `modules/markup/` to `modules/util` (#22877)
-  * Highlight focused diff file (#22870)
-  * Add some headings to repo views (#22869)
-  * Fix milestone title font problem (#22863)
-  * Pull Requests: setting to allow edits by maintainers by default, tweak UI (#22862)
-  * Introduce customized HTML elements, fix incorrect AppUrl usages in templates (#22861)
-  * Add `/$count` endpoints for NuGet v2 (#22855)
-  * Remove Fomantic-UI's `.hidden` CSS class for checkbox elements (#22851)
-  * Fix notification and stopwatch empty states (#22845)
-  * Always go full width in PR view (#22844)
-  * Improve AppUrl/ROOT_URL checking (#22836)
-  * Fix style of actions rerun button (#22835)
-  * Fix more HTMLURL in templates (#22831)
-  * Fix inconsistent Filter Project name in issue list (#22827)
-  * include build info in Prometheus metrics (#22819)
-  * Make clone URL use current page's host (#22808)
-  * Refactor legacy strange git operations (#22756)
-  * Improve error report when user passes a private key (#22726)
-  * set user dashboard org visibility to basic (#22706)
-  * Fix diff UI for unexpandable items (#22700)
-  * Remove 'primary' class from tab counter labels (#22687)
-  * Add more events details supports for actions (#22680)
-  * Refactor git command package to improve security and maintainability (#22678)
-  * Use relative url in actions view (#22675)
-  * set user visibility class to basic (#22674)
-  * Add repository setting to enable/disable releases unit (#22671)
-  * Remove label color from global issue filters (#22660)
-  * Fix poor alignment of organization description on organization home page (#22656)
-  * Small refactor for loading PRs (#22652)
-  * Allow setting access token scope by CLI (#22648)
-  * Improve accessibility of navigation bar and footer (#22635)
-  * Fixes accessibility behavior of Watching, Staring and Fork buttons (#22634)
-  * Fixes accessibility of empty repository commit status (#22632)
-  * Pull request yaml template support for including commit body in a field (#22629)
-  * Show migration validation error (#22619)
-  * set org visibility class to basic in header (#22605)
-  * Fix cache-control header clearing comment text when editing issue (#22604)
-  * Add ARIA support for Fomantic UI checkboxes (#22599)
-  * Add templates to customize text when creating and migrating repositories (#22597)
-  * Allow setting `redirect_to` cookie on OAuth login (#22594)
-  * Improve checkbox accessibility a bit by adding the title attribute (#22593)
-  * Allow issue templates to not render title (#22589)
-  * Webhooks: for issue close/reopen action, add commit ID that caused it (#22583)
-  * Fix missing title and filter in issue sidebar project menu (#22557)
-  * Issues: support setting issue template field values with query (#22545)
-  * Issues: add Project filter to issues list and search (#22544)
-  * Pull Requests: add color to approved/reject icon in pull requests list (#22543)
-  * Mute all links in issue timeline (#22533)
-  * Dropzone: Add "Copy link" button for new uploads (#22517)
-  * Support importing comment types (#22510)
-  * Load asciicast css async (#22502)
-  * Move delete user to service (#22478)
-  * Change use of Walk to WalkDir to improve disk performance (#22462)
-  * Add reply hint to mail text (#22459)
-  * fix wrong theme class when logged out if default theme is changed (#22408)
-  * Refactor the setting to make unit test easier (#22405)
-  * Improve utils of slices (#22379)
-  * Use context parameter in models/git (#22367)
-  * Always reuse transaction (#22362)
-  * Fix unstable emoji sort (#22346)
-  * Add context cache as a request level cache (#22294)
-  * Reminder for no more logs to console (#22282)
-  * Support estimated count with multiple schemas (#22276)
-  * Move `convert` package to services (#22264)
-  * Use dynamic package type list (#22263)
-  * Hide file borders on sticky diff box (#22217)
-  * Improve notification and stopwatch styles (#22169)
-  * Fixed Project view .board-column height for tall screens. (#22108)
-  * Use multi reader instead to concat strings (#22099)
-  * Use git command instead of exec.Cmd in blame (#22098)
-  * Fix autofilled text visibility in dark mode (#22088)
-  * Rename almost all Ctx functions (#22071)
-  * Rename actions to operations on UI (#22067)
-  * refactor bind functions based on generics (#22055)
-  * Support disabling database auto migration (#22053)
-  * remove duplicated read file code (#22042)
-  * Use link in UI which returned a relative url but not html_url which contains an absolute url (#21986)
-  * Skip initing disabled storages (#21985)
-  * Add doctor command for full GC of LFS (#21978)
-  * Util type to parse ref name (#21969)
-  * Replace fmt.Sprintf with hex.EncodeToString (#21960)
-  * Use random bytes to generate access token (#21959)
-  * Add index for access_token (#21908)
-  * Move all remaining colors into CSS variables (#21903)
-  * Webhook list enhancements (#21893)
-  * Embed Matrix icon as SVG (#21890)
-  * Remove useless "Cancel" buttons (#21872)
-  * fix(web): keep the pages of the navigation in the center (#21867)
-  * fix(web): reduce page jitter on browsers that support overlay scrollbar (#21850)
-  * Improvements for Content Copy (#21842)
-  * Tweak katex options (#21828)
-  * Show syntax lexer name in file view/blame (#21814)
-  * Remove `href="javascript:;"` in "save topics (Done)" button (#21813)
-  * Render number of commits in repo page in a user friendly way (#21786)
-  * Adjust clone timeout error to suggest increasing timeout (#21769)
-  * Update message of reach_limit_of_creation (#21757)
-  * Allow detect whether it's in a database transaction for a context.Context (#21756)
-  * Add configuration for CORS allowed headers (#21747)
-  * Move svg html render to modules/svg (#21716)
-  * Release and Tag List tweaks (#21712)
-  * Remove template previewer (#21701)
-  * Clean up formatting on install page (#21668)
-  * Configure update checker on installation page (#21655)
-  * Merge db.Iterate and IterateObjects (#21641)
-  * Add option to enable CAPTCHA validation for login (#21638)
-  * Allow disable RSS/Atom feed (#21622)
-  * Use CSS color-scheme instead of invert (#21616)
-  * Localize time units on activity heatmap (#21570)
-  * Fix UI column width, button overflow Fomantic's grid (#21559)
-  * feat: notify doers of a merge when automerging (#21553)
-  * Split migrations folder (#21549)
-  * feat: add button to quickly clear merge message (#21548)
-  * Add `context.Context` to more methods (#21546)
-  * Add index for hook_task table (#21545)
-  * Allow disable code tab (#20805)
-* BUGFIXES
-  * Fix template error when reference Project (#23584)
-  * Fix dropdown icon misalignment when using fomantic icon (#23558) (#23577)
-  * Fix diff detail buttons wrapping, use tippy for review box (#23271) (#23546)
-  * Handle missing `README` in create repos API (#23387) (#23510)
-  * Disable sending email after push a commit to a closed PR (#23462) (#23492)
-  * Fix aria.js bugs: incorrect role element problem, mobile focus problem, tippy problem (#23450) (#23486)
-  * Fix due date being wrong on issue list (#23475) (#23477)
-  * Remove wrongly added column on migration test fixtures (#23456) (#23470)
-  * Make branches list page operations remember current page (#23420) (#23460)
-  * Fix missing commit status in PR which from forked repo (#23351) (#23453)
-  * Show edit/close/delete button on organization wide repositories (#23388) (#23429)
-  * Preserve file size when creating attachments (#23406) (#23426)
-  * Fix broken Chroma CSS styles (#23174) (#23402)
-  * Fix incorrect NotFound conditions in org/projects.go (#23384) (#23395)
-  * Set `X-Gitea-Debug` header once (#23361) (#23381)
-  * Pass context to avatar for projects view (#23359) (#23378)
-  * Fix panic when getting notes by ref (#23372) (#23377)
-  * Do not recognize text files as audio (#23355) (#23368)
-  * Fix adding of empty class name (#23352) (#23360)
-  * Fix various ImageDiff/SVG bugs (#23312) (#23358)
-  * Fix incorrect display for comment context menu (#23343) (#23344)
-  * Remove unnecessary space on link (#23334) (#23340)
-  * Fix incorrect redirect link of delete org project (#23327) (#23339)
-  * Fix cannot reopen after pushing commits to a closed PR (#23189) (#23324)
-  * Fix broken code editor diff preview (#23307) (#23320)
-  * Support sanitising the URL by removing extra slashes in the URL (#21333) (#23300)
-  * Avoid panic caused by broken payload when creating commit status (#23216) (#23294)
-  * Fill head commit to in payload when notifying push commits for mirroring (#23215) (#23292)
-  * Fix various bugs for "install" page (#23194) (#23286)
-  * Fix GetFilesChangedBetween if the file name may be escaped (#23272) (#23279)
-  * Revert relative links to absolute links in mail templates (#23267) (#23269)
-  * Fix commit retrieval by tag (#21804) (#23266)
-  * Use correct README link to render the README (#23152) (#23264)
-  * Close the temp file when dumping database to make the temp file can be deleted on Windows (#23249) (#23251)
-  * Use the correct selector to hide the checkmark of selected labels on clear (#23224) (#23228)
-  * Fix incorrect checkbox behaviors in the dashboard repolist's filter (#23147) (#23205)
-  * Properly flush unique queues on startup (#23154) (#23201)
-  * Pass `--global` when calling `git config --get`, for consistency with `git config --set` (#23157) (#23199)
-  * Make `gitea serv` respect git binary home (#23138) (#23197)
-  * Change button text for commenting and closing an issue at the same time (#23135) (#23182)
-  * Fix DBConsistency checks on MSSQL (#23132) (#23134)
-  * Show empty repos in Admin Repository Management page (#23114) (#23130)
-  * Redirect to the commit page after applying patch (#23056) (#23127)
-  * Fix nil context in RenderMarkdownToHtml (#23092) (#23108)
-  * Make issue meta dropdown support Enter, confirm before reloading (#23014) (#23102)
-  * Fix SyncOnCommit always return false in API of push_mirrors (#23088) (#23100)
-  * Fix commit name in Apply Patch page (#23086) (#23099)
-  * Fix some more hidden problems (#23074) (#23075)
-  * Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)
-  * Get rules by id when editing branch protection rule (#22932)
-  * Fix panic when call api (/repos/{owner}/{repo}/pulls/{index}/files) (#22921)
-  * Increase Content field size of gpg_import_key to MEDIUMTEXT (#22897)
-  * Fix hidden commit status on multiple checks (#22889)
-  * Fix update by rebase being wrongly disabled by protected base branch (#22825)
-  * Make issue title edit buttons focusable and fix incorrect ajax requests (#22807)
-  * Fix rerun button of Actions (#22798)
-  * remove update language in ProfilePost (#22748)
-  * Do not overwrite empty DefaultBranch (#22708)
-  * Fix ref to trigger Actions (#22679)
-  * Fix time to NotifyPullRequestSynchronized (#22650)
-  * Show all projects, not just repo projects and open/closed projects  (#22640)
-  * Project links should use parent link methods (#22587)
-  * Fix group filter for ldap source sync (#22506)
-  * Check quota limits for container uploads (#22450)
-  * Fix halfCommitter and WithTx (#22366)
-  * Attempt to fix TestExportUserGPGKeys (#22159)
-  * Fix heatmap first color being unused (#22157)
-  * Fix scroll over mermaid frame (#21925)
-  * Move migration test fixtures to the correct directories (#21901)
-  * fix(web): add `alt` for logo in home page (#21887)
-  * Fix webhook attachment text is not set in review comment (#21763)
-  * Alter package_version.metadata_json to LONGTEXT (#21667)
-  * Ensure that Webhook tasks are not double delivered (#21558)
-* TESTING
-  * Make CI use a dummy password hasher for all tests (#22983)
-  * Disable test for incoming email (#22686)
-  * Move fuzz tests into tests/fuzz (#22376)
-  * Test views of LFS files (#22196)
-  * Specify ID in `TestAPITeam` (#22192)
-  * verify nodeinfo response by schema  (#22137)
-  * Skip GitHub migration tests if the API token is undefined (#21824)
-  * Add a simple test for external renderer (#20033)
-* TRANSLATION
-  * Use "Title Case" for text "Reference in new issue" (#22936)
-* BUILD
-  * Wrap unless-check in docker manifests (#23079) (#23081)
-  * Adjust manifest to prevent tagging latest on rcs (#22811)
-  * update to build with go1.20 (#22732)
-  * Add Bash and Zsh completion scripts (#22646)
-  * Add Contributed backport command (#22643)
-  * Remove deprecated packages & staticcheck fixes (#22012)
-  * Update to Alpine 3.17 (#21904)
-  * Fix webpack license warning (#21815)
-* DOCS
-  * Update documentation for the new YAML label file format  (#23020) (#23341)
-  * Update hacking-on-gitea-zh_cn documentation (#23315) (#23323)
-  * Add basic documentation for labels, including scoped labels (#23304) (#23309)
-  * Re-add accidentally removed `hacking-on-gitea.zh-cn.md` (#23297) (#23305)
-  * Fix secrets overview page missing from docs sidebar (#23143) (#23145)
-  * Add some guidelines for refactoring (#22880)
-  * Explain that the no-access team unit does not affect public repositories (#22661)
-  * Fix incorrect Redis URL snippets in the example app.ini (#22573)
-  * docs: add swagger.json file location to FAQ (#22489)
-  * Update index.de-de.md (#22363)
-  * Update Gmail mailer configuration (#22291)
-  * Add missed reverse proxy authentication documentation (#22250)
-  * Add plural definitions for German translations (#21802)
-  * Attempt clarify AppWorkPath etc. (#21656)
-  * Add some documentation to packages (#21648)
-* MISC
-  * Use `<nav>` instead of `<div>` in the global navbar (#23125) (#23533)
-  * Do not create commit graph for temporary repos (#23219) (#23229)
-  * Update button is shown when a Pull Request is marked WIP - Issue #21740 (#22683)
-  * Add main landmark to templates and adjust titles (#22670)
-  * Fix error on account activation with wrong passwd (#22609)
-  * Update JS dependencies (#22538)
-  * Display unreferenced packages total size in package admin panel (#22498)
-  * Mobile fix for Project view: Add delay to Sortable.js on mobile, to ensure scrolling is possible. (#22152)
-  * Update chroma to v2.4.0 (#22000)
-  * Hide collapse icon in diff with no lines (#21094)
-
 ## [1.18.5](https://github.com/go-gitea/gitea/releases/tag/v1.18.5) - 2023-02-21

 * ENHANCEMENTS
@@ -564,6 +65,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 ## [1.18.2](https://github.com/go-gitea/gitea/releases/tag/v1.18.2) - 2023-01-19

 * BUGFIXES
+  * When updating by rebase we need to set the environment for head repo (#22535) (#22536)
  * Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
  * Fix invalid issue branch reference if not specified in template (#22513) (#22520)
  * Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
@@ -613,7 +115,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Restore previous official review when an official review is deleted (#22449) (#22460)
  * Log STDERR of external renderer when it fails (#22442) (#22444)

-## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/v1.18.0) - 2022-12-29
+## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/1.18.0) - 2022-12-22

 * SECURITY
  * Remove ReverseProxy authentication from the API (#22219) (#22251)
@@ -809,7 +311,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Update JS dependencies, adjust eslint (#20659)
  * Add more linters to improve code readability (#19989)

-## [1.17.4](https://github.com/go-gitea/gitea/releases/tag/v1.17.4) - 2022-12-21
+## [1.17.4](https://github.com/go-gitea/gitea/releases/tag/1.17.4) - 2022-12-21

 * SECURITY
  * Do not allow Ghost access to limited visible user/org (#21849) (#21875)
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -1,96 +0,0 @@
-# Gitea Community Code of Conduct
-
-## About
-
-Online communities include people from many different backgrounds. The Gitea contributors are committed to providing a friendly, safe and welcoming environment for all, regardless of gender identity and expression, sexual orientation, disabilities, neurodiversity, physical appearance, body size, ethnicity, nationality, race, age, religion, or similar personal characteristics.
-
-The first goal of the Code of Conduct is to specify a baseline standard of behavior so that people with different social values and communication styles can talk about Gitea effectively, productively, and respectfully.
-
-The second goal is to provide a mechanism for resolving conflicts in the community when they arise.
-
-The third goal of the Code of Conduct is to make our community welcoming to people from different backgrounds. Diversity is critical to the project; for Gitea to be successful, it needs contributors and users from all backgrounds.
-
-We believe that healthy debate and disagreement are essential to a healthy project and community. However, it is never ok to be disrespectful. We value diverse opinions, but we value respectful behavior more.
-
-## Community values
-
-These are the values to which people in the Gitea community should aspire.
-
- **Be friendly and welcoming.**
- **Be patient.**
-  - Remember that people have varying communication styles and that not everyone is using their native language. (Meaning and tone can be lost in translation.)
- **Be thoughtful.**
-  - Productive communication requires effort. Think about how your words will be interpreted.
-  - Remember that sometimes it is best to refrain entirely from commenting.
- **Be respectful.**
-  - In particular, respect differences of opinion.
- **Be charitable.**
-  - Interpret the arguments of others in good faith, do not seek to disagree.
-  - When we do disagree, try to understand why.
- **Be constructive.**
-  - Avoid derailing: stay on topic; if you want to talk about something else, start a new conversation.
-  - Avoid unconstructive criticism: don't merely decry the current state of affairs; offer—or at least solicit—suggestions as to how things may be improved.
-  - Avoid snarking (pithy, unproductive, sniping comments)
-  - Avoid discussing potentially offensive or sensitive issues; this all too often leads to unnecessary conflict.
-  - Avoid microaggressions (brief and commonplace verbal, behavioral and environmental indignities that communicate hostile, derogatory or negative slights and insults to a person or group).
- **Be responsible.**
-  - What you say and do matters. Take responsibility for your words and actions, including their consequences, whether intended or otherwise.
-
-People are complicated. You should expect to be misunderstood and to misunderstand others; when this inevitably occurs, resist the urge to be defensive or assign blame. Try not to take offense where no offense was intended. Give people the benefit of the doubt. Even if the intent was to provoke, do not rise to it. It is the responsibility of all parties to de-escalate conflict when it arises.
-
-## Code of Conduct
-
-### Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, religion, or sexual identity and orientation.
-
-### Our Standards
-
-Examples of behavior that contributes to creating a positive environment include:
-
- Using welcoming and inclusive language
- Being respectful of differing viewpoints and experiences
- Gracefully accepting constructive criticism
- Focusing on what is best for the community
- Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
- The use of sexualized language or imagery and unwelcome sexual attention or advances
- Trolling, insulting/derogatory comments, and personal or political attacks
- Public or private harassment
- Publishing others’ private information, such as a physical or electronic address, without explicit permission
- Other conduct which could reasonably be considered inappropriate in a professional setting
-
-### Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or reject: comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, as well as to ban (temporarily or permanently) any contributor for behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-### Scope
-
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
-
-This Code of Conduct also applies outside the project spaces when the Project Stewards have a reasonable belief that an individual’s behavior may have a negative impact on the project or its community.
-
-### Conflict Resolution
-
-We do not believe that all conflict is bad; healthy debate and disagreement often yield positive results. However, it is never okay to be disrespectful or to engage in behavior that violates the project’s code of conduct.
-
-If you see someone violating the code of conduct, you are encouraged to address the behavior directly with those involved. Many issues can be resolved quickly and easily, and this gives people more control over the outcome of their dispute. If you are unable to resolve the matter for any reason, or if the behavior is threatening or harassing, report it. We are dedicated to providing an environment where participants feel welcome and safe.
-
-Reports should be directed to the Gitea Project Stewards at conduct@gitea.com. It is the Project Stewards’ duty to receive and address reported violations of the code of conduct. They will then work with a committee consisting of representatives from the technical-oversight-committee.
-
-We will investigate every complaint, but you may not receive a direct response. We will use our discretion in determining when and how to follow up on reported incidents, which may range from not taking action to permanent expulsion from the project and project-sponsored spaces. Under normal circumstances, we will notify the accused of the report and provide them an opportunity to discuss it before any action is taken. If there is a consensus between maintainers that such an endeavor would be useless (i.e. in case of an obvious spammer), we reserve the right to take action without notifying the accused first. The identity of the reporter will be omitted from the details of the report supplied to the accused. In potentially harmful situations, such as ongoing harassment or threats to anyone’s safety, we may take action without notice.
-
-### Attribution
-
-This Code of Conduct is adapted from the Contributor Covenant, version 1.4, available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
-
-## Summary
-
- Treat everyone with respect and kindness.
- Be thoughtful in how you communicate.
- Don’t be destructive or inflammatory.
- If you encounter an issue, please mail conduct@gitea.com.
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,157 +1,75 @@
 # Contribution Guidelines

-<details><summary>Table of Contents</summary>
+## Table of Contents

 - [Contribution Guidelines](#contribution-guidelines)
+  - [Table of Contents](#table-of-contents)
  - [Introduction](#introduction)
-  - [Issues](#issues)
-    - [How to report issues](#how-to-report-issues)
-    - [Types of issues](#types-of-issues)
-    - [Discuss your design before the implementation](#discuss-your-design-before-the-implementation)
-  - [Building Gitea](#building-gitea)
-  - [Dependencies](#dependencies)
-    - [Backend](#backend)
-    - [Frontend](#frontend)
-  - [Design guideline](#design-guideline)
-  - [Styleguide](#styleguide)
-  - [Copyright](#copyright)
-  - [Testing](#testing)
+  - [Bug reports](#bug-reports)
+  - [Discuss your design](#discuss-your-design)
+  - [Testing redux](#testing-redux)
+  - [Vendoring](#vendoring)
  - [Translation](#translation)
+  - [Building Gitea](#building-gitea)
  - [Code review](#code-review)
-    - [Pull request format](#pull-request-format)
-    - [PR title and summary](#pr-title-and-summary)
-    - [Milestone](#milestone)
-    - [Labels](#labels)
-    - [Breaking PRs](#breaking-prs)
-      - [What is a breaking PR?](#what-is-a-breaking-pr)
-      - [How to handle breaking PRs?](#how-to-handle-breaking-prs)
-    - [Maintaining open PRs](#maintaining-open-prs)
-    - [Getting PRs merged](#getting-prs-merged)
-    - [Final call](#final-call)
-    - [Commit messages](#commit-messages)
-      - [PR Co-authors](#pr-co-authors)
-      - [PRs targeting `main`](#prs-targeting-main)
-      - [Backport PRs](#backport-prs)
-  - [Documentation](#documentation)
+  - [Styleguide](#styleguide)
+  - [Design guideline](#design-guideline)
  - [API v1](#api-v1)
-    - [GitHub API compatability](#github-api-compatability)
-    - [Adding/Maintaining API routes](#addingmaintaining-api-routes)
-    - [When to use what HTTP method](#when-to-use-what-http-method)
-    - [Requirements for API routes](#requirements-for-api-routes)
-  - [Backports and Frontports](#backports-and-frontports)
-    - [What is backported?](#what-is-backported)
-    - [How to backport?](#how-to-backport)
-    - [Format of backport PRs](#format-of-backport-prs)
-    - [Frontports](#frontports)
  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
  - [Release Cycle](#release-cycle)
  - [Maintainers](#maintainers)
-  - [Technical Oversight Committee (TOC)](#technical-oversight-committee-toc)
-    - [Current TOC members](#current-toc-members)
-    - [Previous TOC/owners members](#previous-tocowners-members)
-  - [Governance Compensation](#governance-compensation)
-  - [TOC \& Working groups](#toc--working-groups)
-  - [Roadmap](#roadmap)
+  - [Owners](#owners)
  - [Versions](#versions)
  - [Releasing Gitea](#releasing-gitea)
-
-</details>
+  - [Copyright](#copyright)

 ## Introduction

-This document explains how to contribute changes to the Gitea project. \
-It assumes you have followed the [installation instructions](https://docs.gitea.io/en-us/). \
-Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).
+This document explains how to contribute changes to the Gitea project.
+It assumes you have followed the
+[installation instructions](https://docs.gitea.io/en-us/).
+Sensitive security-related issues should be reported to
+[security@gitea.io](mailto:security@gitea.io).

-For configuring IDEs for Gitea development, see the [contributed IDE configurations](contrib/ide/).
+For configuring IDE or code editor to develop Gitea see [IDE and code editor configuration](contrib/ide/)

-## Issues
+## Bug reports

-### How to report issues
+Please search the issues on the issue tracker with a variety of keywords
+to ensure your bug is not already reported.

-Please search the issues on the issue tracker with a variety of related keywords to ensure that your issue has not already been reported.
+If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new)
+and answer the questions so we can understand and reproduce the
+problematic behavior.

-If your issue has not been reported yet, [open an issue](https://github.com/go-gitea/gitea/issues/new)
-and answer the questions so we can understand and reproduce the problematic behavior. \
-Please write clear and concise instructions so that we can reproduce the behavior — even if it seems obvious. \
-The more detailed and specific you are, the faster we can fix the issue. \
-It is really helpful if you can reproduce your problem on a site running on the latest commits, i.e. <https://try.gitea.io>, as perhaps your problem has already been fixed on a current version. \
-Please follow the guidelines described in [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html) for your report.
+To show us that the issue you are having is in Gitea itself, please
+write clear, concise instructions so we can reproduce the behavior—
+even if it seems obvious. The more detailed and specific you are,
+the faster we can fix the issue. Check out [How to Report Bugs
+Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).

-Please be kind, remember that Gitea comes at no cost to you, and you're getting free help.
+Please be kind, remember that Gitea comes at no cost to you, and you're
+getting free help.

-### Types of issues
+## Discuss your design

-Typically, issues fall in one of the following categories:
+The project welcomes submissions. If you want to change or add something,
+please let everyone know what you're working on—[file an issue](https://github.com/go-gitea/gitea/issues/new)!
+Significant changes must go through the change proposal process
+before they can be accepted. To create a proposal, file an issue with
+your proposed changes documented, and make sure to note in the title
+of the issue that it is a proposal.

- `bug`: Something in the frontend or backend behaves unexpectedly
- `security issue`: bug that has serious implications such as leaking another users data. Please do not file such issues on the public tracker and send a mail to security@gitea.io instead
- `feature`: Completely new functionality. You should describe this feature in enough detail that anyone who reads the issue can understand how it is supposed to be implemented
- `enhancement`: An existing feature should get an upgrade
- `refactoring`: Parts of the code base don't conform with other parts and should be changed to improve Gitea's maintainability
+This process gives everyone a chance to validate the design, helps
+prevent duplication of effort, and ensures that the idea fits inside
+the goals for the project and tools. It also checks that the design is
+sound before code is written; the code review tool is not the place for
+high-level discussions.

