Changelog for v1.11.2 (#10627 )

* Changelog for v1.11.2 * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * Update CHANGELOG.md Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com> * as per @jolheiser * as per @jolheiser x2 * Update CHANGELOG.md Co-Authored-By: John Olheiser <john.olheiser@gmail.com> * Update CHANGELOG.md Co-Authored-By: John Olheiser <john.olheiser@gmail.com> * another security pr * another security pr Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Issue writers perms can modify issues (#10623 ) (#10626 )
2025-08-09 03:51:46 +02:00 · 2020-03-06 15:38:11 +08:00 · 2020-03-06 04:42:20 +00:00 · 2020-03-05 22:23:34 +02:00 · 2020-03-05 13:56:53 +00:00 · 2020-03-05 16:55:21 +08:00
8110 changed files with 1888178 additions and 367502 deletions
--- a/.air.toml
+++ b/.air.toml
@@ -1,10 +0,0 @@
-root = "."
-tmp_dir = ".air"
-
-[build]
-cmd = "make backend"
-bin = "gitea"
-include_ext = ["go", "tmpl"]
-exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
-exclude_regex = ["_test.go$"]
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -14,28 +14,24 @@ groups:
    name: BREAKING
    labels:
      - kind/breaking
+  -
+    name: FEATURE
+    labels:
+      - kind/feature
  -
    name: SECURITY
    labels:
      - kind/security
  -
-    name: FEATURES
+    name: BUGFIXES
    labels:
-      - kind/feature
+      - kind/bug
  -
-    name: API
-    labels:
-      - kind/api
-  -
-    name: ENHANCEMENTS
+    name: ENHANCEMENT
    labels:
      - kind/enhancement
      - kind/refactor
      - kind/ui
-  -
-    name: BUGFIXES
-    labels:
-      - kind/bug
  -
    name: TESTING
    labels:
--- a/.drone.yml
+++ b/.drone.yml
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,31 +1,31 @@
+# http://editorconfig.org
 root = true

 [*]
+charset = utf-8
+insert_final_newline = true
+trim_trailing_whitespace = true
+end_of_line = lf
+
+[*.go]
+indent_style = tab
+indent_size = 8
+
+[*.{tmpl,html}]
+indent_style = tab
+indent_size = 4
+
+[*.less]
+indent_style = space
+indent_size = 4
+
+[*.{yml,json}]
 indent_style = space
 indent_size = 2
-tab_width = 2
-end_of_line = lf
-charset = utf-8
-trim_trailing_whitespace = true
-insert_final_newline = true

-[*.{go,tmpl,html}]
-indent_style = tab
-
-[templates/custom/*.tmpl]
-insert_final_newline = false
-
-[templates/swagger/v1_json.tmpl]
-indent_style = space
-
-[templates/user/auth/oidc_wellknown.tmpl]
+[*.js]
 indent_style = space
+indent_size = 2

 [Makefile]
 indent_style = tab
-
-[*.svg]
-insert_final_newline = false
-
-[*.md]
-trim_trailing_whitespace = false
--- a/.eslintignore
+++ b/.eslintignore
@@ -0,0 +1 @@
+/web_src/js/semanticDropdown.js
--- a/.eslintrc
+++ b/.eslintrc
@@ -1,461 +1,53 @@
 root: true
-reportUnusedDisableDirectives: true
-
-ignorePatterns:
-  - /web_src/js/vendor
-
-parserOptions:
-  sourceType: module
-  ecmaVersion: latest
-
-plugins:
-  - eslint-plugin-unicorn
-  - eslint-plugin-import
-  - eslint-plugin-vue
-  - eslint-plugin-html

 extends:
-  - plugin:vue/recommended
+  - eslint-config-airbnb-base
+  - eslint:recommended
+
+parserOptions:
+  ecmaVersion: 2020

 env:
-  es2021: true
+  browser: true
+  es6: true
+  jquery: true
  node: true

 globals:
  __webpack_public_path__: true
+  Clipboard: false
  CodeMirror: false
  Dropzone: false
+  emojify: false
+  hljs: false
  SimpleMDE: false
-
-settings:
-  html/html-extensions: [".tmpl"]
-
-overrides:
-  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
-    env:
-      browser: true
-      jquery: true
-      node: false
-  - files: ["templates/**/*.tmpl"]
-    rules:
-      no-tabs: [0]
-      indent: [2, tab, {SwitchCase: 1}]
-  - files: ["web_src/**/*worker.js"]
-    env:
-      worker: true
-    rules:
-      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
-  - files: ["build/generate-images.js"]
-    rules:
-      import/no-unresolved: [0]
-      import/no-extraneous-dependencies: [0]
-  - files: ["*.test.js"]
-    env:
-      jest: true
-  - files: ["*.config.js"]
-    rules:
-      import/no-unused-modules: [0]
+  u2fApi: false
+  Vue: false

