Add 1.20.5 changelog (#27404 )

Fix bug of review request number (#27406 )
Manually backport #27104 without tests because too many conflicted files to backport it completely.
2025-11-03 08:02:36 +09:00 · 2023-10-03 12:53:35 +00:00 · 2023-10-03 08:08:12 +00:00 · 2023-10-02 23:30:04 +08:00 · 2023-10-01 19:54:15 +08:00 · 2023-09-29 13:31:10 +08:00
2399 changed files with 41503 additions and 54187 deletions
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -13,42 +13,46 @@ groups:
  -
    name: BREAKING
    labels:
-      - pr/breaking
+      - kind/breaking
  -
    name: SECURITY
    labels:
-      - topic/security
+      - kind/security
  -
    name: FEATURES
    labels:
-      - type/feature
+      - kind/feature
  -
    name: API
    labels:
-      - modifies/api
+      - kind/api
  -
    name: ENHANCEMENTS
    labels:
-      - type/enhancement
-      - type/refactoring
-      - topic/ui
+      - kind/enhancement
+      - kind/refactor
+      - kind/ui
  -
    name: BUGFIXES
    labels:
-      - type/bug
+      - kind/bug
  -
    name: TESTING
    labels:
-      - type/testing
+      - kind/testing
+  -
+    name: TRANSLATION
+    labels:
+      - kind/translation
  -
    name: BUILD
    labels:
-      - topic/build
-      - topic/code-linting
+      - kind/build
+      - kind/lint
  -
    name: DOCS
    labels:
-      - type/docs
+      - kind/docs
  -
    name: MISC
    default: true
--- a/.devcontainer/devcontainer.json
+++ b/.devcontainer/devcontainer.json
@@ -1,38 +0,0 @@
-{
-  "name": "Gitea DevContainer",
-  "image": "mcr.microsoft.com/devcontainers/go:1.21-bullseye",
-  "features": {
-    // installs nodejs into container
-    "ghcr.io/devcontainers/features/node:1": {
-      "version":"20"
-    },
-    "ghcr.io/devcontainers/features/git-lfs:1.1.0": {},
-    "ghcr.io/devcontainers-contrib/features/poetry:2": {},
-    "ghcr.io/devcontainers/features/python:1": {}
-  },
-  "customizations": {
-    "vscode": {
-      "settings": {},
-      // same extensions as Gitpod, should match /.gitpod.yml
-      "extensions": [
-        "editorconfig.editorconfig",
-        "dbaeumer.vscode-eslint",
-        "golang.go",
-        "stylelint.vscode-stylelint",
-        "DavidAnson.vscode-markdownlint",
-        "Vue.volar",
-        "ms-azuretools.vscode-docker",
-        "zixuanchen.vitest-explorer",
-        "qwtel.sqlite-viewer",
-        "GitHub.vscode-pull-request-github"
-      ]
-    }
-  },
-  "portsAttributes": {
-    "3000": {
-      "label": "Gitea Web",
-      "onAutoForward": "notify"
-    }
-  },
-  "postCreateCommand": "make deps"
-}
--- a/.dockerignore
+++ b/.dockerignore
@@ -75,10 +75,10 @@ cpu.out
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
-/public/assets/js
-/public/assets/css
-/public/assets/fonts
-/public/assets/img/webpack
+/public/js
+/public/css
+/public/fonts
+/public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
--- a/.drone.yml
+++ b/.drone.yml
@@ -0,0 +1,426 @@
+---
+kind: pipeline
+name: release-version
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /source
+  path: /
+
+trigger:
+  event:
+    - tag
+
+volumes:
+  - name: deps
+    temp: {}
+
+steps:
+  - name: fetch-tags
+    image: docker:git
+    pull: always
+    commands:
+      - git fetch --tags --force
+
+  - name: deps-frontend
+    image: node:20
+    pull: always
+    commands:
+      - make deps-frontend
+
+  - name: deps-backend
+    image: gitea/test_env:linux-1.20-amd64
+    pull: always
+    commands:
+      - make deps-backend
+    volumes:
+      - name: deps
+        path: /go
+
+  - name: static
+    image: techknowlogick/xgo:go-1.20.x
+    pull: always
+    commands:
+      # Upgrade to node 20 once https://github.com/techknowlogick/xgo/issues/163 is resolved
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
+      - export PATH=$PATH:$GOPATH/bin
+      - make release
+    environment:
+      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
+      TAGS: bindata sqlite sqlite_unlock_notify
+      DEBIAN_FRONTEND: noninteractive
+    depends_on: [fetch-tags]
+    volumes:
+      - name: deps
+        path: /go
+
+  - name: gpg-sign
+    image: plugins/gpgsign:1
+    pull: always
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
+    depends_on: [static]
+
+  - name: release-tag
+    image: woodpeckerci/plugin-s3:latest
+    pull: always
+    settings:
+      acl:
+        from_secret: aws_s3_acl
+      region:
+        from_secret: aws_s3_region
+      bucket:
+        from_secret: aws_s3_bucket
+      endpoint:
+        from_secret: aws_s3_endpoint
+      path_style:
+        from_secret: aws_s3_path_style
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: "/gitea/${DRONE_TAG##v}"
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on: [gpg-sign]
+
+  - name: github
+    image: plugins/github-release:latest
+    pull: always
+    settings:
+      files:
+        - "dist/release/*"
+      file_exists: overwrite
+    environment:
+      GITHUB_TOKEN:
+        from_secret: github_token
+    depends_on: [gpg-sign]
+
+---
+kind: pipeline
+type: docker
+name: docker-linux-amd64-release-version
+
+platform:
+  os: linux
+  arch: amd64
+
+trigger:
+  ref:
+    include:
+      - "refs/tags/**"
+    exclude:
+      - "refs/tags/**-rc*"
+  paths:
+    exclude:
+      - "docs/**"
+
+steps:
+  - name: fetch-tags
+    image: docker:git
+    pull: always
+    commands:
+      - git fetch --tags --force
+
+  - name: publish
+    image: plugins/docker:latest
+    pull: always
+    settings:
+      auto_tag: true
+      auto_tag_suffix: linux-amd64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+  - name: publish-rootless
+    image: plugins/docker:latest
+    settings:
+      dockerfile: Dockerfile.rootless
+      auto_tag: true
+      auto_tag_suffix: linux-amd64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+---
+
+kind: pipeline
+type: docker
+name: docker-linux-amd64-release-candidate-version
+
+platform:
+  os: linux
+  arch: amd64
+
+trigger:
+  ref:
+    - "refs/tags/**-rc*"
+  paths:
+    exclude:
+      - "docs/**"
+
+steps:
+  - name: fetch-tags
+    image: docker:git
+    pull: always
+    commands:
+      - git fetch --tags --force
+
+  - name: publish
+    image: plugins/docker:latest
+    pull: always
+    settings:
+      tags: ${DRONE_TAG##v}-linux-amd64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+  - name: publish-rootless
+    image: plugins/docker:latest
+    settings:
+      dockerfile: Dockerfile.rootless
+      tags: ${DRONE_TAG##v}-linux-amd64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+---
+kind: pipeline
+type: docker
+name: docker-linux-arm64-release-version
+
+platform:
+  os: linux
+  arch: arm64
+
+trigger:
+  ref:
+    include:
+      - "refs/tags/**"
+    exclude:
+      - "refs/tags/**-rc*"
+  paths:
+    exclude:
+      - "docs/**"
+
+steps:
+  - name: fetch-tags
+    image: docker:git
+    pull: always
+    commands:
+      - git fetch --tags --force
+
+  - name: publish
+    image: plugins/docker:latest
+    pull: always
+    settings:
+      auto_tag: true
+      auto_tag_suffix: linux-arm64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+  - name: publish-rootless
+    image: plugins/docker:latest
+    settings:
+      dockerfile: Dockerfile.rootless
+      auto_tag: true
+      auto_tag_suffix: linux-arm64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+---
+kind: pipeline
+type: docker
+name: docker-linux-arm64-release-candidate-version
+
+platform:
+  os: linux
+  arch: arm64
+
+trigger:
+  ref:
+    - "refs/tags/**-rc*"
+  paths:
+    exclude:
+      - "docs/**"
+
+steps:
+  - name: fetch-tags
+    image: docker:git
+    pull: always
+    commands:
+      - git fetch --tags --force
+
+  - name: publish
+    image: plugins/docker:latest
+    pull: always
+    settings:
+      tags: ${DRONE_TAG##v}-linux-arm64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+  - name: publish-rootless
+    image: plugins/docker:latest
+    settings:
+      dockerfile: Dockerfile.rootless
+      tags: ${DRONE_TAG##v}-linux-arm64-rootless
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=https://goproxy.io
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    environment:
+      PLUGIN_MIRROR:
+        from_secret: plugin_mirror
+      DOCKER_BUILDKIT: 1
+    when:
+      event:
+        exclude:
+        - pull_request
+
+---
+kind: pipeline
+type: docker
+name: docker-manifest-version
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: manifest-rootless
+    image: plugins/manifest
+    pull: always
+    settings:
+      auto_tag: true
+      ignore_missing: true
+      spec: docker/manifest.rootless.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+
+  - name: manifest
+    image: plugins/manifest
+    settings:
+      auto_tag: true
+      ignore_missing: true
+      spec: docker/manifest.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+
+trigger:
+  ref:
+  - "refs/tags/**"
+  paths:
+    exclude:
+      - "docs/**"
+
+depends_on:
+  - docker-linux-amd64-release-version
+  - docker-linux-amd64-release-candidate-version
+  - docker-linux-arm64-release-version
+  - docker-linux-arm64-release-candidate-version
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -11,6 +11,7 @@ parserOptions:
 plugins:
  - "@eslint-community/eslint-plugin-eslint-comments"
  - eslint-plugin-array-func
+  - eslint-plugin-custom-elements
  - eslint-plugin-import
  - eslint-plugin-jquery
  - eslint-plugin-no-jquery
@@ -18,18 +19,16 @@ plugins:
  - eslint-plugin-regexp
  - eslint-plugin-sonarjs
  - eslint-plugin-unicorn
-  - eslint-plugin-vitest-globals
  - eslint-plugin-wc

 env:
-  es2024: true
+  es2022: true
  node: true

+globals:
+  __webpack_public_path__: true
+
 overrides:
-  - files: ["web_src/**/*"]
-    globals:
-      __webpack_public_path__: true
-      process: false # https://github.com/webpack/webpack/issues/15833
  - files: ["web_src/**/*", "docs/**/*"]
    env:
      browser: true
@@ -46,12 +45,6 @@ overrides:
  - files: ["*.config.*"]
    rules:
      import/no-unused-modules: [0]
-  - files: ["**/*.test.*", "web_src/js/test/setup.js"]
-    env:
-      vitest-globals/env: true
-  - files: ["web_src/js/modules/fetch.js", "web_src/js/standalone/**/*"]
-    rules:
-      no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression]

 rules:
  "@eslint-community/eslint-comments/disable-enable-pair": [2]
@@ -91,6 +84,19 @@ rules:
  consistent-this: [0]
  constructor-super: [2]
  curly: [0]
+  custom-elements/expose-class-on-global: [0]
+  custom-elements/extends-correct-class: [2]
+  custom-elements/file-name-matches-element: [2]
+  custom-elements/no-constructor: [2]
+  custom-elements/no-customized-built-in-elements: [2]
+  custom-elements/no-dom-traversal-in-attributechangedcallback: [2]
+  custom-elements/no-dom-traversal-in-connectedcallback: [2]
+  custom-elements/no-exports-with-element: [2]
+  custom-elements/no-method-prefixed-with-on: [2]
+  custom-elements/no-unchecked-define: [0]
+  custom-elements/one-element-per-file: [0]
+  custom-elements/tag-name-matches-class: [2]
+  custom-elements/valid-tag-name: [2]
  default-case-last: [2]
  default-case: [0]
  default-param-last: [0]
@@ -149,7 +155,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$", ^vitest/]}]
+  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@@ -413,8 +419,9 @@ rules:
  no-restricted-exports: [0]
  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
  no-restricted-imports: [0]
-  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement, SequenceExpression, {selector: "CallExpression[callee.name='fetch']", message: "use modules/fetch.js instead"}]
+  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
+  no-return-await: [0]
  no-script-url: [2]
  no-self-assign: [2, {props: true}]
  no-self-compare: [2]
@@ -476,7 +483,7 @@ rules:
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
-  prefer-object-has-own: [2]
+  prefer-object-has-own: [0]
  prefer-object-spread: [2]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
@@ -658,6 +665,7 @@ rules:
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
+  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
  unicorn/no-useless-fallback-in-spread: [2]
  unicorn/no-useless-length-check: [2]
@@ -684,7 +692,7 @@ rules:
  unicorn/prefer-dom-node-remove: [2]
  unicorn/prefer-dom-node-text-content: [2]
  unicorn/prefer-event-target: [2]
-  unicorn/prefer-export-from: [0]
+  unicorn/prefer-export-from: [2, {ignoreUsedVariables: true}]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-keyboard-event-key: [2]
@@ -730,27 +738,14 @@ rules:
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
  wc/attach-shadow-constructor: [2]
-  wc/define-tag-after-class-definition: [0]
-  wc/expose-class-on-global: [0]
-  wc/file-name-matches-element: [2]
-  wc/guard-define-call: [0]
  wc/guard-super-call: [2]
-  wc/max-elements-per-file: [0]
-  wc/no-child-traversal-in-attributechangedcallback: [2]
-  wc/no-child-traversal-in-connectedcallback: [2]
  wc/no-closed-shadow-root: [2]
  wc/no-constructor-attributes: [2]
  wc/no-constructor-params: [2]
-  wc/no-constructor: [2]
-  wc/no-customized-built-in-elements: [2]
-  wc/no-exports-with-element: [2]
-  wc/no-invalid-element-name: [2]
-  wc/no-invalid-extends: [2]
-  wc/no-method-prefixed-with-on: [2]
+  wc/no-invalid-element-name: [0] # covered by custom-elements/valid-tag-name
  wc/no-self-class: [2]
  wc/no-typos: [2]
  wc/require-listener-teardown: [2]
-  wc/tag-name-matches-class: [2]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,7 +1,7 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
 /assets/*.json linguist-generated
-/public/assets/img/svg/*.svg linguist-generated
+/public/img/svg/*.svg linguist-generated
 /templates/swagger/v1_json.tmpl linguist-generated
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -2,90 +2,90 @@ name: Bug Report
 description: Found something you weren't expecting? Report it here!
 labels: ["kind/bug"]
 body:
-  - type: markdown
-    attributes:
-      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Make sure you are using the latest release and
-           take a moment to check that your issue hasn't been reported before.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. It's really important to provide pertinent details and logs (https://docs.gitea.com/help/support),
-           incomplete details will be handled as an invalid report.
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
-  - type: input
-    id: gitea-ver
-    attributes:
-      label: Gitea Version
-      description: Gitea version (or commit reference) of your instance
-    validations:
-      required: true
-  - type: dropdown
-    id: can-reproduce
-    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
-      options:
-        - "Yes"
-        - "No"
-    validations:
-      required: true
-  - type: markdown
-    attributes:
-      value: |
-        It's really important to provide pertinent logs
-        Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
-        In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
-  - type: input
-    id: logs
-    attributes:
-      label: Log Gist
-      description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: If this issue involves the Web Interface, please provide one or more screenshots
-  - type: input
-    id: git-ver
-    attributes:
-      label: Git Version
-      description: The version of git running on the server
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to run Gitea
-  - type: textarea
-    id: run-info
-    attributes:
-      label: How are you running Gitea?
-      description: |
-        Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-        Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-        If you are using a package or systemd tell us what distribution you are using
-    validations:
-      required: true
-  - type: dropdown
-    id: database
-    attributes:
-      label: Database
-      description: What database system are you running?
-      options:
-        - PostgreSQL
-        - MySQL/MariaDB
-        - MSSQL
-        - SQLite
+- type: markdown
+  attributes:
+    value: |
+      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
+- type: markdown
+  attributes:
+    value: |
+      1. Please speak English, this is the language all maintainers can speak and write.
+      2. Please ask questions or configuration/deploy problems on our Discord
+         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+      3. Make sure you are using the latest release and
+         take a moment to check that your issue hasn't been reported before.
+      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
+      5. It's really important to provide pertinent details and logs (https://docs.gitea.com/help/support),
+         incomplete details will be handled as an invalid report.
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
+      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
+- type: input
+  id: gitea-ver
+  attributes:
+    label: Gitea Version
+    description: Gitea version (or commit reference) of your instance
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on the Gitea demo site?
+    description: |
+      If so, please provide a URL in the Description field
+      URL of Gitea demo: https://try.gitea.io
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: markdown
+  attributes:
+    value: |
+      It's really important to provide pertinent logs
+      Please read https://docs.gitea.com/administration/logging-config#collecting-logs-for-help
+      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
+- type: input
+  id: logs
+  attributes:
+    label: Log Gist
+    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If this issue involves the Web Interface, please provide one or more screenshots
+- type: input
+  id: git-ver
+  attributes:
+    label: Git Version
+    description: The version of git running on the server
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to run Gitea
+- type: textarea
+  id: run-info
+  attributes:
+    label: How are you running Gitea?
+    description: |
+      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
+      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
+      If you are using a package or systemd tell us what distribution you are using
+  validations:
+    required: true
+- type: dropdown
+  id: database
+  attributes:
+    label: Database
+    description: What database system are you running?
+    options:
+    - PostgreSQL
+    - MySQL/MariaDB
+    - MSSQL
+    - SQLite
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,24 +1,24 @@
 name: Feature Request
 description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/proposal"]
+labels: ["kind/feature", "kind/proposal"]
 body:
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Please take a moment to check that your feature hasn't already been suggested.
-  - type: textarea
-    id: description
-    attributes:
-      label: Feature Description
-      placeholder: |
-        I think it would be great if Gitea had...
-    validations:
-      required: true
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: If you can, provide screenshots of an implementation on another site e.g. GitHub
+- type: markdown
+  attributes:
+    value: |
+      1. Please speak English, this is the language all maintainers can speak and write.
+      2. Please ask questions or configuration/deploy problems on our Discord
+         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+      3. Please take a moment to check that your feature hasn't already been suggested.
+- type: textarea
+  id: description
+  attributes:
+    label: Feature Description
+    placeholder: |
+      I think it would be great if Gitea had...
+  validations:
+    required: true
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -2,65 +2,65 @@ name: Web Interface Bug Report
 description: Something doesn't look quite as it should?  Report it here!
 labels: ["kind/bug", "kind/ui"]
 body:
-  - type: markdown
-    attributes:
-      value: |
-        NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
-  - type: markdown
-    attributes:
-      value: |
-        1. Please speak English, this is the language all maintainers can speak and write.
-        2. Please ask questions or configuration/deploy problems on our Discord
-           server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-        3. Please take a moment to check that your issue doesn't already exist.
-        4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
-        5. Please give all relevant information below for bug reports, because
-           incomplete details will be handled as an invalid report.
-        6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-           error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-           DEBUG level logs. (See https://docs.gitea.com/administration/logging-config#collecting-logs-for-help)
-  - type: textarea
-    id: description
-    attributes:
-      label: Description
-      description: |
-        Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-        If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
-  - type: textarea
-    id: screenshots
-    attributes:
-      label: Screenshots
-      description: Please provide at least 1 screenshot showing the issue.
-    validations:
-      required: true
-  - type: input
-    id: gitea-ver
-    attributes:
-      label: Gitea Version
-      description: Gitea version (or commit reference) your instance is running
-    validations:
-      required: true
-  - type: dropdown
-    id: can-reproduce
-    attributes:
-      label: Can you reproduce the bug on the Gitea demo site?
-      description: |
-        If so, please provide a URL in the Description field
-        URL of Gitea demo: https://try.gitea.io
-      options:
-        - "Yes"
-        - "No"
-    validations:
-      required: true
-  - type: input
-    id: os-ver
-    attributes:
-      label: Operating System
-      description: The operating system you are using to access Gitea
-  - type: input
-    id: browser-ver
-    attributes:
-      label: Browser Version
-      description: The browser and version that you are using to access Gitea
-    validations:
-      required: true
+- type: markdown
+  attributes:
+    value: |
+      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
+- type: markdown
+  attributes:
+    value: |
+      1. Please speak English, this is the language all maintainers can speak and write.
+      2. Please ask questions or configuration/deploy problems on our Discord
+         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+      3. Please take a moment to check that your issue doesn't already exist.
+      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.com/help/faq)
+      5. Please give all relevant information below for bug reports, because
+         incomplete details will be handled as an invalid report.
+      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
+         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
+         DEBUG level logs. (See https://docs.gitea.com/administration/logging-config#collecting-logs-for-help)
+- type: textarea
+  id: description
+  attributes:
+    label: Description
+    description: |
+      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
+      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
+- type: textarea
+  id: screenshots
+  attributes:
+    label: Screenshots
+    description: Please provide at least 1 screenshot showing the issue.
+  validations:
+    required: true
+- type: input
+  id: gitea-ver
+  attributes:
+    label: Gitea Version
+    description: Gitea version (or commit reference) your instance is running
+  validations:
+    required: true
+- type: dropdown
+  id: can-reproduce
+  attributes:
+    label: Can you reproduce the bug on the Gitea demo site?
+    description: |
+      If so, please provide a URL in the Description field
+      URL of Gitea demo: https://try.gitea.io
+    options:
+    - "Yes"
+    - "No"
+  validations:
+    required: true
+- type: input
+  id: os-ver
+  attributes:
+    label: Operating System
+    description: The operating system you are using to access Gitea
+- type: input
+  id: browser-ver
+  attributes:
+    label: Browser Version
+    description: The browser and version that you are using to access Gitea
+  validations:
+    required: true
--- a/.github/actionlint.yaml
+++ b/.github/actionlint.yaml
@@ -1,5 +0,0 @@
-self-hosted-runner:
-  labels:
-    - actuated-4cpu-8gb
-    - actuated-4cpu-16gb
-    - nscloud
--- a/.github/labeler.yml
+++ b/.github/labeler.yml
@@ -1,36 +0,0 @@
-modifies/docs:
-  - "**/*.md"
-  - "docs/**"
-
-modifies/frontend:
-  - "web_src/**/*"
-
-modifies/templates:
-  - all: ["templates/**", "!templates/swagger/v1_json.tmpl"]
-
-modifies/api:
-  - "routers/api/**"
-  - "templates/swagger/v1_json.tmpl"
-
-modifies/cli:
-  - "cmd/**"
-
-modifies/translation:
-  - "options/locale/*.ini"
-
-modifies/migrations:
-  - "models/migrations/**/*"
-
-modifies/internal:
-  - "Makefile"
-  - "Dockerfile"
-  - "Dockerfile.rootless"
-  - "docker/**"
-  - "webpack.config.js"
-  - ".eslintrc.yaml"
-  - ".golangci.yml"
-  - ".markdownlint.yaml"
-  - ".spectral.yaml"
-  - ".stylelintrc.yaml"
-  - ".yamllint.yaml"
-  - ".github/**"
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -9,8 +9,8 @@ daysUntilClose: 14

 # Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
 exemptLabels:
-  - status/blocked
-  - kind/security
+  - status/blocked 
+  - kind/security 
  - lgtm/done
  - reviewed/confirmed
  - priority/critical
@@ -27,7 +27,7 @@ staleLabel: stale