-### Discuss your design before the implementation
+## Testing redux

-We welcome submissions. \
-If you want to change or add something, please let everyone know what you're working on — [file an issue](https://github.com/go-gitea/gitea/issues/new) or comment on an existing one before starting your work!
-
-Significant changes such as new features must go through the change proposal process before they can be accepted. \
-This is mainly to save yourself the trouble of implementing it, only to find out that your proposed implementation has some potential problems. \
-Furthermore, this process gives everyone a chance to validate the design, helps prevent duplication of effort, and ensures that the idea fits inside
-the goals for the project and tools.
-
-Pull requests should not be the place for architecture discussions.
-
-## Building Gitea
-
-See the [development setup instructions](https://docs.gitea.com/development/hacking-on-gitea).
-
-## Dependencies
-
-### Backend
-
-Go dependencies are managed using [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance). \
-You can find more details in the [go mod documentation](https://go.dev/ref/mod) and the [Go Modules Wiki](https://github.com/golang/go/wiki/Modules).
-
-Pull requests should only modify `go.mod` and `go.sum` where it is related to your change, be it a bugfix or a new feature. \
-Apart from that, these files should only be modified by Pull Requests whose only purpose is to update dependencies.
-
-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
-and must be verified by the reviewers and/or merger to always reference
-an existing upstream commit.
-
-### Frontend
-
-For the frontend, we use [npm](https://www.npmjs.com/).
-
-The same restrictions apply for frontend dependencies as for backend dependencies, with the exceptions that the files for it are `package.json` and `package-lock.json`, and that new versions must always reference an existing version.
-
-## Design guideline
-
-Depending on your change, please read the
-
- [backend development guideline](https://docs.gitea.com/contributing/guidelines-backend)
- [frontend development guideline](https://docs.gitea.com/contributing/guidelines-frontend)
- [refactoring guideline](https://docs.gitea.com/contributing/guidelines-refactoring)
-
-## Styleguide
-
-You should always run `make fmt` before committing to conform to Gitea's styleguide.
-
-## Copyright
-
-New code files that you contribute should use the standard copyright header:
-
-```
-// Copyright <current year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-```
-
-Afterwards, copyright should only be modified when the copyright author changes.
-
-## Testing
-
-Before submitting a pull request, run all tests to make sure your changes don't cause a regression elsewhere.
+Before submitting a pull request, run all the tests for the whole tree
+to make sure your changes don't cause regression elsewhere.

 Here's how to run the test suite:

@@ -159,290 +77,248 @@ Here's how to run the test suite:

 |                       |                                                                   |
 | :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not needed if you only change the front- **or** backend)    |
+|``make lint``          | lint everything (not suggest if you only change one type code)    |
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |

- run tests (we suggest running them on Linux)
+- run test code (Suggest run in Linux)

-|  Command                               | Action                                           |              |
-| :------------------------------------- | :----------------------------------------------- | ------------ |
-|``make test[\#SpecificTestName]``       |  run unit test(s)  |
-|``make test-sqlite[\#SpecificTestName]``|  run [integration](tests/integration) test(s) for SQLite |[More details](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#SpecificTestName]``|  run [end-to-end](tests/e2e) test(s) for SQLite |[More details](tests/e2e/README.md)  |
+|                                        |                                                  |
+| :------------------------------------- | :----------------------------------------------- |
+|``make test[\#TestSpecificName]``       |  run unit test  |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
+|[More details about integration tests](tests/integration/README.md)  |
+|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
+|[More details about e2e tests](tests/e2e/README.md)  |
+
+## Vendoring
+
+We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
+
+Pull requests should only include `go.mod`, `go.sum` updates if they are part of
+the same change, be it a bugfix or a feature addition.
+
+The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
+and must be verified by the reviewers and/or merger to always reference
+an existing upstream commit.
+
+You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).

 ## Translation

-All translation work happens on [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this repository is [the English translation](https://github.com/go-gitea/gitea/blob/main/options/locale/locale_en-US.ini).
-It is synced regularly with Crowdin. \
-Other locales on main branch **should not** be updated manually as they will be overwritten with each sync. \
-Once a language has reached a **satisfactory percentage** of translated keys (~25%), it will be synced back into this repo and included in the next released version.
+We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
+The only translation that is maintained in this Git repository is
+[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
+and is synced regularly to Crowdin. Once a translation has reached
+A SATISFACTORY PERCENTAGE it will be synced back into this repo and
+included in the next released version.

-The tool `go run build/backport-locale.go` can be used to backport locales from the main branch to release branches that were missed.
+## Building Gitea
+
+See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).

 ## Code review

-### Pull request format
+Changes to Gitea must be reviewed before they are accepted—no matter who
+makes the change, even if they are an owner or a maintainer. We use GitHub's
+pull request workflow to do that. And, we also use [LGTM](http://lgtm.co)
+to ensure every PR is reviewed by at least 2 maintainers.

-Please try to make your pull request easy to review for us. \
-For that, please read the [*Best Practices for Faster Reviews*](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews) guide. \
-It has lots of useful tips for any project you may want to contribute to. \
+Please try to make your pull request easy to review for us. And, please read
+the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews)* guide;
+it has lots of useful tips for any project you may want to contribute.
 Some of the key points:

- Make small pull requests. \
-  The smaller, the faster to review and the more likely it will be merged soon.
- Don't make changes unrelated to your PR. \
-  Maybe there are typos on some comments, maybe refactoring would be welcome on a function... \
-  but if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. \
-  An incremental change will be faster to review than a huge PR.
- Allow edits by maintainers. This way, the maintainers will take care of merging the PR later on instead of you.
+- Make small pull requests. The smaller, the faster to review and the
+  more likely it will be merged soon.
+- Don't make changes unrelated to your PR. Maybe there are typos on
+  some comments, maybe refactoring would be welcome on a function... but
+  if that is not related to your PR, please make *another* PR for that.
+- Split big pull requests into multiple small ones. An incremental change
+  will be faster to review than a huge PR.
+- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.

-### PR title and summary
-
-In the PR title, describe the problem you are fixing, not how you are fixing it. \
-Use the first comment as a summary of your PR. \
-In the PR summary, you can describe exactly how you are fixing this problem. \
-Keep this summary up-to-date as the PR evolves. \
-If your PR changes the UI, you must add **after** screenshots in the PR summary. \
-If you are not implementing a new feature, you should also post **before** screenshots for comparison. \
-If your PR closes some issues, you must note that in a way that both GitHub and Gitea understand, i.e. by appending a paragraph like
-
-```text
-Fixes/Closes/Resolves #<ISSUE_NR_X>.
-Fixes/Closes/Resolves #<ISSUE_NR_Y>.
-```
-
-to your summary. \
-Each issue that will be closed must stand on a separate line.
-
-### Milestone
-
-A PR should only be assigned to a milestone if it will likely be merged into the given version. \
-As a rule of thumb, assume that a PR will stay open for an additional month for every 100 added lines. \
-PRs without a milestone may not be merged.
-
-### Labels
-
-Every PR should be labeled correctly with every label that applies. \
-This includes especially the distinction between `bug` (fixing existing functionality), `feature` (new functionality), `enhancement` (upgrades for existing functionality), and `refactoring` (improving the internal code structure without changing the output (much)). \
-Furthermore,
-
- the amount of pending required approvals
- whether this PR is `blocked`, a `backport` or `breaking`
- if it targets the `ui` or `api`
- if it increases the application `speed`
- reduces `memory usage`
-
-are oftentimes notable labels.
-
-### Breaking PRs
-
-#### What is a breaking PR?
-
-A PR is breaking if it meets one of the following criteria:
-
- It changes API output in an incompatible way for existing users
- It removes a setting that an admin could previously set (i.e. via `app.ini`)
- An admin must do something manually to restore the old behavior
-
-In particular, this means that adding new settings is not breaking.\
-Changing the default value of a setting or replacing the setting with another one is breaking, however.
-
-#### How to handle breaking PRs?
-
-If your PR has a breaking change, you must add a `BREAKING` section to your PR summary, e.g.
+If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:

 ```
 ## :warning: BREAKING :warning:
 ```

-To explain how this will affect users and how to mitigate these changes.
+To explain how this could affect users and how to mitigate these changes.

-### Maintaining open PRs
+Once code review starts on your PR, do not rebase nor squash your branch as it makes it
+difficult to review the new changes. Only if there is a need, sync your branch by merging
+the base branch into yours. Don't worry about merge commits messing up your tree as
+the final merge process squashes all commits into one, with the visible commit message (first
+line) being the PR title + PR index and description being the PR's first comment.

-The moment you create a non-draft PR or the moment you convert a draft PR to a non-draft PR is the moment code review starts for it. \
-Once that happens, do not rebase or squash your branch anymore as it makes it difficult to review the new changes. \
-Merge the base branch into your branch only when you really need to, i.e. because of conflicting changes in the mean time. \
-This reduces unnecessary CI runs. \
-Don't worry about merge commits messing up your commit history as every PR will be squash merged. \
-This means that all changes are joined into a single new commit whose message is as described below.
+Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
+builds (unless there's a merge conflict or a request is made by a maintainer to make
+modifications). It is the maintainer team's responsibility from this point to get it merged.

-### Getting PRs merged
+## Styleguide

-Changes to Gitea must be reviewed before they are accepted — no matter who
-makes the change, even if they are an owner or a maintainer. \
-The only exception are critical bugs that prevent Gitea from being compiled or started. \
-Specifically, we require two approvals from maintainers for every PR. \
-Once this criteria has been met, your PR receives the `lgtm/done` label. \
-From this point on, your only responsibility is to fix merge conflicts or respond to/implement requests by maintainers. \
-It is the responsibility of the maintainers from this point to get your PR merged.
+For imports you should use the following format (*without* the comments)

-If a PR has the `lgtm/done` label and there are no open discussions or merge conflicts anymore, any maintainer can add the `reviewed/wait-merge` label. \
-This label means that the PR is part of the merge queue and will be merged as soon as possible. \
-The merge queue will be cleared in the order of the list below:
+```go
+import (
+  // stdlib
+  "fmt"
+  "math"

-<https://github.com/go-gitea/gitea/pulls?q=is%3Apr+label%3Areviewed%2Fwait-merge+sort%3Acreated-asc+is%3Aopen>
+  // local packages
+  "code.gitea.io/gitea/models"
+  "code.gitea.io/sdk/gitea"

-Gitea uses it's own tool, the <https://github.com/GiteaBot/gitea-backporter> to automate parts of the review process. \
-This tool does the things listed below automatically:
-
- create a backport PR if needed once the initial PR was merged
- remove the PR from the merge queue after the PR merged
- keep the oldest branch in the merge queue up to date with merges
-
-### Final call
-
-If a PR has been ignored for more than 7 days with no comments or reviews, and the author or any maintainer believes it will not survive a long wait (such as a refactoring PR), they can send "final call" to the TOC by mentioning them in a comment.
-
-After another 7 days, if there is still zero approval, this is considered a polite refusal, and the PR will be closed to avoid wasting further time. Therefore, the "final call" has a cost, and should be used cautiously.
-
-However, if there are no objections from maintainers, the PR can be merged with only one approval from the TOC (not the author).
-
-### Commit messages
-
-Mergers are able and required to rewrite the PR title and summary (the first comment of a PR) so that it can produce an easily understandable commit message if necessary. \
-The final commit message should no longer contain any uncertainty such as `hopefully, <x> won't happen anymore`. Replace uncertainty with certainty.
-
-#### PR Co-authors
-
-A person counts as a PR co-author the moment they (co-)authored a commit that is not simply a `Merge base branch into branch` commit. \
-Mergers are required to remove such "false-positive" co-authors when writing the commit message. \
-The true co-authors must remain in the commit message.
-
-#### PRs targeting `main`
-
-The commit message of PRs targeting `main` is always
-
-```bash
-$PR_TITLE ($PR_INDEX)
-
-$REWRITTEN_PR_SUMMARY
+  // external packages
+  "github.com/foo/bar"
+  "gopkg.io/baz.v1"
+)
 ```

-#### Backport PRs
+## Design guideline

-The commit message of backport PRs is always
+To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:

-```bash
-$PR_TITLE ($INITIAL_PR_INDEX) ($BACKPORT_PR_INDEX)
-
-$REWRITTEN_PR_SUMMARY
-```
+- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
+- **models/fixtures:** Sample model data used in integration tests.
+- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
+- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
+- **public:** Frontend files (javascript, images, css, etc.)
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
+- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
+- **templates:** Golang templates for generating the html output.
+- **tests/e2e:** End to end tests
+- **tests/integration:** Integration tests
+- **vendor:** External code that Gitea depends on.

 ## Documentation

-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated in the same PR.
+If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.

 ## API v1

-The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [the GitHub API](https://docs.github.com/en/rest).
+The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).

-### GitHub API compatability
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.

-Gitea's API should use the same endpoints and fields as the GitHub API as far as possible, unless there are good reasons to deviate. \
-If Gitea provides functionality that GitHub does not, a new endpoint can be created. \
-If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields. \
-Updating an existing API should not remove existing fields unless there is a really good reason to do so. \
-The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to API v2 (which is currently not planned).
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.

-### Adding/Maintaining API routes
+If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.

-All expected results (errors, success, fail messages) must be documented ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)). \
-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91)) \
-and referenced in [routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go). \
-They can then be used like [this example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318). \
-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68)) \
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/) ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16)) \
-They can be used like [this example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279).
+Updating an existing API should not remove existing fields unless there is a really good reason to do so.

-### When to use what HTTP method
+The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
+
+All expected results (errors, success, fail messages) should be documented
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
+
+All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
+and referenced in
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
+
+They can then be used like the following:
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
+
+All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
+and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
+
+They can be used like the following:
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))

 In general, HTTP methods are chosen as follows:

- **GET** endpoints return the requested object(s) and status **OK (200)**
- **DELETE** endpoints return the status **No Content (204)** and no content either
- **POST** endpoints are used to **create** new objects (e.g. a User) and return the status **Created (201)** and the created object
- **PUT** endpoints are used to **add/assign** existing Objects (e.g. a user to a team) and return the status **No Content (204)** and no content either
- **PATCH** endpoints are used to **edit/change** an existing object and return the changed object and the status **OK (200)**
+- **GET** endpoints return requested object and status **OK (200)**
+- **DELETE** endpoints return status **No Content (204)**
+- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
+- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
+- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object

-### Requirements for API routes
+An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).

-All parameters of endpoints changing/editing an object must be optional (except the ones to identify the object, which are required).
-
-Endpoints returning lists must
+### Endpoints returning lists should

 - support pagination (`page` & `limit` options in query)
 - set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

 ## Backports and Frontports

-### What is backported?
+Occasionally backports of PRs are required.

-We backport PRs given the following circumstances:
-
-1. Feature freeze is active, but `<version>-rc0` has not been released yet. Here, we backport as much as possible. <!-- TODO: Is that our definition with the new backport bot? -->
-2. `rc0` has been released. Here, we only backport bug- and security-fixes, and small enhancements. Large PRs such as refactors are not backported anymore. <!-- TODO: Is that our definition with the new backport bot? -->
-3. We never backport new features.
-4. We never backport breaking changes except when
-    1. The breaking change has no effect on the vast majority of users
-    2. The component triggering the breaking change is marked as experimental
-
-### How to backport?
-
-In the past, it was necessary to manually backport your PRs. \
-Now, that's not a requirement anymore as our [backport bot](https://github.com/GiteaBot) tries to create backports automatically once the PR is merged when the PR
-
- does not have the label `backport/manual`
- has the label `backport/<version>`
-
-The `backport/manual` label signifies either that you want to backport the change yourself, or that there were conflicts when backporting, thus you **must** do it yourself.
-
-### Format of backport PRs
-
-The title of backport PRs should be
+The backported PR title should be:

 ```
-<original PR title> (#<original pr number>)
+Title of backported PR (#ORIGINAL_PR_NUMBER)
 ```

-The first two lines of the summary of the backporting PR should be
+The first two lines of the summary of the backporting PR should be:

 ```
-Backport #<original pr number>
+Backport #ORIGINAL_PR_NUMBER

 ```

-with the rest of the summary and labels matching the original PR.
+with the rest of the summary matching the original PR. Similarly for frontports

-### Frontports
+---

-Frontports behave exactly as described above for backports.
+The below is a script that may be helpful in creating backports. YMMV.
+
+```bash
+#!/bin/sh
+PR="$1"
+SHA="$2"
+VERSION="$3"
+
+if [ -z "$SHA" ]; then
+    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
+fi
+
+if [ -z "$VERSION" ]; then
+    VERSION="v1.16"
+fi
+
+echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
+
+```

 ## Developer Certificate of Origin (DCO)

-We consider the act of contributing to the code by submitting a Pull Request as the "Sign off" or agreement to the certifications and terms of the [DCO](DCO) and [MIT license](LICENSE). \
-No further action is required. \
-You can also decide to sign off your commits by adding the following line at the end of your commit messages:
+We consider the act of contributing to the code by submitting a Pull
+Request as the "Sign off" or agreement to the certifications and terms
+of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
+Additionally you could add a line at the end of your commit message.

 ```
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```

-If you set the `user.name` and `user.email` Git config options, you can add the line to the end of your commits automatically with `git commit -s`.
+If you set your `user.name` and `user.email` Git configs, you can add the
+line to the end of your commit automatically with `git commit -s`.

 We assume in good faith that the information you provide is legally binding.

 ## Release Cycle

-We adopted a release schedule to streamline the process of working on, finishing, and issuing releases. \
-The overall goal is to make a major release every three or four months, which breaks down into two or three months of general development followed by one month of testing and polishing known as the release freeze. \
-All the feature pull requests should be
+We adopted a release schedule to streamline the process of working
+on, finishing, and issuing releases. The overall goal is to make a
+minor release every three or four months, which breaks down into two or three months of
+general development followed by one month of testing and polishing
+known as the release freeze. All the feature pull requests should be
 merged before feature freeze. And, during the frozen period, a corresponding
 release branch is open for fixes backported from main branch. Release candidates
 are made during this period for user testing to
-obtain a final version that is maintained in this branch.
+obtain a final version that is maintained in this branch. A release is
+maintained by issuing patch releases to only correct critical problems
+such as crashes or security issues.
+
+Major release cycles are seasonal. They always begin on the 25th and end on
+the 24th (i.e., the 25th of December to March 24th).

 During a development cycle, we may also publish any necessary minor releases
 for the previous version. For example, if the latest, published release is
@@ -451,12 +327,13 @@ still possible.

 ## Maintainers

-To make sure every PR is checked, we have [maintainers](MAINTAINERS). \
-Every PR **must** be reviewed by at least two maintainers (or owners) before it can get merged. \
-For refactoring PRs after a week and documentation only PRs, the approval of only one maintainer is enough. \
-A maintainer should be a contributor of Gitea and contributed at least
+To make sure every PR is checked, we have [team
+maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least
+two maintainers (or owners) before it can get merged. A maintainer
+should be a contributor of Gitea (or Gogs) and contributed at least
 4 accepted PRs. A contributor should apply as a maintainer in the
-[Discord](https://discord.gg/Gitea) `#develop` channel. The team maintainers may invite the contributor. A maintainer
+[Discord](https://discord.gg/NsatcWJ) #develop channel. The owners
+or the team maintainers may invite the contributor. A maintainer
 should spend some time on code reviews. If a maintainer has no
 time to do that, they should apply to leave the maintainers team
 and we will give them the honor of being a member of the [advisors
@@ -470,74 +347,69 @@ if possible provide GPG signed commits.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/

-## Technical Oversight Committee (TOC)
+## Owners

-At the start of 2023, the `Owners` team was dissolved. Instead, the governance charter proposed a technical oversight committee (TOC) which expands the ownership team of the Gitea project from three elected positions to six positions. Three positions would be elected as it has been over the past years, and the other three would consist of appointed members from the Gitea company.
-https://blog.gitea.io/2023/02/gitea-quarterly-report-23q1/
-
-When the new community members have been elected, the old members will give up ownership to the newly elected members. For security reasons, TOC members or any account with write access (like a bot) must use 2FA.
+Since Gitea is a pure community organization without any company support,
+to keep the development healthy we will elect three owners every year. All
+contributors may vote to elect up to three candidates, one of which will
+be the main owner, and the other two the assistant owners. When the new
+owners have been elected, the old owners will give up ownership to the
+newly elected owners. If an owner is unable to do so, the other owners
+will assist in ceding ownership to the newly elected owners.
+For security reasons, Owners or any account with write access (like a bot)
+must use 2FA.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

-### Current TOC members
+After the election, the new owners should proactively agree
+with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the
+[Discord](https://discord.gg/NsatcWJ) #general channel. Below are the
+words to speak:

- 2023-01-01 ~ 2023-12-31 - https://blog.gitea.io/2023/02/gitea-quarterly-report-23q1/
-  - Company
-    - [Jason Song](https://gitea.com/wolfogre) <i@wolfogre.com>
-    - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-    - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - Community
-    - [6543](https://gitea.com/6543) <6543@obermui.de>
-    - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-    - [John Olheiser](https://gitea.com/jolheiser) <john.olheiser@gmail.com>
+```
+I'm honored to having been elected an owner of Gitea, I agree with
+[CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea
+and lead the development of Gitea.
+```

-### Previous TOC/owners members
+To honor the past owners, here's the history of the owners and the time
+they served:

-Here's the history of the owners and the time they served:
+- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>

- [Lunny Xiao](https://gitea.com/lunny) - 2016, 2017, [2018](https://github.com/go-gitea/gitea/issues/3255), [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
- [Kim Carlbäcker](https://github.com/bkcsoft) - 2016, 2017
- [Thomas Boerger](https://gitea.com/tboerger) - 2016, 2017
- [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) - [2018](https://github.com/go-gitea/gitea/issues/3255), [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801)
- [Matti Ranta](https://gitea.com/techknowlogick) - [2019](https://github.com/go-gitea/gitea/issues/5572), [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
- [Andrew Thornton](https://gitea.com/zeripath) - [2020](https://github.com/go-gitea/gitea/issues/9230), [2021](https://github.com/go-gitea/gitea/issues/13801), [2022](https://github.com/go-gitea/gitea/issues/17872)
+- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

-## Governance Compensation
+- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
+  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

-Each member of the community elected TOC will be granted $500 each month as compensation for their work.
+- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>

-Furthermore, any community release manager for a specific release or LTS will be compensated $500 for the delivery of said release.
+- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

-These funds will come from community sources like the OpenCollective rather than directly from the company.
-Only non-company members are eligible for this compensation, and if a member of the community TOC takes the responsibility of release manager, they would only be compensated for their TOC duties.
-Gitea Ltd employees are not eligible to receive any funds from the OpenCollective unless it is reimbursement for a purchase made for the Gitea project itself.
-
-## TOC & Working groups
-
-With Gitea covering many projects outside of the main repository, several groups will be created to help focus on specific areas instead of requiring maintainers to be a jack-of-all-trades. Maintainers are of course more than welcome to be part of multiple groups should they wish to contribute in multiple places.
-
-The currently proposed groups are:
-
- **Core Group**: maintain the primary Gitea repository
- **Integration Group**: maintain the Gitea ecosystem's related tools, including go-sdk/tea/changelog/bots etc.
- **Documentation Group**: maintain related documents and repositories
- **Translation Group**: coordinate with translators and maintain translations
- **Security Group**: managed by TOC directly, members are decided by TOC, maintains security patches/responsible for security items
-
-## Roadmap
-
-Each year a roadmap will be discussed with the entire Gitea maintainers team, and feedback will be solicited from various stakeholders.
-TOC members need to review the roadmap every year and work together on the direction of the project.
-
-When a vote is required for a proposal or other change, the vote of community elected TOC members count slightly more than the vote of company elected TOC members. With this approach, we both avoid ties and ensure that changes align with the mission statement and community opinion.
-
-You can visit our roadmap on the wiki.
+- 2016-11-04 ~ 2017-12-31
+  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
+  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

 ## Versions

 Gitea has the `main` branch as a tip branch and has version branches
-such as `release/v1.19`. `release/v1.19` is a release branch and we will
-tag `v1.19.0` for binary download. If `v1.19.0` has bugs, we will accept
-pull requests on the `release/v1.19` branch and publish a `v1.19.1` tag,
+such as `release/v0.9`. `release/v0.9` is a release branch and we will
+tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
+pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
 after bringing the bug fix also to the main branch.

 Since the `main` branch is a tip version, if you wish to use Gitea
@@ -557,7 +429,21 @@ be reviewed by two maintainers and must pass the automatic tests.
 - And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
 - If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
 - Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.com and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.com/gitea/version.json
+- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
+  - bump the version of https://dl.gitea.io/gitea/version.json
  - merge the blog post PR
  - announce the release in discord `#announcements`
+
+## Copyright
+
+Code that you contribute should use the standard copyright header:
+
+```
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+```
+
+Files in the repository contain copyright from the year they are added
+to the year they are last changed. If the copyright author is changed,
+just paste the header below the old one.
--- a/4
+++ b/4
@@ -2,6 +2,8 @@ Developer Certificate of Origin
 Version 1.1

 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA

 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
@@ -31,4 +33,4 @@ By making a contribution to this project, I certify that:
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+    this project or the open source license(s) involved.
--- a/6
+++ b/6
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.18 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.18
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -64,7 +64,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.18 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.18
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
@@ -54,9 +54,7 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

 #git:git
 USER 1000:1000
--- a/16
+++ b/16
@@ -5,6 +5,8 @@ Kees de Vries <bouwko@gmail.com> (@Bwko)
 Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
+Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
+Morgan Bazalgette <the@howl.moe> (@thehowl)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@@ -41,14 +43,10 @@ Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
 Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
-Leon Hofmeister <dev.lh@web.de> (@delvh)
+Leon Hofmeister <dev.lh@web.de> (@delvh) 
+Gusted <williamzijl7@hotmail.com) (@Gusted)
+silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
+xinyu <xinyu@nerv.org.cn> (@penlinux)
 Jason Song <i@wolfogre.com> (@wolfogre)
-Yarden Shoham <git@yardenshoham.com> (@yardenshoham)
-Yu Tian <zettat123@gmail.com> (@Zettat123)
-Eddie Yang <576951401@qq.com> (@yp05327)
-Dong Ge <gedong_1994@163.com> (@sillyguodong)
-Xinyi Gong <hestergong@gmail.com> (@HesterG)
-wxiaoguang <wxiaoguang@gmail.com> (@wxiaoguang)
-Gary Moon <gary@garymoon.net> (@garymoon)
-Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
+Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
--- a/319
+++ b/319
@@ -20,28 +20,28 @@ IMPORT := code.gitea.io/gitea

 GO ?= go
 SHASUM ?= shasum -a 256
-HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
+HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.20.x
+XGO_VERSION := go-1.19.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.43.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.5.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2
-GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.5.0
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.1
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.4.0
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0
+GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.4
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)

-ifeq ($(HAS_GO), yes)
+ifeq ($(HAS_GO), GO)
 	GOPATH ?= $(shell $(GO) env GOPATH)
 	export PATH := $(GOPATH)/bin:$(PATH)

@@ -77,23 +77,13 @@ ifeq ($(RACE_ENABLED),true)
 endif

 STORED_VERSION_FILE := VERSION
-HUGO_VERSION ?= 0.111.3

-GITHUB_REF_TYPE ?= branch
-GITHUB_REF_NAME ?= $(shell git rev-parse --abbrev-ref HEAD)
-
-# backwards compatible to build with Drone
 ifneq ($(DRONE_TAG),)
-	GITHUB_REF_TYPE := tag
-	GITHUB_REF_NAME := $(DRONE_TAG)
-endif
-
-ifneq ($(GITHUB_REF_TYPE),branch)
-	VERSION ?= $(subst v,,$(GITHUB_REF_NAME))
+	VERSION ?= $(subst v,,$(DRONE_TAG))
 	GITEA_VERSION ?= $(VERSION)
 else
-	ifneq ($(GITHUB_REF_NAME),)
-		VERSION ?= $(subst release/v,,$(GITHUB_REF_NAME))
+	ifneq ($(DRONE_BRANCH),)
+		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
 		VERSION ?= main
 	endif
@@ -106,24 +96,18 @@ else
 	endif
 endif

-# if version = "main" then update version to "nightly"
-ifeq ($(VERSION),main)
-	VERSION := main-nightly
-endif
-
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
-GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))

 FOMANTIC_WORK_DIR := web_src/fomantic

-WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
+WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
-WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack
+WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js

 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))
@@ -145,11 +129,11 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify

 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)