 rules:
-  accessor-pairs: [2]
-  array-bracket-newline: [0]
-  array-bracket-spacing: [2, never]
-  array-callback-return: [0]
-  array-element-newline: [0]
  arrow-body-style: [0]
-  arrow-parens: [2, always]
-  arrow-spacing: [2, {before: true, after: true}]
-  block-scoped-var: [2]
-  brace-style: [2, 1tbs, {allowSingleLine: true}]
  camelcase: [0]
-  capitalized-comments: [0]
-  class-methods-use-this: [0]
  comma-dangle: [2, only-multiline]
-  comma-spacing: [2, {before: false, after: true}]
-  comma-style: [2, last]
-  complexity: [0]
-  computed-property-spacing: [2, never]
  consistent-return: [0]
-  consistent-this: [0]
-  constructor-super: [2]
-  curly: [0]
-  default-case-last: [2]
  default-case: [0]
-  default-param-last: [0]
-  dot-location: [2, property]
-  dot-notation: [0]
-  eol-last: [2]
-  eqeqeq: [2]
-  for-direction: [2]
-  func-call-spacing: [2, never]
-  func-name-matching: [2]
  func-names: [0]
-  func-style: [0]
-  function-call-argument-newline: [0]
-  function-paren-newline: [0]
-  generator-star-spacing: [0]
-  getter-return: [2]
-  grouped-accessor-pairs: [2]
-  guard-for-in: [0]
-  id-blacklist: [0]
-  id-length: [0]
-  id-match: [0]
-  implicit-arrow-linebreak: [0]
-  import/default: [0]
-  import/dynamic-import-chunkname: [0]
-  import/export: [2]
-  import/exports-last: [0]
-  import/extensions: [2, always, {ignorePackages: true}]
-  import/first: [2]
-  import/group-exports: [0]
-  import/max-dependencies: [0]
-  import/named: [2]
-  import/namespace: [0]
-  import/newline-after-import: [0]
-  import/no-absolute-path: [0]
-  import/no-amd: [0]
-  import/no-anonymous-default-export: [0]
-  import/no-commonjs: [0]
-  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
-  import/no-default-export: [0]
-  import/no-deprecated: [0]
-  import/no-dynamic-require: [0]
-  import/no-extraneous-dependencies: [2]
-  import/no-import-module-exports: [0]
-  import/no-internal-modules: [0]
-  import/no-mutable-exports: [2]
-  import/no-named-as-default-member: [0]
-  import/no-named-as-default: [2]
-  import/no-named-default: [0]
-  import/no-named-export: [0]
-  import/no-namespace: [0]
-  import/no-nodejs-modules: [0]
-  import/no-relative-packages: [0]
-  import/no-relative-parent-imports: [0]
-  import/no-restricted-paths: [0]
-  import/no-self-import: [2]
-  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true}]
-  import/no-unused-modules: [2, {unusedExports: true}]
-  import/no-useless-path-segments: [2, {commonjs: true}]
-  import/no-webpack-loader-syntax: [2]
-  import/order: [0]
-  import/prefer-default-export: [0]
-  import/unambiguous: [0]
-  indent: [2, 2, {SwitchCase: 1}]
-  init-declarations: [0]
-  key-spacing: [2]
-  keyword-spacing: [2]
-  line-comment-position: [0]
-  linebreak-style: [2, unix]
-  lines-around-comment: [0]
-  lines-between-class-members: [0]
-  max-classes-per-file: [0]
-  max-depth: [0]
+  import/extensions: [0]
  max-len: [0]
-  max-lines-per-function: [0]
-  max-lines: [0]
-  max-nested-callbacks: [0]
-  max-params: [0]
-  max-statements-per-line: [0]
-  max-statements: [0]
-  multiline-comment-style: [2, separate-lines]
-  multiline-ternary: [0]
-  new-cap: [0]
-  new-parens: [2]
  newline-per-chained-call: [0]
  no-alert: [0]
-  no-array-constructor: [2]
-  no-async-promise-executor: [2]
-  no-await-in-loop: [0]
-  no-bitwise: [0]
-  no-buffer-constructor: [0]
-  no-caller: [2]
-  no-case-declarations: [2]
-  no-class-assign: [2]
-  no-compare-neg-zero: [2]
-  no-cond-assign: [2, except-parens]
-  no-confusing-arrow: [0]
-  no-console: [1, {allow: [info, warn, error]}]
-  no-const-assign: [2]
-  no-constant-condition: [0]
-  no-constructor-return: [2]
  no-continue: [0]
-  no-control-regex: [0]
-  no-debugger: [1]
-  no-delete-var: [2]
-  no-div-regex: [0]
-  no-dupe-args: [2]
-  no-dupe-class-members: [2]
-  no-dupe-else-if: [2]
-  no-dupe-keys: [2]
-  no-duplicate-case: [2]
-  no-duplicate-imports: [2]
-  no-else-return: [2]
-  no-empty-character-class: [2]
-  no-empty-function: [0]
-  no-empty-pattern: [2]
-  no-empty: [2, {allowEmptyCatch: true}]
-  no-eq-null: [2]
-  no-eval: [2]
-  no-ex-assign: [2]
-  no-extend-native: [2]
-  no-extra-bind: [2]
-  no-extra-boolean-cast: [2]
-  no-extra-label: [0]
-  no-extra-parens: [0]
-  no-extra-semi: [2]
-  no-fallthrough: [2]
-  no-floating-decimal: [0]
-  no-func-assign: [2]
-  no-global-assign: [2]
-  no-implicit-coercion: [0]
-  no-implicit-globals: [0]
-  no-implied-eval: [2]
-  no-import-assign: [2]
-  no-inline-comments: [0]
-  no-inner-declarations: [2]