 # Comment to post when marking as stale. Set to `false` to disable
 markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity.
+  This issue has been automatically marked as stale because it has not had recent activity. 
  I am here to help clear issues left open even if solved or waiting for more insight.
  This issue will be closed if no further activity occurs during the next 2 weeks.
  If the issue is still valid just add a comment to keep it alive.
--- a/.github/workflows/cron-licenses.yml
+++ b/.github/workflows/cron-licenses.yml
@@ -10,11 +10,10 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-go@v4
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v3
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.1"
      - run: make generate-license generate-gitignore
        timeout-minutes: 40
      - name: push translations to repo
--- a/.github/workflows/cron-translations.yml
+++ b/.github/workflows/cron-translations.yml
@@ -10,7 +10,7 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: download from crowdin
        uses: docker://jonasfranz/crowdin
        env:
@@ -35,7 +35,7 @@ jobs:
    runs-on: ubuntu-latest
    if: github.repository == 'go-gitea/gitea'
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - name: push translations to crowdin
        uses: docker://jonasfranz/crowdin
        env:
--- a/.github/workflows/disk-clean.yml
+++ b/.github/workflows/disk-clean.yml
@@ -1,36 +0,0 @@
-name: disk-clean
-
-on:
-  workflow_call:
-
-jobs:
-  triage:
-    runs-on: ubuntu-latest
-    steps:
-      # FIXME: https://github.com/jlumbroso/free-disk-space/issues/17
-      - name: same as 'large-packages' but without 'google-cloud-sdk'
-        shell: bash
-        run: |
-          sudo apt-get remove -y '^dotnet-.*'
-          sudo apt-get remove -y '^llvm-.*'
-          sudo apt-get remove -y 'php.*'
-          sudo apt-get remove -y '^mongodb-.*'
-          sudo apt-get remove -y '^mysql-.*'
-          sudo apt-get remove -y azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri
-          sudo apt-get autoremove -y
-          sudo apt-get clean
-      - name: Free Disk Space (Ubuntu)
-        uses: jlumbroso/free-disk-space@main
-        with:
-          # this might remove tools that are actually needed,
-          # if set to "true" but frees about 6 GB
-          tool-cache: false
-
-          # all of these default to true, but feel free to set to
-          # "false" if necessary for your workflow
-          android: true
-          dotnet: true
-          haskell: true
-          large-packages: false
-          docker-images: false
-          swap-storage: true
--- a/.github/workflows/files-changed.yml
+++ b/.github/workflows/files-changed.yml
@@ -4,94 +4,50 @@ on:
  workflow_call:
    outputs:
      backend:
+        description: "whether backend files changed"
        value: ${{ jobs.detect.outputs.backend }}
      frontend:
+        description: "whether frontend files changed"
        value: ${{ jobs.detect.outputs.frontend }}
      docs:
+        description: "whether docs files changed"
        value: ${{ jobs.detect.outputs.docs }}
      actions:
+        description: "whether actions files changed"
        value: ${{ jobs.detect.outputs.actions }}
-      templates:
-        value: ${{ jobs.detect.outputs.templates }}
-      docker:
-        value: ${{ jobs.detect.outputs.docker }}
-      swagger:
-        value: ${{ jobs.detect.outputs.swagger }}
-      yaml:
-        value: ${{ jobs.detect.outputs.yaml }}

 jobs:
  detect:
+    name: detect which files changed
    runs-on: ubuntu-latest
    timeout-minutes: 3
+    # Map a step output to a job output
    outputs:
      backend: ${{ steps.changes.outputs.backend }}
      frontend: ${{ steps.changes.outputs.frontend }}
      docs: ${{ steps.changes.outputs.docs }}
      actions: ${{ steps.changes.outputs.actions }}
-      templates: ${{ steps.changes.outputs.templates }}
-      docker: ${{ steps.changes.outputs.docker }}
-      swagger: ${{ steps.changes.outputs.swagger }}
-      yaml: ${{ steps.changes.outputs.yaml }}
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: dorny/paths-filter@v2
        id: changes
        with:
          filters: |
            backend:
              - "**/*.go"
-              - "templates/**/*.tmpl"
-              - "assets/emoji.json"
+              - "**/*.tmpl"
              - "go.mod"
              - "go.sum"
-              - "Makefile"
-              - ".golangci.yml"
-              - ".editorconfig"

            frontend:
              - "**/*.js"
              - "web_src/**"
-              - "assets/emoji.json"
              - "package.json"
              - "package-lock.json"
-              - "Makefile"
-              - ".eslintrc.yaml"
-              - ".stylelintrc.yaml"
-              - ".npmrc"

            docs:
              - "**/*.md"
              - "docs/**"
-              - ".markdownlint.yaml"
-              - "package.json"
-              - "package-lock.json"

            actions:
              - ".github/workflows/*"
-              - "Makefile"
-
-            templates:
-              - "templates/**/*.tmpl"
-              - "pyproject.toml"
-              - "poetry.lock"
-
-            docker:
-              - "Dockerfile"
-              - "Dockerfile.rootless"
-              - "docker/**"
-              - "Makefile"
-
-            swagger:
-              - "templates/swagger/v1_json.tmpl"
-              - "Makefile"
-              - "package.json"
-              - "package-lock.json"
-              - ".spectral.yaml"
-
-            yaml:
-              - "**/*.yml"
-              - "**/*.yaml"
-              - ".yamllint.yaml"
-              - "pyproject.toml"
-              - "poetry.lock"
--- a/.github/workflows/pull-compliance.yml
+++ b/.github/workflows/pull-compliance.yml
@@ -16,63 +16,25 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-backend
        env:
          TAGS: bindata sqlite sqlite_unlock_notify

-  lint-templates:
-    if: needs.files-changed.outputs.templates == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-      - run: pip install poetry
-      - run: make deps-py
-      - run: make lint-templates
-
-  lint-yaml:
-    if: needs.files-changed.outputs.yaml == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-python@v4
-        with:
-          python-version: "3.11"
-      - run: pip install poetry
-      - run: make deps-py
-      - run: make lint-yaml
-
-  lint-swagger:
-    if: needs.files-changed.outputs.swagger == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend
-      - run: make lint-swagger
-
  lint-go-windows:
    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-go-windows lint-go-vet
@@ -86,10 +48,10 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make lint-go
@@ -101,10 +63,10 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - run: make deps-backend deps-tools
      - run: make --always-make checks-backend # ensure the "go-licenses" make target runs
@@ -114,14 +76,13 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 20
      - run: make deps-frontend
      - run: make lint-frontend
      - run: make checks-frontend
-      - run: make test-frontend
      - run: make frontend

  backend:
@@ -129,14 +90,14 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      # no frontend build here as backend should be able to build
      # even without any frontend files
-      - run: make deps-backend
+      - run: make deps-backend deps-tools
      - run: go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
      - name: build-backend-arm64
        run: make backend # test cross compile
@@ -161,19 +122,19 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-node@v3
        with:
          node-version: 20
      - run: make deps-frontend
      - run: make lint-md
-      - run: make docs
+      - run: make docs # test if build could succeed

  actions:
    if: needs.files-changed.outputs.actions == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
      - run: make lint-actions
--- a/.github/workflows/pull-db-tests.yml
+++ b/.github/workflows/pull-db-tests.yml
@@ -38,11 +38,10 @@ jobs:
        ports:
          - "9000:9000"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 pgsql ldap minio" | sudo tee -a /etc/hosts'
      - run: make deps-backend
@@ -63,11 +62,10 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - run: make deps-backend
      - run: make backend
        env:
@@ -88,7 +86,7 @@ jobs:
      mysql:
        image: mysql:5.7
        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
          MYSQL_DATABASE: test
        ports:
          - "3306:3306"
@@ -98,12 +96,6 @@ jobs:
          discovery.type: single-node
        ports:
          - "9200:9200"
-      meilisearch:
-        image: getmeili/meilisearch:v1.2.0
-        env:
-          MEILI_ENV: development # disable auth
-        ports:
-          - "7700:7700"
      smtpimap:
        image: tabascoterrier/docker-imap-devel:latest
        ports:
@@ -128,13 +120,12 @@ jobs:
        ports:
          - "9000:9000"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - name: Add hosts to /etc/hosts
-        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch meilisearch smtpimap" | sudo tee -a /etc/hosts'
+        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
      - run: make deps-backend
      - run: make backend
        env:
@@ -160,7 +151,7 @@ jobs:
      mysql:
        image: mysql:5.7
        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
          MYSQL_DATABASE: test
        ports:
          - "3306:3306"
@@ -178,11 +169,10 @@ jobs:
          - "587:587"
          - "993:993"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql elasticsearch smtpimap" | sudo tee -a /etc/hosts'
      - run: make deps-backend
@@ -205,16 +195,15 @@ jobs:
      mysql8:
        image: mysql:8
        env:
-          MYSQL_ALLOW_EMPTY_PASSWORD: true
+          MYSQL_ALLOW_EMPTY_PASSWORD: yes
          MYSQL_DATABASE: testgitea
        ports:
          - "3306:3306"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mysql8" | sudo tee -a /etc/hosts'
      - run: make deps-backend
@@ -241,11 +230,10 @@ jobs:
        ports:
          - "1433:1433"
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
-          check-latest: true
+          go-version: ">=1.20.0"
      - name: Add hosts to /etc/hosts
        run: '[ -e "/.dockerenv" ] || [ -e "/run/.containerenv" ] || echo "127.0.0.1 mssql" | sudo tee -a /etc/hosts'
      - run: make deps-backend
--- a/.github/workflows/pull-docker-dryrun.yml
+++ b/.github/workflows/pull-docker-dryrun.yml
@@ -11,8 +11,8 @@ jobs:
  files-changed:
    uses: ./.github/workflows/files-changed.yml

-  regular:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
+  docker-dryrun:
+    if: needs.files-changed.outputs.backend == 'true' || needs.files-changed.outputs.frontend == 'true' || needs.files-changed.outputs.actions == 'true'
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
@@ -21,15 +21,3 @@ jobs:
        with:
          push: false
          tags: gitea/gitea:linux-amd64
-
-  rootless:
-    if: needs.files-changed.outputs.docker == 'true' || needs.files-changed.outputs.actions == 'true'
-    needs: files-changed
-    runs-on: ubuntu-latest
-    steps:
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/build-push-action@v4
-        with:
-          push: false
-          file: Dockerfile.rootless
-          tags: gitea/gitea:linux-amd64
--- a/.github/workflows/pull-e2e-tests.yml
+++ b/.github/workflows/pull-e2e-tests.yml
@@ -16,10 +16,10 @@ jobs:
    needs: files-changed
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - uses: actions/setup-node@v3
        with:
--- a/.github/workflows/pull-labeler.yml
+++ b/.github/workflows/pull-labeler.yml
@@ -1,21 +0,0 @@
-name: labeler
-
-on:
-  pull_request_target:
-    types: [opened, synchronize, reopened]
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  label:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      pull-requests: write
-    steps:
-      - uses: actions/labeler@v4
-        with:
-          dot: true
-          sync-labels: true
--- a/.github/workflows/release-nightly.yml
+++ b/.github/workflows/release-nightly.yml
@@ -1,24 +1,20 @@
-name: release-nightly
+name: release-nightly-assets

 on:
  push:
    branches: [ main, release/v* ]

-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: true
-
 jobs:
  nightly-binary:
-    runs-on: nscloud
+    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
      - uses: actions/setup-go@v4
        with:
-          go-version: "~1.21"
+          go-version: ">=1.20"
          check-latest: true
      - uses: actions/setup-node@v3
        with:
@@ -46,26 +42,22 @@ jobs:
          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
          echo "Cleaned name is ${REF_NAME}"
          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-  nightly-docker-rootful:
+        uses: jakejarvis/s3-sync-action@master
+        env:
+          AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_REGION: ${{ secrets.AWS_REGION }}
+          SOURCE_DIR: dist/release
+          DEST_DIR: gitea/${{ steps.clean_name.outputs.branch }}
+  nightly-docker:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v3
      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
      - uses: docker/setup-qemu-action@v2
      - uses: docker/setup-buildx-action@v2
      - name: Get cleaned branch name
@@ -83,8 +75,6 @@ jobs:
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
      - name: build rootful docker image
        uses: docker/build-push-action@v4
        with:
@@ -92,36 +82,6 @@ jobs:
          platforms: linux/amd64,linux/arm64
          push: true
          tags: gitea/gitea:${{ steps.clean_name.outputs.branch }}
-  nightly-docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          # if main then say nightly otherwise cleanup name
-          if [ "${{ github.ref }}" = "refs/heads/main" ]; then
-            echo "branch=nightly" >> "$GITHUB_OUTPUT"
-            exit 0
-          fi
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\///' -e 's/release\/v//')
-          echo "branch=${REF_NAME}-nightly" >> "$GITHUB_OUTPUT"
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: fetch go modules
-        run: make vendor
      - name: build rootless docker image
        uses: docker/build-push-action@v4
        with:
--- a/.github/workflows/release-tag-rc.yml
+++ b/.github/workflows/release-tag-rc.yml
@@ -1,132 +0,0 @@
-name: release-tag-rc
-
-on:
-  push:
-    tags:
-      - 'v1*-rc*'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-jobs:
-  binary:
-    runs-on: nscloud
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-      - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
-        with:
-          gh-cli-version: 2.39.1
-      - name: create github release
-        run: |
-          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --draft --notes-from-tag dist/release/*
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          flavor: |
-            latest=false
-          # 1.2.3-rc0
-          tags: |
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # each tag below will have the suffix of -rootless
-          flavor: |
-            latest=false
-            suffix=-rootless
-          # 1.2.3-rc0
-          tags: |
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
--- a/.github/workflows/release-tag-version.yml
+++ b/.github/workflows/release-tag-version.yml
@@ -1,143 +0,0 @@
-name: release-tag-version
-
-on:
-  push:
-    tags:
-      - 'v1.*'
-      - '!v1*-rc*'
-      - '!v1*-dev'
-
-concurrency:
-  group: ${{ github.workflow }}-${{ github.ref }}
-  cancel-in-progress: false
-
-jobs:
-  binary:
-    runs-on: nscloud
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: actions/setup-go@v4
-        with:
-          go-version: "~1.21"
-          check-latest: true
-      - uses: actions/setup-node@v3
-        with:
-          node-version: 20
-      - run: make deps-frontend deps-backend
-      # xgo build
-      - run: make release
-        env:
-          TAGS: bindata sqlite sqlite_unlock_notify
-      - name: import gpg key
-        id: import_gpg
-        uses: crazy-max/ghaction-import-gpg@v5
-        with:
-          gpg_private_key: ${{ secrets.GPGSIGN_KEY }}
-          passphrase: ${{ secrets.GPGSIGN_PASSPHRASE }}
-      - name: sign binaries
-        run: |
-          for f in dist/release/*; do
-            echo '${{ secrets.GPGSIGN_PASSPHRASE }}' | gpg --pinentry-mode loopback --passphrase-fd 0 --batch --yes --detach-sign -u ${{ steps.import_gpg.outputs.fingerprint }} --output "$f.asc" "$f"
-          done
-      # clean branch name to get the folder name in S3
-      - name: Get cleaned branch name
-        id: clean_name
-        run: |
-          REF_NAME=$(echo "${{ github.ref }}" | sed -e 's/refs\/heads\///' -e 's/refs\/tags\/v//' -e 's/release\/v//')
-          echo "Cleaned name is ${REF_NAME}"
-          echo "branch=${REF_NAME}" >> "$GITHUB_OUTPUT"
-      - name: configure aws
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      - name: upload binaries to s3
-        run: |
-          aws s3 sync dist/release s3://${{ secrets.AWS_S3_BUCKET }}/gitea/${{ steps.clean_name.outputs.branch }} --no-progress
-      - name: Install GH CLI
-        uses: dev-hanz-ops/install-gh-cli-action@v0.1.0
-        with:
-          gh-cli-version: 2.39.1
-      - name: create github release
-        run: |
-          gh release create ${{ github.ref_name }} --title ${{ github.ref_name }} --notes-from-tag dist/release/*
-        env:
-          GITHUB_TOKEN: ${{ secrets.RELEASE_TOKEN }}
-  docker-rootful:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # this will generate tags in the following format:
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootful docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
-  docker-rootless:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      # fetch all commits instead of only the last as some branches are long lived and could have many between versions
-      # fetch all tags to ensure that "git describe" reports expected Gitea version, eg. v1.21.0-dev-1-g1234567
-      - run: git fetch --unshallow --quiet --tags --force
-      - uses: docker/setup-qemu-action@v2
-      - uses: docker/setup-buildx-action@v2
-      - uses: docker/metadata-action@v5
-        id: meta
-        with:
-          images: gitea/gitea
-          # each tag below will have the suffix of -rootless
-          flavor: |
-            suffix=-rootless,onlatest=true
-          # this will generate tags in the following format (with -rootless suffix added):
-          # latest
-          # 1
-          # 1.2
-          # 1.2.3
-          tags: |
-            type=semver,pattern={{major}}
-            type=semver,pattern={{major}}.{{minor}}
-            type=semver,pattern={{version}}
-      - name: Login to Docker Hub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - name: build rootless docker image
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          file: Dockerfile.rootless
-          tags: ${{ steps.meta.outputs.tags }}
-          labels: ${{ steps.meta.outputs.labels }}
--- a/.gitignore
+++ b/.gitignore
@@ -68,15 +68,13 @@ cpu.out
 /tests/*.ini
 /tests/**/*.git/**/*.sample
 /node_modules
-/.venv
 /yarn.lock
 /yarn-error.log
 /npm-debug.log*
-/public/assets/js
-/public/assets/css
-/public/assets/fonts
-/public/assets/licenses.txt
-/public/assets/img/webpack
+/public/js
+/public/css
+/public/fonts
+/public/img/webpack
 /vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
@@ -95,7 +93,6 @@ cpu.out
 /.go-licenses

 # Snapcraft
-/gitea_a*.txt
 snap/.snapcraft/
 parts/
 stage/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -34,8 +34,7 @@ vscode:
    - Vue.volar
    - ms-azuretools.vscode-docker
    - zixuanchen.vitest-explorer
-    - qwtel.sqlite-viewer
-    - GitHub.vscode-pull-request-github
+    - alexcvzz.vscode-sqlite

 ports:
  - name: Gitea
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -29,7 +29,7 @@ linters:
  fast: false

 run:
-  go: "1.21"
+  go: "1.20"
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -75,23 +75,18 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.21"
+    lang-version: "1.20"
  depguard:
-    rules:
-      main:
-        deny:
-          - pkg: encoding/json
-            desc: use gitea's modules/json instead of encoding/json
-          - pkg: github.com/unknwon/com
-            desc: use gitea's util and replacements
-          - pkg: io/ioutil
-            desc: use os or io instead
-          - pkg: golang.org/x/exp
-            desc: it's experimental and unreliable
-          - pkg: code.gitea.io/gitea/modules/git/internal
-            desc: do not use the internal package, use AddXxx function instead
-          - pkg: gopkg.in/ini.v1
-            desc: do not use the ini package, use gitea's config system instead
+    list-type: denylist
+    # Check the list against standard lib.
+    include-go-root: true
+    packages-with-error-message:
+      - encoding/json: "use gitea's modules/json instead of encoding/json"
+      - github.com/unknwon/com: "use gitea's util and replacements"
+      - io/ioutil: "use os or io instead"
+      - golang.org/x/exp: "it's experimental and unreliable."
+      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"
+      - gopkg.in/ini.v1: "do not use the ini package, use gitea's config system instead"

 issues:
  max-issues-per-linter: 0
--- a/.ignore
+++ b/.ignore
@@ -5,5 +5,4 @@
 /modules/public/bindata.go
 /modules/templates/bindata.go
 /vendor
-/public/assets
 node_modules
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -6,6 +6,7 @@ line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
 no-alt-text: false
 no-bare-urls: false
 no-blanks-blockquote: false
+no-duplicate-header: {allow_different_nesting: true}
 no-emphasis-as-header: false
 no-empty-links: false
 no-hard-tabs: {code_blocks: false}
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@@ -1,7 +1,5 @@
 plugins:
  - stylelint-declaration-strict-value
-  - stylelint-declaration-block-no-ignored-properties
-  - stylelint-stylistic

 ignoreFiles:
  - "**/*.go"
@@ -50,7 +48,7 @@ rules:
  declaration-no-important: null
  declaration-property-max-values: null
  declaration-property-unit-allowed-list: null
-  declaration-property-unit-disallowed-list: {line-height: [em]}
+  declaration-property-unit-disallowed-list: null
  declaration-property-value-allowed-list: null
  declaration-property-value-disallowed-list: null
  declaration-property-value-no-unknown: true
@@ -84,7 +82,6 @@ rules:
  media-feature-name-value-allowed-list: null
  media-feature-name-value-no-unknown: true
  media-feature-range-notation: null
-  media-query-no-invalid: true
  named-grid-areas-no-invalid: true
  no-descending-specificity: null
  no-duplicate-at-import-rules: true
@@ -96,7 +93,6 @@ rules:
  no-unknown-animations: null
  no-unknown-custom-properties: null
  number-max-precision: null
-  plugin/declaration-block-no-ignored-properties: true
  property-allowed-list: null
  property-disallowed-list: null
  property-no-unknown: true
@@ -137,82 +133,6 @@ rules:
  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
  shorthand-property-no-redundant-values: true
  string-no-newline: true
-  stylistic/at-rule-name-case: null
-  stylistic/at-rule-name-newline-after: null
-  stylistic/at-rule-name-space-after: null
-  stylistic/at-rule-semicolon-newline-after: null
-  stylistic/at-rule-semicolon-space-before: null
-  stylistic/block-closing-brace-empty-line-before: null
-  stylistic/block-closing-brace-newline-after: null
-  stylistic/block-closing-brace-newline-before: null
-  stylistic/block-closing-brace-space-after: null
-  stylistic/block-closing-brace-space-before: null
-  stylistic/block-opening-brace-newline-after: null
-  stylistic/block-opening-brace-newline-before: null
-  stylistic/block-opening-brace-space-after: null
-  stylistic/block-opening-brace-space-before: null
-  stylistic/color-hex-case: lower
-  stylistic/declaration-bang-space-after: never
-  stylistic/declaration-bang-space-before: null
-  stylistic/declaration-block-semicolon-newline-after: null
-  stylistic/declaration-block-semicolon-newline-before: null
-  stylistic/declaration-block-semicolon-space-after: null
-  stylistic/declaration-block-semicolon-space-before: never
-  stylistic/declaration-block-trailing-semicolon: null
-  stylistic/declaration-colon-newline-after: null
-  stylistic/declaration-colon-space-after: null
-  stylistic/declaration-colon-space-before: never
-  stylistic/function-comma-newline-after: null
-  stylistic/function-comma-newline-before: null
-  stylistic/function-comma-space-after: null
-  stylistic/function-comma-space-before: null
-  stylistic/function-max-empty-lines: 0
-  stylistic/function-parentheses-newline-inside: never-multi-line
-  stylistic/function-parentheses-space-inside: null
-  stylistic/function-whitespace-after: null
-  stylistic/indentation: 2
-  stylistic/linebreaks: null
-  stylistic/max-empty-lines: 1
-  stylistic/max-line-length: null
-  stylistic/media-feature-colon-space-after: null
-  stylistic/media-feature-colon-space-before: never
-  stylistic/media-feature-name-case: null
-  stylistic/media-feature-parentheses-space-inside: null
-  stylistic/media-feature-range-operator-space-after: always
-  stylistic/media-feature-range-operator-space-before: always
-  stylistic/media-query-list-comma-newline-after: null
-  stylistic/media-query-list-comma-newline-before: null
-  stylistic/media-query-list-comma-space-after: null
-  stylistic/media-query-list-comma-space-before: null
-  stylistic/no-empty-first-line: null
-  stylistic/no-eol-whitespace: true
-  stylistic/no-extra-semicolons: true
-  stylistic/no-missing-end-of-source-newline: null
-  stylistic/number-leading-zero: null
-  stylistic/number-no-trailing-zeros: null
-  stylistic/property-case: lower
-  stylistic/selector-attribute-brackets-space-inside: null
-  stylistic/selector-attribute-operator-space-after: null
-  stylistic/selector-attribute-operator-space-before: null
-  stylistic/selector-combinator-space-after: null
-  stylistic/selector-combinator-space-before: null
-  stylistic/selector-descendant-combinator-no-non-space: null
-  stylistic/selector-list-comma-newline-after: null
-  stylistic/selector-list-comma-newline-before: null
-  stylistic/selector-list-comma-space-after: always-single-line
-  stylistic/selector-list-comma-space-before: never-single-line
-  stylistic/selector-max-empty-lines: 0
-  stylistic/selector-pseudo-class-case: lower
-  stylistic/selector-pseudo-class-parentheses-space-inside: never
-  stylistic/selector-pseudo-element-case: lower
-  stylistic/string-quotes: double
-  stylistic/unicode-bom: null
-  stylistic/unit-case: lower
-  stylistic/value-list-comma-newline-after: null
-  stylistic/value-list-comma-newline-before: null
-  stylistic/value-list-comma-space-after: null
-  stylistic/value-list-comma-space-before: null
-  stylistic/value-list-max-empty-lines: 0
  time-min-milliseconds: null
  unit-allowed-list: null
  unit-disallowed-list: null
--- a/.yamllint.yaml
+++ b/.yamllint.yaml
@@ -1,44 +0,0 @@
-extends: default
-
-rules:
-  braces:
-    min-spaces-inside: 0
-    max-spaces-inside: 1
-    min-spaces-inside-empty: 0
-    max-spaces-inside-empty: 0
-
-  brackets:
-    min-spaces-inside: 0
-    max-spaces-inside: 1
-    min-spaces-inside-empty: 0
-    max-spaces-inside-empty: 0
-
-  comments:
-    require-starting-space: true
-    ignore-shebangs: true
-    min-spaces-from-content: 1
-
-  comments-indentation:
-    level: error
-
-  document-start:
-    level: error
-    present: false
-
-  document-end:
-    present: false
-
-  empty-lines:
-    max: 1
-
-  indentation:
-    spaces: 2
-
-  line-length: disable
-
-  truthy:
-    allowed-values: ["true", "false", "on", "off"]
-
-ignore: |
-  .venv
-  node_modules
--- a/4
+++ b/4
@@ -42,13 +42,13 @@ GARGS = "--no-print-directory"