-GO_DIRS := build cmd models modules routers services tests
-WEB_DIRS := web_src/js web_src/css
+GO_DIRS := cmd tests models modules routers build services tools
+WEB_DIRS := web_src/js web_src/less

 GO_SOURCES := $(wildcard *.go)
-GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
+GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

@@ -203,26 +187,11 @@ help:
 	@echo " - clean                            delete backend and integration files"
 	@echo " - clean-all                        delete backend, frontend and integration files"
 	@echo " - deps                             install dependencies"
-	@echo " - deps-docs                        install docs dependencies"
 	@echo " - deps-frontend                    install frontend dependencies"
 	@echo " - deps-backend                     install backend dependencies"
-	@echo " - deps-tools                       install tool dependencies"
 	@echo " - lint                             lint everything"
-	@echo " - lint-fix                         lint everything and fix issues"
-	@echo " - lint-actions                     lint action workflow files"
 	@echo " - lint-frontend                    lint frontend files"
-	@echo " - lint-frontend-fix                lint frontend files and fix issues"
 	@echo " - lint-backend                     lint backend files"
-	@echo " - lint-backend-fix                 lint backend files and fix issues"
-	@echo " - lint-go                          lint go files"
-	@echo " - lint-go-fix                      lint go files and fix issues"
-	@echo " - lint-go-vet                      lint go files with vet"
-	@echo " - lint-js                          lint js files"
-	@echo " - lint-js-fix                      lint js files and fix issues"
-	@echo " - lint-css                         lint css files"
-	@echo " - lint-css-fix                     lint css files and fix issues"
-	@echo " - lint-md                          lint markdown files"
-	@echo " - lint-swagger                     lint swagger files"
 	@echo " - checks                           run various consistency checks"
 	@echo " - checks-frontend                  check frontend files"
 	@echo " - checks-backend                   check backend files"
@@ -240,10 +209,13 @@ help:
 	@echo " - generate-manpage                 generate manpage"
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
+	@echo " - golangci-lint                    run golangci-lint linter"
 	@echo " - go-licenses                      regenerate go licenses"
+	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
+	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"

 .PHONY: go-check
 go-check:
@@ -294,16 +266,12 @@ clean:
 fmt:
 	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
 	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
-	@# strip whitespace after '{{' or '(' and before '}}' or ')' unless there is only
-	@# whitespace before it
-	@$(SED_INPLACE) \
-		-e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' \
-	  -e 's/([ 	]\{1,\}/(/g' -e '/^[ 	]\{1,\})/! s/[ 	]\{1,\})/)/g' \
-	  $(TEMPLATES)
+	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
+	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)

 .PHONY: fmt-check
 fmt-check: fmt
-	@diff=$$(git diff --color=always $(GO_SOURCES) templates $(WEB_DIRS)); \
+	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
 	if [ -n "$$diff" ]; then \
 	  echo "Please run 'make fmt' and commit the result:"; \
 	  echo "$${diff}"; \
@@ -314,6 +282,12 @@ fmt-check: fmt
 misspell-check:
 	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)

+.PHONY: vet
+vet:
+	@echo "Running go vet..."
+	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
+	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
+
 .PHONY: $(TAGS_EVIDENCE)
 $(TAGS_EVIDENCE):
 	@mkdir -p $(MAKE_EVIDENCE_DIR)
@@ -333,7 +307,7 @@ $(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)

 .PHONY: swagger-check
 swagger-check: generate-swagger
-	@diff=$$(git diff --color=always '$(SWAGGER_SPEC)'); \
+	@diff=$$(git diff '$(SWAGGER_SPEC)'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
@@ -346,6 +320,11 @@ swagger-validate:
 	$(GO) run $(SWAGGER_PACKAGE) validate './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'

+.PHONY: errcheck
+errcheck:
+	@echo "Running errcheck..."
+	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)
+
 .PHONY: checks
 checks: checks-frontend checks-backend

@@ -353,86 +332,28 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate

 .PHONY: lint
 lint: lint-frontend lint-backend

-.PHONY: lint-fix
-lint-fix: lint-frontend-fix lint-backend-fix
-
 .PHONY: lint-frontend
-lint-frontend: lint-js lint-css lint-md lint-swagger
-
-.PHONY: lint-frontend-fix
-lint-frontend-fix: lint-js-fix lint-css-fix lint-md lint-swagger
-
-.PHONY: lint-backend
-lint-backend: lint-go lint-go-vet lint-editorconfig
-
-.PHONY: lint-backend-fix
-lint-backend-fix: lint-go-fix lint-go-vet lint-editorconfig
-
-.PHONY: lint-js
-lint-js: node_modules
+lint-frontend: node_modules
 	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
-
-.PHONY: lint-js-fix
-lint-js-fix: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e --fix
-
-.PHONY: lint-css
-lint-css: node_modules
-	npx stylelint --color --max-warnings=0 web_src/css web_src/js/components/*.vue
-
-.PHONY: lint-css-fix
-lint-css-fix: node_modules
-	npx stylelint --color --max-warnings=0 web_src/css web_src/js/components/*.vue --fix
-
-.PHONY: lint-swagger
-lint-swagger: node_modules
+	npx stylelint --color --max-warnings=0 web_src/less
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
-
-.PHONY: lint-md
-lint-md: node_modules
 	npx markdownlint docs *.md

-.PHONY: lint-go
-lint-go:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run
-
-.PHONY: lint-go-fix
-lint-go-fix:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run --fix
-
-# workaround step for the lint-go-windows CI task because 'go run' can not
-# have distinct GOOS/GOARCH for its build and run steps
-.PHONY: lint-go-windows
-lint-go-windows:
-	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
-	golangci-lint run
-
-.PHONY: lint-go-vet
-lint-go-vet:
-	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
-
-.PHONY: lint-editorconfig
-lint-editorconfig:
-	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates .github/workflows
-
-.PHONY: lint-actions
-lint-actions:
-	$(GO) run $(ACTIONLINT_PACKAGE)
+.PHONY: lint-backend
+lint-backend: golangci-lint vet editorconfig-checker

 .PHONY: watch
 watch:
-	@bash build/watch.sh
+	bash tools/watch.sh

 .PHONY: watch-frontend
 watch-frontend: node-check node_modules
-	@rm -rf $(WEBPACK_DEST_ENTRIES)
+	rm -rf $(WEBPACK_DEST_ENTRIES)
 	NODE_ENV=development npx webpack --watch --progress

 .PHONY: watch-backend
@@ -445,7 +366,7 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)

 .PHONY: test-frontend
 test-frontend: node_modules
@@ -466,7 +387,7 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)

 .PHONY: coverage
 coverage:
@@ -477,7 +398,7 @@ coverage:
 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: tidy
 tidy:
@@ -491,7 +412,7 @@ vendor: go.mod go.sum

 .PHONY: tidy-check
 tidy-check: tidy
-	@diff=$$(git diff --color=always go.mod go.sum $(GO_LICENSE_FILE)); \
+	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
 		echo "$${diff}"; \
@@ -521,7 +442,14 @@ test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)

 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test
+
+.PHONY: test-sqlite-migration\#%
+test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
+

 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@@ -542,7 +470,9 @@ test-mysql\#%: integrations.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.individual.mysql.test

 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@@ -563,7 +493,9 @@ test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.individual.mysql8.test

 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@@ -585,7 +517,9 @@ test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)

 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.individual.pgsql.test

 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@@ -606,7 +540,9 @@ test-mssql\#%: integrations.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)

 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test -test.failfast
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.individual.mssql.test -test.failfast

 .PHONY: playwright
 playwright: $(PLAYWRIGHT_DIR)
@@ -701,82 +637,50 @@ integrations.sqlite.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.mysql.test
-migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
+migrations.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test

 .PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
+migrations.mysql8.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test

 .PHONY: migrations.pgsql.test
-migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
+migrations.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test

 .PHONY: migrations.mssql.test
-migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.mssql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test

 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test

 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test

 .PHONY: migrations.individual.mysql8.test
 migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.mysql8.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test

 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.pgsql.test\#%
-migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
-
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test

 .PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg -test.failfast; \
-	done
-
-.PHONY: migrations.individual.mssql.test\#%
-migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+migrations.individual.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test

 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.sqlite.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+migrations.individual.sqlite.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'

 e2e.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
@@ -823,7 +727,7 @@ generate-go: $(TAGS_PREREQ)

 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) ./...
+	govulncheck -v ./...

 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
@@ -840,28 +744,28 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
-ifneq ($(DRONE_TAG),)
+ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifneq ($(DRONE_TAG),)
+ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifneq ($(DRONE_TAG),)
+ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
-ifneq ($(DRONE_TAG),)
+ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

@@ -892,17 +796,14 @@ release-docs: | $(DIST_DIRS) docs
 	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs/public .

 .PHONY: docs
-docs: deps-docs
+docs:
+	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+	fi
 	cd docs; make trans-copy clean build-offline;

-.PHONY: deps-docs
-deps-docs:
-	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		curl -sL https://github.com/gohugoio/hugo/releases/download/v$(HUGO_VERSION)/hugo_$(HUGO_VERSION)_Linux-64bit.tar.gz | tar zxf - -C /tmp && mkdir -p ~/go/bin && mv /tmp/hugo ~/go/bin/hugo && chmod +x ~/go/bin/hugo; \
-	fi
-
 .PHONY: deps
-deps: deps-frontend deps-backend deps-tools deps-docs
+deps: deps-frontend deps-backend

 .PHONY: deps-frontend
 deps-frontend: node_modules
@@ -910,11 +811,9 @@ deps-frontend: node_modules
 .PHONY: deps-backend
 deps-backend:
 	$(GO) mod download
-
-.PHONY: deps-tools
-deps-tools:
 	$(GO) install $(AIR_PACKAGE)
 	$(GO) install $(EDITORCONFIG_CHECKER_PACKAGE)
+	$(GO) install $(ERRCHECK_PACKAGE)
 	$(GO) install $(GOFUMPT_PACKAGE)
 	$(GO) install $(GOLANGCI_LINT_PACKAGE)
 	$(GO) install $(GXZ_PAGAGE)
@@ -923,7 +822,6 @@ deps-tools:
 	$(GO) install $(XGO_PACKAGE)
 	$(GO) install $(GO_LICENSES_PACKAGE)
 	$(GO) install $(GOVULNCHECK_PACKAGE)
-	$(GO) install $(ACTIONLINT_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save
@@ -943,8 +841,6 @@ fomantic:
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
-	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
-	$(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

@@ -965,7 +861,7 @@ svg: node-check | node_modules
 .PHONY: svg-check
 svg-check: svg
 	@git add $(SVG_DEST_DIR)
-	@diff=$$(git diff --color=always --cached $(SVG_DEST_DIR)); \
+	@diff=$$(git diff --cached $(SVG_DEST_DIR)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make svg' and 'git add $(SVG_DEST_DIR)' and commit the result:"; \
 		echo "$${diff}"; \
@@ -975,7 +871,7 @@ svg-check: svg
 .PHONY: lockfile-check
 lockfile-check:
 	npm install --package-lock-only
-	@diff=$$(git diff --color=always package-lock.json); \
+	@diff=$$(git diff package-lock.json); \
 	if [ -n "$$diff" ]; then \
 		echo "package-lock.json is inconsistent with package.json"; \
 		echo "Please run 'npm install --package-lock-only' and commit the result:"; \
@@ -1014,10 +910,33 @@ generate-manpage:
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
 	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page

+.PHONY: pr\#%
+pr\#%: clean-all
+	$(GO) run contrib/pr/checkout.go $*
+
+.PHONY: golangci-lint
+golangci-lint:
+	$(GO) run $(GOLANGCI_LINT_PACKAGE) run
+
+# workaround step for the lint-backend-windows CI task because 'go run' can not
+# have distinct GOOS/GOARCH for its build and run steps
+.PHONY: golangci-lint-windows
+golangci-lint-windows:
+	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
+	golangci-lint run
+
+.PHONY: editorconfig-checker
+editorconfig-checker:
+	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates
+
 .PHONY: docker
 docker:
 	docker build --disable-content-trust=false -t $(DOCKER_REF) .
 # support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .

+.PHONY: docker-build
+docker-build:
+	docker run -ti --rm -v "$(CURDIR):/srv/app/src/code.gitea.io/gitea" -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" CGO_EXTRA_CFLAGS="$(CGO_EXTRA_CFLAGS)" webhippie/golang:edge make clean build
+
 # This endif closes the if at the top of the file
 endif
--- a/README.md
+++ b/README.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -45,7 +45,7 @@
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
@@ -110,7 +110,7 @@ Translations are done through Crowdin. If you want to translate to a new languag

 You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.

-https://docs.gitea.io/en-us/contributing/translation-guidelines/
+https://docs.gitea.io/en-us/translation-guidelines/

 [![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

@@ -173,8 +173,8 @@ for the full license text.

 Looking for an overview of the interface? Check it out!

-|![Dashboard](https://dl.gitea.com/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.com/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.com/screenshots/global_issues.png)|
+|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
 |:---:|:---:|:---:|
-|![Branches](https://dl.gitea.com/screenshots/branches.png)|![Web Editor](https://dl.gitea.com/screenshots/web_editor.png)|![Activity](https://dl.gitea.com/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.com/screenshots/migration.png)|![Migrating](https://dl.gitea.com/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.com/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.com/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.com/screenshots/diff_dark.png)|
+|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -45,7 +45,7 @@
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
@@ -91,8 +91,8 @@ Fork -> Patch -> Push -> Pull Request

 ## 截图

-|![Dashboard](https://dl.gitea.com/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.com/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.com/screenshots/global_issues.png)|
+|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
 |:---:|:---:|:---:|
-|![Branches](https://dl.gitea.com/screenshots/branches.png)|![Web Editor](https://dl.gitea.com/screenshots/web_editor.png)|![Activity](https://dl.gitea.com/screenshots/activity.png)|
-|![New Migration](https://dl.gitea.com/screenshots/migration.png)|![Migrating](https://dl.gitea.com/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
-![Pull Request Dark](https://dl.gitea.com/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.com/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.com/screenshots/diff_dark.png)|
+|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build.go
+++ b/build.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build vendor

--- a/build/backport-locales.go
+++ b/build/backport-locales.go
@@ -1,114 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build ignore
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"strings"
-
-	"code.gitea.io/gitea/modules/setting"
-)
-
-func main() {
-	if len(os.Args) != 2 {
-		println("usage: backport-locales <to-ref>")
-		println("eg: backport-locales release/v1.19")
-		os.Exit(1)
-	}
-
-	mustNoErr := func(err error) {
-		if err != nil {
-			panic(err)
-		}
-	}
-	collectInis := func(ref string) map[string]setting.ConfigProvider {
-		inis := map[string]setting.ConfigProvider{}
-		err := filepath.WalkDir("options/locale", func(path string, d os.DirEntry, err error) error {
-			if err != nil {
-				return err
-			}
-			if d.IsDir() || !strings.HasSuffix(d.Name(), ".ini") {
-				return nil
-			}
-			cfg, err := setting.NewConfigProviderForLocale(path)
-			mustNoErr(err)
-			inis[path] = cfg
-			fmt.Printf("collecting: %s @ %s\n", path, ref)
-			return nil
-		})
-		mustNoErr(err)
-		return inis
-	}
-
-	// collect new locales from current working directory
-	inisNew := collectInis("HEAD")
-
-	// switch to the target ref, and collect the old locales
-	cmd := exec.Command("git", "checkout", os.Args[1])
-	cmd.Stdout = os.Stdout
-	cmd.Stderr = os.Stderr
-	mustNoErr(cmd.Run())
-	inisOld := collectInis(os.Args[1])
-
-	// use old en-US as the base, and copy the new translations to the old locales
-	enUsOld := inisOld["options/locale/locale_en-US.ini"]
-	brokenWarned := map[string]bool{}
-	for path, iniOld := range inisOld {
-		if iniOld == enUsOld {
-			continue
-		}
-		iniNew := inisNew[path]
-		if iniNew == nil {
-			continue
-		}
-		for _, secEnUS := range enUsOld.Sections() {
-			secOld := iniOld.Section(secEnUS.Name())
-			secNew := iniNew.Section(secEnUS.Name())
-			for _, keyEnUs := range secEnUS.Keys() {
-				if secNew.HasKey(keyEnUs.Name()) {
-					oldStr := secOld.Key(keyEnUs.Name()).String()
-					newStr := secNew.Key(keyEnUs.Name()).String()
-					broken := oldStr != "" && strings.Count(oldStr, "%") != strings.Count(newStr, "%")
-					broken = broken || strings.Contains(oldStr, "\n") || strings.Contains(oldStr, "\n")
-					if broken {
-						brokenWarned[secOld.Name()+"."+keyEnUs.Name()] = true
-						fmt.Println("----")
-						fmt.Printf("WARNING: skip broken locale: %s , [%s] %s\n", path, secEnUS.Name(), keyEnUs.Name())
-						fmt.Printf("\told: %s\n", strings.ReplaceAll(oldStr, "\n", "\\n"))
-						fmt.Printf("\tnew: %s\n", strings.ReplaceAll(newStr, "\n", "\\n"))
-						continue
-					}
-					secOld.Key(keyEnUs.Name()).SetValue(newStr)
-				}
-			}
-		}
-		mustNoErr(iniOld.SaveTo(path))
-	}
-
-	fmt.Println("========")
-
-	for path, iniNew := range inisNew {
-		for _, sec := range iniNew.Sections() {
-			for _, key := range sec.Keys() {
-				str := sec.Key(key.Name()).String()
-				broken := strings.Contains(str, "\n")
-				broken = broken || strings.HasPrefix(str, "`") != strings.HasSuffix(str, "`")
-				broken = broken || strings.HasPrefix(str, "\"`")
-				broken = broken || strings.HasPrefix(str, "`\"")
-				broken = broken || strings.Count(str, `"`)%2 == 1
-				broken = broken || strings.Count(str, "`")%2 == 1
-				if broken && !brokenWarned[sec.Name()+"."+key.Name()] {
-					fmt.Printf("WARNING: found broken locale: %s , [%s] %s\n", path, sec.Name(), key.Name())
-					fmt.Printf("\tstr: %s\n", strings.ReplaceAll(str, "\n", "\\n"))
-					fmt.Println("----")
-				}
-			}
-		}
-	}
-}
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -65,6 +66,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"modules",
 			"routers",
 			"services",
+			"tools",
 		}
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))

--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -32,15 +33,11 @@ func needsUpdate(dir, filename string) (bool, []byte) {

 	hasher := sha1.New()

-	err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
+	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
-		info, err := d.Info()
-		if err != nil {
-			return err
-		}
-		_, _ = hasher.Write([]byte(d.Name()))
+		_, _ = hasher.Write([]byte(info.Name()))
 		_, _ = hasher.Write([]byte(info.ModTime().String()))
 		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
 		return nil
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -60,13 +61,13 @@ func main() {
 	// generate data
 	buf, err := generate()
 	if err != nil {
-		log.Fatalf("generate err: %v", err)
+		log.Fatal(err)
 	}

 	// write
 	err = os.WriteFile(*flagOut, buf, 0o644)
 	if err != nil {
-		log.Fatalf("WriteFile err: %v", err)
+		log.Fatal(err)
 	}
 }

@@ -189,10 +190,6 @@ func generate() ([]byte, error) {
 		}
 	}

-	sort.Slice(data, func(i, j int) bool {
-		return data[i].Aliases[0] < data[j].Aliases[0]
-	})
-
 	// add header
 	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))

@@ -212,8 +209,8 @@ func generate() ([]byte, error) {

 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package emoji

--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -7,10 +8,8 @@ package main

 import (
 	"encoding/json"
-	"fmt"
 	"io/fs"
 	"os"
-	"path"
 	"path/filepath"
 	"regexp"
 	"sort"
@@ -28,47 +27,14 @@ type LicenseEntry struct {
 }

 func main() {
-	if len(os.Args) != 3 {
-		fmt.Println("usage: go run generate-go-licenses.go <base-dir> <out-json-file>")
-		os.Exit(1)
-	}
-
 	base, out := os.Args[1], os.Args[2]

-	// Add ext for excluded files because license_test.go will be included for some reason.
-	// And there are more files that should be excluded, check with:
-	//
-	// go run github.com/google/go-licenses@v1.6.0 save . --force --save_path=.go-licenses 2>/dev/null
-	// find .go-licenses -type f | while read FILE; do echo "${$(basename $FILE)##*.}"; done | sort -u
-	//    AUTHORS
-	//    COPYING
-	//    LICENSE
-	//    Makefile
-	//    NOTICE
-	//    gitignore
-	//    go
-	//    md
-	//    mod
-	//    sum
-	//    toml
-	//    txt
-	//    yml
-	//
-	// It could be removed once we have a better regex.
-	excludedExt := map[string]bool{
-		".gitignore": true,
-		".go":        true,
-		".mod":       true,
-		".sum":       true,
-		".toml":      true,
-		".yml":       true,
-	}
-	var paths []string
+	paths := []string{}
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
-		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt[filepath.Ext(entry.Name())] {
+		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
 			return nil
 		}
 		paths = append(paths, path)
@@ -80,27 +46,26 @@ func main() {

 	sort.Strings(paths)

-	var entries []LicenseEntry
-	for _, filePath := range paths {
-		licenseText, err := os.ReadFile(filePath)
+	entries := []LicenseEntry{}
+	for _, path := range paths {
+		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}

-		pkgPath := filepath.ToSlash(filePath)
-		pkgPath = strings.TrimPrefix(pkgPath, base+"/")
-		pkgName := path.Dir(pkgPath)
+		path := strings.Replace(path, base+string(os.PathSeparator), "", 1)
+		name := filepath.Dir(path)

 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
 		// removing both of them for the sake of stable output.
-		if pkgName == "." || pkgName == "code.gitea.io/gitea" {
+		if name == "." || name == "code.gitea.io/gitea" {
 			continue
 		}

 		entries = append(entries, LicenseEntry{
-			Name:        pkgName,
-			Path:        pkgPath,
+			Name:        name,
+			Path:        path,
 			LicenseText: string(licenseText),
 		})
 	}
@@ -110,11 +75,6 @@ func main() {
 		panic(err)
 	}

-	// Ensure file has a final newline
-	if jsonBytes[len(jsonBytes)-1] != '\n' {
-		jsonBytes = append(jsonBytes, '\n')
-	}
-
 	err = os.WriteFile(out, jsonBytes, 0o644)
 	if err != nil {
 		panic(err)
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -2,7 +2,7 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'node:fs/promises';
+import {readFile, writeFile} from 'fs/promises';

 function exit(err) {
  if (err) console.error(err);
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'node:path';
-import {readFile, writeFile, mkdir} from 'node:fs/promises';
-import {fileURLToPath} from 'node:url';
+import {parse} from 'path';
+import {readFile, writeFile, mkdir} from 'fs/promises';
+import {fileURLToPath} from 'url';

 const glob = (pattern) => fastGlob.sync(pattern, {
  cwd: fileURLToPath(new URL('..', import.meta.url)),
@@ -25,22 +25,14 @@ async function processFile(file, {prefix, fullName} = {}) {
    if (prefix === 'octicon') name = name.replace(/-[0-9]+$/, ''); // chop of '-16' on octicons
  }

-  // Set the `xmlns` attribute so that the files are displayable in standalone documents
-  // The svg backend module will strip the attribute during startup for inline display
  const {data} = optimize(await readFile(file, 'utf8'), {
    plugins: [
      {name: 'preset-default'},
+      {name: 'removeXMLNS'},
      {name: 'removeDimensions'},
      {name: 'prefixIds', params: {prefix: () => name}},
      {name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
-      {
-        name: 'addAttributesToSVGElement', params: {
-          attributes: [
-            {'xmlns': 'http://www.w3.org/2000/svg'},
-            {'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'},
-          ]
-        }
-      },
+      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
    ],
  });

--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
--- a/build/test-echo.go
+++ b/build/test-echo.go
@@ -1,20 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build ignore
-
-package main
-
-import (
-	"fmt"
-	"io"
-	"os"
-)
-
-func main() {
-	_, err := io.Copy(os.Stdout, os.Stdin)
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Error: %v", err)
-		os.Exit(1)
-	}
-}
--- a/build/update-locales.sh
+++ b/build/update-locales.sh
@@ -1,43 +1,14 @@
 #!/bin/sh

-# this script runs in alpine image which only has `sh` shell
-
-set +e
-if sed --version 2>/dev/null | grep -q GNU; then
-  SED_INPLACE="sed -i"
-else
-  SED_INPLACE="sed -i ''"
-fi
-set -e
-
-if [ ! -f ./options/locale/locale_en-US.ini ]; then
-  echo "please run this script in the root directory of the project"
-  exit 1
-fi
-
 mv ./options/locale/locale_en-US.ini ./options/

-# the "ini" library for locale has many quirks, its behavior is different from Crowdin.
-# see i18n_test.go for more details
-
-# this script helps to unquote the Crowdin outputs for the quirky ini library
-# * find all `key="...\"..."` lines
-# * remove the leading quote
-# * remove the trailing quote
-# * unescape the quotes
-# * eg: key="...\"..." => key=..."...
-$SED_INPLACE -r -e '/^[-.A-Za-z0-9_]+[ ]*=[ ]*".*"$/ {
-	s/^([-.A-Za-z0-9_]+)[ ]*=[ ]*"/\1=/
-	s/"$//
+# Make sure to only change lines that have the translation enclosed between quotes
+sed -i -r -e '/^[a-zA-Z0-9_.-]+[ ]*=[ ]*".*"$/ {
+	s/^([a-zA-Z0-9_.-]+)[ ]*="/\1=/
 	s/\\"/"/g
+	s/"$//
 	}' ./options/locale/*.ini

-# * if the escaped line is incomplete like `key="...` or `key=..."`, quote it with backticks
-# * eg: key="... => key=`"...`
-# * eg: key=..." => key=`..."`
-$SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*(".*[^"])$/\1=`\2`/' ./options/locale/*.ini
-$SED_INPLACE -r -e 's/^([-.A-Za-z0-9_]+)[ ]*=[ ]*([^"].*")$/\1=`\2`/' ./options/locale/*.ini
-
 # Remove translation under 25% of en_us
 baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
 baselines=$((baselines / 4))
--- a/build/watch.sh
+++ b/build/watch.sh
@@ -1,8 +0,0 @@
-#!/bin/bash
-set -euo pipefail
-
-make --no-print-directory watch-frontend &
-make --no-print-directory watch-backend &
-
-trap 'kill $(jobs -p)' EXIT
-wait
--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -1,55 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-
-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-)
-
-var (
-	// CmdActions represents the available actions sub-commands.
-	CmdActions = cli.Command{
-		Name:        "actions",
-		Usage:       "",
-		Description: "Commands for managing Gitea Actions",
-		Subcommands: []cli.Command{
-			subcmdActionsGenRunnerToken,
-		},
-	}
-
-	subcmdActionsGenRunnerToken = cli.Command{
-		Name:    "generate-runner-token",
-		Usage:   "Generate a new token for a runner to use to register with the server",
-		Action:  runGenerateActionsRunnerToken,
-		Aliases: []string{"grt"},
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "scope, s",
-				Value: "",
-				Usage: "{owner}[/{repo}] - leave empty for a global runner",
-			},
-		},
-	}
-)
-
-func runGenerateActionsRunnerToken(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setting.MustInstalled()
-
-	scope := c.String("scope")
-
-	respText, extra := private.GenerateActionsRunnerToken(ctx, scope)
-	if extra.HasError() {
-		return handleCliResponseExtra(extra)
-	}
-	_, _ = fmt.Printf("%s\n", respText)
-	return nil
-}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -1,13 +1,13 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"errors"
 	"fmt"
-	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
@@ -20,7 +20,6 @@ import (
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	repo_module "code.gitea.io/gitea/modules/repository"
-	"code.gitea.io/gitea/modules/util"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/auth/source/smtp"
@@ -226,15 +225,6 @@ var (
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
-		cli.StringFlag{
-			Name:  "group-team-map",
-			Value: "",
-			Usage: "JSON mapping between groups and org teams",
-		},
-		cli.BoolFlag{
-			Name:  "group-team-map-removal",
-			Usage: "Activate automatic team membership removal depending on groups",
-		},
 	}

 	microcmdAuthUpdateOauth = cli.Command{
@@ -350,7 +340,7 @@ func runRepoSyncReleases(_ *cli.Context) error {