-  no-invalid-regexp: [2]
-  no-invalid-this: [0]
-  no-irregular-whitespace: [2]
-  no-iterator: [2]
-  no-label-var: [2]
-  no-labels: [2]
-  no-lone-blocks: [2]
-  no-lonely-if: [0]
-  no-loop-func: [0]
-  no-loss-of-precision: [2]
-  no-magic-numbers: [0]
-  no-misleading-character-class: [2]
  no-mixed-operators: [0]
-  no-mixed-spaces-and-tabs: [2]
  no-multi-assign: [0]
-  no-multi-spaces: [2, {ignoreEOLComments: true, exceptions: {Property: true}}]
-  no-multi-str: [2]
-  no-negated-condition: [0]
-  no-nested-ternary: [0]
-  no-new-func: [2]
-  no-new-object: [2]
-  no-new-symbol: [2]
-  no-new-wrappers: [2]
  no-new: [0]
-  no-nonoctal-decimal-escape: [2]
-  no-obj-calls: [2]
-  no-octal-escape: [2]
-  no-octal: [2]
  no-param-reassign: [0]
  no-plusplus: [0]
-  no-promise-executor-return: [0]
-  no-proto: [2]
-  no-prototype-builtins: [2]
-  no-redeclare: [2]
-  no-regex-spaces: [2]
-  no-restricted-exports: [0]
-  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
-  no-restricted-imports: [0]
-  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
-  no-return-assign: [0]
-  no-return-await: [0]
-  no-script-url: [2]
-  no-self-assign: [2, {props: true}]
-  no-self-compare: [2]
-  no-sequences: [2]
-  no-setter-return: [2]
-  no-shadow-restricted-names: [2]
+  no-restricted-syntax: [0]
  no-shadow: [0]
-  no-sparse-arrays: [2]
-  no-tabs: [2]
-  no-template-curly-in-string: [2]
-  no-ternary: [0]
-  no-this-before-super: [2]
-  no-throw-literal: [2]
-  no-trailing-spaces: [2]
-  no-undef-init: [2]
-  no-undef: [2, {typeof: true}]
-  no-undefined: [0]
-  no-underscore-dangle: [0]
-  no-unexpected-multiline: [2]
-  no-unmodified-loop-condition: [2]
-  no-unneeded-ternary: [0]
-  no-unreachable-loop: [2]
-  no-unreachable: [2]
-  no-unsafe-finally: [2]
-  no-unsafe-negation: [2]
-  no-unused-expressions: [2]
-  no-unused-labels: [2]
-  no-unused-private-class-members: [2]
-  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
-  no-use-before-define: [2, nofunc]
-  no-useless-backreference: [0]
-  no-useless-call: [2]
-  no-useless-catch: [2]
-  no-useless-computed-key: [2]
-  no-useless-concat: [2]
-  no-useless-constructor: [2]
-  no-useless-escape: [2]
-  no-useless-rename: [2]
-  no-useless-return: [2]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
+  no-use-before-define: [0]
  no-var: [2]
-  no-void: [2]
-  no-warning-comments: [0]
-  no-whitespace-before-property: [2]
-  no-with: [2]
-  nonblock-statement-body-position: [2]
-  object-curly-newline: [0]
-  object-curly-spacing: [2, never]
-  object-shorthand: [2, always]
  one-var-declaration-per-line: [0]
  one-var: [0]
-  operator-assignment: [2, always]
-  operator-linebreak: [2, after]
-  padded-blocks: [2, never]
-  padding-line-between-statements: [0]
-  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
  prefer-const: [2, {destructuring: all}]
  prefer-destructuring: [0]
-  prefer-exponentiation-operator: [2]
-  prefer-named-capture-group: [0]
-  prefer-numeric-literals: [2]
-  prefer-object-has-own: [0]
-  prefer-object-spread: [0]
-  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
-  prefer-regex-literals: [2]
-  prefer-rest-params: [2]
-  prefer-spread: [2]
-  prefer-template: [2]
-  quote-props: [0]
-  quotes: [2, single, {avoidEscape: true, allowTemplateLiterals: true}]
  radix: [2, as-needed]
-  require-atomic-updates: [0]
-  require-await: [0]
-  require-unicode-regexp: [0]
-  require-yield: [2]
-  rest-spread-spacing: [2, never]
-  semi-spacing: [2, {before: false, after: true}]
-  semi-style: [2, last]
-  semi: [2, always, {omitLastInOneLineBlock: true}]
-  sort-imports: [0]
-  sort-keys: [0]
-  sort-vars: [0]
-  space-before-blocks: [2, always]
-  space-in-parens: [2, never]
-  space-infix-ops: [2]
-  space-unary-ops: [2]
-  spaced-comment: [2, always]
-  strict: [0]
-  switch-colon-spacing: [2]
-  symbol-description: [2]
-  template-curly-spacing: [2, never]
-  template-tag-spacing: [2, never]
-  unicode-bom: [2, never]
-  unicorn/better-regex: [0]
-  unicorn/catch-error-name: [0]
-  unicorn/consistent-destructuring: [2]
-  unicorn/consistent-function-scoping: [2]
-  unicorn/custom-error-definition: [0]
-  unicorn/empty-brace-spaces: [2]
-  unicorn/error-message: [0]
-  unicorn/escape-case: [0]
-  unicorn/expiring-todo-comments: [0]
-  unicorn/explicit-length-check: [0]
-  unicorn/filename-case: [0]
-  unicorn/import-index: [0]
-  unicorn/import-style: [0]
-  unicorn/new-for-builtins: [2]
-  unicorn/no-abusive-eslint-disable: [0]
-  unicorn/no-array-for-each: [2]
-  unicorn/no-array-instanceof: [0]