 # The GNU convention is to use the lowercased `prefix` variable/macro to
 # specify the installation directory. Humor them.
-GPREFIX =
+GPREFIX = ""
 .if defined(PREFIX) && ! defined(prefix)
    GPREFIX = 'prefix = "$(PREFIX)"'
 .endif

 .BEGIN: .SILENT
-	which $(GMAKE) || (printf "Error: GNU Make is required!\n\n" 1>&2 && false)
+	which $(GMAKE) || printf "Error: GNU Make is required!\n\n" 1>&2 && false

 .PHONY: FRC
 $(.TARGETS): FRC
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -473,14 +473,14 @@ https://help.github.com/articles/signing-commits-with-gpg/
 ## Technical Oversight Committee (TOC)

 At the start of 2023, the `Owners` team was dissolved. Instead, the governance charter proposed a technical oversight committee (TOC) which expands the ownership team of the Gitea project from three elected positions to six positions. Three positions would be elected as it has been over the past years, and the other three would consist of appointed members from the Gitea company.
-https://blog.gitea.com/quarterly-23q1/
+https://blog.gitea.io/2023/02/gitea-quarterly-report-23q1/

 When the new community members have been elected, the old members will give up ownership to the newly elected members. For security reasons, TOC members or any account with write access (like a bot) must use 2FA.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

 ### Current TOC members

- 2023-01-01 ~ 2023-12-31 - https://blog.gitea.com/quarterly-23q1/
+- 2023-01-01 ~ 2023-12-31 - https://blog.gitea.io/2023/02/gitea-quarterly-report-23q1/
  - Company
    - [Jason Song](https://gitea.com/wolfogre) <i@wolfogre.com>
    - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
--- a/38
+++ b/38
@@ -1,5 +1,5 @@
-# Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+#Build stage
+FROM docker.io/library/golang:1.20-alpine3.18 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -9,38 +9,20 @@ ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

-# Build deps
-RUN apk --no-cache add \
-    build-base \
-    git \
-    nodejs \
-    npm \
-    && rm -rf /var/cache/apk/*
+#Build deps
+RUN apk --no-cache add build-base git nodejs npm

-# Setup repo
+#Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-# Checkout version if set
+#Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean-all build

 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-# Copy local files
-COPY docker/root /tmp/local
-
-# Set permissions
-RUN chmod 755 /tmp/local/usr/bin/entrypoint \
-              /tmp/local/usr/local/bin/gitea \
-              /tmp/local/etc/s6/gitea/* \
-              /tmp/local/etc/s6/openssh/* \
-              /tmp/local/etc/s6/.s6-svscan/* \
-              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-
 FROM docker.io/library/alpine:3.18
 LABEL maintainer="maintainers@gitea.io"

@@ -57,8 +39,7 @@ RUN apk --no-cache add \
    s6 \
    sqlite \
    su-exec \
-    gnupg \
-    && rm -rf /var/cache/apk/*
+    gnupg

 RUN addgroup \
    -S -g 1000 \
@@ -80,7 +61,10 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY --from=build-env /tmp/local /
+COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
+RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
-# Build stage
-FROM docker.io/library/golang:1.21-alpine3.18 AS build-env
+#Build stage
+FROM docker.io/library/golang:1.20-alpine3.18 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -10,35 +10,19 @@ ENV TAGS "bindata timetzdata $TAGS"
 ARG CGO_EXTRA_CFLAGS

 #Build deps
-RUN apk --no-cache add \
-    build-base \
-    git \
-    nodejs \
-    npm \
-    && rm -rf /var/cache/apk/*
+RUN apk --no-cache add build-base git nodejs npm

-# Setup repo
+#Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
 WORKDIR ${GOPATH}/src/code.gitea.io/gitea

-# Checkout version if set
+#Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean-all build

 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-# Copy local files
-COPY docker/rootless /tmp/local
-
-# Set permissions
-RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \
-              /tmp/local/usr/local/bin/docker-setup.sh \
-              /tmp/local/usr/local/bin/gitea \
-              /go/src/code.gitea.io/gitea/gitea \
-              /go/src/code.gitea.io/gitea/environment-to-ini
-RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete
-
 FROM docker.io/library/alpine:3.18
 LABEL maintainer="maintainers@gitea.io"

@@ -51,8 +35,7 @@ RUN apk --no-cache add \
    gettext \
    git \
    curl \
-    gnupg \
-    && rm -rf /var/cache/apk/*
+    gnupg

 RUN addgroup \
    -S -g 1000 \
@@ -68,19 +51,21 @@ RUN addgroup \
 RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

-COPY --from=build-env /tmp/local /
+COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
 COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

-# git:git
+#git:git
 USER 1000:1000
 ENV GITEA_WORK_DIR /var/lib/gitea
 ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-# TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
@@ -88,3 +73,4 @@ WORKDIR /var/lib/gitea

 ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
 CMD []
+
--- a/5
+++ b/5
@@ -52,8 +52,3 @@ Xinyi Gong <hestergong@gmail.com> (@HesterG)
 wxiaoguang <wxiaoguang@gmail.com> (@wxiaoguang)
 Gary Moon <gary@garymoon.net> (@garymoon)
 Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
-Denys Konovalov <kontakt@denyskon.de> (@denyskon)
-Punit Inani <punitinani1@gmail.com> (@puni9869)
-CaiCandong  <1290147055@qq.com> (@caicandong)
-Rui Chen  <rui@chenrui.dev> (@chenrui333)
-Nanguan Lin <nanguanlin6@gmail.com> (@lng2020)
--- a/87
+++ b/87
@@ -23,19 +23,19 @@ SHASUM ?= shasum -a 256
 HAS_GO := $(shell hash $(GO) > /dev/null 2>&1 && echo yes)
 COMMA := ,

-XGO_VERSION := go-1.21.x
+XGO_VERSION := go-1.20.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.44.0
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.43.0
 EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.7.0
 GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.5.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.54.1
-GXZ_PACKAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.52.2
+GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.11
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.5
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.4
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
 GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.6.0
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@v1.0.1
-ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@v1.6.25
+GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest
+ACTIONLINT_PACKAGE ?= github.com/rhysd/actionlint/cmd/actionlint@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -68,7 +68,7 @@ endif

 EXTRA_GOFLAGS ?=

-MAKE_VERSION := $(shell "$(MAKE)" -v | cat | head -n 1)
+MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence

 ifeq ($(RACE_ENABLED),true)
@@ -82,6 +82,12 @@ HUGO_VERSION ?= 0.111.3
 GITHUB_REF_TYPE ?= branch
 GITHUB_REF_NAME ?= $(shell git rev-parse --abbrev-ref HEAD)

+# backwards compatible to build with Drone
+ifneq ($(DRONE_TAG),)
+	GITHUB_REF_TYPE := tag
+	GITHUB_REF_NAME := $(DRONE_TAG)
+endif
+
 ifneq ($(GITHUB_REF_TYPE),branch)
 	VERSION ?= $(subst v,,$(GITHUB_REF_NAME))
 	GITEA_VERSION ?= $(VERSION)
@@ -116,15 +122,15 @@ FOMANTIC_WORK_DIR := web_src/fomantic

 WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
 WEBPACK_CONFIGS := webpack.config.js
-WEBPACK_DEST := public/assets/js/index.js public/assets/css/index.css
-WEBPACK_DEST_ENTRIES := public/assets/js public/assets/css public/assets/fonts public/assets/img/webpack
+WEBPACK_DEST := public/js/index.js public/css/index.css
+WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack

 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))

 GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go

-SVG_DEST_DIR := public/assets/img/svg
+SVG_DEST_DIR := public/img/svg

 AIR_TMP_DIR := .air

@@ -200,7 +206,6 @@ help:
 	@echo " - deps-frontend                    install frontend dependencies"
 	@echo " - deps-backend                     install backend dependencies"
 	@echo " - deps-tools                       install tool dependencies"
-	@echo " - deps-py                          install python dependencies"
 	@echo " - lint                             lint everything"
 	@echo " - lint-fix                         lint everything and fix issues"
 	@echo " - lint-actions                     lint action workflow files"
@@ -217,8 +222,6 @@ help:
 	@echo " - lint-css-fix                     lint css files and fix issues"
 	@echo " - lint-md                          lint markdown files"
 	@echo " - lint-swagger                     lint swagger files"
-	@echo " - lint-templates                   lint template files"
-	@echo " - lint-yaml                        lint yaml files"
 	@echo " - checks                           run various consistency checks"
 	@echo " - checks-frontend                  check frontend files"
 	@echo " - checks-backend                   check backend files"
@@ -226,9 +229,6 @@ help:
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
 	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
-	@echo " - update                           update js and py dependencies"
-	@echo " - update-js                        update js dependencies"
-	@echo " - update-py                        update py dependencies"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@@ -361,10 +361,10 @@ lint: lint-frontend lint-backend
 lint-fix: lint-frontend-fix lint-backend-fix

 .PHONY: lint-frontend
-lint-frontend: lint-js lint-css
+lint-frontend: lint-js lint-css lint-md lint-swagger

 .PHONY: lint-frontend-fix
-lint-frontend-fix: lint-js-fix lint-css-fix
+lint-frontend-fix: lint-js-fix lint-css-fix lint-md lint-swagger

 .PHONY: lint-backend
 lint-backend: lint-go lint-go-vet lint-editorconfig
@@ -425,14 +425,6 @@ lint-editorconfig:
 lint-actions:
 	$(GO) run $(ACTIONLINT_PACKAGE)

-.PHONY: lint-templates
-lint-templates: .venv
-	@poetry run djlint $(shell find templates -type f -iname '*.tmpl')
-
-.PHONY: lint-yaml
-lint-yaml: .venv
-	@poetry run yamllint .
-
 .PHONY: watch
 watch:
 	@bash build/watch.sh
@@ -847,18 +839,30 @@ release-windows: | $(DIST_DIRS)
 ifeq (,$(findstring gogit,$(TAGS)))
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
+ifneq ($(DRONE_TAG),)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+ifneq ($(DRONE_TAG),)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
+ifneq ($(DRONE_TAG),)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-freebsd
 release-freebsd: | $(DIST_DIRS)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
+ifneq ($(DRONE_TAG),)
+	cp /build/* $(DIST)/binaries
+endif

 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
@@ -870,7 +874,7 @@ release-check: | $(DIST_DIRS)

 .PHONY: release-compress
 release-compress: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PACKAGE) -k -9 $${file}; done;
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;

 .PHONY: release-sources
 release-sources: | $(DIST_DIRS)
@@ -891,10 +895,7 @@ docs:
 	cd docs; bash scripts/trans-copy.sh;

 .PHONY: deps
-deps: deps-frontend deps-backend deps-tools deps-py
-
-.PHONY: deps-py
-deps-py: .venv
+deps: deps-frontend deps-backend deps-tools

 .PHONY: deps-frontend
 deps-frontend: node_modules
@@ -909,7 +910,7 @@ deps-tools:
 	$(GO) install $(EDITORCONFIG_CHECKER_PACKAGE)
 	$(GO) install $(GOFUMPT_PACKAGE)
 	$(GO) install $(GOLANGCI_LINT_PACKAGE)
-	$(GO) install $(GXZ_PACKAGE)
+	$(GO) install $(GXZ_PAGAGE)
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
@@ -921,27 +922,13 @@ node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules

-.venv: poetry.lock
-	poetry install --no-root
-	@touch .venv
-
-.PHONY: update
-update: update-js update-py
-
-.PHONY: update-js
-update-js: node-check | node_modules
-	npx updates -u -f package.json
+.PHONY: npm-update
+npm-update: node-check | node_modules
+	npx updates -cu
 	rm -rf node_modules package-lock.json
 	npm install --package-lock
 	@touch node_modules

-.PHONY: update-py
-update-py: node-check | node_modules
-	npx updates -u -f pyproject.toml
-	rm -rf .venv poetry.lock
-	poetry install
-	@touch .venv
-
 .PHONY: fomantic
 fomantic:
 	rm -rf $(FOMANTIC_WORK_DIR)/build
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 <p align="center">
  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/assets/img/gitea.svg" width="220"/>
+    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
  </a>
 </p>
 <h1 align="center">Gitea - Git with a cup of tea</h1>
@@ -64,7 +64,7 @@ architectures that are supported by Go, including Linux, macOS, and
 Windows on x86, amd64, ARM and PowerPC architectures.
 You can try it out using [the online demo](https://try.gitea.io/).
 This project has been
-[forked](https://blog.gitea.com/welcome-to-gitea/) from
+[forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
 [Gogs](https://gogs.io) since November of 2016, but a lot has changed.

 ## Building
@@ -79,10 +79,10 @@ or if SQLite support is required:

 The `build` target is split into two sub-targets:

- `make backend` which requires [Go Stable](https://go.dev/dl/), the required version is defined in [go.mod](/go.mod).
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater.
+- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
+- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.

-Internet connectivity is required to download the go and npm modules. When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js.
+When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.

 Parallelism (`make -j <num>`) is not supported.

@@ -116,11 +116,13 @@ https://docs.gitea.com/contributing/localization

 ## Further information

-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com/).
+For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.com).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).

 We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).

+The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
+
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).

 ## Authors
@@ -149,6 +151,7 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
+<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>

 ## FAQ

--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,6 +1,6 @@
 <p align="center">
  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/assets/img/gitea.svg" width="220"/>
+    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
  </a>
 </p>
 <h1 align="center">Gitea - Git with a cup of tea</h1>
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -4,8 +4,6 @@ The Gitea maintainers take security seriously.

 If you discover a security issue, please bring it to their attention right away!

-Previous vulnerabilities are listed at https://about.gitea.com/security.
-
 ## Reporting a Vulnerability

 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build/backport-locales.go
+++ b/build/backport-locales.go
@@ -12,7 +12,6 @@ import (
 	"path/filepath"
 	"strings"

-	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/setting"
 )

@@ -59,7 +58,7 @@ func main() {

 	// use old en-US as the base, and copy the new translations to the old locales
 	enUsOld := inisOld["options/locale/locale_en-US.ini"]
-	brokenWarned := make(container.Set[string])
+	brokenWarned := map[string]bool{}
 	for path, iniOld := range inisOld {
 		if iniOld == enUsOld {
 			continue
@@ -78,7 +77,7 @@ func main() {
 					broken := oldStr != "" && strings.Count(oldStr, "%") != strings.Count(newStr, "%")
 					broken = broken || strings.Contains(oldStr, "\n") || strings.Contains(oldStr, "\n")
 					if broken {
-						brokenWarned.Add(secOld.Name() + "." + keyEnUs.Name())
+						brokenWarned[secOld.Name()+"."+keyEnUs.Name()] = true
 						fmt.Println("----")
 						fmt.Printf("WARNING: skip broken locale: %s , [%s] %s\n", path, secEnUS.Name(), keyEnUs.Name())
 						fmt.Printf("\told: %s\n", strings.ReplaceAll(oldStr, "\n", "\\n"))
@@ -104,7 +103,7 @@ func main() {
 				broken = broken || strings.HasPrefix(str, "`\"")
 				broken = broken || strings.Count(str, `"`)%2 == 1
 				broken = broken || strings.Count(str, "`")%2 == 1
-				if broken && !brokenWarned.Contains(sec.Name()+"."+key.Name()) {
+				if broken && !brokenWarned[sec.Name()+"."+key.Name()] {
 					fmt.Printf("WARNING: found broken locale: %s , [%s] %s\n", path, sec.Name(), key.Name())
 					fmt.Printf("\tstr: %s\n", strings.ReplaceAll(str, "\n", "\\n"))
 					fmt.Println("----")
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -25,7 +25,7 @@ import (

 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 15
+	maxUnicodeVersion = 14
 )

 var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@@ -15,8 +15,6 @@ import (
 	"regexp"
 	"sort"
 	"strings"
-
-	"code.gitea.io/gitea/modules/container"
 )

 // regexp is based on go-license, excluding README and NOTICE
@@ -57,14 +55,20 @@ func main() {
 	//    yml
 	//
 	// It could be removed once we have a better regex.
-	excludedExt := container.SetOf(".gitignore", ".go", ".mod", ".sum", ".toml", ".yml")
-
+	excludedExt := map[string]bool{
+		".gitignore": true,
+		".go":        true,
+		".mod":       true,
+		".sum":       true,
+		".toml":      true,
+		".yml":       true,
+	}
 	var paths []string
 	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
 		if err != nil {
 			return err
 		}
-		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt.Contains(filepath.Ext(entry.Name())) {
+		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) || excludedExt[filepath.Ext(entry.Name())] {
 			return nil
 		}
 		paths = append(paths, path)
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -69,13 +69,13 @@ async function main() {
  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');

  await Promise.all([
-    generate(logoSvg, '../public/assets/img/logo.svg', {size: 32}),
-    generate(logoSvg, '../public/assets/img/logo.png', {size: 512}),
-    generate(faviconSvg, '../public/assets/img/favicon.svg', {size: 32}),
-    generate(faviconSvg, '../public/assets/img/favicon.png', {size: 180}),
-    generate(logoSvg, '../public/assets/img/avatar_default.png', {size: 200}),
-    generate(logoSvg, '../public/assets/img/apple-touch-icon.png', {size: 180, bg: true}),
-    gitea && generate(logoSvg, '../public/assets/img/gitea.svg', {size: 32}),
+    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
+    generate(logoSvg, '../public/img/logo.png', {size: 512}),
+    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
+    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
+    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
+    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
+    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
  ]);
 }

--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -44,7 +44,7 @@ async function processFile(file, {prefix, fullName} = {}) {
    ],
  });

-  await writeFile(fileURLToPath(new URL(`../public/assets/img/svg/${name}.svg`, import.meta.url)), data);
+  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
 }

 function processFiles(pattern, opts) {
@@ -53,13 +53,13 @@ function processFiles(pattern, opts) {

 async function main() {
  try {
-    await mkdir(fileURLToPath(new URL('../public/assets/img/svg', import.meta.url)), {recursive: true});
+    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
  } catch {}

  await Promise.all([
    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
    ...processFiles('web_src/svg/*.svg'),
-    ...processFiles('public/assets/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }

--- a/cmd/actions.go
+++ b/cmd/actions.go
@@ -9,31 +9,30 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdActions represents the available actions sub-commands.
-	CmdActions = &cli.Command{
+	CmdActions = cli.Command{
 		Name:        "actions",
 		Usage:       "",
 		Description: "Commands for managing Gitea Actions",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdActionsGenRunnerToken,
 		},
 	}

-	subcmdActionsGenRunnerToken = &cli.Command{
+	subcmdActionsGenRunnerToken = cli.Command{
 		Name:    "generate-runner-token",
 		Usage:   "Generate a new token for a runner to use to register with the server",
 		Action:  runGenerateActionsRunnerToken,
 		Aliases: []string{"grt"},
 		Flags: []cli.Flag{
-			&cli.StringFlag{
-				Name:    "scope",
-				Aliases: []string{"s"},
-				Value:   "",
-				Usage:   "{owner}[/{repo}] - leave empty for a global runner",
+			cli.StringFlag{
+				Name:  "scope, s",
+				Value: "",
+				Usage: "{owner}[/{repo}] - leave empty for a global runner",
 			},
 		},
 	}
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -5,7 +5,6 @@
 package cmd

 import (
-	"context"
 	"errors"
 	"fmt"
 	"net/url"
@@ -27,15 +26,15 @@ import (
 	"code.gitea.io/gitea/services/auth/source/smtp"
 	repo_service "code.gitea.io/gitea/services/repository"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdAdmin represents the available admin sub-command.
-	CmdAdmin = &cli.Command{
+	CmdAdmin = cli.Command{
 		Name:  "admin",
 		Usage: "Command line interface to perform common administrative operations",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdUser,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
@@ -44,37 +43,37 @@ var (
 		},
 	}

-	subcmdRepoSyncReleases = &cli.Command{
+	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
 		Action: runRepoSyncReleases,
 	}

-	subcmdRegenerate = &cli.Command{
+	subcmdRegenerate = cli.Command{
 		Name:  "regenerate",
 		Usage: "Regenerate specific files",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			microcmdRegenHooks,
 			microcmdRegenKeys,
 		},
 	}

-	microcmdRegenHooks = &cli.Command{
+	microcmdRegenHooks = cli.Command{
 		Name:   "hooks",
 		Usage:  "Regenerate git-hooks",
 		Action: runRegenerateHooks,
 	}

-	microcmdRegenKeys = &cli.Command{
+	microcmdRegenKeys = cli.Command{
 		Name:   "keys",
 		Usage:  "Regenerate authorized_keys file",
 		Action: runRegenerateKeys,
 	}

-	subcmdAuth = &cli.Command{
+	subcmdAuth = cli.Command{
 		Name:  "auth",
 		Usage: "Modify external auth providers",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
 			cmdAuthAddLdapBindDn,
@@ -88,44 +87,44 @@ var (
 		},
 	}

-	microcmdAuthList = &cli.Command{
+	microcmdAuthList = cli.Command{
 		Name:   "list",
 		Usage:  "List auth sources",
 		Action: runListAuth,
 		Flags: []cli.Flag{
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "min-width",
 				Usage: "Minimal cell width including any padding for the formatted table",
 				Value: 0,
 			},
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "tab-width",
 				Usage: "width of tab characters in formatted table (equivalent number of spaces)",
 				Value: 8,
 			},
-			&cli.IntFlag{
+			cli.IntFlag{
 				Name:  "padding",
 				Usage: "padding added to a cell before computing its width",
 				Value: 1,
 			},
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "pad-char",
 				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
 				Value: "\t",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "vertical-bars",
 				Usage: "Set to true to print vertical bars between columns",
 			},
 		},
 	}

-	idFlag = &cli.Int64Flag{
+	idFlag = cli.Int64Flag{
 		Name:  "id",
 		Usage: "ID of authentication source",
 	}

-	microcmdAuthDelete = &cli.Command{
+	microcmdAuthDelete = cli.Command{
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
 		Flags:  []cli.Flag{idFlag},
@@ -133,213 +132,207 @@ var (
 	}

 	oauthCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Value: "",
 			Usage: "Application Name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "provider",
 			Value: "",
 			Usage: "OAuth2 Provider",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "key",
 			Value: "",
 			Usage: "Client ID (Key)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "secret",
 			Value: "",
 			Usage: "Client Secret",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auto-discover-url",
 			Value: "",
 			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "use-custom-urls",
 			Value: "false",
 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-tenant-id",
 			Value: "",
 			Usage: "Use custom Tenant ID for OAuth endpoints",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-auth-url",
 			Value: "",
 			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-token-url",
 			Value: "",
 			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-profile-url",
 			Value: "",
 			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "custom-email-url",
 			Value: "",
 			Usage: "Use a custom Email URL (option for GitHub)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "icon-url",
 			Value: "",
 			Usage: "Custom icon URL for OAuth2 login source",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
-		&cli.StringSliceFlag{
+		cli.StringSliceFlag{
 			Name:  "scopes",
 			Value: nil,
 			Usage: "Scopes to request when to authenticate against this OAuth2 source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "required-claim-name",
 			Value: "",
 			Usage: "Claim name that has to be set to allow users to login with this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "required-claim-value",
 			Value: "",
 			Usage: "Claim value that has to be set to allow users to login with this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "group-claim-name",
 			Value: "",
 			Usage: "Claim name providing group names for this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "admin-group",
 			Value: "",
 			Usage: "Group Claim value for administrator users",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "restricted-group",
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "group-team-map",
 			Value: "",
 			Usage: "JSON mapping between groups and org teams",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "group-team-map-removal",
 			Usage: "Activate automatic team membership removal depending on groups",
 		},
 	}

-	microcmdAuthUpdateOauth = &cli.Command{
+	microcmdAuthUpdateOauth = cli.Command{
 		Name:   "update-oauth",
 		Usage:  "Update existing Oauth authentication source",
 		Action: runUpdateOauth,
 		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
 	}