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
 				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
@@ -402,7 +392,6 @@ func runRepoSyncReleases(_ *cli.Context) error {

 func getReleaseCount(id int64) (int64, error) {
 	return repo_model.GetReleaseCountByRepoID(
-		db.DefaultContext,
 		id,
 		repo_model.FindReleasesOptions{
 			IncludeTags: true,
@@ -457,8 +446,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 		GroupClaimName:                c.String("group-claim-name"),
 		AdminGroup:                    c.String("admin-group"),
 		RestrictedGroup:               c.String("restricted-group"),
-		GroupTeamMap:                  c.String("group-team-map"),
-		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
 	}
 }

@@ -470,19 +457,11 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

-	config := parseOAuth2Config(c)
-	if config.Provider == "openidConnect" {
-		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
-		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
-			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
-		}
-	}
-
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      config,
+		Cfg:      parseOAuth2Config(c),
 	})
 }

@@ -549,12 +528,6 @@ func runUpdateOauth(c *cli.Context) error {
 	if c.IsSet("restricted-group") {
 		oAuth2Config.RestrictedGroup = c.String("restricted-group")
 	}
-	if c.IsSet("group-team-map") {
-		oAuth2Config.GroupTeamMap = c.String("group-team-map")
-	}
-	if c.IsSet("group-team-map-removal") {
-		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
-	}

 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
@@ -596,7 +569,7 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 	if c.IsSet("auth-type") {
 		conf.Auth = c.String("auth-type")
 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
+		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
 			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
 		}
 		conf.Auth = c.String("auth-type")
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -57,11 +57,11 @@ func runDeleteUser(c *cli.Context) error {
 	var err error
 	var user *user_model.User
 	if c.IsSet("email") {
-		user, err = user_model.GetUserByEmail(ctx, c.String("email"))
+		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
 		user, err = user_model.GetUserByName(ctx, c.String("username"))
 	} else {
-		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
+		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
 	if err != nil {
 		return err
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -29,11 +29,6 @@ var microcmdUserGenerateAccessToken = cli.Command{
 			Name:  "raw",
 			Usage: "Display only the token value",
 		},
-		cli.StringFlag{
-			Name:  "scopes",
-			Value: "",
-			Usage: "Comma separated list of scopes to apply to access token",
-		},
 	},
 	Action: runGenerateAccessToken,
 }
@@ -55,15 +50,9 @@ func runGenerateAccessToken(c *cli.Context) error {
 		return err
 	}

-	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
-	if err != nil {
-		return err
-	}
-
 	t := &auth_model.AccessToken{
-		Name:  c.String("token-name"),
-		UID:   user.ID,
-		Scope: accessTokenScope,
+		Name: c.String("token-name"),
+		UID:  user.ID,
 	}

 	if err := auth_model.NewAccessToken(t); err != nil {
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -1,7 +1,8 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".
@@ -9,7 +10,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"io"
 	"os"
 	"os/signal"
 	"strings"
@@ -58,9 +58,9 @@ func confirm() (bool, error) {
 }

 func initDB(ctx context.Context) error {
-	setting.MustInstalled()
-	setting.LoadDBSetting()
-	setting.InitSQLLoggersForCli(log.INFO)
+	setting.LoadFromExisting()
+	setting.InitDBConfig()
+	setting.NewXORMLogService(false)

 	if setting.Database.Type == "" {
 		log.Fatal(`Database settings are missing from the configuration file: %q.
@@ -94,17 +94,3 @@ func installSignals() (context.Context, context.CancelFunc) {

 	return ctx, cancel
 }
-
-func setupConsoleLogger(level log.Level, colorize bool, out io.Writer) {
-	if out != os.Stdout && out != os.Stderr {
-		panic("setupConsoleLogger can only be used with os.Stdout or os.Stderr")
-	}
-
-	writeMode := log.WriterMode{
-		Level:        level,
-		Colorize:     colorize,
-		WriterOption: log.WriterConsoleOption{Stderr: out == os.Stderr},
-	}
-	writer := log.NewEventWriterConsole("console-default", writeMode)
-	log.GetManager().GetLogger(log.DEFAULT).RemoveAllWriters().AddWriters(writer)
-}
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -17,7 +18,7 @@ import (
 var CmdConvert = cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
-	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
 	Action:      runConvert,
 }

@@ -32,25 +33,20 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

-	switch {
-	case setting.Database.Type.IsMySQL():
-		if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
-			log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
-			return err
-		}
-		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
-	case setting.Database.Type.IsMSSQL():
-		if err := db.ConvertVarcharToNVarchar(); err != nil {
-			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
-			return err
-		}
-		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
-	default:
-		fmt.Println("This command can only be used with a MySQL or MSSQL database")
+	if !setting.Database.UseMySQL {
+		fmt.Println("This command can only be used with a MySQL database")
+		return nil
 	}

+	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+		return err
+	}
+
+	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+
 	return nil
 }
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -1,19 +1,19 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
+	"errors"
 	"fmt"
 	golog "log"
 	"os"
-	"path/filepath"
 	"strings"
 	"text/tabwriter"

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
-	migrate_base "code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -82,25 +82,22 @@ You should back-up your database before doing this and ensure that your database
 }

 func runRecreateTable(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
 	// Redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
-	golog.SetOutput(log.LoggerToWriter(log.GetLogger(log.DEFAULT).Info))
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

-	debug := ctx.Bool("debug")
-	setting.MustInstalled()
-	setting.LoadDBSetting()
+	setting.LoadFromExisting()
+	setting.InitDBConfig()

-	if debug {
-		setting.InitSQLLoggersForCli(log.DEBUG)
-	} else {
-		setting.InitSQLLoggersForCli(log.INFO)
-	}
+	setting.EnableXORMLog = ctx.Bool("debug")
+	setting.Database.LogSQL = ctx.Bool("debug")
+	setting.Cfg.Section("log").Key("XORM").SetValue(",")
+
+	setting.NewXORMLogService(!ctx.Bool("debug"))
+	stdCtx, cancel := installSignals()
+	defer cancel()

-	setting.Database.LogSQL = debug
 	if err := db.InitEngine(stdCtx); err != nil {
 		fmt.Println(err)
 		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
@@ -117,7 +114,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	recreateTables := migrate_base.RecreateTables(beans...)
+	recreateTables := migrations.RecreateTables(beans...)

 	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
@@ -127,31 +124,44 @@ func runRecreateTable(ctx *cli.Context) error {
 	})
 }

-func setupDoctorDefaultLogger(ctx *cli.Context, colorize bool) {
-	// Silence the default loggers
-	setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)
-
+func setDoctorLogger(ctx *cli.Context) {
 	logFile := ctx.String("log-file")
 	if !ctx.IsSet("log-file") {
 		logFile = "doctor.log"
 	}
+	colorize := log.CanColorStdout
+	if ctx.IsSet("color") {
+		colorize = ctx.Bool("color")
+	}

 	if len(logFile) == 0 {
-		// if no doctor log-file is set, do not show any log from default logger
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
 		return
 	}

-	if logFile == "-" {
-		setupConsoleLogger(log.TRACE, colorize, os.Stdout)
-	} else {
-		logFile, _ = filepath.Abs(logFile)
-		writeMode := log.WriterMode{Level: log.TRACE, WriterOption: log.WriterFileOption{FileName: logFile}}
-		writer, err := log.NewEventWriter("console-to-file", "file", writeMode)
-		if err != nil {
-			log.FallbackErrorf("unable to create file log writer: %v", err)
+	defer func() {
+		recovered := recover()
+		if recovered == nil {
 			return
 		}
-		log.GetManager().GetLogger(log.DEFAULT).RemoveAllWriters().AddWriters(writer)
+
+		err, ok := recovered.(error)
+		if !ok {
+			panic(recovered)
+		}
+		if errors.Is(err, os.ErrPermission) {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file due to permissions error: %s\n       %v\n", logFile, err)
+		} else {
+			fmt.Fprintf(os.Stderr, "ERROR: Unable to write logs to provided file: %s\n       %v\n", logFile, err)
+		}
+		fmt.Fprintf(os.Stderr, "WARN: Logging will be disabled\n       Use `--log-file` to configure log file location\n")
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
+	}()
+
+	if logFile == "-" {
+		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
+	} else {
+		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
 	}
 }

@@ -159,17 +169,22 @@ func runDoctor(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()

+	// Silence the default loggers
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)
+
+	// Now setup our own
+	setDoctorLogger(ctx)
+
 	colorize := log.CanColorStdout
 	if ctx.IsSet("color") {
 		colorize = ctx.Bool("color")
 	}

-	setupDoctorDefaultLogger(ctx, colorize)
-
-	// Finally redirect the default golang's log to here
+	// Finally redirect the default golog to here
 	golog.SetFlags(0)
 	golog.SetPrefix("")
-	golog.SetOutput(log.LoggerToWriter(log.GetLogger(log.DEFAULT).Info))
+	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

 	if ctx.IsSet("list") {
 		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
@@ -217,5 +232,17 @@ func runDoctor(ctx *cli.Context) error {
 		}
 	}

-	return doctor.RunChecks(stdCtx, colorize, ctx.Bool("fix"), checks)
+	// Now we can set up our own logger to return information about what the doctor is doing
+	if err := log.NewNamedLogger("doctorouter",
+		0,
+		"console",
+		"console",
+		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
+		fmt.Println(err)
+		return err
+	}
+
+	logger := log.GetLogger("doctorouter")
+	defer logger.Close()
+	return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
 }
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -112,10 +113,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "verbose, V",
 			Usage: "Show process details",
 		},
-		cli.BoolFlag{
-			Name:  "quiet, q",
-			Usage: "Only display warnings and errors",
-		},
 		cli.StringFlag{
 			Name:  "tempdir, t",
 			Value: os.TempDir(),
@@ -172,7 +169,10 @@ func runDump(ctx *cli.Context) error {
 	outType := ctx.String("type")
 	if fileName == "-" {
 		file = os.Stdout
-		setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)
+		err := log.DelLogger("console")
+		if err != nil {
+			fatal("Deleting default logger failed. Can not write to stdout: %v", err)
+		}
 	} else {
 		for _, suffix := range outputTypeEnum.Enum {
 			if strings.HasSuffix(fileName, "."+suffix) {
@@ -182,34 +182,20 @@ func runDump(ctx *cli.Context) error {
 		}
 		fileName += "." + outType
 	}
-	setting.MustInstalled()
+	setting.LoadFromExisting()

 	// make sure we are logging to the console no matter what the configuration tells us do to
-	// FIXME: don't use CfgProvider directly
-	if _, err := setting.CfgProvider.Section("log").NewKey("MODE", "console"); err != nil {
+	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
 	}
-	if _, err := setting.CfgProvider.Section("log.console").NewKey("STDERR", "true"); err != nil {
+	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
-
-	// Set loglevel to Warn if quiet-mode is requested
-	if ctx.Bool("quiet") {
-		if _, err := setting.CfgProvider.Section("log.console").NewKey("LEVEL", "Warn"); err != nil {
-			fatal("Setting console log-level failed: %v", err)
-		}
-	}
-
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
 		return fmt.Errorf("gitea is not initialized")
 	}
-	setting.LoadSettings() // cannot access session settings otherwise
-
-	verbose := ctx.Bool("verbose")
-	if verbose && ctx.Bool("quiet") {
-		return fmt.Errorf("--quiet and --verbose cannot both be set")
-	}
+	setting.NewServices() // cannot access session settings otherwise

 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -236,6 +222,7 @@ func runDump(ctx *cli.Context) error {
 		return err
 	}

+	verbose := ctx.Bool("verbose")
 	var iface interface{}
 	if fileName == "-" {
 		iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
@@ -262,9 +249,7 @@ func runDump(ctx *cli.Context) error {

 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
 			log.Info("Skip dumping LFS data")
-		} else if !setting.LFS.StartServer {
-			log.Info("LFS isn't enabled. Skip dumping LFS data")
-		} else if err := storage.LFS.IterateObjects("", func(objPath string, object storage.Object) error {
+		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
 				return err
@@ -286,14 +271,13 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
-		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
 			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()

 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")
@@ -339,7 +323,7 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Packing data directory...%s", setting.AppDataPath)

 		var excludes []string
-		if setting.SessionConfig.OriginalProvider == "file" {
+		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
@@ -353,10 +337,10 @@ func runDump(ctx *cli.Context) error {
 		}

 		excludes = append(excludes, setting.RepoRootPath)
-		excludes = append(excludes, setting.LFS.Storage.Path)
-		excludes = append(excludes, setting.Attachment.Storage.Path)
-		excludes = append(excludes, setting.Packages.Storage.Path)
-		excludes = append(excludes, setting.Log.RootPath)
+		excludes = append(excludes, setting.LFS.Path)
+		excludes = append(excludes, setting.Attachment.Path)
+		excludes = append(excludes, setting.Packages.Path)
+		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
@@ -365,7 +349,7 @@ func runDump(ctx *cli.Context) error {

 	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
 		log.Info("Skip dumping attachment data")
-	} else if err := storage.Attachments.IterateObjects("", func(objPath string, object storage.Object) error {
+	} else if err := storage.Attachments.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
 			return err
@@ -378,9 +362,7 @@ func runDump(ctx *cli.Context) error {

 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
 		log.Info("Skip dumping package data")
-	} else if !setting.Packages.Enabled {
-		log.Info("Packages isn't enabled. Skip dumping package data")
-	} else if err := storage.Packages.IterateObjects("", func(objPath string, object storage.Object) error {
+	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
 			return err
@@ -397,12 +379,12 @@ func runDump(ctx *cli.Context) error {
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
 	} else {
-		isExist, err := util.IsExist(setting.Log.RootPath)
+		isExist, err := util.IsExist(setting.LogRootPath)
 		if err != nil {
-			log.Error("Unable to check if %s exists. Error: %v", setting.Log.RootPath, err)
+			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
 		}
 		if isExist {
-			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
+			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
 				fatal("Failed to include log: %v", err)
 			}
 		}
@@ -428,6 +410,15 @@ func runDump(ctx *cli.Context) error {
 	return nil
 }

+func contains(slice []string, s string) bool {
+	for _, v := range slice {
+		if v == s {
+			return true
+		}
+	}
+	return false
+}
+
 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
 func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
@@ -448,7 +439,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		currentAbsPath := path.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
-			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
+			if !contains(excludeAbsPath, currentAbsPath) {
 				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
 					return err
 				}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -10,13 +11,13 @@ import (
 	"os"
 	"strings"

+	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/convert"
 	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
@@ -94,7 +95,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	var (
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -1,5 +1,8 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build bindata

 package cmd

@@ -8,9 +11,9 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"sort"
 	"strings"

-	"code.gitea.io/gitea/modules/assetfs"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/options"
 	"code.gitea.io/gitea/modules/public"
@@ -87,26 +90,49 @@ var (
 		},
 	}

-	matchedAssetFiles []assetFile
+	sections map[string]*section
+	assets   []asset
 )

-type assetFile struct {
-	fs   *assetfs.LayeredFS
-	name string
-	path string
+type section struct {
+	Path  string
+	Names func() []string
+	IsDir func(string) (bool, error)
+	Asset func(string) ([]byte, error)
+}
+
+type asset struct {
+	Section *section
+	Name    string
+	Path    string
 }

 func initEmbeddedExtractor(c *cli.Context) error {
-	setupConsoleLogger(log.ERROR, log.CanColorStderr, os.Stderr)
+	// Silence the console logger
+	log.DelNamedLogger("console")
+	log.DelNamedLogger(log.DEFAULT)

-	patterns, err := compileCollectPatterns(c.Args())
+	// Read configuration file
+	setting.LoadAllowEmpty()
+
+	pats, err := getPatterns(c.Args())
 	if err != nil {
 		return err
 	}
+	sections := make(map[string]*section, 3)

-	collectAssetFilesByPattern(c, patterns, "options", options.BuiltinAssets())
-	collectAssetFilesByPattern(c, patterns, "public", public.BuiltinAssets())
-	collectAssetFilesByPattern(c, patterns, "templates", templates.BuiltinAssets())
+	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
+	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
+	sections["templates"] = &section{Path: "templates", Names: templates.BuiltinAssetNames, IsDir: templates.BuiltinAssetIsDir, Asset: templates.BuiltinAsset}
+
+	for _, sec := range sections {
+		assets = append(assets, buildAssetList(sec, pats, c)...)
+	}
+
+	// Sort assets
+	sort.SliceStable(assets, func(i, j int) bool {
+		return assets[i].Path < assets[j].Path
+	})

 	return nil
 }
@@ -140,8 +166,8 @@ func runListDo(c *cli.Context) error {
 		return err
 	}

-	for _, a := range matchedAssetFiles {
-		fmt.Println(a.path)
+	for _, a := range assets {
+		fmt.Println(a.Path)
 	}

 	return nil
@@ -152,19 +178,19 @@ func runViewDo(c *cli.Context) error {
 		return err
 	}

-	if len(matchedAssetFiles) == 0 {
-		return fmt.Errorf("no files matched the given pattern")
-	} else if len(matchedAssetFiles) > 1 {
-		return fmt.Errorf("too many files matched the given pattern, try to be more specific")
+	if len(assets) == 0 {
+		return fmt.Errorf("No files matched the given pattern")
+	} else if len(assets) > 1 {
+		return fmt.Errorf("Too many files matched the given pattern; try to be more specific")
 	}

-	data, err := matchedAssetFiles[0].fs.ReadFile(matchedAssetFiles[0].name)
+	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", matchedAssetFiles[0].path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}

 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", matchedAssetFiles[0].path, err)
+		return fmt.Errorf("%s: %w", assets[0].Path, err)
 	}

 	return nil
@@ -176,7 +202,7 @@ func runExtractDo(c *cli.Context) error {
 	}

 	if len(c.Args()) == 0 {
-		return fmt.Errorf("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
+		return fmt.Errorf("A list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}

 	destdir := "."
@@ -201,7 +227,7 @@ func runExtractDo(c *cli.Context) error {
 	if err != nil {
 		return fmt.Errorf("%s: %s", destdir, err)
 	} else if !fi.IsDir() {
-		return fmt.Errorf("destination %q is not a directory", destdir)
+		return fmt.Errorf("%s is not a directory.", destdir)
 	}

 	fmt.Printf("Extracting to %s:\n", destdir)
@@ -209,23 +235,23 @@ func runExtractDo(c *cli.Context) error {
 	overwrite := c.Bool("overwrite")
 	rename := c.Bool("rename")

-	for _, a := range matchedAssetFiles {
+	for _, a := range assets {
 		if err := extractAsset(destdir, a, overwrite, rename); err != nil {
 			// Non-fatal error
-			fmt.Fprintf(os.Stderr, "%s: %v", a.path, err)
+			fmt.Fprintf(os.Stderr, "%s: %v", a.Path, err)
 		}
 	}

 	return nil
 }

-func extractAsset(d string, a assetFile, overwrite, rename bool) error {
-	dest := filepath.Join(d, filepath.FromSlash(a.path))
+func extractAsset(d string, a asset, overwrite, rename bool) error {
+	dest := filepath.Join(d, filepath.FromSlash(a.Path))
 	dir := filepath.Dir(dest)

-	data, err := a.fs.ReadFile(a.name)
+	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", a.path, err)
+		return fmt.Errorf("%s: %w", a.Path, err)
 	}

 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
@@ -246,7 +272,7 @@ func extractAsset(d string, a assetFile, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("error creating backup for %s: %w", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
@@ -267,30 +293,32 @@ func extractAsset(d string, a assetFile, overwrite, rename bool) error {
 	return nil
 }

-func collectAssetFilesByPattern(c *cli.Context, globs []glob.Glob, path string, layer *assetfs.Layer) {
-	fs := assetfs.Layered(layer)
-	files, err := fs.ListAllFiles(".", true)
-	if err != nil {
-		log.Error("Error listing files in %q: %v", path, err)
-		return
-	}
-	for _, name := range files {
-		if path == "public" &&
-			strings.HasPrefix(name, "vendor/") &&
-			!c.Bool("include-vendored") {
-			continue
-		}
-		matchName := path + "/" + name
-		for _, g := range globs {
-			if g.Match(matchName) {
-				matchedAssetFiles = append(matchedAssetFiles, assetFile{fs: fs, name: name, path: path + "/" + name})
-				break
+func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
+	results := make([]asset, 0, 64)
+	for _, name := range sec.Names() {
+		if isdir, err := sec.IsDir(name); !isdir && err == nil {
+			if sec.Path == "public" &&
+				strings.HasPrefix(name, "vendor/") &&
+				!c.Bool("include-vendored") {
+				continue
+			}
+			matchName := sec.Path + "/" + name
+			for _, g := range globs {
+				if g.Match(matchName) {
+					results = append(results, asset{
+						Section: sec,
+						Name:    name,
+						Path:    sec.Path + "/" + name,
+					})
+					break
+				}
 			}
 		}
 	}
+	return results
 }

-func compileCollectPatterns(args []string) ([]glob.Glob, error) {
+func getPatterns(args []string) ([]glob.Glob, error) {
 	if len(args) == 0 {
 		args = []string{"**"}
 	}
@@ -298,7 +326,7 @@ func compileCollectPatterns(args []string) ([]glob.Glob, error) {
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
 			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
-		} else { //nolint:revive
+		} else {
 			pat[i] = g
 		}
 	}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -0,0 +1,30 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build !bindata
+
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/urfave/cli"
+)
+
+// Cmdembedded represents the available extract sub-command.
+var (
+	Cmdembedded = cli.Command{
+		Name:        "embedded",
+		Usage:       "Extract embedded resources",
+		Description: "A command for extracting embedded resources, like templates and images",
+		Action:      extractorNotImplemented,
+	}
+)
+
+func extractorNotImplemented(c *cli.Context) error {
+	err := fmt.Errorf("Sorry: the 'embedded' subcommand is not available in builds without bindata")
+	fmt.Fprintf(os.Stderr, "%s\n", err)
+	return err
+}
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -1,14 +1,15 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"bufio"
 	"bytes"
-	"context"
 	"fmt"
 	"io"
+	"net/http"
 	"os"
 	"strconv"
 	"strings"
@@ -18,6 +19,7 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"

 	"github.com/urfave/cli"
 )
@@ -140,7 +142,7 @@ func (d *delayWriter) Close() error {
 	if d == nil {
 		return nil
 	}
-	stopped := d.timer.Stop()
+	stopped := util.StopTimer(d.timer)
 	if stopped || d.buf == nil {
 		return nil
 	}
@@ -166,11 +168,11 @@ func runHookPreReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
+	setup("hooks/pre-receive.log", c.Bool("debug"))

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
@@ -184,7 +186,6 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
-	actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64)

 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -194,14 +195,13 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
-		ActionPerm:                      int(actionPerm),
 	}

 	scanner := bufio.NewScanner(os.Stdin)

 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
-	refFullNames := make([]git.RefName, hookBatchSize)
+	refFullNames := make([]string, hookBatchSize)
 	count := 0
 	total := 0
 	lastline := 0
@@ -218,9 +218,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	supportProcReceive := false
+	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcReceive = true
+		supportProcRecive = true
 	}

 	for scanner.Scan() {
@@ -236,14 +236,14 @@ Gitea or set your environment appropriately.`, "")

 		oldCommitID := string(fields[0])
 		newCommitID := string(fields[1])
-		refFullName := git.RefName(fields[2])
+		refFullName := string(fields[2])
 		total++
 		lastline++

 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcReceive all ref should be checked because
+		// if supportProcRecive all ref should be checked because
 		// permission check was delayed
-		if supportProcReceive || refFullName.IsBranch() || refFullName.IsTag() {
+		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -256,9 +256,14 @@ Gitea or set your environment appropriately.`, "")
 				hookOptions.OldCommitIDs = oldCommitIDs
 				hookOptions.NewCommitIDs = newCommitIDs
 				hookOptions.RefFullNames = refFullNames
-				extra := private.HookPreReceive(ctx, username, reponame, hookOptions)
-				if extra.HasError() {
-					return fail(ctx, extra.UserMsg, "HookPreReceive(batch) failed: %v", extra.Error)
+				statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
+				switch statusCode {
+				case http.StatusOK:
+					// no-op
+				case http.StatusInternalServerError:
+					return fail("Internal Server Error", msg)
+				default:
+					return fail(msg, "")
 				}
 				count = 0
 				lastline = 0
@@ -279,9 +284,12 @@ Gitea or set your environment appropriately.`, "")

 		fmt.Fprintf(out, " Checking %d references\n", count)

-		extra := private.HookPreReceive(ctx, username, reponame, hookOptions)
-		if extra.HasError() {
-			return fail(ctx, extra.UserMsg, "HookPreReceive(last) failed: %v", extra.Error)
+		statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
+		switch statusCode {
+		case http.StatusInternalServerError:
+			return fail("Internal Server Error", msg)
+		case http.StatusForbidden:
+			return fail(msg, "")
 		}
 	} else if lastline > 0 {
 		fmt.Fprintf(out, "\n")
@@ -300,7 +308,7 @@ func runHookPostReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
+	setup("hooks/post-receive.log", c.Bool("debug"))

 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
@@ -314,7 +322,7 @@ func runHookPostReceive(c *cli.Context) error {

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
@@ -351,7 +359,7 @@ Gitea or set your environment appropriately.`, "")
 	}
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
-	refFullNames := make([]git.RefName, hookBatchSize)
+	refFullNames := make([]string, hookBatchSize)
 	count := 0
 	total := 0
 	wasEmpty := false
@@ -373,7 +381,7 @@ Gitea or set your environment appropriately.`, "")
 		fmt.Fprintf(out, ".")
 		oldCommitIDs[count] = string(fields[0])
 		newCommitIDs[count] = string(fields[1])
-		refFullNames[count] = git.RefName(fields[2])
+		refFullNames[count] = string(fields[2])
 		if refFullNames[count] == git.BranchPrefix+"master" && newCommitIDs[count] != git.EmptySHA && count == total {
 			masterPushed = true
 		}
@@ -385,11 +393,11 @@ Gitea or set your environment appropriately.`, "")
 			hookOptions.OldCommitIDs = oldCommitIDs
 			hookOptions.NewCommitIDs = newCommitIDs
 			hookOptions.RefFullNames = refFullNames
-			resp, extra := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
-			if extra.HasError() {
+			resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
+			if resp == nil {
 				_ = dWriter.Close()
 				hookPrintResults(results)
-				return fail(ctx, extra.UserMsg, "HookPostReceive failed: %v", extra.Error)
+				return fail("Internal Server Error", err)
 			}
 			wasEmpty = wasEmpty || resp.RepoWasEmpty
 			results = append(results, resp.Results...)
@@ -400,9 +408,9 @@ Gitea or set your environment appropriately.`, "")
 	if count == 0 {
 		if wasEmpty && masterPushed {
 			// We need to tell the repo to reset the default branch to master
-			extra := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
-			if extra.HasError() {
-				return fail(ctx, extra.UserMsg, "SetDefaultBranch failed: %v", extra.Error)
+			err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
+			if err != nil {
+				return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
 			}
 		}
 		fmt.Fprintf(out, "Processed %d references in total\n", total)
@@ -418,11 +426,11 @@ Gitea or set your environment appropriately.`, "")

 	fmt.Fprintf(out, " Processing %d references\n", count)