-  unicorn/no-array-method-this-argument: [2]
-  unicorn/no-array-push-push: [2]
-  unicorn/no-await-expression-member: [0]
-  unicorn/no-console-spaces: [0]
-  unicorn/no-document-cookie: [2]
-  unicorn/no-empty-file: [2]
-  unicorn/no-fn-reference-in-iterator: [0]
-  unicorn/no-for-loop: [0]
-  unicorn/no-hex-escape: [0]
-  unicorn/no-invalid-remove-event-listener: [2]
-  unicorn/no-keyword-prefix: [0]
-  unicorn/no-lonely-if: [2]
-  unicorn/no-nested-ternary: [0]
-  unicorn/no-new-array: [0]
-  unicorn/no-new-buffer: [0]
-  unicorn/no-null: [0]
-  unicorn/no-object-as-default-parameter: [2]
-  unicorn/no-process-exit: [0]
-  unicorn/no-reduce: [2]
-  unicorn/no-static-only-class: [2]
-  unicorn/no-thenable: [2]
-  unicorn/no-this-assignment: [2]
-  unicorn/no-unreadable-array-destructuring: [0]
-  unicorn/no-unsafe-regex: [0]
-  unicorn/no-unused-properties: [2]
-  unicorn/no-useless-fallback-in-spread: [2]
-  unicorn/no-useless-length-check: [2]
-  unicorn/no-useless-promise-resolve-reject: [2]
-  unicorn/no-useless-spread: [2]
-  unicorn/no-useless-undefined: [0]
-  unicorn/no-zero-fractions: [2]
-  unicorn/number-literal-case: [0]
-  unicorn/numeric-separators-style: [0]
-  unicorn/prefer-add-event-listener: [2]
-  unicorn/prefer-array-find: [2]
-  unicorn/prefer-array-flat-map: [2]
-  unicorn/prefer-array-flat: [2]
-  unicorn/prefer-array-index-of: [2]
-  unicorn/prefer-array-some: [2]
-  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [2]
-  unicorn/prefer-dataset: [2]
-  unicorn/prefer-date-now: [2]
-  unicorn/prefer-default-parameters: [0]
-  unicorn/prefer-event-key: [2]
-  unicorn/prefer-export-from: [2]
-  unicorn/prefer-includes: [2]
-  unicorn/prefer-json-parse-buffer: [0]
-  unicorn/prefer-math-trunc: [2]
-  unicorn/prefer-modern-dom-apis: [0]
-  unicorn/prefer-module: [2]
-  unicorn/prefer-negative-index: [2]
-  unicorn/prefer-node-append: [0]
-  unicorn/prefer-node-protocol: [0]
-  unicorn/prefer-node-remove: [0]
-  unicorn/prefer-number-properties: [0]
-  unicorn/prefer-object-from-entries: [2]
-  unicorn/prefer-object-has-own: [0]
-  unicorn/prefer-optional-catch-binding: [2]
-  unicorn/prefer-prototype-methods: [0]
-  unicorn/prefer-query-selector: [0]
-  unicorn/prefer-reflect-apply: [0]
-  unicorn/prefer-regexp-test: [2]
-  unicorn/prefer-replace-all: [0]
-  unicorn/prefer-set-has: [0]
-  unicorn/prefer-spread: [0]
-  unicorn/prefer-starts-ends-with: [2]
-  unicorn/prefer-string-slice: [0]
-  unicorn/prefer-switch: [0]
-  unicorn/prefer-ternary: [0]
-  unicorn/prefer-text-content: [2]
-  unicorn/prefer-top-level-await: [0]
-  unicorn/prefer-trim-start-end: [2]
-  unicorn/prefer-type-error: [0]
-  unicorn/prevent-abbreviations: [0]
-  unicorn/relative-url-style: [2]
-  unicorn/require-array-join-separator: [2]
-  unicorn/require-number-to-fixed-digits-argument: [2]
-  unicorn/require-post-message-target-origin: [0]
-  unicorn/string-content: [0]
-  unicorn/template-indent: [2]
-  unicorn/throw-new-error: [2]
-  use-isnan: [2]
-  valid-typeof: [2, {requireStringLiterals: true}]
-  vars-on-top: [0]
-  vue/attributes-order: [0]
-  vue/component-definition-name-casing: [0]
-  vue/html-closing-bracket-spacing: [0]
-  vue/max-attributes-per-line: [0]
-  vue/one-component-per-file: [0]
-  wrap-iife: [2, inside]
-  wrap-regex: [0]
-  yield-star-spacing: [2, after]
-  yoda: [2, never]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,8 +1,7 @@
 * text=auto eol=lf
-/vendor/** -text -eol linguist-vendored
-/public/vendor/** -text -eol linguist-vendored
-/templates/**/*.tmpl linguist-language=Handlebars
-/.eslintrc linguist-language=YAML
-/.stylelintrc linguist-language=YAML
-/web_src/fomantic/build/** linguist-generated
-Dockerfile.* linguist-language=Dockerfile
+conf/* linguist-vendored
+docker/* linguist-vendored
+options/* linguist-vendored
+public/* linguist-vendored
+scripts/* linguist-vendored
+templates/* linguist-vendored
--- a/.gitea/issue_template.md
+++ b/.gitea/issue_template.md
@@ -1,42 +0,0 @@
-<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
-
-<!--
-    1. Please speak English, this is the language all maintainers can speak and write.
-    2. Please ask questions or configuration/deploy problems on our Discord
-       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-    3. Please take a moment to check that your issue doesn't already exist.
-    4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-    5. Please give all relevant information below for bug reports, because
-       incomplete details will be handled as an invalid report.