-	microcmdAuthAddOauth = &cli.Command{
+	microcmdAuthAddOauth = cli.Command{
 		Name:   "add-oauth",
 		Usage:  "Add new Oauth authentication source",
 		Action: runAddOauth,
 		Flags:  oauthCLIFlags,
 	}

-	subcmdSendMail = &cli.Command{
+	subcmdSendMail = cli.Command{
 		Name:   "sendmail",
 		Usage:  "Send a message to all users",
 		Action: runSendMail,
 		Flags: []cli.Flag{
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "title",
 				Usage: `a title of a message`,
 				Value: "",
 			},
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "content",
 				Usage: "a content of a message",
 				Value: "",
 			},
-			&cli.BoolFlag{
-				Name:    "force",
-				Aliases: []string{"f"},
-				Usage:   "A flag to bypass a confirmation step",
+			cli.BoolFlag{
+				Name:  "force,f",
+				Usage: "A flag to bypass a confirmation step",
 			},
 		},
 	}

 	smtpCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Value: "",
 			Usage: "Application Name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auth-type",
 			Value: "PLAIN",
 			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Value: "",
 			Usage: "SMTP Host",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "port",
 			Usage: "SMTP Port",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "force-smtps",
 			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
-			Value: true,
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "skip-verify",
 			Usage: "Skip TLS verify.",
-			Value: true,
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "helo-hostname",
 			Value: "",
 			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "disable-helo",
 			Usage: "Disable SMTP helo.",
-			Value: true,
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "allowed-domains",
 			Value: "",
 			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Skip 2FA to log on.",
-			Value: true,
 		},
-		&cli.BoolFlag{
+		cli.BoolTFlag{
 			Name:  "active",
 			Usage: "This Authentication Source is Activated.",
-			Value: true,
 		},
 	}

-	microcmdAuthAddSMTP = &cli.Command{
+	microcmdAuthAddSMTP = cli.Command{
 		Name:   "add-smtp",
 		Usage:  "Add new SMTP authentication source",
 		Action: runAddSMTP,
 		Flags:  smtpCLIFlags,
 	}

-	microcmdAuthUpdateSMTP = &cli.Command{
+	microcmdAuthUpdateSMTP = cli.Command{
 		Name:   "update-smtp",
 		Usage:  "Update existing SMTP authentication source",
 		Action: runUpdateSMTP,
@@ -383,19 +376,19 @@ func runRepoSyncReleases(_ *cli.Context) error {
 				continue
 			}

-			oldnum, err := getReleaseCount(ctx, repo.ID)
+			oldnum, err := getReleaseCount(repo.ID)
 			if err != nil {
 				log.Warn(" GetReleaseCountByRepoID: %v", err)
 			}
 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

-			if err = repo_module.SyncReleasesWithTags(ctx, repo, gitRepo); err != nil {
+			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {
 				log.Warn(" SyncReleasesWithTags: %v", err)
 				gitRepo.Close()
 				continue
 			}

-			count, err = getReleaseCount(ctx, repo.ID)
+			count, err = getReleaseCount(repo.ID)
 			if err != nil {
 				log.Warn(" GetReleaseCountByRepoID: %v", err)
 				gitRepo.Close()
@@ -411,9 +404,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 	return nil
 }

-func getReleaseCount(ctx context.Context, id int64) (int64, error) {
+func getReleaseCount(id int64) (int64, error) {
 	return repo_model.GetReleaseCountByRepoID(
-		ctx,
+		db.DefaultContext,
 		id,
 		repo_model.FindReleasesOptions{
 			IncludeTags: true,
@@ -438,7 +431,7 @@ func runRegenerateKeys(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	return asymkey_model.RewriteAllPublicKeys(ctx)
+	return asymkey_model.RewriteAllPublicKeys()
 }

 func parseOAuth2Config(c *cli.Context) *oauth2.Source {
@@ -622,19 +615,19 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 		conf.AllowedDomains = c.String("allowed-domains")
 	}
 	if c.IsSet("force-smtps") {
-		conf.ForceSMTPS = c.Bool("force-smtps")
+		conf.ForceSMTPS = c.BoolT("force-smtps")
 	}
 	if c.IsSet("skip-verify") {
-		conf.SkipVerify = c.Bool("skip-verify")
+		conf.SkipVerify = c.BoolT("skip-verify")
 	}
 	if c.IsSet("helo-hostname") {
 		conf.HeloHostname = c.String("helo-hostname")
 	}
 	if c.IsSet("disable-helo") {
-		conf.DisableHelo = c.Bool("disable-helo")
+		conf.DisableHelo = c.BoolT("disable-helo")
 	}
 	if c.IsSet("skip-local-2fa") {
-		conf.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+		conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")
 	}
 	return nil
 }
@@ -658,7 +651,7 @@ func runAddSMTP(c *cli.Context) error {
 	}
 	active := true
 	if c.IsSet("active") {
-		active = c.Bool("active")
+		active = c.BoolT("active")
 	}

 	var smtpConfig smtp.Source
@@ -707,7 +700,7 @@ func runUpdateSMTP(c *cli.Context) error {
 	}

 	if c.IsSet("active") {
-		source.IsActive = c.Bool("active")
+		source.IsActive = c.BoolT("active")
 	}

 	source.Cfg = smtpConfig
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -11,7 +11,7 @@ import (
 	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/services/auth/source/ldap"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 type (
@@ -25,117 +25,117 @@ type (

 var (
 	commonLdapCLIFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Usage: "Authentication name.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "active",
 			Usage: "Activate the authentication source.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-tls-verify",
 			Usage: "Disable TLS verification.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Usage: "The address where the LDAP server can be reached.",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "port",
 			Usage: "The port to use when connecting to the LDAP server.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-search-base",
 			Usage: "The LDAP base at which user accounts will be searched for.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-filter",
 			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "restricted-filter",
 			Usage: "An LDAP filter specifying if a user should be given restricted status.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "allow-deactivate-all",
 			Usage: "Allow empty search results to deactivate all users.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "username-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user name.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "firstname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "surname-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "email-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "avatar-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
 		},
 	}

 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "bind-dn",
 			Usage: "The DN to bind to the LDAP server with when searching for the user.",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "bind-password",
 			Usage: "The password for the Bind DN, if any.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "attributes-in-bind",
 			Usage: "Fetch attributes in bind DN context.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "disable-synchronize-users",
 			Usage: "Disable user synchronization.",
 		},
-		&cli.UintFlag{
+		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
 		})

 	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "user-dn",
 			Usage: "The user’s DN.",
 		})

-	cmdAuthAddLdapBindDn = &cli.Command{
+	cmdAuthAddLdapBindDn = cli.Command{
 		Name:  "add-ldap",
 		Usage: "Add new LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@@ -144,7 +144,7 @@ var (
 		Flags: ldapBindDnCLIFlags,
 	}

-	cmdAuthUpdateLdapBindDn = &cli.Command{
+	cmdAuthUpdateLdapBindDn = cli.Command{
 		Name:  "update-ldap",
 		Usage: "Update existing LDAP (via Bind DN) authentication source",
 		Action: func(c *cli.Context) error {
@@ -153,7 +153,7 @@ var (
 		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
 	}

-	cmdAuthAddLdapSimpleAuth = &cli.Command{
+	cmdAuthAddLdapSimpleAuth = cli.Command{
 		Name:  "add-ldap-simple",
 		Usage: "Add new LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
@@ -162,7 +162,7 @@ var (
 		Flags: ldapSimpleAuthCLIFlags,
 	}

-	cmdAuthUpdateLdapSimpleAuth = &cli.Command{
+	cmdAuthUpdateLdapSimpleAuth = cli.Command{
 		Name:  "update-ldap-simple",
 		Usage: "Update existing LDAP (simple auth) authentication source",
 		Action: func(c *cli.Context) error {
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -11,7 +11,7 @@ import (
 	"code.gitea.io/gitea/services/auth/source/ldap"

 	"github.com/stretchr/testify/assert"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func TestAddLdapBindDn(t *testing.T) {
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@@ -4,13 +4,13 @@
 package cmd

 import (
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var subcmdUser = &cli.Command{
+var subcmdUser = cli.Command{
 	Name:  "user",
 	Usage: "Modify users",
-	Subcommands: []*cli.Command{
+	Subcommands: []cli.Command{
 		microcmdUserCreate,
 		microcmdUserList,
 		microcmdUserChangePassword,
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -12,25 +12,23 @@ import (
 	pwd "code.gitea.io/gitea/modules/auth/password"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserChangePassword = &cli.Command{
+var microcmdUserChangePassword = cli.Command{
 	Name:   "change-password",
 	Usage:  "Change a user's password",
 	Action: runChangePassword,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Value:   "",
-			Usage:   "The user to change password for",
+		cli.StringFlag{
+			Name:  "username,u",
+			Value: "",
+			Usage: "The user to change password for",
 		},
-		&cli.StringFlag{
-			Name:    "password",
-			Aliases: []string{"p"},
-			Value:   "",
-			Usage:   "New password to set for user",
+		cli.StringFlag{
+			Name:  "password,p",
+			Value: "",
+			Usage: "New password to set for user",
 		},
 	},
 }
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -6,6 +6,7 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"os"

 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"
@@ -13,52 +14,52 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserCreate = &cli.Command{
+var microcmdUserCreate = cli.Command{
 	Name:   "create",
 	Usage:  "Create a new user in database",
 	Action: runCreateUser,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "name",
 			Usage: "Username. DEPRECATED: use username instead",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "username",
 			Usage: "Username",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "password",
 			Usage: "User password",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "email",
 			Usage: "User email address",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "User is an admin",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "random-password",
 			Usage: "Generate a random password for the user",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "must-change-password",
 			Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "random-password-length",
 			Usage: "Length of the random password to be generated",
 			Value: 12,
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "access-token",
 			Usage: "Generate access token for the user",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "restricted",
 			Usage: "Make a restricted user account",
 		},
@@ -86,7 +87,7 @@ func runCreateUser(c *cli.Context) error {
 		username = c.String("username")
 	} else {
 		username = c.String("name")
-		_, _ = fmt.Fprintf(c.App.ErrWriter, "--name flag is deprecated. Use --username instead.\n")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}

 	ctx, cancel := installSignals()
@@ -115,7 +116,7 @@ func runCreateUser(c *cli.Context) error {

 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(ctx, nil); n == 0 {
+	if n := user_model.CountUsers(nil); n == 0 {
 		changePassword = false
 	}

@@ -146,7 +147,7 @@ func runCreateUser(c *cli.Context) error {
 		IsRestricted: restricted,
 	}

-	if err := user_model.CreateUser(ctx, u, overwriteDefault); err != nil {
+	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
 		return fmt.Errorf("CreateUser: %w", err)
 	}

@@ -156,7 +157,7 @@ func runCreateUser(c *cli.Context) error {
 			UID:  u.ID,
 		}

-		if err := auth_model.NewAccessToken(ctx, t); err != nil {
+		if err := auth_model.NewAccessToken(t); err != nil {
 			return err
 		}

--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -11,28 +11,26 @@ import (
 	"code.gitea.io/gitea/modules/storage"
 	user_service "code.gitea.io/gitea/services/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserDelete = &cli.Command{
+var microcmdUserDelete = cli.Command{
 	Name:  "delete",
 	Usage: "Delete specific user by id, name or email",
 	Flags: []cli.Flag{
-		&cli.Int64Flag{
+		cli.Int64Flag{
 			Name:  "id",
 			Usage: "ID of user of the user to delete",
 		},
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Usage:   "Username of the user to delete",
+		cli.StringFlag{
+			Name:  "username,u",
+			Usage: "Username of the user to delete",
 		},
-		&cli.StringFlag{
-			Name:    "email",
-			Aliases: []string{"e"},
-			Usage:   "Email of the user to delete",
+		cli.StringFlag{
+			Name:  "email,e",
+			Usage: "Email of the user to delete",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "purge",
 			Usage: "Purge user, all their repositories, organizations and comments",
 		},
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -9,29 +9,27 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserGenerateAccessToken = &cli.Command{
+var microcmdUserGenerateAccessToken = cli.Command{
 	Name:  "generate-access-token",
 	Usage: "Generate an access token for a specific user",
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Usage:   "Username",
+		cli.StringFlag{
+			Name:  "username,u",
+			Usage: "Username",
 		},
-		&cli.StringFlag{
-			Name:    "token-name",
-			Aliases: []string{"t"},
-			Usage:   "Token name",
-			Value:   "gitea-admin",
+		cli.StringFlag{
+			Name:  "token-name,t",
+			Usage: "Token name",
+			Value: "gitea-admin",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "raw",
 			Usage: "Display only the token value",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "scopes",
 			Value: "",
 			Usage: "Comma separated list of scopes to apply to access token",
@@ -63,7 +61,7 @@ func runGenerateAccessToken(c *cli.Context) error {
 		UID:  user.ID,
 	}

-	exist, err := auth_model.AccessTokenByNameExists(ctx, t)
+	exist, err := auth_model.AccessTokenByNameExists(t)
 	if err != nil {
 		return err
 	}
@@ -79,7 +77,7 @@ func runGenerateAccessToken(c *cli.Context) error {
 	t.Scope = accessTokenScope

 	// create the token
-	if err := auth_model.NewAccessToken(ctx, t); err != nil {
+	if err := auth_model.NewAccessToken(t); err != nil {
 		return err
 	}

--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@@ -10,15 +10,15 @@ import (

 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserList = &cli.Command{
+var microcmdUserList = cli.Command{
 	Name:   "list",
 	Usage:  "List users",
 	Action: runListUsers,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "admin",
 			Usage: "List only admin users",
 		},
@@ -33,7 +33,7 @@ func runListUsers(c *cli.Context) error {
 		return err
 	}

-	users, err := user_model.GetAllUsers(ctx)
+	users, err := user_model.GetAllUsers()
 	if err != nil {
 		return err
 	}
@@ -48,7 +48,7 @@ func runListUsers(c *cli.Context) error {
 			}
 		}
 	} else {
-		twofa := user_model.UserList(users).GetTwoFaStatus(ctx)
+		twofa := user_model.UserList(users).GetTwoFaStatus()
 		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
 		for _, u := range users {
 			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@@ -9,25 +9,23 @@ import (

 	user_model "code.gitea.io/gitea/models/user"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-var microcmdUserMustChangePassword = &cli.Command{
+var microcmdUserMustChangePassword = cli.Command{
 	Name:   "must-change-password",
 	Usage:  "Set the must change password flag for the provided users or all users",
 	Action: runMustChangePassword,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
-			Name:    "all",
-			Aliases: []string{"A"},
-			Usage:   "All users must change password, except those explicitly excluded with --exclude",
+		cli.BoolFlag{
+			Name:  "all,A",
+			Usage: "All users must change password, except those explicitly excluded with --exclude",
 		},
-		&cli.StringSliceFlag{
-			Name:    "exclude",
-			Aliases: []string{"e"},
-			Usage:   "Do not change the must-change-password flag for these users",
+		cli.StringSliceFlag{
+			Name:  "exclude,e",
+			Usage: "Do not change the must-change-password flag for these users",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "unset",
 			Usage: "Instead of setting the must-change-password flag, unset it",
 		},
@@ -50,7 +48,7 @@ func runMustChangePassword(c *cli.Context) error {
 		return err
 	}

-	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args().Slice(), exclude)
+	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args(), exclude)
 	if err != nil {
 		return err
 	}
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -20,43 +20,43 @@ import (
 	"strings"
 	"time"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdCert represents the available cert sub-command.
-var CmdCert = &cli.Command{
+var CmdCert = cli.Command{
 	Name:  "cert",
 	Usage: "Generate self-signed certificate",
 	Description: `Generate a self-signed X.509 certificate for a TLS server.
 Outputs to 'cert.pem' and 'key.pem' and will overwrite existing files.`,
 	Action: runCert,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "host",
 			Value: "",
 			Usage: "Comma-separated hostnames and IPs to generate a certificate for",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "ecdsa-curve",
 			Value: "",
 			Usage: "ECDSA curve to use to generate a key. Valid values are P224, P256, P384, P521",
 		},
-		&cli.IntFlag{
+		cli.IntFlag{
 			Name:  "rsa-bits",
-			Value: 3072,
+			Value: 2048,
 			Usage: "Size of RSA key to generate. Ignored if --ecdsa-curve is set",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "start-date",
 			Value: "",
 			Usage: "Creation date formatted as Jan 1 15:04:05 2011",
 		},
-		&cli.DurationFlag{
+		cli.DurationFlag{
 			Name:  "duration",
 			Value: 365 * 24 * time.Hour,
 			Usage: "Duration that certificate is valid for",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "ca",
 			Usage: "whether this cert should be its own Certificate Authority",
 		},
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -20,7 +20,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // argsSet checks that all the required arguments are set. args is a list of
@@ -109,24 +109,15 @@ func setupConsoleLogger(level log.Level, colorize bool, out io.Writer) {
 	log.GetManager().GetLogger(log.DEFAULT).ReplaceAllWriters(writer)
 }

-func globalBool(c *cli.Context, name string) bool {
-	for _, ctx := range c.Lineage() {
-		if ctx.Bool(name) {
-			return true
-		}
-	}
-	return false
-}
-
 // PrepareConsoleLoggerLevel by default, use INFO level for console logger, but some sub-commands (for git/ssh protocol) shouldn't output any log to stdout.
 // Any log appears in git stdout pipe will break the git protocol, eg: client can't push and hangs forever.
 func PrepareConsoleLoggerLevel(defaultLevel log.Level) func(*cli.Context) error {
 	return func(c *cli.Context) error {
 		level := defaultLevel
-		if globalBool(c, "quiet") {
+		if c.Bool("quiet") || c.GlobalBoolT("quiet") {
 			level = log.FATAL
 		}
-		if globalBool(c, "debug") || globalBool(c, "verbose") {
+		if c.Bool("debug") || c.GlobalBool("debug") || c.Bool("verbose") || c.GlobalBool("verbose") {
 			level = log.TRACE
 		}
 		log.SetConsoleLogger(log.DEFAULT, "console-default", level)
--- a/cmd/doctor_convert.go
+++ b/cmd/doctor_convert.go
@@ -10,18 +10,18 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-// cmdDoctorConvert represents the available convert sub-command.
-var cmdDoctorConvert = &cli.Command{
+// CmdConvert represents the available convert sub-command.
+var CmdConvert = cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
 	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
-	Action:      runDoctorConvert,
+	Action:      runConvert,
 }

-func runDoctorConvert(ctx *cli.Context) error {
+func runConvert(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()

--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -8,11 +8,11 @@ import (
 	"os"
 	"strings"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdDocs represents the available docs sub-command.
-var CmdDocs = &cli.Command{
+var CmdDocs = cli.Command{
 	Name:        "docs",
 	Usage:       "Output CLI documentation",
 	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
@@ -23,9 +23,8 @@ var CmdDocs = &cli.Command{
 			Usage: "Output man pages instead",
 		},
 		&cli.StringFlag{
-			Name:    "output",
-			Aliases: []string{"o"},
-			Usage:   "Path to output to instead of stdout (will overwrite if exists)",
+			Name:  "output, o",
+			Usage: "Path to output to instead of stdout (will overwrite if exists)",
 		},
 	},
 }
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -14,72 +14,61 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
 	migrate_base "code.gitea.io/gitea/models/migrations/base"
-	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 	"xorm.io/xorm"
 )

 // CmdDoctor represents the available doctor sub-command.
-var CmdDoctor = &cli.Command{
+var CmdDoctor = cli.Command{
 	Name:        "doctor",
 	Usage:       "Diagnose and optionally fix problems",
 	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-
-	Subcommands: []*cli.Command{
-		cmdDoctorCheck,
-		cmdRecreateTable,
-		cmdDoctorConvert,
-	},
-}
-
-var cmdDoctorCheck = &cli.Command{
-	Name:        "check",
-	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
-	Action:      runDoctorCheck,
+	Action:      runDoctor,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "list",
 			Usage: "List the available checks",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "default",
 			Usage: "Run the default checks (if neither --run or --all is set, this is the default behaviour)",
 		},
-		&cli.StringSliceFlag{
+		cli.StringSliceFlag{
 			Name:  "run",
 			Usage: "Run the provided checks - (if --default is set, the default checks will also run)",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "all",
 			Usage: "Run all the available checks",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "fix",
 			Usage: "Automatically fix what we can",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "log-file",
-			Usage: `Name of the log file (no verbose log output by default). Set to "-" to output to stdout`,
+			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
 		},
-		&cli.BoolFlag{
-			Name:    "color",
-			Aliases: []string{"H"},
-			Usage:   "Use color for outputted information",
+		cli.BoolFlag{
+			Name:  "color, H",
+			Usage: "Use color for outputted information",
 		},
 	},
+	Subcommands: []cli.Command{
+		cmdRecreateTable,
+	},
 }

-var cmdRecreateTable = &cli.Command{
+var cmdRecreateTable = cli.Command{
 	Name:      "recreate-table",
 	Usage:     "Recreate tables from XORM definitions and copy the data.",
 	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "debug",
 			Usage: "Print SQL commands sent",
 		},
@@ -143,9 +132,16 @@ func setupDoctorDefaultLogger(ctx *cli.Context, colorize bool) {
 	setupConsoleLogger(log.FATAL, log.CanColorStderr, os.Stderr)

 	logFile := ctx.String("log-file")
-	if logFile == "" {
-		return // if no doctor log-file is set, do not show any log from default logger
-	} else if logFile == "-" {
+	if !ctx.IsSet("log-file") {
+		logFile = "doctor.log"
+	}
+
+	if len(logFile) == 0 {
+		// if no doctor log-file is set, do not show any log from default logger
+		return
+	}
+
+	if logFile == "-" {
 		setupConsoleLogger(log.TRACE, colorize, os.Stdout)
 	} else {
 		logFile, _ = filepath.Abs(logFile)
@@ -159,7 +155,7 @@ func setupDoctorDefaultLogger(ctx *cli.Context, colorize bool) {
 	}
 }

-func runDoctorCheck(ctx *cli.Context) error {
+func runDoctor(ctx *cli.Context) error {
 	stdCtx, cancel := installSignals()
 	defer cancel()

@@ -178,7 +174,6 @@ func runDoctorCheck(ctx *cli.Context) error {
 	if ctx.IsSet("list") {
 		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
 		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
-		doctor.SortChecks(doctor.Checks)
 		for _, check := range doctor.Checks {
 			if check.IsDefault {
 				_, _ = w.Write([]byte{'*'})
@@ -194,19 +189,25 @@ func runDoctorCheck(ctx *cli.Context) error {

 	var checks []*doctor.Check
 	if ctx.Bool("all") {
-		checks = make([]*doctor.Check, len(doctor.Checks))
-		copy(checks, doctor.Checks)
+		checks = doctor.Checks
 	} else if ctx.IsSet("run") {
 		addDefault := ctx.Bool("default")
-		runNamesSet := container.SetOf(ctx.StringSlice("run")...)
-		for _, check := range doctor.Checks {
-			if (addDefault && check.IsDefault) || runNamesSet.Contains(check.Name) {
-				checks = append(checks, check)
-				runNamesSet.Remove(check.Name)
-			}
+		names := ctx.StringSlice("run")
+		for i, name := range names {
+			names[i] = strings.ToLower(strings.TrimSpace(name))
 		}
-		if len(runNamesSet) > 0 {
-			return fmt.Errorf("unknown checks: %q", strings.Join(runNamesSet.Values(), ","))
+
+		for _, check := range doctor.Checks {
+			if addDefault && check.IsDefault {
+				checks = append(checks, check)
+				continue
+			}
+			for _, name := range names {
+				if name == check.Name {
+					checks = append(checks, check)
+					break
+				}
+			}
 		}
 	} else {
 		for _, check := range doctor.Checks {
@@ -215,5 +216,6 @@ func runDoctorCheck(ctx *cli.Context) error {
 			}
 		}
 	}
+
 	return doctor.RunChecks(stdCtx, colorize, ctx.Bool("fix"), checks)
 }
--- a/cmd/doctor_test.go
+++ b/cmd/doctor_test.go
@@ -1,33 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"context"
-	"testing"
-
-	"code.gitea.io/gitea/modules/doctor"
-	"code.gitea.io/gitea/modules/log"
-
-	"github.com/stretchr/testify/assert"
-	"github.com/urfave/cli/v2"
-)
-
-func TestDoctorRun(t *testing.T) {
-	doctor.Register(&doctor.Check{
-		Title: "Test Check",
-		Name:  "test-check",
-		Run:   func(ctx context.Context, logger log.Logger, autofix bool) error { return nil },
-
-		SkipDatabaseInitialization: true,
-	})
-	app := cli.NewApp()
-	app.Commands = []*cli.Command{cmdDoctorCheck}
-	err := app.Run([]string{"./gitea", "check", "--run", "test-check"})
-	assert.NoError(t, err)
-	err = app.Run([]string{"./gitea", "check", "--run", "no-such"})
-	assert.ErrorContains(t, err, `unknown checks: "no-such"`)
-	err = app.Run([]string{"./gitea", "check", "--run", "test-check,no-such"})
-	assert.ErrorContains(t, err, `unknown checks: "no-such"`)
-}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -22,7 +22,7 @@ import (