-	resp, extra := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
+	resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
 	if resp == nil {
 		_ = dWriter.Close()
 		hookPrintResults(results)
-		return fail(ctx, extra.UserMsg, "HookPostReceive failed: %v", extra.Error)
+		return fail("Internal Server Error", err)
 	}
 	wasEmpty = wasEmpty || resp.RepoWasEmpty
 	results = append(results, resp.Results...)
@@ -431,9 +439,9 @@ Gitea or set your environment appropriately.`, "")

 	if wasEmpty && masterPushed {
 		// We need to tell the repo to reset the default branch to master
-		extra := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
-		if extra.HasError() {
-			return fail(ctx, extra.UserMsg, "SetDefaultBranch failed: %v", extra.Error)
+		err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
+		if err != nil {
+			return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
 		}
 	}
 	_ = dWriter.Close()
@@ -476,22 +484,22 @@ func pushOptions() map[string]string {
 }

 func runHookProcReceive(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup(ctx, c.Bool("debug"))
+	setup("hooks/proc-receive.log", c.Bool("debug"))

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(ctx, `Rejecting changes as Gitea environment not set.
+			return fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
 		}
 		return nil
 	}

+	ctx, cancel := installSignals()
+	defer cancel()
+
 	if git.CheckGitVersionAtLeast("2.29") != nil {
-		return fail(ctx, "No proc-receive support", "current git version doesn't support proc-receive.")
+		return fail("Internal Server Error", "git not support proc-receive.")
 	}

 	reader := bufio.NewReader(os.Stdin)
@@ -506,7 +514,7 @@ Gitea or set your environment appropriately.`, "")
 	// H: PKT-LINE(version=1\0push-options...)
 	// H: flush-pkt

-	rs, err := readPktLine(ctx, reader, pktLineTypeData)
+	rs, err := readPktLine(reader, pktLineTypeData)
 	if err != nil {
 		return err
 	}
@@ -521,19 +529,19 @@ Gitea or set your environment appropriately.`, "")

 	index := bytes.IndexByte(rs.Data, byte(0))
 	if index >= len(rs.Data) {
-		return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
+		return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 	}

 	if index < 0 {
 		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
 			index = 9
 		} else {
-			return fail(ctx, "Protocol: format error", "pkt-line: format error "+fmt.Sprint(rs.Data))
+			return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
 		}
 	}

 	if string(rs.Data[0:index]) != VersionHead {
-		return fail(ctx, "Protocol: version error", "Received unsupported version: %s", string(rs.Data[0:index]))
+		return fail("Internal Server Error", "Received unsupported version: %s", string(rs.Data[0:index]))
 	}
 	requestOptions = strings.Split(string(rs.Data[index+1:]), " ")

@@ -546,17 +554,17 @@ Gitea or set your environment appropriately.`, "")
 	}
 	response = append(response, '\n')

-	_, err = readPktLine(ctx, reader, pktLineTypeFlush)
+	_, err = readPktLine(reader, pktLineTypeFlush)
 	if err != nil {
 		return err
 	}

-	err = writeDataPktLine(ctx, os.Stdout, response)
+	err = writeDataPktLine(os.Stdout, response)
 	if err != nil {
 		return err
 	}

-	err = writeFlushPktLine(ctx, os.Stdout)
+	err = writeFlushPktLine(os.Stdout)
 	if err != nil {
 		return err
 	}
@@ -575,11 +583,11 @@ Gitea or set your environment appropriately.`, "")
 	}
 	hookOptions.OldCommitIDs = make([]string, 0, hookBatchSize)
 	hookOptions.NewCommitIDs = make([]string, 0, hookBatchSize)
-	hookOptions.RefFullNames = make([]git.RefName, 0, hookBatchSize)
+	hookOptions.RefFullNames = make([]string, 0, hookBatchSize)

 	for {
 		// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
-		rs, err = readPktLine(ctx, reader, pktLineTypeUnknow)
+		rs, err = readPktLine(reader, pktLineTypeUnknow)
 		if err != nil {
 			return err
 		}
@@ -593,14 +601,14 @@ Gitea or set your environment appropriately.`, "")
 		}
 		hookOptions.OldCommitIDs = append(hookOptions.OldCommitIDs, t[0])
 		hookOptions.NewCommitIDs = append(hookOptions.NewCommitIDs, t[1])
-		hookOptions.RefFullNames = append(hookOptions.RefFullNames, git.RefName(t[2]))
+		hookOptions.RefFullNames = append(hookOptions.RefFullNames, t[2])
 	}

 	hookOptions.GitPushOptions = make(map[string]string)

 	if hasPushOptions {
 		for {
-			rs, err = readPktLine(ctx, reader, pktLineTypeUnknow)
+			rs, err = readPktLine(reader, pktLineTypeUnknow)
 			if err != nil {
 				return err
 			}
@@ -617,9 +625,9 @@ Gitea or set your environment appropriately.`, "")
 	}

 	// 3. run hook
-	resp, extra := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
-	if extra.HasError() {
-		return fail(ctx, extra.UserMsg, "HookProcReceive failed: %v", extra.Error)
+	resp, err := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
+	if err != nil {
+		return fail("Internal Server Error", "run proc-receive hook failed :%v", err)
 	}

 	// 4. response result to service
@@ -640,7 +648,7 @@ Gitea or set your environment appropriately.`, "")

 	for _, rs := range resp.Results {
 		if len(rs.Err) > 0 {
-			err = writeDataPktLine(ctx, os.Stdout, []byte("ng "+rs.OriginalRef.String()+" "+rs.Err))
+			err = writeDataPktLine(os.Stdout, []byte("ng "+rs.OriginalRef+" "+rs.Err))
 			if err != nil {
 				return err
 			}
@@ -648,43 +656,43 @@ Gitea or set your environment appropriately.`, "")
 		}

 		if rs.IsNotMatched {
-			err = writeDataPktLine(ctx, os.Stdout, []byte("ok "+rs.OriginalRef.String()))
+			err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
 			if err != nil {
 				return err
 			}
-			err = writeDataPktLine(ctx, os.Stdout, []byte("option fall-through"))
+			err = writeDataPktLine(os.Stdout, []byte("option fall-through"))
 			if err != nil {
 				return err
 			}
 			continue
 		}

-		err = writeDataPktLine(ctx, os.Stdout, []byte("ok "+rs.OriginalRef))
+		err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
 		if err != nil {
 			return err
 		}
-		err = writeDataPktLine(ctx, os.Stdout, []byte("option refname "+rs.Ref))
+		err = writeDataPktLine(os.Stdout, []byte("option refname "+rs.Ref))
 		if err != nil {
 			return err
 		}
 		if rs.OldOID != git.EmptySHA {
-			err = writeDataPktLine(ctx, os.Stdout, []byte("option old-oid "+rs.OldOID))
+			err = writeDataPktLine(os.Stdout, []byte("option old-oid "+rs.OldOID))
 			if err != nil {
 				return err
 			}
 		}
-		err = writeDataPktLine(ctx, os.Stdout, []byte("option new-oid "+rs.NewOID))
+		err = writeDataPktLine(os.Stdout, []byte("option new-oid "+rs.NewOID))
 		if err != nil {
 			return err
 		}
 		if rs.IsForcePush {
-			err = writeDataPktLine(ctx, os.Stdout, []byte("option forced-update"))
+			err = writeDataPktLine(os.Stdout, []byte("option forced-update"))
 			if err != nil {
 				return err
 			}
 		}
 	}
-	err = writeFlushPktLine(ctx, os.Stdout)
+	err = writeFlushPktLine(os.Stdout)

 	return err
 }
@@ -709,7 +717,7 @@ type gitPktLine struct {
 	Data   []byte
 }

-func readPktLine(ctx context.Context, in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
+func readPktLine(in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
 	var (
 		err error
 		r   *gitPktLine
@@ -720,33 +728,33 @@ func readPktLine(ctx context.Context, in *bufio.Reader, requestType pktLineType)
 	for i := 0; i < 4; i++ {
 		lengthBytes[i], err = in.ReadByte()
 		if err != nil {
-			return nil, fail(ctx, "Protocol: stdin error", "Pkt-Line: read stdin failed : %v", err)
+			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
 		}
 	}

 	r = new(gitPktLine)
 	r.Length, err = strconv.ParseUint(string(lengthBytes), 16, 32)
 	if err != nil {
-		return nil, fail(ctx, "Protocol: format parse error", "Pkt-Line format is wrong :%v", err)
+		return nil, fail("Internal Server Error", "Pkt-Line format is wrong :%v", err)
 	}

 	if r.Length == 0 {
 		if requestType == pktLineTypeData {
-			return nil, fail(ctx, "Protocol: format data error", "Pkt-Line format is wrong")
+			return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
 		}
 		r.Type = pktLineTypeFlush
 		return r, nil
 	}

 	if r.Length <= 4 || r.Length > 65520 || requestType == pktLineTypeFlush {
-		return nil, fail(ctx, "Protocol: format length error", "Pkt-Line format is wrong")
+		return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
 	}

 	r.Data = make([]byte, r.Length-4)
 	for i := range r.Data {
 		r.Data[i], err = in.ReadByte()
 		if err != nil {
-			return nil, fail(ctx, "Protocol: data error", "Pkt-Line: read stdin failed : %v", err)
+			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
 		}
 	}

@@ -755,15 +763,19 @@ func readPktLine(ctx context.Context, in *bufio.Reader, requestType pktLineType)
 	return r, nil
 }

-func writeFlushPktLine(ctx context.Context, out io.Writer) error {
+func writeFlushPktLine(out io.Writer) error {
 	l, err := out.Write([]byte("0000"))
-	if err != nil || l != 4 {
-		return fail(ctx, "Protocol: write error", "Pkt-Line response failed: %v", err)
+	if err != nil {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
+	if l != 4 {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
+	}
+
 	return nil
 }

-func writeDataPktLine(ctx context.Context, out io.Writer, data []byte) error {
+func writeDataPktLine(out io.Writer, data []byte) error {
 	hexchar := []byte("0123456789abcdef")
 	hex := func(n uint64) byte {
 		return hexchar[(n)&15]
@@ -777,13 +789,19 @@ func writeDataPktLine(ctx context.Context, out io.Writer, data []byte) error {
 	tmp[3] = hex(length)

 	lr, err := out.Write(tmp)
-	if err != nil || lr != 4 {
-		return fail(ctx, "Protocol: write error", "Pkt-Line response failed: %v", err)
+	if err != nil {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
+	}
+	if lr != 4 {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}

 	lr, err = out.Write(data)
-	if err != nil || int(length-4) != lr {
-		return fail(ctx, "Protocol: write error", "Pkt-Line response failed: %v", err)
+	if err != nil {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
+	}
+	if int(length-4) != lr {
+		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}

 	return nil
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,12 +1,12 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"bufio"
 	"bytes"
-	"context"
 	"strings"
 	"testing"

@@ -15,28 +15,27 @@ import (

 func TestPktLine(t *testing.T) {
 	// test read
-	ctx := context.Background()
 	s := strings.NewReader("0000")
 	r := bufio.NewReader(s)
-	result, err := readPktLine(ctx, r, pktLineTypeFlush)
+	result, err := readPktLine(r, pktLineTypeFlush)
 	assert.NoError(t, err)
 	assert.Equal(t, pktLineTypeFlush, result.Type)

 	s = strings.NewReader("0006a\n")
 	r = bufio.NewReader(s)
-	result, err = readPktLine(ctx, r, pktLineTypeData)
+	result, err = readPktLine(r, pktLineTypeData)
 	assert.NoError(t, err)
 	assert.Equal(t, pktLineTypeData, result.Type)
 	assert.Equal(t, []byte("a\n"), result.Data)

 	// test write
 	w := bytes.NewBuffer([]byte{})
-	err = writeFlushPktLine(ctx, w)
+	err = writeFlushPktLine(w)
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("0000"), w.Bytes())

 	w.Reset()
-	err = writeDataPktLine(ctx, w, []byte("a\nb"))
+	err = writeDataPktLine(w, []byte("a\nb"))
 	assert.NoError(t, err)
 	assert.Equal(t, []byte("0007a\nb"), w.Bytes())
 }
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -64,12 +65,11 @@ func runKeys(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, false)
+	setup("keys.log", false)

-	authorizedString, extra := private.AuthorizedPublicKeyByContent(ctx, content)
-	// do not use handleCliResponseExtra or cli.NewExitError, if it exists immediately, it breaks some tests like Test_CmdKeys
-	if extra.Error != nil {
-		return extra.Error
+	authorizedString, err := private.AuthorizedPublicKeyByContent(ctx, content)
+	if err != nil {
+		return err
 	}
 	fmt.Println(strings.TrimSpace(authorizedString))
 	return nil
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -1,10 +1,12 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"fmt"
+	"net/http"

 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
@@ -16,7 +18,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.MustInstalled()
+	setting.LoadFromExisting()

 	if err := argsSet(c, "title"); err != nil {
 		return err
@@ -41,10 +43,13 @@ func runSendMail(c *cli.Context) error {
 		}
 	}

-	respText, extra := private.SendEmail(ctx, subject, body, nil)
-	if extra.HasError() {
-		return handleCliResponseExtra(extra)
+	status, message := private.SendEmail(ctx, subject, body, nil)
+	if status != http.StatusOK {
+		fmt.Printf("error: %s\n", message)
+		return nil
 	}
-	_, _ = fmt.Printf("Sent %s email(s) to all users\n", respText)
+
+	fmt.Printf("Success: %s\n", message)
+
 	return nil
 }
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -7,8 +8,14 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/modules/setting"
 )

+func init() {
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadForTest()
+}
+
 func TestMain(m *testing.M) {
 	unittest.MainTest(m, &unittest.TestOptions{
 		GiteaRootPath: "..",
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -1,9 +1,12 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
+	"fmt"
+	"net/http"
 	"os"
 	"time"

@@ -21,7 +24,6 @@ var (
 		Subcommands: []cli.Command{
 			subcmdShutdown,
 			subcmdRestart,
-			subcmdReloadTemplates,
 			subcmdFlushQueues,
 			subcmdLogging,
 			subCmdProcesses,
@@ -47,16 +49,6 @@ var (
 		},
 		Action: runRestart,
 	}
-	subcmdReloadTemplates = cli.Command{
-		Name:  "reload-templates",
-		Usage: "Reload template files in the running process",
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-		Action: runReloadTemplates,
-	}
 	subcmdFlushQueues = cli.Command{
 		Name:   "flush-queues",
 		Usage:  "Flush queues in the running process",
@@ -112,43 +104,57 @@ func runShutdown(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	extra := private.Shutdown(ctx)
-	return handleCliResponseExtra(extra)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.Shutdown(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
 }

 func runRestart(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	extra := private.Restart(ctx)
-	return handleCliResponseExtra(extra)
-}
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.Restart(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}

-func runReloadTemplates(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup(ctx, c.Bool("debug"))
-	extra := private.ReloadTemplates(ctx)
-	return handleCliResponseExtra(extra)
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
 }

 func runFlushQueues(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	extra := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
-	return handleCliResponseExtra(extra)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
 }

 func runProcesses(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	extra := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
-	return handleCliResponseExtra(extra)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	return nil
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -1,10 +1,12 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"fmt"
+	"net/http"
 	"os"

 	"code.gitea.io/gitea/modules/log"
@@ -16,13 +18,13 @@ import (
 var (
 	defaultLoggingFlags = []cli.Flag{
 		cli.StringFlag{
-			Name:  "logger",
-			Usage: `Logger name - will default to "default"`,
+			Name:  "group, g",
+			Usage: "Group to add logger to - will default to \"default\"",
 		}, cli.StringFlag{
-			Name:  "writer",
-			Usage: "Name of the log writer - will default to mode",
+			Name:  "name, n",
+			Usage: "Name of the new logger - will default to mode",
 		}, cli.StringFlag{
-			Name:  "level",
+			Name:  "level, l",
 			Usage: "Logging level for the new logger",
 		}, cli.StringFlag{
 			Name:  "stacktrace-level, L",
@@ -83,8 +85,8 @@ var (
 					cli.BoolFlag{
 						Name: "debug",
 					}, cli.StringFlag{
-						Name:  "logger",
-						Usage: `Logger name - will default to "default"`,
+						Name:  "group, g",
+						Usage: "Group to add logger to - will default to \"default\"",
 					},
 				},
 				Action: runRemoveLogger,
@@ -93,6 +95,15 @@ var (
 				Usage: "Add a logger",
 				Subcommands: []cli.Command{
 					{
+						Name:  "console",
+						Usage: "Add a console logger",
+						Flags: append(defaultLoggingFlags,
+							cli.BoolFlag{
+								Name:  "stderr",
+								Usage: "Output console logs to stderr - only relevant for console",
+							}),
+						Action: runAddConsoleLogger,
+					}, {
 						Name:  "file",
 						Usage: "Add a file logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
@@ -139,6 +150,28 @@ var (
 							},
 						}...),
 						Action: runAddConnLogger,
+					}, {
+						Name:  "smtp",
+						Usage: "Add an SMTP logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "username, u",
+								Usage: "Mail server username",
+							}, cli.StringFlag{
+								Name:  "password, P",
+								Usage: "Mail server password",
+							}, cli.StringFlag{
+								Name:  "host, H",
+								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
+							}, cli.StringSliceFlag{
+								Name:  "send-to, s",
+								Usage: "Email address(es) to send to",
+							}, cli.StringFlag{
+								Name:  "subject, S",
+								Usage: "Subject header of sent emails",
+							},
+						}...),
+						Action: runAddSMTPLogger,
 					},
 				},
 			}, {
@@ -159,25 +192,58 @@ var (
 )

 func runRemoveLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	group := c.String("group")
+	if len(group) == 0 {
+		group = log.DEFAULT
+	}
+	name := c.Args().First()
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	logger := c.String("logger")
-	if len(logger) == 0 {
-		logger = log.DEFAULT
+	statusCode, msg := private.RemoveLogger(ctx, group, name)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
 	}
-	writer := c.Args().First()

-	extra := private.RemoveLogger(ctx, logger, writer)
-	return handleCliResponseExtra(extra)
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runAddSMTPLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "smtp"
+	if c.IsSet("host") {
+		vals["host"] = c.String("host")
+	} else {
+		vals["host"] = "127.0.0.1:25"
+	}
+
+	if c.IsSet("username") {
+		vals["username"] = c.String("username")
+	}
+	if c.IsSet("password") {
+		vals["password"] = c.String("password")
+	}
+
+	if !c.IsSet("send-to") {
+		return fmt.Errorf("Some recipients must be provided")
+	}
+	vals["sendTos"] = c.StringSlice("send-to")
+
+	if c.IsSet("subject") {
+		vals["subject"] = c.String("subject")
+	} else {
+		vals["subject"] = "Diagnostic message from Gitea"
+	}
+
+	return commonAddLogger(c, mode, vals)
 }

 func runAddConnLogger(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup(ctx, c.Bool("debug"))
+	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "conn"
 	vals["net"] = "tcp"
@@ -204,10 +270,7 @@ func runAddConnLogger(c *cli.Context) error {
 }

 func runAddFileLogger(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup(ctx, c.Bool("debug"))
+	setup("manager", c.Bool("debug"))
 	vals := map[string]interface{}{}
 	mode := "file"
 	if c.IsSet("filename") {
@@ -236,12 +299,22 @@ func runAddFileLogger(c *cli.Context) error {
 	return commonAddLogger(c, mode, vals)
 }

+func runAddConsoleLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "console"
+	if c.IsSet("stderr") && c.Bool("stderr") {
+		vals["stderr"] = c.Bool("stderr")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
 func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
 	if len(c.String("level")) > 0 {
-		vals["level"] = log.LevelFromString(c.String("level")).String()
+		vals["level"] = log.FromString(c.String("level")).String()
 	}
 	if len(c.String("stacktrace-level")) > 0 {
-		vals["stacktraceLevel"] = log.LevelFromString(c.String("stacktrace-level")).String()
+		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
 	}
 	if len(c.String("expression")) > 0 {
 		vals["expression"] = c.String("expression")
@@ -255,28 +328,39 @@ func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) e
 	if c.IsSet("color") {
 		vals["colorize"] = c.Bool("color")
 	}
-	logger := log.DEFAULT
-	if c.IsSet("logger") {
-		logger = c.String("logger")
+	group := "default"
+	if c.IsSet("group") {
+		group = c.String("group")
 	}
-	writer := mode
-	if c.IsSet("writer") {
-		writer = c.String("writer")
+	name := mode
+	if c.IsSet("name") {
+		name = c.String("name")
 	}
 	ctx, cancel := installSignals()
 	defer cancel()

-	extra := private.AddLogger(ctx, logger, writer, mode, vals)
-	return handleCliResponseExtra(extra)
+	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
 }

 func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	userMsg := private.PauseLogging(ctx)
-	_, _ = fmt.Fprintln(os.Stdout, userMsg)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.PauseLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }

@@ -284,9 +368,14 @@ func runResumeLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	userMsg := private.ResumeLogging(ctx)
-	_, _ = fmt.Fprintln(os.Stdout, userMsg)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ResumeLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }

@@ -294,17 +383,28 @@ func runReleaseReopenLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup(ctx, c.Bool("debug"))
-	userMsg := private.ReleaseReopenLogging(ctx)
-	_, _ = fmt.Fprintln(os.Stdout, userMsg)
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ReleaseReopenLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }

 func runSetLogSQL(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
-	setup(ctx, c.Bool("debug"))
+	setup("manager", c.Bool("debug"))

-	extra := private.SetLogSQL(ctx, !c.Bool("off"))
-	return handleCliResponseExtra(extra)
+	statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off"))
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
 }
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -33,7 +34,7 @@ func runMigrate(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -8,7 +9,6 @@ import (
 	"fmt"
 	"strings"

-	actions_model "code.gitea.io/gitea/models/actions"
 	"code.gitea.io/gitea/models/db"
 	git_model "code.gitea.io/gitea/models/git"
 	"code.gitea.io/gitea/models/migrations"
@@ -33,7 +33,7 @@ var CmdMigrateStorage = cli.Command{
 		cli.StringFlag{
 			Name:  "type, t",
 			Value: "",
-			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log'",
+			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages'",
 		},
 		cli.StringFlag{
 			Name:  "storage, s",
@@ -73,54 +73,45 @@ var CmdMigrateStorage = cli.Command{
 		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
-			Usage: "Minio storage base path on the bucket",
+			Usage: "Minio storage basepath on the bucket",
 		},
 		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
-		cli.BoolFlag{
-			Name:  "minio-insecure-skip-verify",
-			Usage: "Skip SSL verification",
-		},
-		cli.StringFlag{
-			Name:  "minio-checksum-algorithm",
-			Value: "",
-			Usage: "Minio checksum algorithm (default/md5)",
-		},
 	},
 }

 func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, attach *repo_model.Attachment) error {
+	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

 func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, mo *git_model.LFSMetaObject) error {
+	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

 func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+	return db.IterateObjects(ctx, func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, archiver *repo_model.RepoArchiver) error {
+	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
 		p := archiver.RelativePath()
 		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
@@ -128,29 +119,13 @@ func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage)
 }

 func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, pb *packages_model.PackageBlob) error {
+	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
 		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
 		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
 		return err
 	})
 }

-func migrateActionsLog(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, task *actions_model.ActionTask) error {
-		if task.LogExpired {
-			// the log has been cleared
-			return nil
-		}
-		if !task.LogInStorage {
-			// running tasks store logs in DBFS
-			return nil
-		}
-		p := task.LogFilename
-		_, err := storage.Copy(dstStorage, p, storage.Actions, p)
-		return err
-	})
-}
-
 func runMigrateStorage(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -162,7 +137,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
@@ -179,7 +154,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	switch strings.ToLower(ctx.String("storage")) {
 	case "":
 		fallthrough
-	case string(setting.LocalStorageType):
+	case string(storage.LocalStorageType):
 		p := ctx.String("path")
 		if p == "" {
 			log.Fatal("Path must be given when storage is loal")
@@ -187,24 +162,20 @@ func runMigrateStorage(ctx *cli.Context) error {
 		}
 		dstStorage, err = storage.NewLocalStorage(
 			stdCtx,
-			&setting.Storage{
+			storage.LocalStorageConfig{
 				Path: p,
 			})
-	case string(setting.MinioStorageType):
+	case string(storage.MinioStorageType):
 		dstStorage, err = storage.NewMinioStorage(
 			stdCtx,
-			&setting.Storage{
-				MinioConfig: setting.MinioStorageConfig{
-					Endpoint:           ctx.String("minio-endpoint"),
-					AccessKeyID:        ctx.String("minio-access-key-id"),
-					SecretAccessKey:    ctx.String("minio-secret-access-key"),
-					Bucket:             ctx.String("minio-bucket"),
-					Location:           ctx.String("minio-location"),
-					BasePath:           ctx.String("minio-base-path"),
-					UseSSL:             ctx.Bool("minio-use-ssl"),
-					InsecureSkipVerify: ctx.Bool("minio-insecure-skip-verify"),
-					ChecksumAlgorithm:  ctx.String("minio-checksum-algorithm"),
-				},
+			storage.MinioStorageConfig{
+				Endpoint:        ctx.String("minio-endpoint"),
+				AccessKeyID:     ctx.String("minio-access-key-id"),
+				SecretAccessKey: ctx.String("minio-secret-access-key"),
+				Bucket:          ctx.String("minio-bucket"),
+				Location:        ctx.String("minio-location"),
+				BasePath:        ctx.String("minio-base-path"),
+				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
 		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
@@ -220,7 +191,6 @@ func runMigrateStorage(ctx *cli.Context) error {
 		"repo-avatars":   migrateRepoAvatars,
 		"repo-archivers": migrateRepoArchivers,
 		"packages":       migratePackages,
-		"actions-log":    migrateActionsLog,
 	}

 	tp := strings.ToLower(ctx.String("type"))
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -13,7 +14,6 @@ import (
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
 	packages_module "code.gitea.io/gitea/modules/packages"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	packages_service "code.gitea.io/gitea/services/packages"

@@ -26,7 +26,7 @@ func TestMigratePackages(t *testing.T) {
 	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

 	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
-	buf, err := packages_module.CreateHashedBufferFromReaderWithSize(strings.NewReader(content), 1024)
+	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
 	assert.NoError(t, err)
 	defer buf.Close()

@@ -44,9 +44,8 @@ func TestMigratePackages(t *testing.T) {
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
-		Creator: creator,
-		Data:    buf,
-		IsLead:  true,
+		Data:   buf,
+		IsLead: true,
 	})
 	assert.NoError(t, err)
 	assert.NotNil(t, v)
@@ -58,7 +57,7 @@ func TestMigratePackages(t *testing.T) {

 	dstStorage, err := storage.NewLocalStorage(
 		ctx,
-		&setting.Storage{
+		storage.LocalStorageConfig{
 			Path: p,
 		})
 	assert.NoError(t, err)
@@ -68,7 +67,7 @@ func TestMigratePackages(t *testing.T) {

 	entries, err := os.ReadDir(p)
 	assert.NoError(t, err)
-	assert.Len(t, entries, 2)
+	assert.EqualValues(t, 2, len(entries))
 	assert.EqualValues(t, "01", entries[0].Name())
 	assert.EqualValues(t, "tmp", entries[1].Name())
 }
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -1,11 +1,15 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
+	"errors"
+	"net/http"
 	"strings"