-->
-
- Gitea version (or commit ref):
- Git version:
- Operating system:
-  <!-- Please include information on whether you built gitea yourself, used one of our downloads or are using some other package -->
-  <!-- Please also tell us how you are running gitea, e.g. if it is being run from docker, a command-line, systemd etc. --->
-  <!-- If you are using a package or systemd tell us what distribution you are using -->
- Database (use `[x]`):
-  - [ ] PostgreSQL
-  - [ ] MySQL
-  - [ ] MSSQL
-  - [ ] SQLite
- Can you reproduce the bug at https://try.gitea.io:
-  - [ ] Yes (provide example URL)
-  - [ ] No
- Log gist:
-<!-- It really is important to provide pertinent logs -->
-<!-- Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems -->
-<!-- In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini -->
-
-## Description
-<!-- If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please
-     disable the proxy/CDN fully and connect to gitea directly to confirm
-     the issue still persists without those services. -->
-
-...
-
-
-## Screenshots
-
-<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -1,2 +1 @@
 open_collective: gitea
-custom: https://www.bountysource.com/teams/gitea
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,90 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Make sure you are using the latest release and
-         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) of your instance
-  validations:
-    required: true
- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Gitea
- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Gitea?
-    description: |
-      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using
-  validations:
-    required: true
- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - PostgreSQL
-    - MySQL
-    - MSSQL
-    - SQLite
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,17 +0,0 @@
-blank_issues_enabled: true
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,23 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-body:
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your feature hasn't already been suggested.
- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    placeholder: |
-      I think it would be great if Gitea had...
-  validations:
-    required: true
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,62 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) your instance is running
-  validations:
-    required: true
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see above)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -0,0 +1,33 @@
+<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
+
+<!--
+    1. Please speak English, this is the language all maintainers can speak and write.
+    2. Please ask questions or configuration/deploy problems on our Discord 
+       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
+    3. Please take a moment to check that your issue doesn't already exist.
+    4. Please give all relevant information below for bug reports, because 
+       incomplete details will be handled as an invalid report.
+-->
+
+- Gitea version (or commit ref):
+- Git version:
+- Operating system:
+- Database (use `[x]`):
+  - [ ] PostgreSQL
+  - [ ] MySQL
+  - [ ] MSSQL
+  - [ ] SQLite
+- Can you reproduce the bug at https://try.gitea.io:
+  - [ ] Yes (provide example URL)
+  - [ ] No
+  - [ ] Not relevant
+- Log gist:
+
+## Description
+
+...
+
+
+## Screenshots
+
+<!-- **If this issue involves the Web Interface, please include a screenshot** -->
--- a/.github/lock.yml
+++ b/.github/lock.yml
@@ -1,23 +0,0 @@
-# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
-
-# Number of days of inactivity before a closed issue or pull request is locked
-daysUntilLock: 60
-
-# Skip issues and pull requests created before a given timestamp. Timestamp must
-# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
-skipCreatedBefore: false
-
-# Issues and pull requests with these labels will be ignored.
-exemptLabels: []
-
-# Label to add before locking, such as `outdated`. `false` is disabled
-lockLabel: false
-
-# Comment to post before locking.
-lockComment: >
-  This thread has been automatically locked since there has not been
-  any recent activity after it was closed. Please open a new issue for
-  related bugs and link to relevant comments in this thread.
-
-# Assign `resolved` as the reason for locking. Set to `false` to disable
-setLockReason: true
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,7 @@
-<!--
-
 Please check the following:

-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
-2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+1. Make sure you are targeting the `master` branch, pull requests on release branches are only allowed for bug fixes.
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md
 3. Describe what your pull request does and which issue you're targeting (if any)

-->  
+**You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.**
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -27,11 +27,9 @@ staleLabel: stale

 # Comment to post when marking as stale. Set to `false` to disable
 markComment: >
-  This issue has been automatically marked as stale because it has not had recent activity. 
-  I am here to help clear issues left open even if solved or waiting for more insight.
-  This issue will be closed if no further activity occurs during the next 2 weeks.
-  If the issue is still valid just add a comment to keep it alive.
-  Thank you for your contributions.
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you
+  for your contributions.

 # Comment to post when closing a stale Issue or Pull Request.
 closeComment: >
@@ -52,3 +50,4 @@ pulls:
  closeComment: >
    This pull request has been automatically closed because of inactivity.
    You can re-open it if needed.
+
--- a/.gitignore
+++ b/.gitignore
@@ -9,8 +9,6 @@ _test

 # IntelliJ
 .idea
-# Goland's output filename can not be set manually
-/go_build_*

 # MS VSCode
 .vscode
@@ -34,29 +32,21 @@ _testmain.go

 *coverage.out
 coverage.all
-cpu.out

 /modules/options/bindata.go
-/modules/options/bindata.go.hash
 /modules/public/bindata.go
-/modules/public/bindata.go.hash
 /modules/templates/bindata.go
-/modules/templates/bindata.go.hash