 	"gitea.com/go-chi/session"
 	"github.com/mholt/archiver/v3"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
@@ -96,71 +96,64 @@ var outputTypeEnum = &outputType{
 }

 // CmdDump represents the available dump sub-command.
-var CmdDump = &cli.Command{
+var CmdDump = cli.Command{
 	Name:  "dump",
 	Usage: "Dump Gitea files and database",
 	Description: `Dump compresses all related files and database into zip file.
 It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "file",
-			Aliases: []string{"f"},
-			Value:   fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
-			Usage:   "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
+		cli.StringFlag{
+			Name:  "file, f",
+			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Usage: "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
 		},
-		&cli.BoolFlag{
-			Name:    "verbose",
-			Aliases: []string{"V"},
-			Usage:   "Show process details",
+		cli.BoolFlag{
+			Name:  "verbose, V",
+			Usage: "Show process details",
 		},
-		&cli.BoolFlag{
-			Name:    "quiet",
-			Aliases: []string{"q"},
-			Usage:   "Only display warnings and errors",
+		cli.BoolFlag{
+			Name:  "quiet, q",
+			Usage: "Only display warnings and errors",
 		},
-		&cli.StringFlag{
-			Name:    "tempdir",
-			Aliases: []string{"t"},
-			Value:   os.TempDir(),
-			Usage:   "Temporary dir path",
+		cli.StringFlag{
+			Name:  "tempdir, t",
+			Value: os.TempDir(),
+			Usage: "Temporary dir path",
 		},
-		&cli.StringFlag{
-			Name:    "database",
-			Aliases: []string{"d"},
-			Usage:   "Specify the database SQL syntax: sqlite3, mysql, mssql, postgres",
+		cli.StringFlag{
+			Name:  "database, d",
+			Usage: "Specify the database SQL syntax",
 		},
-		&cli.BoolFlag{
-			Name:    "skip-repository",
-			Aliases: []string{"R"},
-			Usage:   "Skip the repository dumping",
+		cli.BoolFlag{
+			Name:  "skip-repository, R",
+			Usage: "Skip the repository dumping",
 		},
-		&cli.BoolFlag{
-			Name:    "skip-log",
-			Aliases: []string{"L"},
-			Usage:   "Skip the log dumping",
+		cli.BoolFlag{
+			Name:  "skip-log, L",
+			Usage: "Skip the log dumping",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-custom-dir",
 			Usage: "Skip custom directory",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-lfs-data",
 			Usage: "Skip LFS data",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-attachment-data",
 			Usage: "Skip attachment data",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-package-data",
 			Usage: "Skip package data",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "skip-index",
 			Usage: "Skip bleve index data",
 		},
-		&cli.GenericFlag{
+		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
 			Usage: fmt.Sprintf("Dump output format: %s", outputTypeEnum.Join()),
@@ -452,7 +445,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		return err
 	}
 	for _, file := range files {
-		currentAbsPath := filepath.Join(absPath, file.Name())
+		currentAbsPath := path.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
 			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -19,58 +19,57 @@ import (
 	"code.gitea.io/gitea/services/convert"
 	"code.gitea.io/gitea/services/migrations"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdDumpRepository represents the available dump repository sub-command.
-var CmdDumpRepository = &cli.Command{
+var CmdDumpRepository = cli.Command{
 	Name:        "dump-repo",
 	Usage:       "Dump the repository from git/github/gitea/gitlab",
 	Description: "This is a command for dumping the repository data.",
 	Action:      runDumpRepository,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "git_service",
 			Value: "",
 			Usage: "Git service, git, github, gitea, gitlab. If clone_addr could be recognized, this could be ignored.",
 		},
-		&cli.StringFlag{
-			Name:    "repo_dir",
-			Aliases: []string{"r"},
-			Value:   "./data",
-			Usage:   "Repository dir path to store the data",
+		cli.StringFlag{
+			Name:  "repo_dir, r",
+			Value: "./data",
+			Usage: "Repository dir path to store the data",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "clone_addr",
 			Value: "",
 			Usage: "The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auth_username",
 			Value: "",
 			Usage: "The username to visit the clone_addr",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auth_password",
 			Value: "",
 			Usage: "The password to visit the clone_addr",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "auth_token",
 			Value: "",
 			Usage: "The personal token to visit the clone_addr",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "owner_name",
 			Value: "",
 			Usage: "The data will be stored on a directory with owner name if not empty",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "repo_name",
 			Value: "",
 			Usage: "The data will be stored on a directory with repository name if not empty",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "units",
 			Value: "",
 			Usage: `Which items will be migrated, one or more units should be separated as comma.
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -19,74 +19,70 @@ import (
 	"code.gitea.io/gitea/modules/util"

 	"github.com/gobwas/glob"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdEmbedded represents the available extract sub-command.
 var (
-	CmdEmbedded = &cli.Command{
+	CmdEmbedded = cli.Command{
 		Name:        "embedded",
 		Usage:       "Extract embedded resources",
 		Description: "A command for extracting embedded resources, like templates and images",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdList,
 			subcmdView,
 			subcmdExtract,
 		},
 	}

-	subcmdList = &cli.Command{
+	subcmdList = cli.Command{
 		Name:   "list",
 		Usage:  "List files matching the given pattern",
 		Action: runList,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
-				Name:    "include-vendored",
-				Aliases: []string{"vendor"},
-				Usage:   "Include files under public/vendor as well",
+			cli.BoolFlag{
+				Name:  "include-vendored,vendor",
+				Usage: "Include files under public/vendor as well",
 			},
 		},
 	}

-	subcmdView = &cli.Command{
+	subcmdView = cli.Command{
 		Name:   "view",
 		Usage:  "View a file matching the given pattern",
 		Action: runView,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
-				Name:    "include-vendored",
-				Aliases: []string{"vendor"},
-				Usage:   "Include files under public/vendor as well",
+			cli.BoolFlag{
+				Name:  "include-vendored,vendor",
+				Usage: "Include files under public/vendor as well",
 			},
 		},
 	}

-	subcmdExtract = &cli.Command{
+	subcmdExtract = cli.Command{
 		Name:   "extract",
 		Usage:  "Extract resources",
 		Action: runExtract,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
-				Name:    "include-vendored",
-				Aliases: []string{"vendor"},
-				Usage:   "Include files under public/vendor as well",
+			cli.BoolFlag{
+				Name:  "include-vendored,vendor",
+				Usage: "Include files under public/vendor as well",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "overwrite",
 				Usage: "Overwrite files if they already exist",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "rename",
 				Usage: "Rename files as {name}.bak if they already exist (overwrites previous .bak)",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "custom",
 				Usage: "Extract to the 'custom' directory as per app.ini",
 			},
-			&cli.StringFlag{
-				Name:    "destination",
-				Aliases: []string{"dest-dir"},
-				Usage:   "Extract to the specified directory",
+			cli.StringFlag{
+				Name:  "destination,dest-dir",
+				Usage: "Extract to the specified directory",
 			},
 		},
 	}
@@ -103,7 +99,7 @@ type assetFile struct {
 func initEmbeddedExtractor(c *cli.Context) error {
 	setupConsoleLogger(log.ERROR, log.CanColorStderr, os.Stderr)

-	patterns, err := compileCollectPatterns(c.Args().Slice())
+	patterns, err := compileCollectPatterns(c.Args())
 	if err != nil {
 		return err
 	}
@@ -179,7 +175,7 @@ func runExtractDo(c *cli.Context) error {
 		return err
 	}

-	if c.NArg() == 0 {
+	if len(c.Args()) == 0 {
 		return fmt.Errorf("a list of pattern of files to extract is mandatory (e.g. '**' for all)")
 	}

--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -11,43 +11,43 @@ import (
 	"code.gitea.io/gitea/modules/generate"

 	"github.com/mattn/go-isatty"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdGenerate represents the available generate sub-command.
-	CmdGenerate = &cli.Command{
+	CmdGenerate = cli.Command{
 		Name:  "generate",
 		Usage: "Command line interface for running generators",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdSecret,
 		},
 	}

-	subcmdSecret = &cli.Command{
+	subcmdSecret = cli.Command{
 		Name:  "secret",
 		Usage: "Generate a secret token",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			microcmdGenerateInternalToken,
 			microcmdGenerateLfsJwtSecret,
 			microcmdGenerateSecretKey,
 		},
 	}

-	microcmdGenerateInternalToken = &cli.Command{
+	microcmdGenerateInternalToken = cli.Command{
 		Name:   "INTERNAL_TOKEN",
 		Usage:  "Generate a new INTERNAL_TOKEN",
 		Action: runGenerateInternalToken,
 	}

-	microcmdGenerateLfsJwtSecret = &cli.Command{
+	microcmdGenerateLfsJwtSecret = cli.Command{
 		Name:    "JWT_SECRET",
 		Aliases: []string{"LFS_JWT_SECRET"},
 		Usage:   "Generate a new JWT_SECRET",
 		Action:  runGenerateLfsJwtSecret,
 	}

-	microcmdGenerateSecretKey = &cli.Command{
+	microcmdGenerateSecretKey = cli.Command{
 		Name:   "SECRET_KEY",
 		Usage:  "Generate a new SECRET_KEY",
 		Action: runGenerateSecretKey,
@@ -70,12 +70,12 @@ func runGenerateInternalToken(c *cli.Context) error {
 }

 func runGenerateLfsJwtSecret(c *cli.Context) error {
-	_, jwtSecretBase64, err := generate.NewJwtSecretBase64()
+	JWTSecretBase64, err := generate.NewJwtSecretBase64()
 	if err != nil {
 		return err
 	}

-	fmt.Printf("%s", jwtSecretBase64)
+	fmt.Printf("%s", JWTSecretBase64)

 	if isatty.IsTerminal(os.Stdout.Fd()) {
 		fmt.Printf("\n")
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -20,7 +20,7 @@ import (
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 const (
@@ -29,12 +29,12 @@ const (

 var (
 	// CmdHook represents the available hooks sub-command.
-	CmdHook = &cli.Command{
+	CmdHook = cli.Command{
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "This should only be called by Git",
 		Before:      PrepareConsoleLoggerLevel(log.FATAL),
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
 			subcmdHookPostReceive,
@@ -42,47 +42,47 @@ var (
 		},
 	}

-	subcmdHookPreReceive = &cli.Command{
+	subcmdHookPreReceive = cli.Command{
 		Name:        "pre-receive",
 		Usage:       "Delegate pre-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPreReceive,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
-	subcmdHookUpdate = &cli.Command{
+	subcmdHookUpdate = cli.Command{
 		Name:        "update",
 		Usage:       "Delegate update Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookUpdate,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
-	subcmdHookPostReceive = &cli.Command{
+	subcmdHookPostReceive = cli.Command{
 		Name:        "post-receive",
 		Usage:       "Delegate post-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPostReceive,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
 	// Note: new hook since git 2.29
-	subcmdHookProcReceive = &cli.Command{
+	subcmdHookProcReceive = cli.Command{
 		Name:        "proc-receive",
 		Usage:       "Delegate proc-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookProcReceive,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -11,39 +11,35 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdKeys represents the available keys sub-command
-var CmdKeys = &cli.Command{
+var CmdKeys = cli.Command{
 	Name:   "keys",
 	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
 	Before: PrepareConsoleLoggerLevel(log.FATAL),
 	Action: runKeys,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "expected",
-			Aliases: []string{"e"},
-			Value:   "git",
-			Usage:   "Expected user for whom provide key commands",
+		cli.StringFlag{
+			Name:  "expected, e",
+			Value: "git",
+			Usage: "Expected user for whom provide key commands",
 		},
-		&cli.StringFlag{
-			Name:    "username",
-			Aliases: []string{"u"},
-			Value:   "",
-			Usage:   "Username trying to log in by SSH",
+		cli.StringFlag{
+			Name:  "username, u",
+			Value: "",
+			Usage: "Username trying to log in by SSH",
 		},
-		&cli.StringFlag{
-			Name:    "type",
-			Aliases: []string{"t"},
-			Value:   "",
-			Usage:   "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
+		cli.StringFlag{
+			Name:  "type, t",
+			Value: "",
+			Usage: "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
 		},
-		&cli.StringFlag{
-			Name:    "content",
-			Aliases: []string{"k"},
-			Value:   "",
-			Usage:   "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
+		cli.StringFlag{
+			Name:  "content, k",
+			Value: "",
+			Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
 		},
 	},
 }
@@ -77,6 +73,6 @@ func runKeys(c *cli.Context) error {
 	if extra.Error != nil {
 		return extra.Error
 	}
-	_, _ = fmt.Fprintln(c.App.Writer, strings.TrimSpace(authorizedString))
+	fmt.Println(strings.TrimSpace(authorizedString))
 	return nil
 }
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -9,7 +9,7 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func runSendMail(c *cli.Context) error {
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -5,173 +5,11 @@ package cmd

 import (
 	"fmt"
-	"os"
 	"strings"

-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

-// cmdHelp is our own help subcommand with more information
-func cmdHelp() *cli.Command {
-	c := &cli.Command{
-		Name:      "help",
-		Aliases:   []string{"h"},
-		Usage:     "Shows a list of commands or help for one command",
-		ArgsUsage: "[command]",
-		Action: func(c *cli.Context) (err error) {
-			lineage := c.Lineage() // The order is from child to parent: help, doctor, Gitea, {Command:nil}
-			targetCmdIdx := 0
-			if c.Command.Name == "help" {
-				targetCmdIdx = 1
-			}
-			if lineage[targetCmdIdx+1].Command != nil {
-				err = cli.ShowCommandHelp(lineage[targetCmdIdx+1], lineage[targetCmdIdx].Command.Name)
-			} else {
-				err = cli.ShowAppHelp(c)
-			}
-			_, _ = fmt.Fprintf(c.App.Writer, `
-DEFAULT CONFIGURATION:
-   AppPath:    %s
-   WorkPath:   %s
-   CustomPath: %s
-   ConfigFile: %s
-
-`, setting.AppPath, setting.AppWorkPath, setting.CustomPath, setting.CustomConf)
-			return err
-		},
-	}
-	return c
-}
-
-var helpFlag = cli.HelpFlag
-
-func init() {
-	// cli.HelpFlag = nil TODO: after https://github.com/urfave/cli/issues/1794 we can use this
-}
-
-func appGlobalFlags() []cli.Flag {
-	return []cli.Flag{
-		// make the builtin flags at the top
-		helpFlag,
-
-		// shared configuration flags, they are for global and for each sub-command at the same time
-		// eg: such command is valid: "./gitea --config /tmp/app.ini web --config /tmp/app.ini", while it's discouraged indeed
-		// keep in mind that the short flags like "-C", "-c" and "-w" are globally polluted, they can't be used for sub-commands anymore.
-		&cli.StringFlag{
-			Name:    "custom-path",
-			Aliases: []string{"C"},
-			Usage:   "Set custom path (defaults to '{WorkPath}/custom')",
-		},
-		&cli.StringFlag{
-			Name:    "config",
-			Aliases: []string{"c"},
-			Value:   setting.CustomConf,
-			Usage:   "Set custom config file (defaults to '{WorkPath}/custom/conf/app.ini')",
-		},
-		&cli.StringFlag{
-			Name:    "work-path",
-			Aliases: []string{"w"},
-			Usage:   "Set Gitea's working path (defaults to the Gitea's binary directory)",
-		},
-	}
-}
-
-func prepareSubcommandWithConfig(command *cli.Command, globalFlags []cli.Flag) {
-	command.Flags = append(append([]cli.Flag{}, globalFlags...), command.Flags...)
-	command.Action = prepareWorkPathAndCustomConf(command.Action)
-	command.HideHelp = true
-	if command.Name != "help" {
-		command.Subcommands = append(command.Subcommands, cmdHelp())
-	}
-	for i := range command.Subcommands {
-		prepareSubcommandWithConfig(command.Subcommands[i], globalFlags)
-	}
-}
-
-// prepareWorkPathAndCustomConf wraps the Action to prepare the work path and custom config
-// It can't use "Before", because each level's sub-command's Before will be called one by one, so the "init" would be done multiple times
-func prepareWorkPathAndCustomConf(action cli.ActionFunc) func(ctx *cli.Context) error {
-	return func(ctx *cli.Context) error {
-		var args setting.ArgWorkPathAndCustomConf
-		// from children to parent, check the global flags
-		for _, curCtx := range ctx.Lineage() {
-			if curCtx.IsSet("work-path") && args.WorkPath == "" {
-				args.WorkPath = curCtx.String("work-path")
-			}
-			if curCtx.IsSet("custom-path") && args.CustomPath == "" {
-				args.CustomPath = curCtx.String("custom-path")
-			}
-			if curCtx.IsSet("config") && args.CustomConf == "" {
-				args.CustomConf = curCtx.String("config")
-			}
-		}
-		setting.InitWorkPathAndCommonConfig(os.Getenv, args)
-		if ctx.Bool("help") || action == nil {
-			// the default behavior of "urfave/cli": "nil action" means "show help"
-			return cmdHelp().Action(ctx)
-		}
-		return action(ctx)
-	}
-}
-
-func NewMainApp(version, versionExtra string) *cli.App {
-	app := cli.NewApp()
-	app.Name = "Gitea"
-	app.Usage = "A painless self-hosted Git service"
-	app.Description = `By default, Gitea will start serving using the web-server with no argument, which can alternatively be run by running the subcommand "web".`
-	app.Version = version + versionExtra
-	app.EnableBashCompletion = true
-
-	// these sub-commands need to use config file
-	subCmdWithConfig := []*cli.Command{
-		CmdWeb,
-		CmdServ,
-		CmdHook,
-		CmdDump,
-		CmdAdmin,
-		CmdMigrate,
-		CmdKeys,
-		CmdDoctor,
-		CmdManager,
-		CmdEmbedded,
-		CmdMigrateStorage,
-		CmdDumpRepository,
-		CmdRestoreRepository,
-		CmdActions,
-		cmdHelp(), // the "help" sub-command was used to show the more information for "work path" and "custom config"
-	}
-
-	cmdConvert := util.ToPointer(*cmdDoctorConvert)
-	cmdConvert.Hidden = true // still support the legacy "./gitea doctor" by the hidden sub-command, remove it in next release
-	subCmdWithConfig = append(subCmdWithConfig, cmdConvert)
-
-	// these sub-commands do not need the config file, and they do not depend on any path or environment variable.
-	subCmdStandalone := []*cli.Command{
-		CmdCert,
-		CmdGenerate,
-		CmdDocs,
-	}
-
-	app.DefaultCommand = CmdWeb.Name
-
-	globalFlags := appGlobalFlags()
-	app.Flags = append(app.Flags, cli.VersionFlag)
-	app.Flags = append(app.Flags, globalFlags...)
-	app.HideHelp = true // use our own help action to show helps (with more information like default config)
-	app.Before = PrepareConsoleLoggerLevel(log.INFO)
-	for i := range subCmdWithConfig {
-		prepareSubcommandWithConfig(subCmdWithConfig[i], globalFlags)
-	}
-	app.Commands = append(app.Commands, subCmdWithConfig...)
-	app.Commands = append(app.Commands, subCmdStandalone...)
-
-	return app
-}
-
 func RunMainApp(app *cli.App, args ...string) error {
 	err := app.Run(args)
 	if err == nil {
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -6,17 +6,14 @@ package cmd
 import (
 	"fmt"
 	"io"
-	"os"
-	"path/filepath"
 	"strings"
 	"testing"

 	"code.gitea.io/gitea/models/unittest"
-	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/test"

 	"github.com/stretchr/testify/assert"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func TestMain(m *testing.M) {
@@ -25,16 +22,11 @@ func TestMain(m *testing.M) {
 	})
 }

-func makePathOutput(workPath, customPath, customConf string) string {
-	return fmt.Sprintf("WorkPath=%s\nCustomPath=%s\nCustomConf=%s", workPath, customPath, customConf)
-}
-
 func newTestApp(testCmdAction func(ctx *cli.Context) error) *cli.App {
-	app := NewMainApp("version", "version-extra")
-	testCmd := &cli.Command{Name: "test-cmd", Action: testCmdAction}
-	prepareSubcommandWithConfig(testCmd, appGlobalFlags())
+	app := cli.NewApp()
+	app.HelpName = "gitea"
+	testCmd := cli.Command{Name: "test-cmd", Action: testCmdAction}
 	app.Commands = append(app.Commands, testCmd)
-	app.DefaultCommand = testCmd.Name
 	return app
 }

@@ -61,94 +53,6 @@ func runTestApp(app *cli.App, args ...string) (runResult, error) {
 	return runResult{outBuf.String(), errBuf.String(), exitCode}, err
 }

-func TestCliCmd(t *testing.T) {
-	defaultWorkPath := filepath.Dir(setting.AppPath)
-	defaultCustomPath := filepath.Join(defaultWorkPath, "custom")
-	defaultCustomConf := filepath.Join(defaultCustomPath, "conf/app.ini")
-
-	cli.CommandHelpTemplate = "(command help template)"
-	cli.AppHelpTemplate = "(app help template)"
-	cli.SubcommandHelpTemplate = "(subcommand help template)"
-
-	cases := []struct {
-		env map[string]string
-		cmd string
-		exp string
-	}{
-		// main command help
-		{
-			cmd: "./gitea help",
-			exp: "DEFAULT CONFIGURATION:",
-		},
-
-		// parse paths
-		{
-			cmd: "./gitea test-cmd",
-			exp: makePathOutput(defaultWorkPath, defaultCustomPath, defaultCustomConf),
-		},
-		{
-			cmd: "./gitea -c /tmp/app.ini test-cmd",
-			exp: makePathOutput(defaultWorkPath, defaultCustomPath, "/tmp/app.ini"),
-		},
-		{
-			cmd: "./gitea test-cmd -c /tmp/app.ini",
-			exp: makePathOutput(defaultWorkPath, defaultCustomPath, "/tmp/app.ini"),
-		},
-		{
-			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
-			cmd: "./gitea test-cmd",
-			exp: makePathOutput("/tmp", "/tmp/custom", "/tmp/custom/conf/app.ini"),
-		},
-		{
-			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
-			cmd: "./gitea test-cmd --work-path /tmp/other",
-			exp: makePathOutput("/tmp/other", "/tmp/other/custom", "/tmp/other/custom/conf/app.ini"),
-		},
-		{
-			env: map[string]string{"GITEA_WORK_DIR": "/tmp"},
-			cmd: "./gitea test-cmd --config /tmp/app-other.ini",
-			exp: makePathOutput("/tmp", "/tmp/custom", "/tmp/app-other.ini"),
-		},
-	}
-
-	app := newTestApp(func(ctx *cli.Context) error {
-		_, _ = fmt.Fprint(ctx.App.Writer, makePathOutput(setting.AppWorkPath, setting.CustomPath, setting.CustomConf))
-		return nil
-	})
-	var envBackup []string
-	for _, s := range os.Environ() {
-		if strings.HasPrefix(s, "GITEA_") && strings.Contains(s, "=") {
-			envBackup = append(envBackup, s)
-		}
-	}
-	clearGiteaEnv := func() {
-		for _, s := range os.Environ() {
-			if strings.HasPrefix(s, "GITEA_") {
-				_ = os.Unsetenv(s)
-			}
-		}
-	}
-	defer func() {
-		clearGiteaEnv()
-		for _, s := range envBackup {
-			k, v, _ := strings.Cut(s, "=")
-			_ = os.Setenv(k, v)
-		}
-	}()
-
-	for _, c := range cases {
-		clearGiteaEnv()
-		for k, v := range c.env {
-			_ = os.Setenv(k, v)
-		}
-		args := strings.Split(c.cmd, " ") // for test only, "split" is good enough
-		r, err := runTestApp(app, args...)
-		assert.NoError(t, err, c.cmd)
-		assert.NotEmpty(t, c.exp, c.cmd)
-		assert.Contains(t, r.Stdout, c.exp, c.cmd)
-	}
-}
-
 func TestCliCmdError(t *testing.T) {
 	app := newTestApp(func(ctx *cli.Context) error { return fmt.Errorf("normal error") })
 	r, err := runTestApp(app, "./gitea", "test-cmd")
@@ -157,7 +61,7 @@ func TestCliCmdError(t *testing.T) {
 	assert.Equal(t, "", r.Stdout)
 	assert.Equal(t, "Command error: normal error\n", r.Stderr)