+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"

@@ -51,12 +55,12 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.MustInstalled()
+	setting.LoadFromExisting()
 	var units []string
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
 	}
-	extra := private.RestoreRepo(
+	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
@@ -64,5 +68,10 @@ func runRestoreRepository(c *cli.Context) error {
 		units,
 		c.Bool("validation"),
 	)
-	return handleCliResponseExtra(extra)
+	if statusCode == http.StatusOK {
+		return nil
+	}
+
+	log.Fatal("Failed to restore repository: %v", errStr)
+	return errors.New(errStr)
 }
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -1,12 +1,14 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
 	"context"
 	"fmt"
+	"net/http"
 	"net/url"
 	"os"
 	"os/exec"
@@ -15,7 +17,6 @@ import (
 	"strconv"
 	"strings"
 	"time"
-	"unicode"

 	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	git_model "code.gitea.io/gitea/models/git"
@@ -55,13 +56,14 @@ var CmdServ = cli.Command{
 	},
 }

-func setup(ctx context.Context, debug bool) {
+func setup(logPath string, debug bool) {
+	_ = log.DelLogger("console")
 	if debug {
-		setupConsoleLogger(log.TRACE, false, os.Stderr)
+		_ = log.NewLogger(1000, "console", "console", `{"level":"trace","stacktracelevel":"NONE","stderr":true}`)
 	} else {
-		setupConsoleLogger(log.FATAL, false, os.Stderr)
+		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.MustInstalled()
+	setting.LoadFromExisting()
 	if debug {
 		setting.RunMode = "dev"
 	}
@@ -70,15 +72,15 @@ func setup(ctx context.Context, debug bool) {
 	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
 	if _, err := os.Stat(setting.RepoRootPath); err != nil {
 		if os.IsNotExist(err) {
-			_ = fail(ctx, "Incorrect configuration, no repository directory.", "Directory `[repository].ROOT` %q was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository].ROOT` an absolute value.", setting.RepoRootPath)
+			_ = fail("Incorrect configuration, no repository directory.", "Directory `[repository].ROOT` %q was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository].ROOT` an absolute value.", setting.RepoRootPath)
 		} else {
-			_ = fail(ctx, "Incorrect configuration, repository directory is inaccessible", "Directory `[repository].ROOT` %q is inaccessible. err: %v", setting.RepoRootPath, err)
+			_ = fail("Incorrect configuration, repository directory is inaccessible", "Directory `[repository].ROOT` %q is inaccessible. err: %v", setting.RepoRootPath, err)
 		}
 		return
 	}

 	if err := git.InitSimple(context.Background()); err != nil {
-		_ = fail(ctx, "Failed to init git", "Failed to init git, err: %v", err)
+		_ = fail("Failed to init git", "Failed to init git, err: %v", err)
 	}
 }

@@ -92,54 +94,32 @@ var (
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )

-// fail prints message to stdout, it's mainly used for git serv and git hook commands.
-// The output will be passed to git client and shown to user.
-func fail(ctx context.Context, userMessage, logMsgFmt string, args ...interface{}) error {
-	if userMessage == "" {
-		userMessage = "Internal Server Error (no specific error)"
-	}
-
+func fail(userMessage, logMessage string, args ...interface{}) error {
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
 	_, _ = fmt.Fprintln(os.Stdout, "")
 	_, _ = fmt.Fprintln(os.Stderr, "Gitea:", userMessage)

-	if logMsgFmt != "" {
-		logMsg := fmt.Sprintf(logMsgFmt, args...)
+	if len(logMessage) > 0 {
 		if !setting.IsProd {
-			_, _ = fmt.Fprintln(os.Stderr, "Gitea:", logMsg)
+			_, _ = fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
-		if userMessage != "" {
-			if unicode.IsPunct(rune(userMessage[len(userMessage)-1])) {
-				logMsg = userMessage + " " + logMsg
-			} else {
-				logMsg = userMessage + ". " + logMsg
-			}
-		}
-		_ = private.SSHLog(ctx, true, logMsg)
+	}
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if len(logMessage) > 0 {
+		_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
 	}
 	return cli.NewExitError("", 1)
 }

-// handleCliResponseExtra handles the extra response from the cli sub-commands
-// If there is a user message it will be printed to stdout
-// If the command failed it will return an error (the error will be printed by cli framework)
-func handleCliResponseExtra(extra private.ResponseExtra) error {
-	if extra.UserMsg != "" {
-		_, _ = fmt.Fprintln(os.Stdout, extra.UserMsg)
-	}
-	if extra.HasError() {
-		return cli.NewExitError(extra.Error, 1)
-	}
-	return nil
-}
-
 func runServ(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

 	// FIXME: This needs to internationalised
-	setup(ctx, c.Bool("debug"))
+	setup("serv.log", c.Bool("debug"))

 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -155,18 +135,18 @@ func runServ(c *cli.Context) error {

 	keys := strings.Split(c.Args()[0], "-")
 	if len(keys) != 2 || keys[0] != "key" {
-		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args()[0])
+		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
 	keyID, err := strconv.ParseInt(keys[1], 10, 64)
 	if err != nil {
-		return fail(ctx, "Key ID parsing error", "Invalid key argument: %s", c.Args()[1])
+		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
 	}

 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
 		key, user, err := private.ServNoCommand(ctx, keyID)
 		if err != nil {
-			return fail(ctx, "Key check failed", "Failed to check provided key: %v", err)
+			return fail("Internal error", "Failed to check provided key: %v", err)
 		}
 		switch key.Type {
 		case asymkey_model.KeyTypeDeploy:
@@ -184,7 +164,7 @@ func runServ(c *cli.Context) error {

 	words, err := shellquote.Split(cmd)
 	if err != nil {
-		return fail(ctx, "Error parsing arguments", "Failed to parse arguments: %v", err)
+		return fail("Error parsing arguments", "Failed to parse arguments: %v", err)
 	}

 	if len(words) < 2 {
@@ -195,7 +175,7 @@ func runServ(c *cli.Context) error {
 				return nil
 			}
 		}
-		return fail(ctx, "Too few arguments", "Too few arguments in cmd: %s", cmd)
+		return fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
 	}

 	verb := words[0]
@@ -207,7 +187,7 @@ func runServ(c *cli.Context) error {
 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {
 		if !setting.LFS.StartServer {
-			return fail(ctx, "Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
+			return fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
 		}

 		if len(words) > 2 {
@@ -220,37 +200,37 @@ func runServ(c *cli.Context) error {

 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
-		return fail(ctx, "Invalid repository path", "Invalid repository path: %v", repoPath)
+		return fail("Invalid repository path", "Invalid repository path: %v", repoPath)
 	}

 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

 	if alphaDashDotPattern.MatchString(reponame) {
-		return fail(ctx, "Invalid repo name", "Invalid repo name: %s", reponame)
+		return fail("Invalid repo name", "Invalid repo name: %s", reponame)
 	}

 	if c.Bool("enable-pprof") {
 		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
-			return fail(ctx, "Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
+			return fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}

 		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
 		if err != nil {
-			return fail(ctx, "Unable to start CPU profiler", "Unable to start CPU profile: %v", err)
+			return fail("Internal Server Error", "Unable to start CPU profile: %v", err)
 		}
 		defer func() {
 			stopCPUProfiler()
 			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
 			if err != nil {
-				_ = fail(ctx, "Unable to dump Mem profile", "Unable to dump Mem Profile: %v", err)
+				_ = fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
 			}
 		}()
 	}

 	requestedMode, has := allowedCommands[verb]
 	if !has {
-		return fail(ctx, "Unknown git command", "Unknown git command %s", verb)
+		return fail("Unknown git command", "Unknown git command %s", verb)
 	}

 	if verb == lfsAuthenticateVerb {
@@ -259,13 +239,20 @@ func runServ(c *cli.Context) error {
 		} else if lfsVerb == "download" {
 			requestedMode = perm.AccessModeRead
 		} else {
-			return fail(ctx, "Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
+			return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
 		}
 	}

-	results, extra := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
-	if extra.HasError() {
-		return fail(ctx, extra.UserMsg, "ServCommand failed: %s", extra.Error)
+	results, err := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
+	if err != nil {
+		if private.IsErrServCommand(err) {
+			errServCommand := err.(private.ErrServCommand)
+			if errServCommand.StatusCode != http.StatusInternalServerError {
+				return fail("Unauthorized", "%s", errServCommand.Error())
+			}
+			return fail("Internal Server Error", "%s", errServCommand.Error())
+		}
+		return fail("Internal Server Error", "%s", err.Error())
 	}

 	// LFS token authentication
@@ -287,7 +274,7 @@ func runServ(c *cli.Context) error {
 		// Sign and get the complete encoded token as a string using the secret
 		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
 		if err != nil {
-			return fail(ctx, "Failed to sign JWT Token", "Failed to sign JWT token: %v", err)
+			return fail("Internal error", "Failed to sign JWT token: %v", err)
 		}

 		tokenAuthentication := &git_model.LFSTokenResponse{
@@ -299,7 +286,7 @@ func runServ(c *cli.Context) error {
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
 		if err != nil {
-			return fail(ctx, "Failed to encode LFS json response", "Failed to encode LFS json response: %v", err)
+			return fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
 		return nil
 	}
@@ -345,13 +332,13 @@ func runServ(c *cli.Context) error {
 	gitcmd.Env = append(gitcmd.Env, git.CommonCmdServEnvs()...)

 	if err = gitcmd.Run(); err != nil {
-		return fail(ctx, "Failed to execute git command", "Failed to execute git command: %v", err)
+		return fail("Internal error", "Failed to execute git command: %v", err)
 	}

 	// Update user key activity.
 	if results.KeyID > 0 {
 		if err = private.UpdatePublicKeyInRepo(ctx, results.KeyID, results.RepoID); err != nil {
-			return fail(ctx, "Failed to update public key", "UpdatePublicKeyInRepo: %v", err)
+			return fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
 		}
 	}

--- a/cmd/web.go
+++ b/cmd/web.go
@@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -9,8 +10,6 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"path/filepath"
-	"strconv"
 	"strings"

 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
@@ -24,11 +23,9 @@ import (

 	"github.com/felixge/fgprof"
 	"github.com/urfave/cli"
+	ini "gopkg.in/ini.v1"
 )

-// PIDFile could be set from build tag
-var PIDFile = "/run/gitea.pid"
-
 // CmdWeb represents the available web sub-command.
 var CmdWeb = cli.Command{
 	Name:  "web",
@@ -49,7 +46,7 @@ and it takes care of all the other things for you`,
 		},
 		cli.StringFlag{
 			Name:  "pid, P",
-			Value: PIDFile,
+			Value: setting.PIDFile,
 			Usage: "Custom pid file path",
 		},
 		cli.BoolFlag{
@@ -85,131 +82,13 @@ func runHTTPRedirector() {
 	}
 }

-func createPIDFile(pidPath string) {
-	currentPid := os.Getpid()
-	if err := os.MkdirAll(filepath.Dir(pidPath), os.ModePerm); err != nil {
-		log.Fatal("Failed to create PID folder: %v", err)
-	}
-
-	file, err := os.Create(pidPath)
-	if err != nil {
-		log.Fatal("Failed to create PID file: %v", err)
-	}
-	defer file.Close()
-	if _, err := file.WriteString(strconv.FormatInt(int64(currentPid), 10)); err != nil {
-		log.Fatal("Failed to write PID information: %v", err)
-	}
-}
-
-func serveInstall(ctx *cli.Context) error {
-	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
-	log.Info("App path: %s", setting.AppPath)
-	log.Info("Work path: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Config file: %s", setting.CustomConf)
-	log.Info("Prepare to run install page")
-
-	routers.InitWebInstallPage(graceful.GetManager().HammerContext())
-
-	// Flag for port number in case first time run conflict
-	if ctx.IsSet("port") {
-		if err := setPort(ctx.String("port")); err != nil {
-			return err
-		}
-	}
-	if ctx.IsSet("install-port") {
-		if err := setPort(ctx.String("install-port")); err != nil {
-			return err
-		}
-	}
-	c := install.Routes()
-	err := listen(c, false)
-	if err != nil {
-		log.Critical("Unable to open listener for installer. Is Gitea already running?")
-		graceful.GetManager().DoGracefulShutdown()
-	}
-	select {
-	case <-graceful.GetManager().IsShutdown():
-		<-graceful.GetManager().Done()
-		log.Info("PID: %d Gitea Web Finished", os.Getpid())
-		log.GetManager().Close()
-		return err
-	default:
-	}
-	return nil
-}
-
-func serveInstalled(ctx *cli.Context) error {
-	setting.InitCfgProvider(setting.CustomConf)
-	setting.LoadCommonSettings()
-	setting.MustInstalled()
-
-	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
-	log.Info("App path: %s", setting.AppPath)
-	log.Info("Work path: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Config file: %s", setting.CustomConf)
-	log.Info("Run mode: %s", setting.RunMode)
-	log.Info("Prepare to run web server")
-
-	if setting.AppWorkPathMismatch {
-		log.Error("WORK_PATH from config %q doesn't match other paths from environment variables or command arguments. "+
-			"Only WORK_PATH in config should be set and used. Please remove the other outdated work paths from environment variables and command arguments", setting.CustomConf)
-	}
-
-	rootCfg := setting.CfgProvider
-	if rootCfg.Section("").Key("WORK_PATH").String() == "" {
-		saveCfg, err := rootCfg.PrepareSaving()
-		if err != nil {
-			log.Error("Unable to prepare saving WORK_PATH=%s to config %q: %v\nYou must set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
-		} else {
-			rootCfg.Section("").Key("WORK_PATH").SetValue(setting.AppWorkPath)
-			saveCfg.Section("").Key("WORK_PATH").SetValue(setting.AppWorkPath)
-			if err = saveCfg.Save(); err != nil {
-				log.Error("Unable to update WORK_PATH=%s to config %q: %v\nYou must set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
-			}
-		}
-	}
-
-	routers.InitWebInstalled(graceful.GetManager().HammerContext())
-
-	// We check that AppDataPath exists here (it should have been created during installation)
-	// We can't check it in `InitWebInstalled`, because some integration tests
-	// use cmd -> InitWebInstalled, but the AppDataPath doesn't exist during those tests.
-	if _, err := os.Stat(setting.AppDataPath); err != nil {
-		log.Fatal("Can not find APP_DATA_PATH %q", setting.AppDataPath)
-	}
-
-	// Override the provided port number within the configuration
-	if ctx.IsSet("port") {
-		if err := setPort(ctx.String("port")); err != nil {
-			return err
-		}
-	}
-
-	// Set up Chi routes
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
-	err := listen(c, true)
-	<-graceful.GetManager().Done()
-	log.Info("PID: %d Gitea Web Finished", os.Getpid())
-	log.GetManager().Close()
-	return err
-}
-
-func servePprof() {
-	http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
-	_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
-	// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
-	log.Info("Starting pprof server on localhost:6060")
-	log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
-	finished()
-}
-
 func runWeb(ctx *cli.Context) error {
 	if ctx.Bool("verbose") {
-		setupConsoleLogger(log.TRACE, log.CanColorStdout, os.Stdout)
+		_ = log.DelLogger("console")
+		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "trace", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
 	} else if ctx.Bool("quiet") {
-		setupConsoleLogger(log.FATAL, log.CanColorStdout, os.Stdout)
+		_ = log.DelLogger("console")
+		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "fatal", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
 	}
 	defer func() {
 		if panicked := recover(); panicked != nil {
@@ -229,22 +108,81 @@ func runWeb(ctx *cli.Context) error {

 	// Set pid file setting
 	if ctx.IsSet("pid") {
-		createPIDFile(ctx.String("pid"))
+		setting.PIDFile = ctx.String("pid")
+		setting.WritePIDFile = true
 	}

-	if !setting.InstallLock {
-		if err := serveInstall(ctx); err != nil {
+	// Perform pre-initialization
+	needsInstall := install.PreloadSettings(graceful.GetManager().HammerContext())
+	if needsInstall {
+		// Flag for port number in case first time run conflict
+		if ctx.IsSet("port") {
+			if err := setPort(ctx.String("port")); err != nil {
+				return err
+			}
+		}
+		if ctx.IsSet("install-port") {
+			if err := setPort(ctx.String("install-port")); err != nil {
+				return err
+			}
+		}
+		installCtx, cancel := context.WithCancel(graceful.GetManager().HammerContext())
+		c := install.Routes(installCtx)
+		err := listen(c, false)
+		cancel()
+		if err != nil {
+			log.Critical("Unable to open listener for installer. Is Gitea already running?")
+			graceful.GetManager().DoGracefulShutdown()
+		}
+		select {
+		case <-graceful.GetManager().IsShutdown():
+			<-graceful.GetManager().Done()
+			log.Info("PID: %d Gitea Web Finished", os.Getpid())
+			log.Close()
 			return err
+		default:
 		}
 	} else {
 		NoInstallListener()
 	}

 	if setting.EnablePprof {
-		go servePprof()
+		go func() {
+			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
+			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
+			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
+			log.Info("Starting pprof server on localhost:6060")
+			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
+			finished()
+		}()
 	}

-	return serveInstalled(ctx)
+	log.Info("Global init")
+	// Perform global initialization
+	setting.LoadFromExisting()
+	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
+
+	// We check that AppDataPath exists here (it should have been created during installation)
+	// We can't check it in `GlobalInitInstalled`, because some integration tests
+	// use cmd -> GlobalInitInstalled, but the AppDataPath doesn't exist during those tests.
+	if _, err := os.Stat(setting.AppDataPath); err != nil {
+		log.Fatal("Can not find APP_DATA_PATH '%s'", setting.AppDataPath)
+	}
+
+	// Override the provided port number within the configuration
+	if ctx.IsSet("port") {
+		if err := setPort(ctx.String("port")); err != nil {
+			return err
+		}
+	}
+
+	// Set up Chi routes
+	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	err := listen(c, true)
+	<-graceful.GetManager().Done()
+	log.Info("PID: %d Gitea Web Finished", os.Getpid())
+	log.Close()
+	return err
 }

 func setPort(port string) error {
@@ -265,16 +203,9 @@ func setPort(port string) error {
 		defaultLocalURL += ":" + setting.HTTPPort + "/"

 		// Save LOCAL_ROOT_URL if port changed
-		rootCfg := setting.CfgProvider
-		saveCfg, err := rootCfg.PrepareSaving()
-		if err != nil {
-			return fmt.Errorf("failed to save config file: %v", err)
-		}
-		rootCfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
-		saveCfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
-		if err = saveCfg.Save(); err != nil {
-			return fmt.Errorf("failed to save config file: %v", err)
-		}
+		setting.CreateOrAppendToCustomConf("server.LOCAL_ROOT_URL", func(cfg *ini.File) {
+			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
+		})
 	}
 	return nil
 }
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/contrib/autoboot.sh
+++ b/contrib/autoboot.sh
@@ -0,0 +1,2 @@
+#!/bin/sh
+su git -c "/home/git/gogs/scripts/gogs_supervisord.sh restart"
--- a/contrib/autocompletion/README
+++ b/contrib/autocompletion/README
@@ -1,17 +0,0 @@
-Bash and Zsh completion
-=======================
-
-From within the gitea root run:
-
-```bash
-source contrib/autocompletion/bash_autocomplete
-```
-
-or for zsh run:
-
-```bash
-source contrib/autocompletion/zsh_autocomplete
-```
-
-These scripts will check if gitea is on the path and if so add autocompletion for `gitea`. Or if not autocompletion will work for `./gitea`.
-If gitea has been installed as a different program pass in the `PROG` environment variable to set the correct program name.
--- a/contrib/autocompletion/bash_autocomplete
+++ b/contrib/autocompletion/bash_autocomplete
@@ -1,30 +0,0 @@
-#! /bin/bash
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_bash_autocomplete() {
-  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
-    local cur opts base
-    COMPREPLY=()
-    cur="${COMP_WORDS[COMP_CWORD]}"
-    if [[ "$cur" == "-"* ]]; then
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
-    else
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
-    fi
-    COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-    return 0
-  fi
-}
-
-if [ -z "$PROG" ] && [ ! "$(command -v gitea &> /dev/null)" ] ; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete gitea
-elif [ -z "$PROG" ]; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete ./gitea
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PWD/gitea"
-else
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PROG"
-  unset PROG
-fi
-
-
-
--- a/contrib/autocompletion/zsh_autocomplete
+++ b/contrib/autocompletion/zsh_autocomplete
@@ -1,30 +0,0 @@
-#compdef ${PROG:=gitea}
-
-
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_zsh_autocomplete() {
-
-  local -a opts
-  local cur
-  cur=${words[-1]}
-  if [[ "$cur" == "-"* ]]; then
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
-  else
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}")
-  fi
-
-  if [[ "${opts[1]}" != "" ]]; then
-    _describe 'values' opts
-  else
-    _files
-  fi
-
-  return
-}
-
-if [ -z $PROG ] ; then
-  compdef _cli_zsh_autocomplete gitea
-else
-  compdef _cli_zsh_autocomplete $(basename $PROG)
-fi
--- a/contrib/backport/README
+++ b/contrib/backport/README
@@ -1,41 +0,0 @@
-`backport`
-==========
-
-`backport` is a command to help create backports of PRs. It backports a
-provided PR from main on to a released version.
-
-It will create a backport branch, cherry-pick the PR's merge commit, adjust
-the commit message and then push this back up to your fork's remote.
-
-The default version will read from `docs/config.yml`. You can override this
-using the option `--version`.
-
-The upstream branches will be fetched, using the remote `origin`. This can
-be overrided using `--upstream`, and fetching can be avoided using
-`--no-fetch`.
-
-By default the branch created will be called `backport-$PR-$VERSION`. You
-can override this using the option `--backport-branch`. This branch will
-be created from `--release-branch` which is `release/$(VERSION)`
-by default and will be pulled from `$(UPSTREAM)`.
-
-The merge-commit as determined by the github API will be used as the SHA to
-cherry-pick. You can override this using `--cherry-pick`.
-
-The commit message will be amended to add the `Backport` header.
-`--no-amend-message` can be set to stop this from happening.
-
-If cherry-pick is successful the backported branch will be pushed up to your
-fork using your remote. These will be determined using `git remote -v`. You
-can set your fork name using `--fork-user` and your remote name using
-`--remote`. You can avoid pushing using `--no-push`.
-
-If the push is successful, `xdg-open` will be called to open a backport url.
-You can stop this using `--no-xdg-open`.
-
-Installation
-============
-
-```bash
-go install contrib/backport/backport.go
-```
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@@ -1,474 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//nolint:forbidigo
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net/http"
-	"os"
-	"os/exec"
-	"os/signal"
-	"path"
-	"strconv"
-	"strings"
-	"syscall"
-
-	"github.com/google/go-github/v52/github"
-	"github.com/urfave/cli"
-	"gopkg.in/yaml.v3"
-)
-
-const defaultVersion = "v1.18" // to backport to
-
-func main() {
-	app := cli.NewApp()
-	app.Name = "backport"
-	app.Usage = "Backport provided PR-number on to the current or previous released version"
-	app.Description = `Backport will look-up the PR in Gitea's git log and attempt to cherry-pick it on the current version`
-	app.ArgsUsage = "<PR-to-backport>"
-
-	app.Flags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "version",
-			Usage: "Version branch to backport on to",
-		},
-		cli.StringFlag{
-			Name:  "upstream",
-			Value: "origin",
-			Usage: "Upstream remote for the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "release-branch",
-			Value: "",
-			Usage: "Release branch to backport on. Will default to release/<version>",
-		},
-		cli.StringFlag{
-			Name:  "cherry-pick",
-			Usage: "SHA to cherry-pick as backport",
-		},
-		cli.StringFlag{
-			Name:  "backport-branch",
-			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
-		},
-		cli.StringFlag{
-			Name:  "remote",
-			Value: "",
-			Usage: "Remote for your fork of the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "fork-user",
-			Value: "",
-			Usage: "Forked user name on Github",
-		},
-		cli.BoolFlag{
-			Name:  "no-fetch",
-			Usage: "Set this flag to prevent fetch of remote branches",
-		},
-		cli.BoolFlag{
-			Name:  "no-amend-message",
-			Usage: "Set this flag to prevent automatic amendment of the commit message",
-		},
-		cli.BoolFlag{
-			Name:  "no-push",
-			Usage: "Set this flag to prevent pushing the backport up to your fork",
-		},
-		cli.BoolFlag{
-			Name:  "no-xdg-open",
-			Usage: "Set this flag to not use xdg-open to open the PR URL",
-		},
-		cli.BoolFlag{
-			Name:  "continue",
-			Usage: "Set this flag to continue from a git cherry-pick that has broken",
-		},
-	}
-	cli.AppHelpTemplate = `NAME:
-	{{.Name}} - {{.Usage}}
-USAGE:
-	{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
-	{{if len .Authors}}
-AUTHOR:
-	{{range .Authors}}{{ . }}{{end}}
-	{{end}}{{if .Commands}}
-OPTIONS:
-	{{range .VisibleFlags}}{{.}}
-	{{end}}{{end}}
-`
-
-	app.Action = runBackport
-
-	if err := app.Run(os.Args); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to backport: %v\n", err)
-	}
-}
-
-func runBackport(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	continuing := c.Bool("continue")
-
-	var pr string
-
-	version := c.String("version")
-	if version == "" && continuing {
-		// determine version from current branch name
-		var err error
-		pr, version, err = readCurrentBranch(ctx)
-		if err != nil {
-			return err
-		}
-	}
-	if version == "" {
-		version = readVersion()
-	}
-	if version == "" {
-		version = defaultVersion
-	}
-
-	upstream := c.String("upstream")
-	if upstream == "" {
-		upstream = "origin"
-	}
-
-	forkUser := c.String("fork-user")
-	remote := c.String("remote")
-	if remote == "" && !c.Bool("--no-push") {
-		var err error
-		remote, forkUser, err = determineRemote(ctx, forkUser)
-		if err != nil {
-			return err
-		}
-	}
-
-	upstreamReleaseBranch := c.String("release-branch")
-	if upstreamReleaseBranch == "" {
-		upstreamReleaseBranch = path.Join("release", version)
-	}
-
-	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)
-
-	args := c.Args()
-	if len(args) == 0 && pr == "" {
-		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
-	} else if len(args) != 1 && pr == "" {
-		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
-	}
-	if pr == "" {
-		pr = args[0]
-	}
-
-	backportBranch := c.String("backport-branch")
-	if backportBranch == "" {
-		backportBranch = "backport-" + pr + "-" + version
-	}
-
-	fmt.Printf("* Backporting %s to %s as %s\n", pr, localReleaseBranch, backportBranch)
-
-	sha := c.String("cherry-pick")
-	if sha == "" {
-		var err error
-		sha, err = determineSHAforPR(ctx, pr)
-		if err != nil {
-			return err
-		}
-	}
-	if sha == "" {
-		return fmt.Errorf("unable to determine sha for cherry-pick of %s", pr)
-	}
-
-	if !c.Bool("no-fetch") {
-		if err := fetchRemoteAndMain(ctx, upstream, upstreamReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if !continuing {
-		if err := checkoutBackportBranch(ctx, backportBranch, localReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if err := cherrypick(ctx, sha); err != nil {
-		return err
-	}
-
-	if !c.Bool("no-amend-message") {
-		if err := amendCommit(ctx, pr); err != nil {
-			return err
-		}
-	}
-
-	if !c.Bool("no-push") {
-		url := "https://github.com/go-gitea/gitea/compare/" + upstreamReleaseBranch + "..." + forkUser + ":" + backportBranch
-
-		if err := gitPushUp(ctx, remote, backportBranch); err != nil {
-			return err
-		}
-
-		if !c.Bool("no-xdg-open") {
-			if err := xdgOpen(ctx, url); err != nil {
-				return err
-			}
-		} else {
-			fmt.Printf("* Navigate to %s to open PR\n", url)
-		}
-	}
-	return nil
-}
-
-func xdgOpen(ctx context.Context, url string) error {
-	fmt.Printf("* `xdg-open %s`\n", url)
-	out, err := exec.CommandContext(ctx, "xdg-open", url).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to xdg-open to %s: %w", url, err)
-	}
-	return nil
-}
-
-func gitPushUp(ctx context.Context, remote, backportBranch string) error {
-	fmt.Printf("* `git push -u %s %s`\n", remote, backportBranch)
-	out, err := exec.CommandContext(ctx, "git", "push", "-u", remote, backportBranch).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to push up to %s: %w", remote, err)
-	}
-	return nil
-}
-
-func amendCommit(ctx context.Context, pr string) error {
-	fmt.Printf("* Amending commit to prepend `Backport #%s` to body\n", pr)
-	out, err := exec.CommandContext(ctx, "git", "log", "-1", "--pretty=format:%B").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to get last log message: %w", err)
-	}
-
-	parts := strings.SplitN(string(out), "\n", 2)
-
-	if len(parts) != 2 {
-		return fmt.Errorf("unable to interpret log message:\n%s", string(out))
-	}
-	subject, body := parts[0], parts[1]
-	if !strings.HasSuffix(subject, " (#"+pr+")") {
-		subject = subject + " (#" + pr + ")"
-	}
-
-	out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to amend last log message: %w", err)
-	}
-	return nil
-}
-
-func cherrypick(ctx context.Context, sha string) error {
-	// Check if a CHERRY_PICK_HEAD exists
-	if _, err := os.Stat(".git/CHERRY_PICK_HEAD"); err == nil {
-		// Assume that we are in the middle of cherry-pick - continue it
-		fmt.Println("* Attempting git cherry-pick --continue")
-		out, err := exec.CommandContext(ctx, "git", "cherry-pick", "--continue").Output()
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "git cherry-pick --continue failed:\n%s\n", string(out))
-			return fmt.Errorf("unable to continue cherry-pick: %w", err)
-		}
-		return nil
-	}
-
-	fmt.Printf("* Attempting git cherry-pick %s\n", sha)
-	out, err := exec.CommandContext(ctx, "git", "cherry-pick", sha).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "git cherry-pick %s failed:\n%s\n", sha, string(out))
-		return fmt.Errorf("git cherry-pick %s failed: %w", sha, err)
-	}
-	return nil
-}
-
-func checkoutBackportBranch(ctx context.Context, backportBranch, releaseBranch string) error {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		return fmt.Errorf("unable to check current branch %w", err)
-	}
-
-	currentBranch := strings.TrimSpace(string(out))
-	fmt.Printf("* Current branch is %s\n", currentBranch)
-	if currentBranch == backportBranch {
-		fmt.Printf("* Current branch is %s - not checking out\n", currentBranch)
-		return nil
-	}
-
-	if _, err := exec.CommandContext(ctx, "git", "rev-list", "-1", backportBranch).Output(); err == nil {
-		fmt.Printf("* Branch %s already exists. Checking it out...\n", backportBranch)
-		return exec.CommandContext(ctx, "git", "checkout", "-f", backportBranch).Run()
-	}
-
-	fmt.Printf("* `git checkout -b %s %s`\n", backportBranch, releaseBranch)
-	return exec.CommandContext(ctx, "git", "checkout", "-b", backportBranch, releaseBranch).Run()
-}
-
-func fetchRemoteAndMain(ctx context.Context, remote, releaseBranch string) error {
-	fmt.Printf("* `git fetch %s main`\n", remote)
-	out, err := exec.CommandContext(ctx, "git", "fetch", remote, "main").Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", "main", remote, err)
-	}
-	fmt.Println(string(out))
-
-	fmt.Printf("* `git fetch %s %s`\n", remote, releaseBranch)
-	out, err = exec.CommandContext(ctx, "git", "fetch", remote, releaseBranch).Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", releaseBranch, remote, err)
-	}
-	fmt.Println(string(out))
-
-	return nil
-}
-
-func determineRemote(ctx context.Context, forkUser string) (string, string, error) {
-	out, err := exec.CommandContext(ctx, "git", "remote", "-v").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to list git remotes:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to determine forked remote: %w", err)
-	}
-	lines := strings.Split(string(out), "\n")
-	for _, line := range lines {
-		fields := strings.Split(line, "\t")
-		name, remote := fields[0], fields[1]
-		// only look at pushers
-		if !strings.HasSuffix(remote, " (push)") {
-			continue
-		}
-		// only look at github.com pushes
-		if !strings.Contains(remote, "github.com") {
-			continue
-		}
-		// ignore go-gitea/gitea
-		if strings.Contains(remote, "go-gitea/gitea") {
-			continue
-		}
-		if !strings.Contains(remote, forkUser) {
-			continue
-		}
-		if strings.HasPrefix(remote, "git@github.com:") {
-			forkUser = strings.TrimPrefix(remote, "git@github.com:")
-		} else if strings.HasPrefix(remote, "https://github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://github.com/")
-		} else if strings.HasPrefix(remote, "https://www.github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://www.github.com/")
-		} else if forkUser == "" {
-			return "", "", fmt.Errorf("unable to extract forkUser from remote %s: %s", name, remote)
-		}
-		idx := strings.Index(forkUser, "/")
-		if idx >= 0 {
-			forkUser = forkUser[:idx]
-		}
-		return name, forkUser, nil
-	}
-	return "", "", fmt.Errorf("unable to find appropriate remote in:\n%s", string(out))
-}
-
-func readCurrentBranch(ctx context.Context) (pr, version string, err error) {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read current git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to read current git branch: %w", err)
-	}
-	parts := strings.Split(strings.TrimSpace(string(out)), "-")
-
-	if len(parts) != 3 || parts[0] != "backport" {
-		fmt.Fprintf(os.Stderr, "Unable to continue from git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to continue from git branch:\n%s", string(out))
-	}
-
-	return parts[1], parts[2], nil
-}
-
-func readVersion() string {
-	bs, err := os.ReadFile("docs/config.yaml")
-	if err != nil {
-		if err == os.ErrNotExist {
-			log.Println("`docs/config.yaml` not present")
-			return ""
-		}
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	type params struct {
-		Version string
-	}
-	type docConfig struct {
-		Params params
-	}
-	dc := &docConfig{}
-	if err := yaml.Unmarshal(bs, dc); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	if dc.Params.Version == "" {
-		fmt.Fprintf(os.Stderr, "No version in `docs/config.yaml`")
-		return ""
-	}
-
-	version := dc.Params.Version
-	if version[0] != 'v' {
-		version = "v" + version
-	}
-
-	split := strings.SplitN(version, ".", 3)
-
-	return strings.Join(split[:2], ".")
-}
-
-func determineSHAforPR(ctx context.Context, prStr string) (string, error) {
-	prNum, err := strconv.Atoi(prStr)
-	if err != nil {
-		return "", err
-	}
-
-	client := github.NewClient(http.DefaultClient)
-
-	pr, _, err := client.PullRequests.Get(ctx, "go-gitea", "gitea", prNum)
-	if err != nil {
-		return "", err
-	}
-
-	if pr.Merged == nil || !*pr.Merged {
-		return "", fmt.Errorf("PR #%d is not yet merged - cannot determine sha to backport", prNum)
-	}
-
-	if pr.MergeCommitSHA != nil {
-		return *pr.MergeCommitSHA, nil
-	}
-
-	return "", nil
-}
-
-func installSignals() (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(context.Background())
-	go func() {
-		// install notify
-		signalChannel := make(chan os.Signal, 1)
-
-		signal.Notify(
-			signalChannel,
-			syscall.SIGINT,
-			syscall.SIGTERM,
-		)
-		select {
-		case <-signalChannel:
-		case <-ctx.Done():
-		}
-		cancel()
-		signal.Reset()
-	}()
-
-	return ctx, cancel
-}
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -1,16 +1,21 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