 *.db
 *.log

 /gitea
-/gitea-vet
 /debug
 /integrations.test

 /bin
 /dist
-/custom/*
-!/custom/conf
-/custom/conf/*
-!/custom/conf/app.example.ini
+/custom
 /data
 /indexers
 /log
@@ -71,35 +61,15 @@ cpu.out
 /integrations/indexers-pgsql
 /integrations/indexers-sqlite
 /integrations/indexers-mssql
-/integrations/sqlite.ini
 /integrations/mysql.ini
 /integrations/mysql8.ini
 /integrations/pgsql.ini
 /integrations/mssql.ini
 /node_modules
 /yarn.lock
-/yarn-error.log
-/npm-debug.log*
 /public/js
-/public/serviceworker.js
 /public/css
-/public/fonts
-/public/img/webpack
-/vendor
-/web_src/fomantic/node_modules
-/web_src/fomantic/build/*
-!/web_src/fomantic/build/semantic.js
-!/web_src/fomantic/build/semantic.css
-!/web_src/fomantic/build/themes
-/web_src/fomantic/build/themes/*
-!/web_src/fomantic/build/themes/default
-/web_src/fomantic/build/themes/default/assets/*
-!/web_src/fomantic/build/themes/default/assets/fonts
-/web_src/fomantic/build/themes/default/assets/fonts/*
-!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
-!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
-/.air

 # Snapcraft
 snap/.snapcraft/
@@ -110,9 +80,3 @@ prime/
 *.snap-build
 *_source.tar.bz2
 .DS_Store
-
-# Make evidence files
-/.make_evidence
-
-# Manpage
-/man
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -9,14 +9,12 @@ linters:
    - unused
    - structcheck
    - varcheck
+    - golint
    - dupl
    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
    - gofmt
    - misspell
    - gocritic
-    - bidichk
-    - ineffassign
-    - revive
  enable-all: false
  disable-all: true
  fast: false
@@ -28,35 +26,7 @@ linters-settings:
  gocritic:
    disabled-checks:
      - ifElseChain
-      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
-  revive:
-    ignore-generated-header: false
-    severity: warning
-    confidence: 0.8
-    errorCode: 1
-    warningCode: 1
-    rules:
-      - name: blank-imports
-      - name: context-as-argument
-      - name: context-keys-type
-      - name: dot-imports
-      - name: error-return
-      - name: error-strings
-      - name: error-naming
-      - name: exported
-      - name: if-return
-      - name: increment-decrement
-      - name: var-naming
-      - name: var-declaration
-      - name: package-comments
-      - name: range
-      - name: receiver-naming
-      - name: time-naming
-      - name: unexported-return
-      - name: indent-error-flow
-      - name: errorf
-      - name: duplicated-imports
-      - name: modifies-value-receiver
+      - singleCaseSwitch # Every time this occured in the code, there  was no other way.

 issues:
  exclude-rules:
@@ -100,6 +70,9 @@ issues:
    - path: modules/log/
      linters:
        - errcheck
+    - path: routers/routes/routes.go
+      linters:
+        - dupl
    - path: routers/api/v1/repo/issue_subscription.go
      linters:
        - dupl
@@ -122,25 +95,3 @@ issues:
    - linters:
        - misspell
      text: '`Unknwon` is a misspelling of `Unknown`'
-    - path: models/update.go
-      linters:
-        - unused
-    - path: cmd/dump.go
-      linters:
-        - dupl
-    - path: services/webhook/webhook.go
-      linters:
-        - structcheck
-    - text: "commentFormatting: put a space between `//` and comment text"
-      linters:
-        - gocritic
-    - text: "exitAfterDefer:"
-      linters:
-        - gocritic
-    - path: modules/graceful/manager_windows.go
-      linters:
-        - staticcheck
-      text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
-    - path: models/user/openid.go
-      linters:
-        - golint
--- a/.ignore
+++ b/.ignore
@@ -1,8 +1,5 @@
-*.min.css
-*.min.js
+/vendor
+/public/vendor
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
-/public/vendor/plugins
-/vendor
-node_modules
--- a/.npmrc
+++ b/.npmrc
@@ -1,5 +1 @@
-audit=false
-fund=false
-update-notifier=false
-package-lock=true
 save-exact=true
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,25 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 1
+warningCode = 1
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+[rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.package-comments]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -1,31 +1,11 @@
 extends: stylelint-config-standard