-	app = newTestApp(func(ctx *cli.Context) error { return cli.Exit("exit error", 2) })
+	app = newTestApp(func(ctx *cli.Context) error { return cli.NewExitError("exit error", 2) })
 	r, err = runTestApp(app, "./gitea", "test-cmd")
 	assert.Error(t, err)
 	assert.Equal(t, 2, r.ExitCode)
@@ -168,7 +72,7 @@ func TestCliCmdError(t *testing.T) {
 	r, err = runTestApp(app, "./gitea", "test-cmd", "--no-such")
 	assert.Error(t, err)
 	assert.Equal(t, 1, r.ExitCode)
-	assert.Equal(t, "Incorrect Usage: flag provided but not defined: -no-such\n\n", r.Stdout)
+	assert.EqualValues(t, "Incorrect Usage: flag provided but not defined: -no-such\n\nNAME:\n   gitea test-cmd - \n\nUSAGE:\n   gitea test-cmd [arguments...]\n", r.Stdout)
 	assert.Equal(t, "", r.Stderr) // the cli package's strange behavior, the error message is not in stderr ....

 	app = newTestApp(func(ctx *cli.Context) error { return nil })
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -9,16 +9,16 @@ import (

 	"code.gitea.io/gitea/modules/private"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	// CmdManager represents the manager command
-	CmdManager = &cli.Command{
+	CmdManager = cli.Command{
 		Name:        "manager",
 		Usage:       "Manage the running gitea process",
 		Description: "This is a command for managing the running gitea process",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			subcmdShutdown,
 			subcmdRestart,
 			subcmdReloadTemplates,
@@ -27,80 +27,80 @@ var (
 			subCmdProcesses,
 		},
 	}
-	subcmdShutdown = &cli.Command{
+	subcmdShutdown = cli.Command{
 		Name:  "shutdown",
 		Usage: "Gracefully shutdown the running process",
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 		Action: runShutdown,
 	}
-	subcmdRestart = &cli.Command{
+	subcmdRestart = cli.Command{
 		Name:  "restart",
 		Usage: "Gracefully restart the running process - (not implemented for windows servers)",
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 		Action: runRestart,
 	}
-	subcmdReloadTemplates = &cli.Command{
+	subcmdReloadTemplates = cli.Command{
 		Name:  "reload-templates",
 		Usage: "Reload template files in the running process",
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 		Action: runReloadTemplates,
 	}
-	subcmdFlushQueues = &cli.Command{
+	subcmdFlushQueues = cli.Command{
 		Name:   "flush-queues",
 		Usage:  "Flush queues in the running process",
 		Action: runFlushQueues,
 		Flags: []cli.Flag{
-			&cli.DurationFlag{
+			cli.DurationFlag{
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
 		},
 	}
-	subCmdProcesses = &cli.Command{
+	subCmdProcesses = cli.Command{
 		Name:   "processes",
 		Usage:  "Display running processes within the current process",
 		Action: runProcesses,
 		Flags: []cli.Flag{
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name: "debug",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "flat",
 				Usage: "Show processes as flat table rather than as tree",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "no-system",
 				Usage: "Do not show system processes",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "stacktraces",
 				Usage: "Show stacktraces",
 			},
-			&cli.BoolFlag{
+			cli.BoolFlag{
 				Name:  "json",
 				Usage: "Output as json",
 			},
-			&cli.StringFlag{
+			cli.StringFlag{
 				Name:  "cancel",
 				Usage: "Process PID to cancel. (Only available for non-system processes.)",
 			},
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -10,61 +10,49 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 var (
 	defaultLoggingFlags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "logger",
 			Usage: `Logger name - will default to "default"`,
-		},
-		&cli.StringFlag{
+		}, cli.StringFlag{
 			Name:  "writer",
 			Usage: "Name of the log writer - will default to mode",
-		},
-		&cli.StringFlag{
+		}, cli.StringFlag{
 			Name:  "level",
 			Usage: "Logging level for the new logger",
-		},
-		&cli.StringFlag{
-			Name:    "stacktrace-level",
-			Aliases: []string{"L"},
-			Usage:   "Stacktrace logging level",
-		},
-		&cli.StringFlag{
-			Name:    "flags",
-			Aliases: []string{"F"},
-			Usage:   "Flags for the logger",
-		},
-		&cli.StringFlag{
-			Name:    "expression",
-			Aliases: []string{"e"},
-			Usage:   "Matching expression for the logger",
-		},
-		&cli.StringFlag{
-			Name:    "prefix",
-			Aliases: []string{"p"},
-			Usage:   "Prefix for the logger",
-		},
-		&cli.BoolFlag{
+		}, cli.StringFlag{
+			Name:  "stacktrace-level, L",
+			Usage: "Stacktrace logging level",
+		}, cli.StringFlag{
+			Name:  "flags, F",
+			Usage: "Flags for the logger",
+		}, cli.StringFlag{
+			Name:  "expression, e",
+			Usage: "Matching expression for the logger",
+		}, cli.StringFlag{
+			Name:  "prefix, p",
+			Usage: "Prefix for the logger",
+		}, cli.BoolFlag{
 			Name:  "color",
 			Usage: "Use color in the logs",
-		},
-		&cli.BoolFlag{
+		}, cli.BoolFlag{
 			Name: "debug",
 		},
 	}

-	subcmdLogging = &cli.Command{
+	subcmdLogging = cli.Command{
 		Name:  "logging",
 		Usage: "Adjust logging commands",
-		Subcommands: []*cli.Command{
+		Subcommands: []cli.Command{
 			{
 				Name:  "pause",
 				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
@@ -73,7 +61,7 @@ var (
 				Name:  "resume",
 				Usage: "Resume logging",
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
@@ -82,7 +70,7 @@ var (
 				Name:  "release-and-reopen",
 				Usage: "Cause Gitea to release and re-open files used for logging",
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					cli.BoolFlag{
 						Name: "debug",
 					},
 				},
@@ -92,9 +80,9 @@ var (
 				Usage:     "Remove a logger",
 				ArgsUsage: "[name] Name of logger to remove",
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					cli.BoolFlag{
 						Name: "debug",
-					}, &cli.StringFlag{
+					}, cli.StringFlag{
 						Name:  "logger",
 						Usage: `Logger name - will default to "default"`,
 					},
@@ -103,48 +91,32 @@ var (
 			}, {
 				Name:  "add",
 				Usage: "Add a logger",
-				Subcommands: []*cli.Command{
+				Subcommands: []cli.Command{
 					{
 						Name:  "file",
 						Usage: "Add a file logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
-							&cli.StringFlag{
-								Name:    "filename",
-								Aliases: []string{"f"},
-								Usage:   "Filename for the logger - this must be set.",
-							},
-							&cli.BoolFlag{
-								Name:    "rotate",
-								Aliases: []string{"r"},
-								Usage:   "Rotate logs",
-								Value:   true,
-							},
-							&cli.Int64Flag{
-								Name:    "max-size",
-								Aliases: []string{"s"},
-								Usage:   "Maximum size in bytes before rotation",
-							},
-							&cli.BoolFlag{
-								Name:    "daily",
-								Aliases: []string{"d"},
-								Usage:   "Rotate logs daily",
-								Value:   true,
-							},
-							&cli.IntFlag{
-								Name:    "max-days",
-								Aliases: []string{"D"},
-								Usage:   "Maximum number of daily logs to keep",
-							},
-							&cli.BoolFlag{
-								Name:    "compress",
-								Aliases: []string{"z"},
-								Usage:   "Compress rotated logs",
-								Value:   true,
-							},
-							&cli.IntFlag{
-								Name:    "compression-level",
-								Aliases: []string{"Z"},
-								Usage:   "Compression level to use",
+							cli.StringFlag{
+								Name:  "filename, f",
+								Usage: "Filename for the logger - this must be set.",
+							}, cli.BoolTFlag{
+								Name:  "rotate, r",
+								Usage: "Rotate logs",
+							}, cli.Int64Flag{
+								Name:  "max-size, s",
+								Usage: "Maximum size in bytes before rotation",
+							}, cli.BoolTFlag{
+								Name:  "daily, d",
+								Usage: "Rotate logs daily",
+							}, cli.IntFlag{
+								Name:  "max-days, D",
+								Usage: "Maximum number of daily logs to keep",
+							}, cli.BoolTFlag{
+								Name:  "compress, z",
+								Usage: "Compress rotated logs",
+							}, cli.IntFlag{
+								Name:  "compression-level, Z",
+								Usage: "Compression level to use",
 							},
 						}...),
 						Action: runAddFileLogger,
@@ -152,25 +124,18 @@ var (
 						Name:  "conn",
 						Usage: "Add a net conn logger",
 						Flags: append(defaultLoggingFlags, []cli.Flag{
-							&cli.BoolFlag{
-								Name:    "reconnect-on-message",
-								Aliases: []string{"R"},
-								Usage:   "Reconnect to host for every message",
-							},
-							&cli.BoolFlag{
-								Name:    "reconnect",
-								Aliases: []string{"r"},
-								Usage:   "Reconnect to host when connection is dropped",
-							},
-							&cli.StringFlag{
-								Name:    "protocol",
-								Aliases: []string{"P"},
-								Usage:   "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
-							},
-							&cli.StringFlag{
-								Name:    "address",
-								Aliases: []string{"a"},
-								Usage:   "Host address and port to connect to (defaults to :7020)",
+							cli.BoolFlag{
+								Name:  "reconnect-on-message, R",
+								Usage: "Reconnect to host for every message",
+							}, cli.BoolFlag{
+								Name:  "reconnect, r",
+								Usage: "Reconnect to host when connection is dropped",
+							}, cli.StringFlag{
+								Name:  "protocol, P",
+								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
+							}, cli.StringFlag{
+								Name:  "address, a",
+								Usage: "Host address and port to connect to (defaults to :7020)",
 							},
 						}...),
 						Action: runAddConnLogger,
@@ -180,10 +145,9 @@ var (
 				Name:  "log-sql",
 				Usage: "Set LogSQL",
 				Flags: []cli.Flag{
-					&cli.BoolFlag{
+					cli.BoolFlag{
 						Name: "debug",
-					},
-					&cli.BoolFlag{
+					}, cli.BoolFlag{
 						Name:  "off",
 						Usage: "Switch off SQL logging",
 					},
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -11,11 +11,11 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdMigrate represents the available migrate sub-command.
-var CmdMigrate = &cli.Command{
+var CmdMigrate = cli.Command{
 	Name:        "migrate",
 	Usage:       "Migrate the database",
 	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -20,73 +20,70 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdMigrateStorage represents the available migrate storage sub-command.
-var CmdMigrateStorage = &cli.Command{
+var CmdMigrateStorage = cli.Command{
 	Name:        "migrate-storage",
 	Usage:       "Migrate the storage",
 	Description: "Copies stored files from storage configured in app.ini to parameter-configured storage",
 	Action:      runMigrateStorage,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "type",
-			Aliases: []string{"t"},
-			Value:   "",
-			Usage:   "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log'",
+		cli.StringFlag{
+			Name:  "type, t",
+			Value: "",
+			Usage: "Type of stored files to copy.  Allowed types: 'attachments', 'lfs', 'avatars', 'repo-avatars', 'repo-archivers', 'packages', 'actions-log'",
 		},
-		&cli.StringFlag{
-			Name:    "storage",
-			Aliases: []string{"s"},
-			Value:   "",
-			Usage:   "New storage type: local (default) or minio",
+		cli.StringFlag{
+			Name:  "storage, s",
+			Value: "",
+			Usage: "New storage type: local (default) or minio",
 		},
-		&cli.StringFlag{
-			Name:    "path",
-			Aliases: []string{"p"},
-			Value:   "",
-			Usage:   "New storage placement if store is local (leave blank for default)",
+		cli.StringFlag{
+			Name:  "path, p",
+			Value: "",
+			Usage: "New storage placement if store is local (leave blank for default)",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-endpoint",
 			Value: "",
 			Usage: "Minio storage endpoint",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-access-key-id",
 			Value: "",
 			Usage: "Minio storage accessKeyID",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-secret-access-key",
 			Value: "",
 			Usage: "Minio storage secretAccessKey",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-bucket",
 			Value: "",
 			Usage: "Minio storage bucket",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-location",
 			Value: "",
 			Usage: "Minio storage location to create bucket",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
 			Usage: "Minio storage base path on the bucket",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "minio-insecure-skip-verify",
 			Usage: "Skip SSL verification",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "minio-checksum-algorithm",
 			Value: "",
 			Usage: "Minio checksum algorithm (default/md5)",
@@ -185,7 +182,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	case string(setting.LocalStorageType):
 		p := ctx.String("path")
 		if p == "" {
-			log.Fatal("Path must be given when storage is local")
+			log.Fatal("Path must be given when storage is loal")
 			return nil
 		}
 		dstStorage, err = storage.NewLocalStorage(
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -9,7 +9,6 @@ import (
 	"strings"
 	"testing"

-	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/packages"
 	"code.gitea.io/gitea/models/unittest"
 	user_model "code.gitea.io/gitea/models/user"
@@ -31,7 +30,7 @@ func TestMigratePackages(t *testing.T) {
 	assert.NoError(t, err)
 	defer buf.Close()

-	v, f, err := packages_service.CreatePackageAndAddFile(db.DefaultContext, &packages_service.PackageCreationInfo{
+	v, f, err := packages_service.CreatePackageAndAddFile(&packages_service.PackageCreationInfo{
 		PackageInfo: packages_service.PackageInfo{
 			Owner:       creator,
 			PackageType: packages.TypeGeneric,
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -9,39 +9,38 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // CmdRestoreRepository represents the available restore a repository sub-command.
-var CmdRestoreRepository = &cli.Command{
+var CmdRestoreRepository = cli.Command{
 	Name:        "restore-repo",
 	Usage:       "Restore the repository from disk",
 	Description: "This is a command for restoring the repository data.",
 	Action:      runRestoreRepository,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "repo_dir",
-			Aliases: []string{"r"},
-			Value:   "./data",
-			Usage:   "Repository dir path to restore from",
+		cli.StringFlag{
+			Name:  "repo_dir, r",
+			Value: "./data",
+			Usage: "Repository dir path to restore from",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "owner_name",
 			Value: "",
 			Usage: "Restore destination owner name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "repo_name",
 			Value: "",
 			Usage: "Restore destination repository name",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "units",
 			Value: "",
 			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "validation",
 			Usage: "Sanity check the content of the files before trying to load them",
 		},
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -30,9 +30,9 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"

-	"github.com/golang-jwt/jwt/v5"
+	"github.com/golang-jwt/jwt/v4"
 	"github.com/kballard/go-shellquote"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 const (
@@ -40,17 +40,17 @@ const (
 )

 // CmdServ represents the available serv sub-command.
-var CmdServ = &cli.Command{
+var CmdServ = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
 	Description: "Serv provides access auth for repositories",
 	Before:      PrepareConsoleLoggerLevel(log.FATAL),
 	Action:      runServ,
 	Flags: []cli.Flag{
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name: "enable-pprof",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name: "debug",
 		},
 	},
@@ -119,7 +119,7 @@ func fail(ctx context.Context, userMessage, logMsgFmt string, args ...any) error
 		}
 		_ = private.SSHLog(ctx, true, logMsg)
 	}
-	return cli.Exit("", 1)
+	return cli.NewExitError("", 1)
 }

 // handleCliResponseExtra handles the extra response from the cli sub-commands
@@ -130,7 +130,7 @@ func handleCliResponseExtra(extra private.ResponseExtra) error {
 		_, _ = fmt.Fprintln(os.Stdout, extra.UserMsg)
 	}
 	if extra.HasError() {
-		return cli.Exit(extra.Error, 1)
+		return cli.NewExitError(extra.Error, 1)
 	}
 	return nil
 }
@@ -147,20 +147,20 @@ func runServ(c *cli.Context) error {
 		return nil
 	}

-	if c.NArg() < 1 {
+	if len(c.Args()) < 1 {
 		if err := cli.ShowSubcommandHelp(c); err != nil {
 			fmt.Printf("error showing subcommand help: %v\n", err)
 		}
 		return nil
 	}

-	keys := strings.Split(c.Args().First(), "-")
+	keys := strings.Split(c.Args()[0], "-")
 	if len(keys) != 2 || keys[0] != "key" {
-		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args().First())
+		return fail(ctx, "Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
 	keyID, err := strconv.ParseInt(keys[1], 10, 64)
 	if err != nil {
-		return fail(ctx, "Key ID parsing error", "Invalid key argument: %s", c.Args().Get(1))
+		return fail(ctx, "Key ID parsing error", "Invalid key argument: %s", c.Args()[1])
 	}

 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -15,24 +15,22 @@ import (

 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running

-	"code.gitea.io/gitea/modules/container"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/process"
-	"code.gitea.io/gitea/modules/public"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/install"

 	"github.com/felixge/fgprof"
-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 // PIDFile could be set from build tag
 var PIDFile = "/run/gitea.pid"

 // CmdWeb represents the available web sub-command.
-var CmdWeb = &cli.Command{
+var CmdWeb = cli.Command{
 	Name:  "web",
 	Usage: "Start Gitea web server",
 	Description: `Gitea web server is the only thing you need to run,
@@ -40,29 +38,26 @@ and it takes care of all the other things for you`,
 	Before: PrepareConsoleLoggerLevel(log.INFO),
 	Action: runWeb,
 	Flags: []cli.Flag{
-		&cli.StringFlag{
-			Name:    "port",
-			Aliases: []string{"p"},
-			Value:   "3000",
-			Usage:   "Temporary port number to prevent conflict",
+		cli.StringFlag{
+			Name:  "port, p",
+			Value: "3000",
+			Usage: "Temporary port number to prevent conflict",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "install-port",
 			Value: "3000",
 			Usage: "Temporary port number to run the install page on to prevent conflict",
 		},
-		&cli.StringFlag{
-			Name:    "pid",
-			Aliases: []string{"P"},
-			Value:   PIDFile,
-			Usage:   "Custom pid file path",
+		cli.StringFlag{
+			Name:  "pid, P",
+			Value: PIDFile,
+			Usage: "Custom pid file path",
 		},
-		&cli.BoolFlag{
-			Name:    "quiet",
-			Aliases: []string{"q"},
-			Usage:   "Only display Fatal logging errors until logging is set-up",
+		cli.BoolFlag{
+			Name:  "quiet, q",
+			Usage: "Only display Fatal logging errors until logging is set-up",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "verbose",
 			Usage: "Set initial logging to TRACE level until logging is properly set-up",
 		},
@@ -107,18 +102,13 @@ func createPIDFile(pidPath string) {
 	}
 }

-func showWebStartupMessage(msg string) {
-	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
-	log.Info("* RunMode: %s", setting.RunMode)
-	log.Info("* AppPath: %s", setting.AppPath)
-	log.Info("* WorkPath: %s", setting.AppWorkPath)
-	log.Info("* CustomPath: %s", setting.CustomPath)
-	log.Info("* ConfigFile: %s", setting.CustomConf)
-	log.Info("%s", msg)
-}
-
 func serveInstall(ctx *cli.Context) error {
-	showWebStartupMessage("Prepare to run install page")
+	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
+	log.Info("App path: %s", setting.AppPath)
+	log.Info("Work path: %s", setting.AppWorkPath)
+	log.Info("Custom path: %s", setting.CustomPath)
+	log.Info("Config file: %s", setting.CustomConf)
+	log.Info("Prepare to run install page")

 	routers.InitWebInstallPage(graceful.GetManager().HammerContext())

@@ -155,42 +145,33 @@ func serveInstalled(ctx *cli.Context) error {
 	setting.LoadCommonSettings()
 	setting.MustInstalled()

-	showWebStartupMessage("Prepare to run web server")
+	log.Info("Gitea version: %s%s", setting.AppVer, setting.AppBuiltWith)
+	log.Info("App path: %s", setting.AppPath)
+	log.Info("Work path: %s", setting.AppWorkPath)
+	log.Info("Custom path: %s", setting.CustomPath)
+	log.Info("Config file: %s", setting.CustomConf)
+	log.Info("Run mode: %s", setting.RunMode)
+	log.Info("Prepare to run web server")

 	if setting.AppWorkPathMismatch {
 		log.Error("WORK_PATH from config %q doesn't match other paths from environment variables or command arguments. "+
-			"Only WORK_PATH in config should be set and used. Please make sure the path in config file is correct, "+
-			"remove the other outdated work paths from environment variables and command arguments", setting.CustomConf)
+			"Only WORK_PATH in config should be set and used. Please remove the other outdated work paths from environment variables and command arguments", setting.CustomConf)
 	}

 	rootCfg := setting.CfgProvider
 	if rootCfg.Section("").Key("WORK_PATH").String() == "" {
 		saveCfg, err := rootCfg.PrepareSaving()
 		if err != nil {
-			log.Error("Unable to prepare saving WORK_PATH=%s to config %q: %v\nYou should set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
+			log.Error("Unable to prepare saving WORK_PATH=%s to config %q: %v\nYou must set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
 		} else {
 			rootCfg.Section("").Key("WORK_PATH").SetValue(setting.AppWorkPath)
 			saveCfg.Section("").Key("WORK_PATH").SetValue(setting.AppWorkPath)
 			if err = saveCfg.Save(); err != nil {
-				log.Error("Unable to update WORK_PATH=%s to config %q: %v\nYou should set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
+				log.Error("Unable to update WORK_PATH=%s to config %q: %v\nYou must set it manually, otherwise there might be bugs when accessing the git repositories.", setting.AppWorkPath, setting.CustomConf, err)
 			}
 		}
 	}

-	// in old versions, user's custom web files are placed in "custom/public", and they were served as "http://domain.com/assets/xxx"
-	// now, Gitea only serves pre-defined files in the "custom/public" folder basing on the web root, the user should move their custom files to "custom/public/assets"
-	publicFiles, _ := public.AssetFS().ListFiles(".")
-	publicFilesSet := container.SetOf(publicFiles...)
-	publicFilesSet.Remove(".well-known")
-	publicFilesSet.Remove("assets")
-	publicFilesSet.Remove("robots.txt")
-	for _, fn := range publicFilesSet.Values() {
-		log.Error("Found legacy public asset %q in CustomPath. Please move it to %s/public/assets/%s", fn, setting.CustomPath, fn)
-	}
-	if _, err := os.Stat(filepath.Join(setting.CustomPath, "robots.txt")); err == nil {
-		log.Error(`Found legacy public asset "robots.txt" in CustomPath. Please move it to %s/public/robots.txt`, setting.CustomPath)
-	}
-
 	routers.InitWebInstalled(graceful.GetManager().HammerContext())

 	// We check that AppDataPath exists here (it should have been created during installation)
@@ -208,8 +189,8 @@ func serveInstalled(ctx *cli.Context) error {
 	}

 	// Set up Chi routes
-	webRoutes := routers.NormalRoutes()
-	err := listen(webRoutes, true)
+	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
 	log.GetManager().Close()
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@@ -17,8 +17,8 @@ import (
 	"strings"
 	"syscall"

-	"github.com/google/go-github/v53/github"
-	"github.com/urfave/cli/v2"
+	"github.com/google/go-github/v52/github"
+	"github.com/urfave/cli"
 	"gopkg.in/yaml.v3"
 )