 import (
 	"os"
+	"regexp"
+	"strconv"
 	"strings"

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"

 	"github.com/urfave/cli"
+	ini "gopkg.in/ini.v1"
 )

 // EnvironmentPrefix environment variables prefixed with this represent ini values to write
@@ -28,10 +33,6 @@ func main() {
 	will be mapped to the ini section "[section_name]" and the key
 	"KEY_NAME" with the value as provided.

-	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME__FILE"
-	will be mapped to the ini section "[section_name]" and the key
-	"KEY_NAME" with the value loaded from the specified file.
-
 	Environment variables are usually restricted to a reduced character
 	set "0-9A-Z_" - in order to allow the setting of sections with
 	characters outside of that set, they should be escaped as following:
@@ -81,6 +82,8 @@ func main() {
 		},
 	}
 	app.Action = runEnvironmentToIni
+	setting.SetCustomPathAndConf("", "", "")
+
 	err := app.Run(os.Args)
 	if err != nil {
 		log.Fatal("Failed to run app with %s: %v", os.Args, err)
@@ -88,22 +91,66 @@ func main() {
 }

 func runEnvironmentToIni(c *cli.Context) error {
-	setting.InitWorkPathAndCommonConfig(os.Getenv, setting.ArgWorkPathAndCustomConf{
-		WorkPath:   c.String("work-path"),
-		CustomPath: c.String("custom-path"),
-		CustomConf: c.String("config"),
-	})
+	providedCustom := c.String("custom-path")
+	providedConf := c.String("config")
+	providedWorkPath := c.String("work-path")
+	setting.SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath)

-	cfg, err := setting.NewConfigProviderFromFile(setting.CustomConf)
+	cfg := ini.Empty()
+	isFile, err := util.IsFile(setting.CustomConf)
 	if err != nil {
-		log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+		log.Fatal("Unable to check if %s is a file. Error: %v", setting.CustomConf, err)
 	}
+	if isFile {
+		if err := cfg.Append(setting.CustomConf); err != nil {
+			log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+		}
+	} else {
+		log.Warn("Custom config '%s' not found, ignore this if you're running first time", setting.CustomConf)
+	}
+	cfg.NameMapper = ini.SnackCase

-	prefixGitea := c.String("prefix") + "__"
-	suffixFile := "__FILE"
-	changed := setting.EnvironmentToConfig(cfg, prefixGitea, suffixFile, os.Environ())
+	changed := false

-	// try to save the config file
+	prefix := c.String("prefix") + "__"
+
+	for _, kv := range os.Environ() {
+		idx := strings.IndexByte(kv, '=')
+		if idx < 0 {
+			continue
+		}
+		eKey := kv[:idx]
+		value := kv[idx+1:]
+		if !strings.HasPrefix(eKey, prefix) {
+			continue
+		}
+		eKey = eKey[len(prefix):]
+		sectionName, keyName := DecodeSectionKey(eKey)
+		if len(keyName) == 0 {
+			continue
+		}
+		section, err := cfg.GetSection(sectionName)
+		if err != nil {
+			section, err = cfg.NewSection(sectionName)
+			if err != nil {
+				log.Error("Error creating section: %s : %v", sectionName, err)
+				continue
+			}
+		}
+		key := section.Key(keyName)
+		if key == nil {
+			key, err = section.NewKey(keyName, value)
+			if err != nil {
+				log.Error("Error creating key: %s in section: %s with value: %s : %v", keyName, sectionName, value, err)
+				continue
+			}
+		}
+		oldValue := key.Value()
+		if !changed && oldValue != value {
+			changed = true
+		}
+		key.SetValue(value)
+	}
 	destination := c.String("out")
 	if len(destination) == 0 {
 		destination = setting.CustomConf
@@ -115,8 +162,6 @@ func runEnvironmentToIni(c *cli.Context) error {
 			return err
 		}
 	}
-
-	// clear Gitea's specific environment variables if requested
 	if c.Bool("clear") {
 		for _, kv := range os.Environ() {
 			idx := strings.IndexByte(kv, '=')
@@ -124,11 +169,69 @@ func runEnvironmentToIni(c *cli.Context) error {
 				continue
 			}
 			eKey := kv[:idx]
-			if strings.HasPrefix(eKey, prefixGitea) {
+			if strings.HasPrefix(eKey, prefix) {
 				_ = os.Unsetenv(eKey)
 			}
 		}
 	}
-
 	return nil
 }
+
+const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_"
+
+var escapeRegex = regexp.MustCompile(escapeRegexpString)
+
+// DecodeSectionKey will decode a portable string encoded Section__Key pair
+// Portable strings are considered to be of the form [A-Z0-9_]*
+// We will encode a disallowed value as the UTF8 byte string preceded by _0X and
+// followed by _. E.g. _0X2C_ for a '-' and _0X2E_ for '.'
+// Section and Key are separated by a plain '__'.
+// The entire section can be encoded as a UTF8 byte string
+func DecodeSectionKey(encoded string) (string, string) {
+	section := ""
+	key := ""
+
+	inKey := false
+	last := 0
+	escapeStringIndices := escapeRegex.FindAllStringIndex(encoded, -1)
+	for _, unescapeIdx := range escapeStringIndices {
+		preceding := encoded[last:unescapeIdx[0]]
+		if !inKey {
+			if splitter := strings.Index(preceding, "__"); splitter > -1 {
+				section += preceding[:splitter]
+				inKey = true
+				key += preceding[splitter+2:]
+			} else {
+				section += preceding
+			}
+		} else {
+			key += preceding
+		}
+		toDecode := encoded[unescapeIdx[0]+3 : unescapeIdx[1]-1]
+		decodedBytes := make([]byte, len(toDecode)/2)
+		for i := 0; i < len(toDecode)/2; i++ {
+			// Can ignore error here as we know these should be hexadecimal from the regexp
+			byteInt, _ := strconv.ParseInt(toDecode[2*i:2*i+2], 16, 0)
+			decodedBytes[i] = byte(byteInt)
+		}
+		if inKey {
+			key += string(decodedBytes)
+		} else {
+			section += string(decodedBytes)
+		}
+		last = unescapeIdx[1]
+	}
+	remaining := encoded[last:]
+	if !inKey {
+		if splitter := strings.Index(remaining, "__"); splitter > -1 {
+			section += remaining[:splitter]
+			key += remaining[splitter+2:]
+		} else {
+			section += remaining
+		}
+	} else {
+		key += remaining
+	}
+	section = strings.ToLower(section)
+	return section, key
+}
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -1,7 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

-//nolint:forbidigo
 package main

 import (
--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -29,7 +29,7 @@ local addIssueLabelsOverrides(labels) =

  grafanaDashboards+:: {

-    local giteaSelector = 'job=~"$job", instance=~"$instance"',
+    local giteaSelector = 'job="$job", instance="$instance"',
    local giteaStatsPanel =
      grafana.statPanel.new(
        'Gitea stats',
@@ -399,31 +399,25 @@ local addIssueLabelsOverrides(labels) =
      .addTemplate(
        {
          hide: 0,
-          label: 'job',
+          label: null,
          name: 'job',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations, job)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
        {
          hide: 0,
-          label: 'instance',
+          label: null,
          name: 'instance',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations{job="$job"}, instance)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
--- a/contrib/init/ubuntu/gitea
+++ b/contrib/init/ubuntu/gitea
@@ -1,84 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          gitea
-# Required-Start:    $syslog $network
-# Required-Stop:     $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: A self-hosted Git service written in Go.
-# Description:       A self-hosted Git service written in Go.
-### END INIT INFO
-
-# Do NOT "set -e"
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
-DESC="Gitea - Git with a cup of tea"
-NAME=gitea
-SERVICEVERBOSE=yes
-PIDFILE=/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
-WORKINGDIR=/var/lib/$NAME
-DAEMON=/usr/local/bin/$NAME
-DAEMON_ARGS="web -c /etc/$NAME/app.ini"
-USER=git
-STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/1/KILL/5}"
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-do_start()
-{
-    GITEA_ENVS="USER=$USER GITEA_WORK_DIR=$WORKINGDIR HOME=/home/$USER"
-    GITEA_EXEC="$DAEMON -- $DAEMON_ARGS"
-    sh -c "start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \\
-        --background --chdir $WORKINGDIR --chuid $USER \\
-        --exec /bin/bash -- -c '/usr/bin/env $GITEA_ENVS $GITEA_EXEC'"
-}
-
-do_stop()
-{
-    start-stop-daemon --stop --quiet --retry=$STOP_SCHEDULE --pidfile $PIDFILE --name $NAME --oknodo
-    rm -f $PIDFILE
-}
-
-do_status()
-{
-    if [ -f $PIDFILE ]; then
-        if kill -0 $(cat "$PIDFILE"); then
-            echo "$NAME is running, PID is $(cat $PIDFILE)"
-        else
-            echo "$NAME process is dead, but pidfile exists"
-        fi
-    else
-        echo "$NAME is not running"
-    fi
-}
-
-case "$1" in
-    start)
-        echo "Starting $DESC" "$NAME"
-        do_start
-        ;;
-    stop)
-        echo "Stopping $DESC" "$NAME"
-        do_stop
-        ;;
-    status)
-        do_status
-        ;;
-    restart)
-        echo "Restarting $DESC" "$NAME"
-        do_stop
-        do_start
-        ;;
-    *)
-        echo "Usage: $SCRIPTNAME {start|stop|status|restart}" >&2
-        exit 2
-        ;;
-esac
-
-exit 0
--- a/contrib/mysql.sql
+++ b/contrib/mysql.sql
@@ -0,0 +1,2 @@
+DROP DATABASE IF EXISTS gitea;
+CREATE DATABASE IF NOT EXISTS gitea CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -0,0 +1,267 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package main
+
+/*
+Checkout a PR and load the tests data into sqlite database
+*/
+
+import (
+	"context"
+	"flag"
+	"fmt"
+	"log"
+	"net/http"
+	"os"
+	"os/exec"
+	"os/user"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"time"
+
+	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models/unittest"
+	gitea_git "code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/graceful"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/external"
+	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/routers"
+	markup_service "code.gitea.io/gitea/services/markup"
+
+	"github.com/go-git/go-git/v5"
+	"github.com/go-git/go-git/v5/config"
+	"github.com/go-git/go-git/v5/plumbing"
+	"xorm.io/xorm"
+)
+
+var codeFilePath = "contrib/pr/checkout.go"
+
+func runPR() {
+	log.Printf("[PR] Starting gitea ...\n")
+	curDir, err := os.Getwd()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.SetCustomPathAndConf("", "", "")
+	setting.LoadAllowEmpty()
+
+	setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppDataPath, err = os.MkdirTemp(os.TempDir(), "appdata")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppWorkPath = curDir
+	setting.StaticRootPath = curDir
+	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
+	setting.AppURL = "http://localhost:8080/"
+	setting.HTTPPort = "8080"
+	setting.SSH.Domain = "localhost"
+	setting.SSH.Port = 3000
+	setting.InstallLock = true
+	setting.SecretKey = "9pCviYTWSb"
+	setting.InternalToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8"
+	curUser, err := user.Current()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.RunUser = curUser.Username
+
+	log.Printf("[PR] Loading fixtures data ...\n")
+	//models.LoadConfigs()
+	/*
+		setting.Database.Type = "sqlite3"
+		setting.Database.Path = ":memory:"
+		setting.Database.Timeout = 500
+	*/
+	dbCfg := setting.Cfg.Section("database")
+	dbCfg.NewKey("DB_TYPE", "sqlite3")
+	dbCfg.NewKey("PATH", ":memory:")
+
+	routers.InitGitServices()
+	setting.Database.LogSQL = true
+	// x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+
+	db.InitEngineWithMigration(context.Background(), func(_ *xorm.Engine) error {
+		return nil
+	})
+	db.HasEngine = true
+	// x.ShowSQL(true)
+	err = unittest.InitFixtures(
+		unittest.FixturesOptions{
+			Dir: path.Join(curDir, "models/fixtures/"),
+		},
+	)
+	if err != nil {
+		fmt.Printf("Error initializing test database: %v\n", err)
+		os.Exit(1)
+	}
+	unittest.LoadFixtures()
+	util.RemoveAll(setting.RepoRootPath)
+	util.RemoveAll(repo_module.LocalCopyPath())
+	unittest.CopyDir(path.Join(curDir, "tests/gitea-repositories-meta"), setting.RepoRootPath)
+
+	log.Printf("[PR] Setting up router\n")
+	// routers.GlobalInit()
+	external.RegisterRenderers()
+	markup.Init(markup_service.ProcessorHelper())
+	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+
+	log.Printf("[PR] Ready for testing !\n")
+	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
+	/*
+		log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+
+		if setting.LFS.StartServer {
+			log.Info("LFS server enabled")
+		}
+
+		if setting.EnablePprof {
+			go func() {
+				log.Info("Starting pprof server on localhost:6060")
+				log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			}()
+		}
+	*/
+
+	// Start the server
+	http.ListenAndServe(":8080", c)
+
+	log.Printf("[PR] Cleaning up ...\n")
+	/*
+		if err = util.RemoveAll(setting.Indexer.IssuePath); err != nil {
+			fmt.Printf("util.RemoveAll: %v\n", err)
+			os.Exit(1)
+		}
+		if err = util.RemoveAll(setting.Indexer.RepoPath); err != nil {
+			fmt.Printf("Unable to remove repo indexer: %v\n", err)
+			os.Exit(1)
+		}
+	*/
+	if err = util.RemoveAll(setting.RepoRootPath); err != nil {
+		log.Fatalf("util.RemoveAll: %v\n", err)
+	}
+	if err = util.RemoveAll(setting.AppDataPath); err != nil {
+		log.Fatalf("util.RemoveAll: %v\n", err)
+	}
+}
+
+func main() {
+	runPRFlag := flag.Bool("run", false, "Run the PR code")
+	flag.Parse()
+	if *runPRFlag {
+		runPR()
+		return
+	}
+
+	// To force checkout (e.g. Windows complains about unclean work tree) set env variable FORCE=true
+	force, err := strconv.ParseBool(os.Getenv("FORCE"))
+	if err != nil {
+		force = false
+	}
+
+	// Otherwise checkout PR
+	if len(os.Args) != 2 {
+		log.Fatal("Need only one arg: the PR number")
+	}
+	pr := os.Args[1]
+
+	codeFilePath = filepath.FromSlash(codeFilePath) // Convert to running OS
+
+	// Copy this file if it will not exist in the PR branch
+	dat, err := os.ReadFile(codeFilePath)
+	if err != nil {
+		log.Fatalf("Failed to cache this code file : %v", err)
+	}
+
+	repo, err := git.PlainOpen(".")
+	if err != nil {
+		log.Fatalf("Failed to open the repo : %v", err)
+	}
+
+	// Find remote upstream
+	remotes, err := repo.Remotes()
+	if err != nil {
+		log.Fatalf("Failed to list remotes of repo : %v", err)
+	}
+	remoteUpstream := "origin" // Default
+	for _, r := range remotes {
+		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea.git" ||
+			r.Config().URLs[0] == "https://github.com/go-gitea/gitea" ||
+			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { // fetch at index 0
+			remoteUpstream = r.Config().Name
+			break
+		}
+	}
+
+	branch := fmt.Sprintf("pr-%s-%d", pr, time.Now().Unix())
+	branchRef := plumbing.NewBranchReferenceName(branch)
+
+	log.Printf("Fetching PR #%s in %s\n", pr, branch)
+	if runtime.GOOS == "windows" {
+		// Use git cli command for windows
+		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
+	} else {
+		ref := fmt.Sprintf("%s%s/head:%s", gitea_git.PullPrefix, pr, branchRef)
+		err = repo.Fetch(&git.FetchOptions{
+			RemoteName: remoteUpstream,
+			RefSpecs: []config.RefSpec{
+				config.RefSpec(ref),
+			},
+		})
+		if err != nil {
+			log.Fatalf("Failed to fetch %s from %s : %v", ref, remoteUpstream, err)
+		}
+	}
+
+	tree, err := repo.Worktree()
+	if err != nil {
+		log.Fatalf("Failed to parse git tree : %v", err)
+	}
+	log.Printf("Checkout PR #%s in %s\n", pr, branch)
+	err = tree.Checkout(&git.CheckoutOptions{
+		Branch: branchRef,
+		Force:  force,
+	})
+	if err != nil {
+		log.Fatalf("Failed to checkout %s : %v", branch, err)
+	}
+
+	// Copy this file if not exist
+	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0o755)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+		err = os.WriteFile(codeFilePath, dat, 0o644)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+	}
+	// Force build of js, css, bin, ...
+	runCmd("make", "build")
+	// Start with integration test
+	runCmd("go", "run", "-mod", "vendor", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
+}
+
+func runCmd(cmd ...string) {
+	log.Printf("Executing : %s ...\n", cmd)
+	c := exec.Command(cmd[0], cmd[1:]...)
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+	if err := c.Start(); err != nil {
+		log.Panicln(err)
+	}
+	if err := c.Wait(); err != nil {
+		log.Panicln(err)
+	}
+}
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -52,7 +52,7 @@ After=network.target
 # Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
 # LimitNOFILE=524288:524288
 RestartSec=2s
-Type=notify
+Type=simple
 User=git
 Group=git
 WorkingDirectory=/var/lib/gitea/
@@ -62,7 +62,6 @@ WorkingDirectory=/var/lib/gitea/
 ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
-WatchdogSec=30s
 # If you install Git to directory prefix other than default PATH (which happens
 # for example if you install other versions of Git side-to-side with
 # distribution version), uncomment below line and add that prefix to PATH
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@@ -1,6 +1,6 @@
 #!/usr/bin/env bash
 # This is an update script for gitea installed via the binary distribution
-# from dl.gitea.com on linux as systemd service. It performs a backup and updates
+# from dl.gitea.io on linux as systemd service. It performs a backup and updates
 # Gitea in place.
 # NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
 # Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
@@ -10,15 +10,6 @@
 #   upgrade.sh 1.15.10
 #   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh

-# Check if gitea service is running
-if ! pidof gitea &> /dev/null; then
-  echo "Error: gitea is not running."
-  exit 1
-fi
-
-# Continue with rest of the script if gitea is running
-echo "Gitea is running. Continuing with rest of script..."
-
 # apply variables from environment
 : "${giteabin:="/usr/local/bin/gitea"}"
 : "${giteahome:="/var/lib/gitea"}"
@@ -78,7 +69,7 @@ require curl xz sha256sum "$sudocmd"
 # select version to install
 if [[ -z "${giteaversion:-}" ]]; then
  require jq
-  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.com/gitea/version.json | jq -r .latest.version)
+  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
  echo "Latest available version is $giteaversion"
 fi

@@ -100,7 +91,7 @@ cd "$giteahome" # needed for gitea dump later

 # download new binary
 binname="gitea-${giteaversion}-${arch}"
-binurl="https://dl.gitea.com/gitea/${giteaversion}/${binname}.xz"
+binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
 echo "Downloading $binurl..."
 curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"

--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -7,38 +7,6 @@
 ;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.


-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Default Configuration (non-`app.ini` configuration)
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; These values are environment-dependent but form the basis of a lot of values. They will be
-;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
-;;
-;; - _`AppPath`_: This is the absolute path of the running gitea binary.
-;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
-;;   - The `--work-path` flag passed to the binary
-;;   - The environment variable `$GITEA_WORK_DIR`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to the directory of the _`AppPath`_
-;;   - If any of the above are relative paths then they are made absolute against
-;; the directory of the _`AppPath`_
-;; - _`CustomPath`_: This is the base directory for custom templates and other options.
-;; It is determined by using the first set thing in the following hierarchy:
-;;   - The `--custom-path` flag passed to the binary
-;;   - The environment variable `$GITEA_CUSTOM`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`AppWorkPath`_
-;; - _`CustomConf`_: This is the path to the `app.ini` file.
-;;   - The `--config` flag passed to the binary
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`CustomPath`_
-;;
-;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; General Settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -49,9 +17,8 @@ APP_NAME = ; Gitea: Git with a cup of tea
 ;; RUN_USER will automatically detect the current user - but you can set it here change it if you run locally
 RUN_USER = ; git
 ;;
-;; Application run mode, affects performance and debugging: "dev" or "prod", default is "prod"
-;; Mode "dev" makes Gitea easier to develop and debug, values other than "dev" are treated as "prod" which is for production use.
-;RUN_MODE = prod
+;; Application run mode, affects performance and debugging. Either "dev", "prod" or "test", default is "prod"
+RUN_MODE = ; prod

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -59,7 +26,7 @@ RUN_USER = ; git
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
+;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
@@ -84,8 +51,6 @@ RUN_USER = ; git
 ;STATIC_URL_PREFIX =
 ;;
 ;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
-;; Relative paths will be made absolute against the _`AppWorkPath`_.
 ;HTTP_ADDR = 0.0.0.0
 ;;
 ;; The port to listen on. Leave empty when using a unix socket.
@@ -99,7 +64,7 @@ RUN_USER = ; git
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; expect PROXY protocol header on connections to https redirector.
-;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
+;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@@ -126,7 +91,7 @@ RUN_USER = ; git
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
-;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
+;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
@@ -180,15 +145,15 @@ RUN_USER = ; git
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
-;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
+;; relative paths are made absolute relative to the APP_DATA_PATH
 ;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ;;
 ;; Directory to create temporary files in when testing public keys using ssh-keygen,
 ;; default is the system temporary directory.
 ;SSH_KEY_TEST_PATH =
 ;;
-;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
-;SSH_KEYGEN_PATH =
+;; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+;SSH_KEYGEN_PATH = ssh-keygen
 ;;
 ;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
 ;SSH_AUTHORIZED_KEYS_BACKUP = true
@@ -231,6 +196,7 @@ RUN_USER = ; git
 ;;
 ;; Disable CDN even in "prod" mode
 ;OFFLINE_MODE = false
+;DISABLE_ROUTER_LOG = false
 ;;
 ;; TLS Settings: Either ACME or manual
 ;; (Other common TLS configuration are found before)
@@ -275,10 +241,10 @@ RUN_USER = ; git
 ;;
 ;; Root directory containing templates and static files.
 ;; default is the path where Gitea is executed
-;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
+;STATIC_ROOT_PATH =
 ;;
 ;; Default path for App data
-;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
+;APP_DATA_PATH = data
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -289,7 +255,7 @@ RUN_USER = ; git
 ;ENABLE_PPROF = false
 ;;
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
+;PPROF_DATA_PATH = data/tmp/pprof
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ -303,7 +269,7 @@ RUN_USER = ; git
 LFS_JWT_SECRET =
 ;;
 ;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
-;LFS_HTTP_AUTH_EXPIRY = 24h
+;LFS_HTTP_AUTH_EXPIRY = 20m
 ;;
 ;; Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 ;LFS_MAX_FILE_SIZE = 0
@@ -387,7 +353,7 @@ USER = root
 ;ITERATE_BUFFER_SIZE = 50
 ;;
 ;; Show the database generated SQL
-;LOG_SQL = false
+LOG_SQL = false ; if unset defaults to true
 ;;
 ;; Maximum number of DB Connect retries
 ;DB_RETRIES = 10
@@ -403,9 +369,6 @@ USER = root
 ;;
 ;; Database maximum number of open connections, default is 0 meaning no maximum
 ;MAX_OPEN_CONNS = 0
-;;
-;; Whether execute database models migrations automatically
-;AUTO_MIGRATION = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -550,67 +513,78 @@ ENABLE = true
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Main Logger
 ;;
-;; Either "console", "file" or "conn", default is "console"
+;; Either "console", "file", "conn", "smtp" or "database", default is "console"
 ;; Use comma to separate multiple modes, e.g. "console, file"
 MODE = console
 ;;
-;; Either "Trace", "Debug", "Info", "Warn", "Error" or "None", default is "Info"
+;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
 LEVEL = Info
 ;;
-;; Print Stacktrace with logs (rarely helpful, do not set) Either "Trace", "Debug", "Info", "Warn", "Error", default is "None"
-;STACKTRACE_LEVEL = None
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Router Logger
 ;;
-;; Buffer length of the channel, keep it as it is if you don't know what it is.
-;BUFFER_LEN = 10000
+;; Switch off the router log
+;DISABLE_ROUTER_LOG=false
 ;;
-;; Sub logger modes, a single comma means use default MODE above, empty means disable it
-;logger.access.MODE=
-;logger.router.MODE=,
-;logger.xorm.MODE=,
+;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
+ROUTER = console
 ;;
-;; Collect SSH logs (Creates log from ssh git request)
+;; The router will log different things at different levels.
 ;;
-;ENABLE_SSH_LOG = false
+;; * started messages will be logged at TRACE level
+;; * polling/completed routers will be logged at INFO
+;; * slow routers will be logged at WARN
+;; * failed routers will be logged at WARN
 ;;
+;; The routing level will default to that of the system but individual router level can be set in
+;; [log.<mode>.router] LEVEL
+;;
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Access Logger (Creates log in NCSA common log format)
 ;;
-;; Print request id which parsed from request headers in access log, when access log is enabled.
-;; * E.g:
-;; * In request Header:         X-Request-ID: test-id-123
-;; * Configuration in app.ini:  REQUEST_ID_HEADERS = X-Request-ID
-;; * Print in log:              127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "test-id-123"
+;ENABLE_ACCESS_LOG = false
 ;;
-;; If you configure more than one in the .ini file, it will match in the order of configuration,
-;; and the first match will be finally printed in the log.
-;; * E.g:
-;; * In request Header:         X-Trace-ID: trace-id-1q2w3e4r
-;; * Configuration in app.ini:  REQUEST_ID_HEADERS = X-Request-ID, X-Trace-ID, X-Req-ID
-;; * Print in log:              127.0.0.1:58384 - - [14/Feb/2023:16:33:51 +0800] "trace-id-1q2w3e4r"
-;;
-;REQUEST_ID_HEADERS =
+;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
+;ACCESS = file
 ;;
 ;; Sets the template used to create the access log.
-;ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"
-
+;ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Log modes (aka log writers)
+;; SSH log (Creates log from ssh git request)
 ;;
-;[log.%(WriterMode)]
-;MODE=console/file/conn/...
+;ENABLE_SSH_LOG = false
+;;
+;; Other Settings
+;;
+;; Print Stacktraces with logs. (Rarely helpful.) Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+;STACKTRACE_LEVEL = None
+;;
+;; Buffer length of the channel, keep it as it is if you don't know what it is.
+;BUFFER_LEN = 10000
+
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;; Creating specific log configuration
+;;
+;; You can set specific configuration for individual modes and subloggers
+;;
+;; Configuration available to all log modes/subloggers
 ;LEVEL=
 ;FLAGS = stdflags
 ;EXPRESSION =
 ;PREFIX =
 ;COLORIZE = false
 ;;
-;[log.console]
+;; For "console" mode only
 ;STDERR = false
 ;;
-;[log.file]
-;; Set the file_name for the logger. If this is a relative path this will be relative to ROOT_PATH
+;; For "file" mode only
+;LEVEL =
+;; Set the file_name for the logger. If this is a relative path this
+;; will be relative to ROOT_PATH
 ;FILE_NAME =
 ;; This enables automated log rotate(switch of following options), default is true
 ;LOG_ROTATE = true
@@ -624,8 +598,9 @@ LEVEL = Info
 ;COMPRESS = true
 ;; compression level see godoc for compress/gzip
 ;COMPRESSION_LEVEL = -1
-;;
-;[log.conn]
+;
+;; For "conn" mode only
+;LEVEL =
 ;; Reconnect host for every single message, default is false
 ;RECONNECT_ON_MSG = false
 ;; Try to reconnect when connection is lost, default is false
@@ -634,6 +609,19 @@ LEVEL = Info
 ;PROTOCOL = tcp
 ;; Host address
 ;ADDR =
+;
+;; For "smtp" mode only
+;LEVEL =
+;; Name displayed in mail title, default is "Diagnostic message from server"
+;SUBJECT = Diagnostic message from server
+;; Mail server
+;HOST =
+;; Mailer user name and password
+;USER =
+;; Use PASSWD = `your password` for quoting if you use special characters in the password.
+;PASSWD =
+;; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+;RECEIVERS =

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -645,7 +633,7 @@ LEVEL = Info
 ;PATH =
 ;;
 ;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)s/home
+;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -683,24 +671,6 @@ LEVEL = Info
 ;; Disable the usage of using partial clones for git.
 ;DISABLE_PARTIAL_CLONE = false

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Git Operation timeout in seconds
-;[git.timeout]
-;DEFAULT = 360
-;MIGRATE = 600
-;MIRROR = 300
-;CLONE = 300
-;PULL = 300
-;GC = 60
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Git config options
-;; This section only does "set" config, a removed config key from this section won't be removed from git config automatically. The format is `some.configKey = value`.
-;[git.config]
-;diff.algorithm = histogram
-;core.logAllRefUpdates = true
-;gc.reflogExpire = 90
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [service]
@@ -719,11 +689,11 @@ LEVEL = Info
 ;; Whether a new user needs to be confirmed manually after registration. (Requires `REGISTER_EMAIL_CONFIRM` to be disabled.)
 ;REGISTER_MANUAL_CONFIRM = false
 ;;
-;; List of domain names that are allowed to be used to register on a Gitea instance, wildcard is supported
-;; eg: gitea.io,example.com,*.mydomain.com
-;EMAIL_DOMAIN_ALLOWLIST =
+;; List of domain names that are allowed to be used to register on a Gitea instance
+;; gitea.io,example.com
+;EMAIL_DOMAIN_WHITELIST =
 ;;
-;; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance, wildcard is supported
+;; Comma-separated list of domain names that are not allowed to be used to register on a Gitea instance
 ;EMAIL_DOMAIN_BLOCKLIST =
 ;;
 ;; Disallow registration, only allow admins to create accounts.
@@ -755,10 +725,7 @@ LEVEL = Info
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Enable this to require captcha validation for login
-;REQUIRE_CAPTCHA_FOR_LOGIN = false
-;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
 ;CAPTCHA_TYPE = image
 ;;
 ;; Change this to use recaptcha.net or other recaptcha service
@@ -780,10 +747,6 @@ LEVEL = Info
 ;MCAPTCHA_SECRET =
 ;MCAPTCHA_SITEKEY =
 ;;
-;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
-;CF_TURNSTILE_SITEKEY =
-;CF_TURNSTILE_SECRET =
-;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
 ;DEFAULT_KEEP_EMAIL_PRIVATE = false
@@ -875,8 +838,8 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
-;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
+;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -903,6 +866,12 @@ LEVEL = Info
 ;; Global limit of repositories per user, applied at creation time. -1 means no limit
 ;MAX_CREATION_LIMIT = -1
 ;;
+;; Mirror sync queue length, increase if mirror syncing starts hanging (DEPRECATED: please use [queue.mirror] LENGTH instead)
+;MIRROR_QUEUE_LENGTH = 1000
+;;
+;; Patch test queue length, increase if pull request patch testing starts hanging (DEPRECATED: please use [queue.pr_patch_checker] LENGTH instead)
+;PULL_REQUEST_QUEUE_LENGTH = 1000
+;;
 ;; Preferred Licenses to place at the top of the List
 ;; The name here must match the filename in options/license or custom/options/license
 ;PREFERRED_LICENSES = Apache License 2.0,MIT License
@@ -917,22 +886,15 @@ LEVEL = Info
 ;; Force ssh:// clone url instead of scp-style uri when default SSH port is used
 ;USE_COMPAT_SSH_URI = false
 ;;
-;; Value for the "go get" request returns the repository url as https or ssh, default is https
-;GO_GET_CLONE_URL_PROTOCOL = https
-;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
 ;DISABLED_REPO_UNITS =
 ;;
-;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
-;;
-;; Comma separated list of default forked repo units.
-;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
-;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
 ;;
 ;; Prefix archive files by placing them in a directory named after the repository
 ;PREFIX_ARCHIVE_FILES = true
@@ -955,9 +917,6 @@ LEVEL = Info
 ;; Don't allow download source archive files from UI
 ;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false

-;; Allow fork repositories without maximum number limit
-;ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@@ -966,7 +925,11 @@ LEVEL = Info
 ;;
 ;; List of file extensions for which lines should be wrapped in the Monaco editor
 ;; Separate extensions with a comma. To line wrap files without an extension, just put a comma
-;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,.livemd,
+;LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+;;
+;; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+;; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+;PREVIEWABLE_FILE_MODES = markdown

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1035,7 +998,7 @@ LEVEL = Info
 ;ADD_CO_COMMITTER_TRAILERS = true
 ;;
 ;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
-;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = false
+;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1044,9 +1007,6 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; List of reasons why a Pull Request or Issue can be locked
 ;LOCK_REASONS = Too heated,Off-topic,Resolved,Spam
-;; Maximum number of pinned Issues per repo
-;; Set to 0 to disable pinning Issues
-;MAX_PINNED = 3

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1147,9 +1107,6 @@ LEVEL = Info
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
-;; headers to permit
-;HEADERS = Content-Type,User-Agent
-;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN

@@ -1180,6 +1137,11 @@ LEVEL = Info
 ;; Number of line of codes shown for a code comment
 ;CODE_COMMENT_LINES = 4
 ;;
+;; Value of `theme-color` meta tag, used by Android >= 5.0
+;; An invalid color like "none" or "disable" will have the default style
+;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+;THEME_COLOR_META_TAG = `#6cc644`
+;;
 ;; Max size of files to be displayed (default is 8MiB)
 ;MAX_DISPLAY_FILE_SIZE = 8388608
 ;;
@@ -1208,6 +1170,9 @@ LEVEL = Info
 ;; Whether to search within description at repository search on explore page.
 ;SEARCH_REPO_DESCRIPTION = true
 ;;
+;; Whether to enable a Service Worker to cache frontend assets
+;USE_SERVICE_WORKER = false
+;;
 ;; Whether to only show relevant repos on the explore page when no keyword is specified and default sorting is used.
 ;; A repo is considered irrelevant if it's a fork or if it has no metadata (no description, no icon, no topic).
 ;ONLY_SHOW_RELEVANT_REPOS = false
@@ -1300,12 +1265,11 @@ LEVEL = Info
 ;; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
 ;; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
 ;; URLs starting with http and https are always displayed, whatever is put in this entry.
-;; If this entry is empty, all URL schemes are allowed.
 ;CUSTOM_URL_SCHEMES =
 ;;
 ;; List of file extensions that should be rendered/edited as Markdown
 ;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
-;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd,.livemd
+;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
 ;;
 ;; Enables math inline and block detection
 ;ENABLE_MATH = true
@@ -1331,13 +1295,13 @@ LEVEL = Info
 ;; Issue Indexer settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Issue indexer type, currently support: bleve, db, elasticsearch or meilisearch default is bleve
+;; Issue indexer type, currently support: bleve, db or elasticsearch, default is bleve
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+;ISSUE_INDEXER_PATH = indexers/issues.bleve
 ;;
-;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch
+;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
 ;;
 ;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
@@ -1347,6 +1311,22 @@ LEVEL = Info
 ;; Set to -1 to disable timeout.
 ;STARTUP_TIMEOUT = 30s
 ;;
+;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
+;ISSUE_INDEXER_QUEUE_TYPE = levelqueue; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
+;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
+;; default is queues/common
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
+;; the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`.
+;ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+;;
+;; Batch queue number, default is 20
+;ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Repository Indexer settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1354,10 +1334,6 @@ LEVEL = Info
 ;; repo indexer by default disabled, since it uses a lot of disk space
 ;REPO_INDEXER_ENABLED = false
 ;;
-;; repo indexer units, the items to index, could be `sources`, `forks`, `mirrors`, `templates` or any combination of them separated by a comma.
-;; If empty then it defaults to `sources` only, as if you'd like to disable fully please see REPO_INDEXER_ENABLED.
-;REPO_INDEXER_REPO_TYPES = sources,forks,mirrors,templates
-;;
 ;; Code search engine type, could be `bleve` or `elasticsearch`.
 ;REPO_INDEXER_TYPE = bleve
 ;;
@@ -1377,6 +1353,8 @@ LEVEL = Info
 ;; A comma separated list of glob patterns to exclude from the index; ; default is empty
 ;REPO_INDEXER_EXCLUDE =
 ;;
+;;
+;UPDATE_BUFFER_LEN = 20; **DEPRECATED** use settings in `[queue.issue_indexer]`.
 ;MAX_FILE_SIZE = 1048576

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1395,18 +1373,18 @@ LEVEL = Info
 ;TYPE = persistable-channel
 ;;
 ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
-;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;DATADIR = queues/
 ;;
 ;; Default queue length before a channel queue will block
-;LENGTH = 100
+;LENGTH = 20
 ;;
 ;; Batch size to send for batched queues
 ;BATCH_LENGTH = 20
 ;;
-;; Connection string for redis queues this will store the redis or redis-cluster connection string.
+;; Connection string for redis queues this will store the redis connection string.
 ;; When `TYPE` is `persistable-channel`, this provides a directory for the underlying leveldb
 ;; or additional options of the form `leveldb://path/to/db?option=value&....`, and will override `DATADIR`.
-;CONN_STR = "redis://127.0.0.1:6379/0"
+;CONN_STR = "addrs=127.0.0.1:6379 db=0"
 ;;
 ;; Provides the suffix of the default redis/disk queue name - specific queues can be overridden within in their [queue.name] sections.
 ;QUEUE_NAME = "_queue"
@@ -1414,8 +1392,29 @@ LEVEL = Info
 ;; Provides the suffix of the default redis/disk unique queue set name - specific queues can be overridden within in their [queue.name] sections.
 ;SET_NAME = "_unique"
 ;;
+;; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
+;WRAP_IF_NECESSARY = true
+;;
+;; Attempt to create the wrapped queue at max
+;MAX_ATTEMPTS = 10
+;;
+;; Timeout queue creation
+;TIMEOUT = 15m30s
+;;
+;; Create a pool with this many workers
+;WORKERS = 0
+;;
 ;; Dynamically scale the worker pool to at this many workers
 ;MAX_WORKERS = 10
+;;
+;; Add boost workers when the queue blocks for BLOCK_TIMEOUT
+;BLOCK_TIMEOUT = 1s
+;;
+;; Remove the boost workers after BOOST_TIMEOUT
+;BOOST_TIMEOUT = 5m
+;;
+;; During a boost add BOOST_WORKERS
+;BOOST_WORKERS = 1

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1619,47 +1618,6 @@ LEVEL = Info
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[email.incoming]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable handling of incoming emails.
-;ENABLED = false
-;;
-;; The email address including the %{token} placeholder that will be replaced per user/action.
-;; Example: incoming+%{token}@example.com
-;; The placeholder must appear in the user part of the address (before the @).
-;REPLY_TO_ADDRESS =
-;;
-;; IMAP server host
-;HOST =
-;;
-;; IMAP server port
-;PORT =
-;;
-;; Username of the receiving account
-;USERNAME =
-;;
-;; Password of the receiving account
-;PASSWORD =
-;;
-;; Whether the IMAP server uses TLS.
-;USE_TLS = false
-;;
-;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
-;SKIP_TLS_VERIFY = true
-;;
-;; The mailbox name where incoming mail will end up.
-;MAILBOX = INBOX
-;;
-;; Whether handled messages should be deleted from the mailbox.
-;DELETE_HANDLED_MESSAGE = true
-;;
-;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
-;MAXIMUM_MESSAGE_SIZE = 10485760
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cache]
@@ -1675,9 +1633,8 @@ LEVEL = Info
 ;; For "memory" only, GC interval in seconds, default is 60
 ;INTERVAL = 60
 ;;
-;; For "redis", "redis-cluster" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
-;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; For "redis" and "memcache", connection host address
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@@ -1709,17 +1666,16 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "redis-cluster", "db", "mysql", "couchbase", "memcache" or "postgres"
+;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
 ;; Default is "memory". "db" will reuse the configuration in [database]
 ;PROVIDER = memory
 ;;
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
-;; redis-cluster: `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
+;PROVIDER_CONFIG = data/sessions
 ;;
 ;; Session cookie name
 ;COOKIE_NAME = i_like_gitea
@@ -1753,19 +1709,16 @@ LEVEL = Info
 ;; Max Width and Height of uploaded avatars.
 ;; This is to limit the amount of RAM used when resizing the image.
 ;AVATAR_MAX_WIDTH = 4096
-;AVATAR_MAX_HEIGHT = 4096
+;AVATAR_MAX_HEIGHT = 3072
 ;;
 ;; The multiplication factor for rendered avatar images.
 ;; Larger values result in finer rendering on HiDPI devices.
-;AVATAR_RENDERED_SIZE_FACTOR = 2
+;AVATAR_RENDERED_SIZE_FACTOR = 3
 ;;
 ;; Maximum allowed file size for uploaded avatars.
 ;; This is to limit the amount of RAM used when resizing the image.
 ;AVATAR_MAX_FILE_SIZE = 1048576
 ;;
-;; If the uploaded file is not larger than this byte size, the image will be used as is, without resizing/converting.
-;AVATAR_MAX_ORIGIN_SIZE = 262144
-;;
 ;; Chinese users can choose "duoshuo"
 ;; or a custom avatar source, like: http://cn.gravatar.com/avatar/
 ;GRAVATAR_SOURCE = gravatar
@@ -1788,7 +1741,7 @@ LEVEL = Info
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -1827,12 +1780,6 @@ LEVEL = Info
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
-;;
-;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
-;MINIO_INSECURE_SKIP_VERIFY = false
-;;
-;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
-;MINIO_CHECKSUM_ALGORITHM = default

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1840,6 +1787,11 @@ LEVEL = Info
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
+;; Specifies the format for fully outputted dates. Defaults to RFC1123
+;; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+;; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+;FORMAT =
+;;
 ;; Location the UI time display i.e. Asia/Shanghai
 ;; Empty means server's location setting
 ;DEFAULT_UI_LOCATION =
@@ -2155,11 +2107,11 @@ LEVEL = Info
 ;[cron.update_checker]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = true
+;ENABLED = false
 ;RUN_AT_START = false
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
-;HTTP_ENDPOINT = https://dl.gitea.com/gitea/version.json
+;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2176,24 +2128,17 @@ LEVEL = Info

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Garbage collect LFS pointers in repositories
+;; Git Operation timeout in seconds
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.gc_lfs]
+;[git.timeout]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;; Garbage collect LFS pointers in repositories (default false)
-;RUN_AT_START = false
-;; Interval as a duration between each gc run (default every 24h)
-;SCHEDULE = @every 24h
-;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
-;OLDER_THAN = 168h
-;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
-;LAST_UPDATED_MORE_THAN_AGO = 72h
-; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
-;NUMBER_TO_CHECK_PER_REPO = 100
-;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
-;PROPORTION_TO_CHECK_PER_REPO = 0.6
+;DEFAULT = 360
+;MIGRATE = 600
+;MIRROR = 300
+;CLONE = 300
+;PULL = 300
+;GC = 60

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2249,14 +2194,12 @@ LEVEL = Info
 ;[other]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;SHOW_FOOTER_BRANDING = false
 ;; Show version information about Gitea and Go in the footer
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Generate sitemap. Defaults to `true`.
-;ENABLE_SITEMAP = true
-;; Enable/Disable RSS/Atom feed
-;ENABLE_FEED = true
+

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2325,8 +2268,8 @@ LEVEL = Info
 ;QUEUE_LENGTH = 1000
 ;;
 ;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` or `redis+cluster://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s` for `redis-clsuter`.
-;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
+;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2392,59 +2335,8 @@ LEVEL = Info
 ;; Enable/Disable package registry capabilities
 ;ENABLED = true
 ;;
-;STORAGE_TYPE = local
-;; override the minio base path if storage type is minio
-;MINIO_BASE_PATH = packages/
-;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
-;;
-;; Maximum count of package versions a single owner can have (`-1` means no limits)
-;LIMIT_TOTAL_OWNER_COUNT = -1
-;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_TOTAL_OWNER_SIZE = -1
-;; Maximum size of an Alpine upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_ALPINE = -1
-;; Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CARGO = -1
-;; Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CHEF = -1
-;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_COMPOSER = -1
-;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONAN = -1
-;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONDA = -1
-;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONTAINER = -1
-;; Maximum size of a CRAN upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CRAN = -1
-;; Maximum size of a Debian upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_DEBIAN = -1
-;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_GENERIC = -1
-;; Maximum size of a Go upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_GO = -1
-;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_HELM = -1
-;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_MAVEN = -1
-;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NPM = -1
-;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NUGET = -1
-;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PUB = -1
-;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PYPI = -1
-;; Maximum size of a RPM upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_RPM = -1
-;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_RUBYGEMS = -1
-;; Maximum size of a Swift upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_SWIFT = -1
-;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_VAGRANT = -1

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2456,19 +2348,6 @@ LEVEL = Info
 ;; storage type
 ;STORAGE_TYPE = local

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; repo-archive storage will override storage
-;;
-;[repo-archive]
-;STORAGE_TYPE = local
-;;
-;; Where your lfs files reside, default is data/lfs.
-;PATH = data/repo-archive
-;;
-;; override the minio base path if storage type is minio
-;MINIO_BASE_PATH = repo-archive/
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; settings for repository archives, will override storage setting
@@ -2488,9 +2367,6 @@ LEVEL = Info
 ;;
 ;; Where your lfs files reside, default is data/lfs.
 ;PATH = data/lfs
-;;
-;; override the minio base path if storage type is minio
-;MINIO_BASE_PATH = lfs/

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2525,9 +2401,6 @@ LEVEL = Info
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
-;;
-;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
-;MINIO_INSECURE_SKIP_VERIFY = false

 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
@@ -2536,20 +2409,3 @@ LEVEL = Info
 ;PROXY_URL =
 ;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 ;PROXY_HOSTS =
-
-; [actions]
-;; Enable/Disable actions capabilities
-;ENABLED = false
-;;
-;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-;DEFAULT_ACTIONS_URL = https://gitea.com
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for action logs, will override storage setting
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[storage.actions_log]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; storage type
-;STORAGE_TYPE = local
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@@ -1,21 +1,19 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-rootless
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
 {{#if build.tags}}
-{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
  - "latest-rootless"
-{{/unless}}
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64-rootless
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64-rootless
    platform:
      architecture: arm64
      os: linux
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -1,21 +1,19 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
 {{#if build.tags}}
-{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
  - "latest"
-{{/unless}}
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64
    platform:
      architecture: arm64
      os: linux
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -14,6 +14,11 @@ if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi

+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
@@ -31,12 +36,17 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi

+if [ -e /data/ssh/ssh_host_dsa_cert ]; then
+  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
+fi
+
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
+    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -16,6 +16,8 @@ HostKey /data/ssh/ssh_host_rsa_key
 ${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
 ${SSH_ECDSA_CERT}
+HostKey /data/ssh/ssh_host_dsa_key
+${SSH_DSA_CERT}

 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals
--- a/Show More
+++ b/Show More