@@ -32,55 +32,55 @@ func main() {
 	app.ArgsUsage = "<PR-to-backport>"

 	app.Flags = []cli.Flag{
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "version",
 			Usage: "Version branch to backport on to",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "upstream",
 			Value: "origin",
 			Usage: "Upstream remote for the Gitea upstream",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "release-branch",
 			Value: "",
 			Usage: "Release branch to backport on. Will default to release/<version>",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "cherry-pick",
 			Usage: "SHA to cherry-pick as backport",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "backport-branch",
 			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "remote",
 			Value: "",
 			Usage: "Remote for your fork of the Gitea upstream",
 		},
-		&cli.StringFlag{
+		cli.StringFlag{
 			Name:  "fork-user",
 			Value: "",
 			Usage: "Forked user name on Github",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "no-fetch",
 			Usage: "Set this flag to prevent fetch of remote branches",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "no-amend-message",
 			Usage: "Set this flag to prevent automatic amendment of the commit message",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "no-push",
 			Usage: "Set this flag to prevent pushing the backport up to your fork",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "no-xdg-open",
 			Usage: "Set this flag to not use xdg-open to open the PR URL",
 		},
-		&cli.BoolFlag{
+		cli.BoolFlag{
 			Name:  "continue",
 			Usage: "Set this flag to continue from a git cherry-pick that has broken",
 		},
@@ -151,7 +151,7 @@ func runBackport(c *cli.Context) error {

 	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)

-	args := c.Args().Slice()
+	args := c.Args()
 	if len(args) == 0 && pr == "" {
 		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
 	} else if len(args) != 1 && pr == "" {
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -9,7 +9,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli/v2"
+	"github.com/urfave/cli"
 )

 func main() {
@@ -46,29 +46,25 @@ func main() {
 	and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 	on the configuration cheat sheet.`
 	app.Flags = []cli.Flag{
-		&cli.StringFlag{
-			Name:    "custom-path",
-			Aliases: []string{"C"},
-			Value:   setting.CustomPath,
-			Usage:   "Custom path file path",
+		cli.StringFlag{
+			Name:  "custom-path, C",
+			Value: setting.CustomPath,
+			Usage: "Custom path file path",
 		},
-		&cli.StringFlag{
-			Name:    "config",
-			Aliases: []string{"c"},
-			Value:   setting.CustomConf,
-			Usage:   "Custom configuration file path",
+		cli.StringFlag{
+			Name:  "config, c",
+			Value: setting.CustomConf,
+			Usage: "Custom configuration file path",
 		},
-		&cli.StringFlag{
-			Name:    "work-path",
-			Aliases: []string{"w"},
-			Value:   setting.AppWorkPath,
-			Usage:   "Set the gitea working path",
+		cli.StringFlag{
+			Name:  "work-path, w",
+			Value: setting.AppWorkPath,
+			Usage: "Set the gitea working path",
 		},
-		&cli.StringFlag{
-			Name:    "out",
-			Aliases: []string{"o"},
-			Value:   "",
-			Usage:   "Destination file to write to",
+		cli.StringFlag{
+			Name:  "out, o",
+			Value: "",
+			Usage: "Destination file to write to",
 		},
 	}
 	app.Action = runEnvironmentToIni
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -12,7 +12,7 @@
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; These values are environment-dependent but form the basis of a lot of values. They will be
-;; reported as part of the default configuration when running `gitea help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
+;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
 ;;
 ;; - _`AppPath`_: This is the absolute path of the running gitea binary.
 ;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
@@ -119,13 +119,10 @@ RUN_USER = ; git
 ;; Permission for unix socket
 ;UNIX_SOCKET_PERMISSION = 666
 ;;
-;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
-;; most cases you do not need to change the default value. Alter it only if
-;; your SSH server node is not the same as HTTP node. For different protocol, the default
-;; values are different. If `PROTOCOL` is `http+unix`, the default value is `http://unix/`.
-;; If `PROTOCOL` is `fcgi` or `fcgi+unix`, the default value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
-;; If listen on `0.0.0.0`, the default value is `%(PROTOCOL)s://localhost:%(HTTP_PORT)s/`, Otherwise the default
-;; value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
+;; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+;; In most cases you do not need to change the default value.
+;; Alter it only if your SSH server node is not the same as HTTP node.
+;; Do not set this variable if PROTOCOL is set to 'unix'.
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
@@ -193,8 +190,8 @@ RUN_USER = ; git
 ;; Use `ssh-keygen` to parse public SSH keys. The value is passed to the shell. By default, Gitea does the parsing itself.
 ;SSH_KEYGEN_PATH =
 ;;
-;; Enable SSH Authorized Key Backup when rewriting all keys, default is false
-;SSH_AUTHORIZED_KEYS_BACKUP = false
+;; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+;SSH_AUTHORIZED_KEYS_BACKUP = true
 ;;
 ;; Determines which principals to allow
 ;; - empty: if SSH_TRUSTED_USER_CA_KEYS is empty this will default to off, otherwise will default to email, username.
@@ -303,10 +300,7 @@ RUN_USER = ; git
 ;;
 ;;
 ;; LFS authentication secret, change this yourself
-;LFS_JWT_SECRET =
-;;
-;; Alternative location to specify LFS authentication secret. You cannot specify both this and LFS_JWT_SECRET, and must pick one
-;LFS_JWT_SECRET_URI = file:/etc/gitea/lfs_jwt_secret
+LFS_JWT_SECRET =
 ;;
 ;; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
 ;LFS_HTTP_AUTH_EXPIRY = 24h
@@ -350,6 +344,9 @@ NAME = gitea
 USER = root
 ;PASSWD = ;Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;SSL_MODE = false ; either "false" (default), "true", or "skip-verify"
+;CHARSET = utf8mb4 ;either "utf8" or "utf8mb4", default is "utf8mb4".
+;;
+;; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -454,7 +451,7 @@ INTERNAL_TOKEN=
 ;REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128
 ;;
 ;; The minimum password length for new Users
-;MIN_PASSWORD_LENGTH = 8
+;MIN_PASSWORD_LENGTH = 6
 ;;
 ;; Set to true to allow users to import local server paths
 ;IMPORT_LOCAL_PATHS = false
@@ -491,11 +488,6 @@ INTERNAL_TOKEN=
 ;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
 ;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
 ;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
-;;
-;; Reject API tokens sent in URL query string (Accept Header-based API tokens only). This avoids security vulnerabilities
-;; stemming from cached/logged plain-text API tokens.
-;; In future releases, this will become the default behavior
-;DISABLE_QUERY_AUTH_TOKEN = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -535,9 +527,6 @@ ENABLE = true
 ;; This setting is only needed if JWT_SIGNING_ALGORITHM is set to HS256, HS384 or HS512.
 ;JWT_SECRET =
 ;;
-;; Alternative location to specify OAuth2 authentication secret. You cannot specify both this and JWT_SECRET, and must pick one
-;JWT_SECRET_URI = file:/etc/gitea/oauth2_jwt_secret
-;;
 ;; Lifetime of an OAuth2 access token in seconds
 ;ACCESS_TOKEN_EXPIRATION_TIME = 3600
 ;;
@@ -549,11 +538,6 @@ ENABLE = true
 ;;
 ;; Maximum length of oauth2 token/cookie stored on server
 ;MAX_TOKEN_LENGTH = 32767
-;;
-;; Pre-register OAuth2 applications for some universally useful services
-;; * https://github.com/hickford/git-credential-oauth
-;; * https://github.com/git-ecosystem/git-credential-manager
-;DEFAULT_APPLICATIONS = git-credential-oauth, git-credential-manager

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -764,8 +748,6 @@ LEVEL = Info
 ;;
 ;; More detail: https://github.com/gogits/gogs/issues/165
 ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-; Enable this to allow reverse proxy authentication for API requests, the reverse proxy is responsible for ensuring that no CSRF is possible.
-;ENABLE_REVERSE_PROXY_AUTHENTICATION_API = false
 ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ;ENABLE_REVERSE_PROXY_EMAIL = false
 ;ENABLE_REVERSE_PROXY_FULL_NAME = false
@@ -839,15 +821,6 @@ LEVEL = Info
 ;; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
 ;ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
 ;;
-;; Default map service. No external API support has been included. A service has to allow
-;; searching using URL parameters, the location will be appended to the URL as escaped query parameter.
-;; Disabled by default, some example values are:
-;; - OpenStreetMap: https://www.openstreetmap.org/search?query=
-;; - Google Maps: https://www.google.com/maps/place/
-;; - MapQuest: https://www.mapquest.com/search/
-;; - Bing Maps: https://www.bing.com/maps?where1=
-; USER_LOCATION_MAP_URL =
-;;
 ;; Enable heatmap on users profiles.
 ;ENABLE_USER_HEATMAP = true
 ;;
@@ -1019,8 +992,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES =
 ;;
-;; Max size of each file in megabytes. Defaults to 50MB
-;FILE_MAX_SIZE = 50 
+;; Max size of each file in megabytes. Defaults to 3MB
+;FILE_MAX_SIZE = 3
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@@ -1221,14 +1194,11 @@ LEVEL = Info
 ;;
 ;; All available reactions users can choose on issues/prs and comments.
 ;; Values can be emoji alias (:smile:) or a unicode emoji.
-;; For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
+;; For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
 ;REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
 ;;
-;; Change the number of users that are displayed in reactions tooltip (triggered by mouse hover).
-;REACTION_MAX_USER_NUM = 10
-;;
 ;; Additional Emojis not defined in the utf8 standard
-;; By default we support gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and add it to this config.
+;; By default we support gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and add it to this config.
 ;; Dont mistake it for Reactions.
 ;CUSTOM_EMOJIS = gitea, codeberg, gitlab, git, github, gogs
 ;;
@@ -1349,7 +1319,7 @@ LEVEL = Info
 ;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 ;ED25519 = 256
 ;ECDSA = 256
-;RSA = 3071 ; we allow 3071 here because an otherwise valid 3072 bit RSA key can be reported as having 3071 bit length
+;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
 ;DSA = -1 ; set to 1024 to switch on

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1367,10 +1337,10 @@ LEVEL = Info
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
 ;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
 ;;
-;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch (e.g. http://elastic:password@localhost:9200) or meilisearch (e.g. http://:apikey@localhost:7700)
-;ISSUE_INDEXER_CONN_STR =
+;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch
+;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
 ;;
-;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch.
+;; Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_NAME = gitea_issues
 ;;
 ;; Timeout the indexer if it takes longer than this to start.
@@ -1428,7 +1398,7 @@ LEVEL = Info
 ;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
 ;;
 ;; Default queue length before a channel queue will block
-;LENGTH = 100000
+;LENGTH = 100
 ;;
 ;; Batch size to send for batched queues
 ;BATCH_LENGTH = 20
@@ -1820,8 +1790,8 @@ LEVEL = Info
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
-;; Max size of each file. Defaults to 2048MB
-;MAX_SIZE = 2048
+;; Max size of each file. Defaults to 4MB
+;MAX_SIZE = 4
 ;;
 ;; Max number of files per upload. Defaults to 5
 ;MAX_FILES = 5
@@ -2570,18 +2540,10 @@ LEVEL = Info

 ; [actions]
 ;; Enable/Disable actions capabilities
-;ENABLED = true
+;ENABLED = false
 ;;
 ;; Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
 ;DEFAULT_ACTIONS_URL = github
-;; Default artifact retention time in days, default is 90 days
-;ARTIFACT_RETENTION_DAYS = 90
-;; Timeout to stop the task which have running status, but haven't been updated for a long time
-;ZOMBIE_TASK_TIMEOUT = 10m
-;; Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
-;ENDLESS_TASK_TIMEOUT = 3h
-;; Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time
-;ABANDONED_JOB_TIMEOUT = 24h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@@ -1,14 +1,12 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-rootless
 {{#if build.tags}}
 {{#unless (contains "-rc" build.tag)}}
-{{#unless (contains "-dev" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
  - "latest-rootless"
 {{/unless}}
-{{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -1,14 +1,12 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}
 {{#if build.tags}}
 {{#unless (contains "-rc" build.tag)}}
-{{#unless (contains "-dev" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
  - "latest"
 {{/unless}}
-{{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -11,7 +11,7 @@ fi

 if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    echo "Generating /data/ssh/ssh_host_rsa_key..."
-    ssh-keygen -t rsa -b 3072 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
+    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi

 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -7,7 +7,7 @@ if [ ! -x /bin/sh ]; then
 fi

 if [ "${USER}" != "git" ]; then
-    # Rename user
+    # rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
 fi

@@ -19,13 +19,13 @@ if [ -z "${USER_UID}" ]; then
  USER_UID="`id -u ${USER}`"
 fi

-# Change GID for USER?
+## Change GID for USER?
 if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
    sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
 fi

-# Change UID for USER?
+## Change UID for USER?
 if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
 fi
--- a/docs/content/administration/backup-and-restore.en-us.md
+++ b/docs/content/administration/backup-and-restore.en-us.md
@@ -43,10 +43,10 @@ directory. There should be some output similar to the following:
 Inside the `gitea-dump-1482906742.zip` file, will be the following:

 - `app.ini` - Optional copy of configuration file if originally stored outside the default `custom/` directory
- `custom/` - All config or customization files in `custom/`.
- `data/` - Data directory (APP_DATA_PATH), except sessions if you are using file session. This directory includes `attachments`, `avatars`, `lfs`, `indexers`, SQLite file if you are using SQLite.
- `repos/` - Complete copy of the repository directory.
+- `custom` - All config or customization files in `custom/`.
+- `data` - Data directory (APP_DATA_PATH), except sessions if you are using file session. This directory includes `attachments`, `avatars`, `lfs`, `indexers`, SQLite file if you are using SQLite.
 - `gitea-db.sql` - SQL dump of database
+- `gitea-repo.zip` - Complete copy of the repository directory.
 - `log/` - Various logs. They are not needed for a recovery or migration.

 Intermediate backup files are created in a temporary directory specified either with the
@@ -89,10 +89,10 @@ Example:
 ```sh
 unzip gitea-dump-1610949662.zip
 cd gitea-dump-1610949662
-mv app.ini /etc/gitea/conf/app.ini
+mv data/conf/app.ini /etc/gitea/conf/app.ini
 mv data/* /var/lib/gitea/data/
 mv log/* /var/lib/gitea/log/
-mv repos/* /var/lib/gitea/gitea-repositories/
+mv repos/* /var/lib/gitea/repositories/
 chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea

 # mysql
@@ -126,7 +126,7 @@ cd gitea-dump-1610949662
 # restore the gitea data
 mv data/* /data/gitea
 # restore the repositories itself
-mv repos/* /data/git/gitea-repositories/
+mv repos/* /data/git/repositories/
 # adjust file permissions
 chown -R git:git /data
 # Regenerate Git Hooks
@@ -150,7 +150,7 @@ mv data/conf/app.ini /etc/gitea/app.ini
 # restore the gitea data
 mv data/* /var/lib/gitea
 # restore the repositories itself
-mv repos/* /var/lib/gitea/git/gitea-repositories
+mv repos/* /var/lib/gitea/git/repositories
 # adjust file permissions
 chown -R git:git /etc/gitea/app.ini /var/lib/gitea
 # Regenerate Git Hooks
--- a/docs/content/administration/cmd-embedded.en-us.md
+++ b/docs/content/administration/cmd-embedded.en-us.md
@@ -43,21 +43,21 @@ for its glob syntax. Here are some examples:

 - List all template files, in any virtual directory: `**.tmpl`
 - List all mail template files: `templates/mail/**.tmpl`
- List all files inside `public/assets/img`: `public/assets/img/**`
+- List all files inside `public/img`: `public/img/**`

 Don't forget to use quotes for the patterns, as spaces, `*` and other characters might have
 a special meaning for your command shell.

 If no pattern is provided, all files are listed.

-### Example: Listing all embedded files
+### Example

 Listing all embedded files with `openid` in their path:

 ```sh
 $ gitea embedded list '**openid**'
-public/assets/img/auth/openid_connect.svg
-public/assets/img/openid-16x16.png
+public/img/auth/openid_connect.svg
+public/img/openid-16x16.png
 templates/user/auth/finalize_openid.tmpl
 templates/user/auth/signin_openid.tmpl
 templates/user/auth/signup_openid_connect.tmpl
@@ -101,7 +101,7 @@ When Gitea is upgraded to a new version (by replacing the executable), many of t
 embedded files will suffer changes. Gitea will honor and use any files found
 in the `custom` directory, even if they are old and incompatible.

-### Example: Extracting mail templates
+### Example

 Extracting mail templates to a temporary directory:

--- a/docs/content/administration/cmd-embedded.zh-cn.md
+++ b/docs/content/administration/cmd-embedded.zh-cn.md
@@ -43,7 +43,7 @@ gitea embedded list [--include-vendored] [patterns...]

 如果未提供模式，则列出所有文件。

-### 示例：列出所有嵌入文件
+### 示例

 列出所有路径中包含 `openid` 的嵌入文件：

@@ -83,7 +83,7 @@ gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overw

 请确保**只提取需要自定义的文件**。位于 `custom` 目录中的文件不会受到 Gitea 的升级过程的影响。当 Gitea 升级到新版本（通过替换可执行文件）时，许多嵌入文件将发生变化。Gitea 将尊重并使用在 `custom` 目录中找到的任何文件，即使这些文件是旧的和不兼容的。

-### 示例：提取邮件模板
+### 示例

 将邮件模板提取到临时目录：

--- a/docs/content/administration/command-line.en-us.md
+++ b/docs/content/administration/command-line.en-us.md
@@ -313,7 +313,7 @@ directory and will overwrite any existing files.
  - `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options
    are P224, P256, P384, P521.
  - `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is
-    set. (default: 3072).
+    set. (default: 2048).
  - `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`).
  - `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s)
  - `--ca`: If provided, this cert generates it's own certificate authority. Optional.
@@ -334,9 +334,9 @@ in the current directory.
  - `--skip-attachment-data`: Skip dumping of attachment data. Optional.
  - `--skip-package-data`: Skip dumping of package data. Optional.
  - `--skip-log`: Skip dumping of log data. Optional.
-  - `--database`, `-d`: Specify the database SQL syntax. Optional (supported arguments: sqlite3, mysql, mssql, postgres).
+  - `--database`, `-d`: Specify the database SQL syntax. Optional.
  - `--verbose`, `-V`: If provided, shows additional details. Optional.
-  - `--type`: Set the dump output format. Optional. (formats: zip, tar, tar.sz, tar.gz, tar.xz, tar.bz2, tar.br, tar.lz4, tar.zst default: zip).
+  - `--type`: Set the dump output format. Optional. (default: zip)
 - Examples:
  - `gitea dump`
  - `gitea dump --verbose`
@@ -384,18 +384,35 @@ NB: Gitea must be running for this command to succeed.
 Migrates the database. This command can be used to run other commands before starting the server for the first time.
 This command is idempotent.

-### doctor check
+### convert

-Diagnose and potentially fix problems with the current Gitea instance.
-Several checks are run by default, but additional ones can be run:
+Converts an existing MySQL database from utf8 to utf8mb4.

- `gitea doctor check --list` - will list all the available checks
- `gitea doctor check --all` - will run all available checks
- `gitea doctor check --default` - will run the default checks
- `gitea doctor check --run [check(s),]...` - will run the named checks
+### doctor

-Some problems can be automatically fixed by passing the `--fix` option.
-Extra logging can be set with `--log-file=...`.
+Diagnose the problems of current Gitea instance according the given configuration.
+Currently there are a check list below:
+
+- Check if OpenSSH authorized_keys file id correct
+  When your Gitea instance support OpenSSH, your Gitea instance binary path will be written to `authorized_keys`
+  when there is any public key added or changed on your Gitea instance.
+  Sometimes if you moved or renamed your Gitea binary when upgrade and you haven't run `Update the '.ssh/authorized_keys' file with Gitea SSH keys. (Not needed for the built-in SSH server.)` on your Admin Panel. Then all pull/push via SSH will not be work.
+  This check will help you to check if it works well.
+
+For contributors, if you want to add more checks, you can write a new function like `func(ctx *cli.Context) ([]string, error)` and
+append it to `doctor.go`.
+
+```go
+var checklist = []check{
+	{
+		title: "Check if OpenSSH authorized_keys file id correct",
+		f:     runDoctorLocationMoved,
+    },
+    // more checks please append here
+}
+```
+
+This function will receive a command line context and return a list of details about the problems or error.

 #### doctor recreate-table

@@ -403,7 +420,7 @@ Sometimes when there are migrations the old columns and default values may be le
 unchanged in the database schema. This may lead to warning such as:

 ```
-2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync() [W] Table user Column keep_activity_private db default is , struct default is 0
+2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
 ```

 You can cause Gitea to recreate these tables and copy the old data into the new table
@@ -427,10 +444,6 @@ gitea doctor recreate-table

 It is highly recommended to back-up your database before running these commands.

-### doctor convert
-
-Converts a MySQL database from utf8 to utf8mb4 or a MSSQL database from varchar to nvarchar.
-
 ### manager

 Manage running server operations:
--- a/docs/content/administration/command-line.zh-cn.md
+++ b/docs/content/administration/command-line.zh-cn.md
@@ -295,7 +295,7 @@ menu:
 - 选项：
  - `--host value`：逗号分隔的主机名和IP地址列表，此证书适用于这些主机。支持使用通配符。必填。
  - `--ecdsa-curve value`：用于生成密钥的ECDSA曲线。可选。有效选项为P224、P256、P384、P521。
-  - `--rsa-bits value`：要生成的RSA密钥的大小。可选。如果设置了--ecdsa-curve，则忽略此选项。（默认值：3072）。
+  - `--rsa-bits value`：要生成的RSA密钥的大小。可选。如果设置了--ecdsa-curve，则忽略此选项。（默认值：2048）。
  - `--start-date value`：证书的创建日期。可选。（格式：`Jan 1 15:04:05 2011`）。
  - `--duration value`：证书有效期。可选。（默认值：8760h0m0s）
  - `--ca`：如果提供此选项，则证书将生成自己的证书颁发机构。可选。
@@ -357,25 +357,39 @@ AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k

 迁移数据库。该命令可用于在首次启动服务器之前运行其他命令。此命令是幂等的。

-### doctor check
+### convert

-对 Gitea 实例进行诊断，可以修复一些可修复的问题。
-默认只运行部分检查，额外的检查可以参考：
+将现有的 MySQL 数据库从 utf8 转换为 utf8mb4。

- `gitea doctor check --list` - 列出所有可用的检查
- `gitea doctor check --all` - 运行所有可用的检查
- `gitea doctor check --default` - 运行默认的检查
- `gitea doctor check --run [check(s),]...` - 运行指定的名字的检查
+### doctor

-有些问题可以通过设置 `--fix` 选项进行自动修复。
-额外的日志可以通过 `--log-file=...` 进行设置。
+根据给定的配置诊断当前 Gitea 实例的问题。目前有以下检查清单:
+
+- 检查 OpenSSH 的 authorized_keys 文件是否正确
+  当您的 Gitea 实例支持 OpenSSH 时，当您的 Gitea 实例添加或更改任何公钥时，Gitea 实例的二进制路径将被写入 `authorized_keys` 文件。
+  有时，如果您在升级时移动或重命名了 Gitea 二进制文件，并且您没有在管理面板上运行“使用 Gitea 的 SSH 密钥更新「.ssh/authorized_keys」文件”操作。那么通过 SSH 的所有拉取/推送操作将无法正常工作。
+  此检查将帮助您检查它是否正常工作。
+
+对于贡献者，如果您想添加更多的检查项，您可以编写一个新的函数，如 `func(ctx *cli.Context) ([]string, error)`，并将其追加到 `doctor.go` 文件中。
+
+```go
+var checklist = []check{
+	{
+		title: "Check if OpenSSH authorized_keys file id correct",
+		f:     runDoctorLocationMoved,
+    },
+    // more checks please append here
+}
+```
+
+此函数将接收一个命令行上下文，并返回有关问题或错误的详细信息列表。

 #### doctor recreate-table

 有时，在迁移时，旧的列和默认值可能会在数据库模式中保持不变。这可能会导致警告，如下所示:

 ```
-2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync() [W] Table user Column keep_activity_private db default is , struct default is 0
+2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
 ```

 您可以通过以下方式让 Gitea 重新创建这些表，并将旧数据复制到新表中，并适当设置默认值：
@@ -398,10 +412,6 @@ gitea doctor recreate-table

 强烈建议在运行这些命令之前备份您的数据库。

-### doctor convert
-
-将现有的 MySQL 数据库从 utf8 转换为 utf8mb4，或者把 MSSQL 数据库从 varchar 转换为 nvarchar。
-
 ### manager

 管理运行中的服务器操作：
--- a/docs/content/administration/config-cheat-sheet.en-us.md
+++ b/docs/content/administration/config-cheat-sheet.en-us.md
@@ -38,7 +38,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Default Configuration (non-`app.ini` configuration)

 These values are environment-dependent but form the basis of a lot of values. They will be
-reported as part of the default configuration when running `gitea help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
+reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.

 - _`AppPath`_: This is the absolute path of the running gitea binary.
 - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
@@ -146,7 +146,7 @@ In addition, there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ENABLED`: **true**: Whether repository file uploads are enabled
 - `TEMP_PATH`: **data/tmp/uploads**: Path for uploads (content gets deleted on Gitea restart)
 - `ALLOWED_TYPES`: **_empty_**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `FILE_MAX_SIZE`: **50**: Max size of each file in megabytes.
+- `FILE_MAX_SIZE`: **3**: Max size of each file in megabytes.
 - `MAX_FILES`: **5**: Max number of files per upload

 ### Repository - Release (`repository.release`)
@@ -222,10 +222,9 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MAX_DISPLAY_FILE_SIZE`: **8388608**: Max size of files to be displayed (default is 8MiB)
 - `REACTIONS`: All available reactions users can choose on issues/prs and comments
    Values can be emoji alias (:smile:) or a unicode emoji.
-    For custom reactions, add a tightly cropped square image to public/assets/img/emoji/reaction_name.png
- `REACTION_MAX_USER_NUM`: **10**: Change the number of users that are displayed in reactions tooltip (triggered by mouse hover).
+    For custom reactions, add a tightly cropped square image to public/img/emoji/reaction_name.png
 - `CUSTOM_EMOJIS`: **gitea, codeberg, gitlab, git, github, gogs**: Additional Emojis not defined in the utf8 standard.
-    By default, we support Gitea (:gitea:), to add more copy them to public/assets/img/emoji/emoji_name.png and
+    By default, we support Gitea (:gitea:), to add more copy them to public/img/emoji/emoji_name.png and
    add it to this config.
 - `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 - `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
@@ -313,11 +312,8 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
   (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
   most cases you do not need to change the default value. Alter it only if
-   your SSH server node is not the same as HTTP node. For different protocol, the default
-   values are different. If `PROTOCOL` is `http+unix`, the default value is `http://unix/`.
-   If `PROTOCOL` is `fcgi` or `fcgi+unix`, the default value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
-   If listen on `0.0.0.0`, the default value is `%(PROTOCOL)s://localhost:%(HTTP_PORT)s/`, Otherwise the default
-   value is `%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/`.
+   your SSH server node is not the same as HTTP node. Do not set this variable
+   if `PROTOCOL` is set to `http+unix`.
 - `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: When making local connections pass the PROXY protocol header.
   This should be set to false if the local connection will go through the proxy.
 - `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
@@ -335,13 +331,13 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
 - `SSH_ROOT_PATH`: **~/.ssh**: Root path of SSH directory.
 - `SSH_CREATE_AUTHORIZED_KEYS_FILE`: **true**: Gitea will create a authorized_keys file by default when it is not using the internal ssh server. If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
- `SSH_AUTHORIZED_KEYS_BACKUP`: **false**: Enable SSH Authorized Key Backup when rewriting all keys, default is false.
+- `SSH_AUTHORIZED_KEYS_BACKUP`: **true**: Enable SSH Authorized Key Backup when rewriting all keys, default is true.
 - `SSH_TRUSTED_USER_CA_KEYS`: **_empty_**: Specifies the public keys of certificate authorities that are trusted to sign user certificates for authentication. Multiple keys should be comma separated. E.g.`ssh-<algorithm> <key>` or `ssh-<algorithm> <key1>, ssh-<algorithm> <key2>`. For more information see `TrustedUserCAKeys` in the sshd config man pages. When empty no file will be created and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` will default to `off`.
 - `SSH_TRUSTED_USER_CA_KEYS_FILENAME`: **`RUN_USER`/.ssh/gitea-trusted-user-ca-keys.pem**: Absolute path of the `TrustedUserCaKeys` file Gitea will manage. If you're running your own ssh server and you want to use the Gitea managed file you'll also need to modify your sshd_config to point to this file. The official docker image will automatically work without further configuration.
 - `SSH_AUTHORIZED_PRINCIPALS_ALLOW`: **off** or **username, email**: \[off, username, email, anything\]: Specify the principals values that users are allowed to use as principal. When set to `anything` no checks are done on the principal string. When set to `off` authorized principal are not allowed to be set.
 - `SSH_CREATE_AUTHORIZED_PRINCIPALS_FILE`: **false/true**: Gitea will create a authorized_principals file by default when it is not using the internal ssh server and `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
 - `SSH_AUTHORIZED_PRINCIPALS_BACKUP`: **false/true**: Enable SSH Authorized Principals Backup when rewriting all keys, default is true if `SSH_AUTHORIZED_PRINCIPALS_ALLOW` is not `off`.
- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **`{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}`**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
+- `SSH_AUTHORIZED_KEYS_COMMAND_TEMPLATE`: **{{.AppPath}} --config={{.CustomConf}} serv key-{{.Key.ID}}**: Set the template for the command to passed on authorized keys. Possible keys are: AppPath, AppWorkPath, CustomConf, CustomPath, Key - where Key is a `models/asymkey.PublicKey` and the others are strings which are shellquoted.
 - `SSH_SERVER_CIPHERS`: **chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com**: For the built-in SSH server, choose the ciphers to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_KEY_EXCHANGES`: **curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1**: For the built-in SSH server, choose the key exchange algorithms to support for SSH connections, for system SSH this setting has no effect.
 - `SSH_SERVER_MACS`: **hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1**: For the built-in SSH server, choose the MACs to support for SSH connections, for system SSH this setting has no effect
@@ -367,7 +363,6 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
 - `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **_empty_**: LFS authentication secret, change this a unique string.
- `LFS_JWT_SECRET_URI`: **_empty_**: Instead of defining LFS_JWT_SECRET in the configuration, this configuration option can be used to give Gitea a path to a file that contains the secret (example value: `file:/etc/gitea/lfs_jwt_secret`)
 - `LFS_HTTP_AUTH_EXPIRY`: **24h**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
 - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.
@@ -424,7 +419,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 ## Database (`database`)

 - `DB_TYPE`: **mysql**: The database type in use \[mysql, postgres, mssql, sqlite3\].
- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres[^1]\] (ex: /var/run/mysqld/mysqld.sock).
+- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
 - `PASSWD`: **_empty_**: Database user password. Use \`your password\` or """your password""" for quoting if you use special characters in the password.
@@ -446,6 +441,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
 - `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
 - `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
+- `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **false**: Log the executed SQL.
 - `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
@@ -455,23 +451,21 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
 - `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically.

-[^1]: It may be necessary to specify a hostport even when listening on a unix socket, as the port is part of the socket name. see [#24552](https://github.com/go-gitea/gitea/issues/24552#issuecomment-1681649367) for additional details.
-
 Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
 relation to port exhaustion.

 ## Indexer (`indexer`)

 - `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db`, `elasticsearch` or `meilisearch`.
- `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch (e.g. http://elastic:password@localhost:9200) or meilisearch (e.g. http://:apikey@localhost:7700)
- `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch or meilisearch.
+- `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch, or meilisearch. i.e. http://elastic:changeme@localhost:9200
+- `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_.

 - `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
 - `REPO_INDEXER_REPO_TYPES`: **sources,forks,mirrors,templates**: Repo indexer units. The items to index could be `sources`, `forks`, `mirrors`, `templates` or any combination of them separated by a comma. If empty then it defaults to `sources` only, as if you'd like to disable fully please see `REPO_INDEXER_ENABLED`.
 - `REPO_INDEXER_TYPE`: **bleve**: Code search engine type, could be `bleve` or `elasticsearch`.
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
- `REPO_INDEXER_CONN_STR`: ****: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:password@localhost:9200
+- `REPO_INDEXER_CONN_STR`: ****: Code indexer connection string, available when `REPO_INDEXER_TYPE` is elasticsearch. i.e. http://elastic:changeme@localhost:9200
 - `REPO_INDEXER_NAME`: **gitea_codes**: Code indexer name, available when `REPO_INDEXER_TYPE` is elasticsearch

 - `REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
@@ -486,7 +480,7 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv

 - `TYPE`: **level**: General queue type, currently support: `level` (uses a LevelDB internally), `channel`, `redis`, `dummy`. Invalid types are treated as `level`.
 - `DATADIR`: **queues/common**: Base DataDir for storing level queues. `DATADIR` for individual queues can be set in `queue.name` sections. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
- `LENGTH`: **100000**: Maximal queue size before channel queues block
+- `LENGTH`: **100**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
 - `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. For `redis-cluster` use `redis+cluster://127.0.0.1:6379/0`. Options can be set using query params. Similarly, LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
 - `QUEUE_NAME`: **_queue**: The suffix for default redis and disk queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overridden in the specific `queue.name` section.
@@ -562,7 +556,7 @@ And the following unique queues:
    - `scrypt`:    `scrypt$65536$16$2$50`
  - Adjusting the algorithm parameters using this functionality is done at your own risk.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
- `MIN_PASSWORD_LENGTH`: **8**: Minimum password length for new users.
+- `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
  - lower - use one or more lower latin characters
  - upper - use one or more upper latin characters
@@ -624,8 +618,7 @@ And the following unique queues:
   BASIC and the user's password. Please note if you disable this you will not be able to access the
   tokens API endpoints using a password. Further, this only disables BASIC authentication using the
   password - not tokens or OAuth Basic.
- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication for web requests
- `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`: **false**: Enable this to allow reverse proxy authentication for API requests, the reverse proxy is responsible for ensuring that no CSRF is possible.
+- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
   for reverse authentication.
 - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
@@ -652,7 +645,6 @@ And the following unique queues:
 - `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
 - `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
 - `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
- `USER_LOCATION_MAP_URL`: **""**: A map service URL to show user's location on a map. The location will be appended to the URL as escaped query parameter.
 - `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
 - `ENABLE_TIMETRACKING`: **true**: Enable Timetracking feature.
 - `DEFAULT_ENABLE_TIMETRACKING`: **true**: Allow repositories to use timetracking by default.
@@ -685,7 +677,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 - `ED25519`: **256**
 - `ECDSA`: **256**
- `RSA`: **3071**: We set 3071 here because an otherwise valid 3072 RSA key can be reported as 3071 length.
+- `RSA`: **2047**: We set 2047 here because an otherwise valid 2048 RSA key can be reported as 2047 length.
 - `DSA`: **-1**: DSA is now disabled by default. Set to **1024** to re-enable but ensure you may need to reconfigure your SSHD provider

 ## Webhook (`webhook`)
@@ -822,7 +814,7 @@ Default templates for project boards:

 - `ENABLED`: **true**: Whether issue and pull request attachments are enabled.
 - `ALLOWED_TYPES`: **.csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip**: Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
- `MAX_SIZE`: **2048**: Maximum size (MB).
+- `MAX_SIZE`: **4**: Maximum size (MB).
 - `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
 - `STORAGE_TYPE`: **local**: Storage type for attachments, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `SERVE_DIRECT`: **false**: Allows the storage driver to redirect to authenticated URLs to serve files directly. Currently, only Minio/S3 is supported via signed URLs, local does nothing.
@@ -959,12 +951,6 @@ Default templates for project boards:
 - `SCHEDULE`: **@midnight** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
 - `UPDATE_EXISTING`: **true**: Create new users, update existing user data and disable users that are not in external source anymore (default) or only create new users if UPDATE_EXISTING is set to false.

-## Cron - Cleanup Expired Actions Assets (`cron.cleanup_actions`)
-
- `ENABLED`: **true**: Enable cleanup expired actions assets job.
- `RUN_AT_START`: **true**: Run job at start time (if ENABLED).
- `SCHEDULE`: **@midnight** : Cron syntax for the job.
-
 ### Extended cron tasks (not enabled by default)

 #### Cron - Garbage collect all repositories (`cron.git_gc_repos`)
@@ -1107,10 +1093,8 @@ This section only does "set" config, a removed config key from this section won'
 - `INVALIDATE_REFRESH_TOKENS`: **false**: Check if refresh token has already been used
 - `JWT_SIGNING_ALGORITHM`: **RS256**: Algorithm used to sign OAuth2 tokens. Valid values: \[`HS256`, `HS384`, `HS512`, `RS256`, `RS384`, `RS512`, `ES256`, `ES384`, `ES512`\]
 - `JWT_SECRET`: **_empty_**: OAuth2 authentication secret for access and refresh tokens, change this to a unique string. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `HS256`, `HS384` or `HS512`.
- `JWT_SECRET_URI`: **_empty_**: Instead of defining JWT_SECRET in the configuration, this configuration option can be used to give Gitea a path to a file that contains the secret (example value: `file:/etc/gitea/oauth2_jwt_secret`)
 - `JWT_SIGNING_PRIVATE_KEY_FILE`: **jwt/private.pem**: Private key file path used to sign OAuth2 tokens. The path is relative to `APP_DATA_PATH`. This setting is only needed if `JWT_SIGNING_ALGORITHM` is set to `RS256`, `RS384`, `RS512`, `ES256`, `ES384` or `ES512`. The file must contain a RSA or ECDSA private key in the PKCS8 format. If no key exists a 4096 bit key will be created for you.
 - `MAX_TOKEN_LENGTH`: **32767**: Maximum length of token/cookie to accept from OAuth2 provider
- `DEFAULT_APPLICATIONS`: **git-credential-oauth, git-credential-manager**: Pre-register OAuth applications for some services on startup. See the [OAuth2 documentation](/development/oauth2-provider.md) for the list of available options.

 ## i18n (`i18n`)

@@ -1387,14 +1371,10 @@ PROXY_HOSTS = *.github.com

 ## Actions (`actions`)

- `ENABLED`: **true**: Enable/Disable actions capabilities
+- `ENABLED`: **false**: Enable/Disable actions capabilities
 - `DEFAULT_ACTIONS_URL`: **github**: Default platform to get action plugins, `github` for `https://github.com`, `self` for the current Gitea instance.
 - `STORAGE_TYPE`: **local**: Storage type for actions logs, `local` for local disk or `minio` for s3 compatible object storage service, default is `local` or other name defined with `[storage.xxx]`
 - `MINIO_BASE_PATH`: **actions_log/**: Minio base path on the bucket only available when STORAGE_TYPE is `minio`
- `ARTIFACT_RETENTION_DAYS`: **90**: Number of days to keep artifacts. Set to 0 to disable artifact retention. Default is 90 days if not set.
- `ZOMBIE_TASK_TIMEOUT`: **10m**: Timeout to stop the task which have running status, but haven't been updated for a long time
- `ENDLESS_TASK_TIMEOUT`: **3h**: Timeout to stop the tasks which have running status and continuous updates, but don't end for a long time
- `ABANDONED_JOB_TIMEOUT`: **24h**: Timeout to cancel the jobs which have waiting status, but haven't been picked by a runner for a long time

 `DEFAULT_ACTIONS_URL` indicates where the Gitea Actions runners should find the actions with relative path.
 For example, `uses: actions/checkout@v3` means `https://github.com/actions/checkout@v3` since the value of `DEFAULT_ACTIONS_URL` is `github`.
@@ -1404,7 +1384,7 @@ Please note that using `self` is not recommended for most cases, as it could mak
 Additionally, it requires you to mirror all the actions you need to your Gitea instance, which may not be worth it.
 Therefore, please use `self` only if you understand what you are doing.

-In earlier versions (`<= 1.19`), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
+In earlier versions (<= 1.19), `DEFAULT_ACTIONS_URL` cound be set to any custom URLs like `https://gitea.com` or `http://your-git-server,https://gitea.com`, and the default value was `https://gitea.com`.
 However, later updates removed those options, and now the only options are `github` and `self`, with the default value being `github`.
 However, if you want to use actions from other git server, you can use a complete URL in `uses` field, it's supported by Gitea (but not GitHub).
 Like `uses: https://gitea.com/actions/checkout@v3` or `uses: http://your-git-server/actions/checkout@v3`.
--- a/docs/content/administration/config-cheat-sheet.zh-cn.md
+++ b/docs/content/administration/config-cheat-sheet.zh-cn.md
--- a/docs/content/administration/customizing-gitea.en-us.md
+++ b/docs/content/administration/customizing-gitea.en-us.md
@@ -52,26 +52,21 @@ is set under the "Configuration" tab on the site administration page.

 To make Gitea serve custom public files (like pages and images), use the folder
 `$GITEA_CUSTOM/public/` as the webroot. Symbolic links will be followed.
-At the moment, only the following files are served:

- `public/robots.txt`
- files in the `public/.well-known/` folder
- files in the `public/assets/` folder
-
-For example, a file `image.png` stored in `$GITEA_CUSTOM/public/assets/`, can be accessed with
+For example, a file `image.png` stored in `$GITEA_CUSTOM/public/`, can be accessed with
 the url `http://gitea.domain.tld/assets/image.png`.

 ## Changing the logo

 To build a custom logo and/or favicon clone the Gitea source repository, replace `assets/logo.svg` and/or `assets/favicon.svg` and run
-`make generate-images`. `assets/favicon.svg` is used for the favicon only. This will update below output files which you can then place in `$GITEA_CUSTOM/public/assets/img` on your server:
+`make generate-images`. `assets/favicon.svg` is used for the favicon only. This will update below output files which you can then place in `$GITEA_CUSTOM/public/img` on your server:

- `public/assets/img/logo.svg` - Used for site icon, app icon
- `public/assets/img/logo.png` - Used for Open Graph
- `public/assets/img/avatar_default.png` - Used as the default avatar image
- `public/assets/img/apple-touch-icon.png` - Used on iOS devices for bookmarks
- `public/assets/img/favicon.svg` - Used for favicon
- `public/assets/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons
+- `public/img/logo.svg` - Used for site icon, app icon
+- `public/img/logo.png` - Used for Open Graph
+- `public/img/avatar_default.png` - Used as the default avatar image
+- `public/img/apple-touch-icon.png` - Used on iOS devices for bookmarks
+- `public/img/favicon.svg` - Used for favicon
+- `public/img/favicon.png` - Used as fallback for browsers that don't support SVG favicons

 In case the source image is not in vector format, you can attempt to convert a raster image using tools like [this](https://www.aconvert.com/image/png-to-svg/).

@@ -103,7 +98,7 @@ Dont forget to restart your Gitea to apply the changes.
 If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `$GITEA_CUSTOM/templates/custom/` directory.

 For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
-just place it under your "$GITEA_CUSTOM/public/assets/" directory (for instance `$GITEA_CUSTOM/public/assets/impressum.html`) and put a link to it in either `$GITEA_CUSTOM/templates/custom/extra_links.tmpl` or `$GITEA_CUSTOM/templates/custom/extra_links_footer.tmpl`.
+just place it under your "$GITEA_CUSTOM/public/" directory (for instance `$GITEA_CUSTOM/public/impressum.html`) and put a link to it in either `$GITEA_CUSTOM/templates/custom/extra_links.tmpl` or `$GITEA_CUSTOM/templates/custom/extra_links_footer.tmpl`.

 To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
 `<a class="item" href="{{AppSubUrl}}/assets/impressum.html">Impressum</a>`
@@ -126,24 +121,14 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
 - `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional JavaScript.

-### Using Gitea variables
-
-It's possible to use various Gitea variables in your custom templates.
-
-First, _temporarily_ enable development mode: in your `app.ini` change from `RUN_MODE = prod` to `RUN_MODE = dev`. Then add `{{ $ | DumpVar }}` to any of your templates, restart Gitea and refresh that page; that will dump all available variables.
-
-Find the data that you need, and use the corresponding variable; for example, if you need the name of the repository then you'd use `{{.Repository.Name}}`.
-
-If you need to transform that data somehow, and aren't familiar with Go, an easy workaround is to add the data to the DOM and add a small JavaScript script block to manipulate the data.
-
-### Example: PlantUML
+#### Example: PlantUML

 You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by using a PlantUML server.
 The data is encoded and sent to the PlantUML server which generates the picture. There is an online
 demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
 can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
 copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
-`$GITEA_CUSTOM/public/assets/` folder. Then add the following to `custom/footer.tmpl`:
+`$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:

 ```html
 <script>
@@ -172,7 +157,7 @@ Alice <-- Bob: Another authentication Response

 The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.

-### Example: STL Preview
+#### Example: STL Preview

 You can display STL file directly in Gitea by adding:

@@ -215,7 +200,7 @@ You can display STL file directly in Gitea by adding:

 to the file `templates/custom/footer.tmpl`

-You also need to download the content of the library [Madeleine.js](https://github.com/beige90/Madeleine.js) and place it under `$GITEA_CUSTOM/public/assets/` folder.
+You also need to download the content of the library [Madeleine.js](https://github.com/beige90/Madeleine.js) and place it under `$GITEA_CUSTOM/public/` folder.

 You should end-up with a folder structure similar to:

@@ -223,8 +208,7 @@ You should end-up with a folder structure similar to:
 $GITEA_CUSTOM/templates
 -- custom
    `-- footer.tmpl
-
-$GITEA_CUSTOM/public/assets/
+$GITEA_CUSTOM/public
 -- Madeleine.js
   |-- LICENSE
   |-- README.md
@@ -378,7 +362,7 @@ The list of themes a user can choose from can be configured with the `THEMES` va

 To make a custom theme available to all users:

-1. Add a CSS file to `$GITEA_CUSTOM/public/assets/css/theme-<theme-name>.css`.
+1. Add a CSS file to `$GITEA_CUSTOM/public/css/theme-<theme-name>.css`.
  The value of `$GITEA_CUSTOM` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
 2. Add `<theme-name>` to the comma-separated list of setting `THEMES` in `app.ini`

--- a/docs/content/administration/email-setup.en-us.md
+++ b/docs/content/administration/email-setup.en-us.md
@@ -61,7 +61,7 @@ Please note: authentication is only supported when the SMTP server communication

 - STARTTLS (also known as Opportunistic TLS) via port 587. Initial connection is done over cleartext, but then be upgraded over TLS if the server supports it.
 - SMTPS connection (SMTP over TLS) via the default port 465. Connection to the server use TLS from the beginning.
- Forced SMTPS connection with `PROTOCOL=smtps`. (These are both known as Implicit TLS.)
+- Forced SMTPS connection with `IS_TLS_ENABLED=true`. (These are both known as Implicit TLS.)
 This is due to protections imposed by the Go internal libraries against STRIPTLS attacks.

 Note that Implicit TLS is recommended by [RFC8314](https://tools.ietf.org/html/rfc8314#section-3) since 2018.
@@ -79,7 +79,9 @@ SMTP_PORT      = 465
 FROM           = example.user@gmail.com
 USER           = example.user
 PASSWD         = `***`
-PROTOCOL       = smtps
+PROTOCOL       = smtps ; Gitea >= 1.19.0
+; PROTOCOL       = smtp  ; Gitea < 1.19.0
+; IS_TLS_ENABLED = true  ; Gitea < 1.19.0
 ```

 Note that you'll need to create and use an [App password](https://support.google.com/accounts/answer/185833?hl=en) by enabling 2FA on your Google
--- a/docs/content/administration/email-setup.zh-cn.md
+++ b/docs/content/administration/email-setup.zh-cn.md
@@ -55,13 +55,13 @@ PASSWD         = `password`

 要发送测试邮件以验证设置，请转到 Gitea > 站点管理 > 配置 > SMTP 邮件配置。

-有关所有选项的完整列表，请查看[配置速查表](administration/config-cheat-sheet.md)。
+有关所有选项的完整列表，请查看[配置速查表](doc/administration/config-cheat-sheet.zh-cn.md)。

 请注意：只有在使用 TLS 或 `HOST=localhost` 加密 SMTP 服务器通信时才支持身份验证。TLS 加密可以通过以下方式进行：

 - 通过端口 587 的 STARTTLS（也称为 Opportunistic TLS）。初始连接是明文的，但如果服务器支持，则可以升级为 TLS。
 - 通过默认端口 465 的 SMTPS 连接。连接到服务器从一开始就使用 TLS。
- 使用 `PROTOCOL=smtps` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
+- 使用 `IS_TLS_ENABLED=true` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
 这是由于 Go 内部库对 STRIPTLS 攻击的保护机制。

 请注意，自2018年起，[RFC8314](https://tools.ietf.org/html/rfc8314#section-3) 推荐使用 Implicit TLS。
--- a/docs/content/administration/external-renderers.en-us.md
+++ b/docs/content/administration/external-renderers.en-us.md
@@ -187,7 +187,7 @@ And so you could write some CSS:
 }
 ```

-Add your stylesheet to your custom directory e.g `custom/public/assets/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:
+Add your stylesheet to your custom directory e.g `custom/public/css/my-style-XXXXX.css` and import it using a custom header file `custom/templates/custom/header.tmpl`:

 ```html
 <link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
--- a/Show More
+++ b/Show More