-overrides:
-  - files: ["**/*.less"]
-    customSyntax: postcss-less
-
 rules:
-  alpha-value-notation: null
-  at-rule-empty-line-before: null
  block-closing-brace-empty-line-before: null
-  color-function-notation: null
  color-hex-length: null
  comment-empty-line-before: null
-  declaration-block-no-redundant-longhand-properties: null
-  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
-  hue-degree-notation: null
-  indentation: 2
-  max-line-length: null
+  indentation: 4
  no-descending-specificity: null
-  no-invalid-position-at-import-rule: null
-  number-leading-zero: never
-  number-max-precision: null
-  property-no-vendor-prefix: null
  rule-empty-line-before: null
-  selector-class-pattern: null
-  selector-id-pattern: null
-  selector-pseudo-element-colon-notation: double
-  shorthand-property-no-redundant-values: true
-  string-quotes: null
-  value-no-vendor-prefix: null
+  selector-pseudo-element-colon-notation: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -3,14 +3,12 @@
 ## Table of Contents

 - [Contribution Guidelines](#contribution-guidelines)
-  - [Table of Contents](#table-of-contents)
  - [Introduction](#introduction)
  - [Bug reports](#bug-reports)
  - [Discuss your design](#discuss-your-design)
  - [Testing redux](#testing-redux)
  - [Vendoring](#vendoring)
  - [Translation](#translation)
-  - [Building Gitea](#building-gitea)
  - [Code review](#code-review)
  - [Styleguide](#styleguide)
  - [Design guideline](#design-guideline)
@@ -73,30 +71,33 @@ to make sure your changes don't cause regression elsewhere.

 Here's how to run the test suite:

- code lint
+- Install the correct version of the drone-cli package.  As of this
+  writing, the correct drone-cli version is
+  [1.2.0](https://docs.drone.io/cli/install/).
+- Ensure you have enough free disk space.  You will need at least
+  15-20 Gb of free disk space to hold all of the containers drone
+  creates (a default AWS or GCE disk size won't work -- see
+  [#6243](https://github.com/go-gitea/gitea/issues/6243)).
+- Change into the base directory of your copy of the gitea repository,
+  and run `drone exec --event pull_request`.
+- At the moment `drone exec` doesn't support the Docker Toolbox on Windows 10
+  (see [drone-cli#135](https://github.com/drone/drone-cli/issues/135))

-|                       |                                                                   |
-| :-------------------- | :---------------------------------------------------------------- |
-|``make lint``          | lint everything (not suggest if you only change one type code)    |
-|``make lint-frontend`` | lint frontend files  |
-|``make lint-backend``  | lint backend files   |
-
- run test code (Suggest run in Linux)  
-
-|                                        |                                                  |
-| :------------------------------------- | :----------------------------------------------- |
-|``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
-|[More details about integrations](integrations/README.md)  |
+The drone version, command line, and disk requirements do change over
+time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
+[#6243](https://github.com/go-gitea/gitea/issues/6243)); if you
+discover any issues, please feel free to send us a pull request to
+update these instructions.

 ## Vendoring

-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
+We keep a cached copy of dependencies within the `vendor/` directory,
+managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).

-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
+Pull requests should only include `vendor/` updates if they are part of
 the same change, be it a bugfix or a feature addition.

-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
+The `vendor/` update needs to be justified as part of the PR description,
 and must be verified by the reviewers and/or merger to always reference
 an existing upstream commit.

@@ -105,7 +106,7 @@ You can find more information on how to get started with it on the [Modules Wiki
 ## Translation

 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
+The only translation that is maintained in this git repository is
 [`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
 and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
@@ -113,7 +114,15 @@ included in the next released version.

 ## Building Gitea

-See the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/).
+Generally, the go build tools are installed as-needed in the `Makefile`.
+An exception are the tools to build the CSS, JS and images.
+
+- To build CSS and JS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 10.0 or above
+  with `npm` and then run `npm install`, `make css` and `make js`.
+- To build Images: ImageMagick, inkscape and zopflipng binaries must be
+  available in your `PATH` to run `make generate-images`.
+
+For more details on how to generate files, build and test Gitea, see the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/)

 ## Code review

@@ -156,10 +165,10 @@ import (

 ## Design guideline

-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
+To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:

 - **integration:** Integrations tests
- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
+- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependecies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
 - **modules:** Different modules to handle specific functionality in Gitea.
@@ -182,16 +191,16 @@ The same applies to status responses. If you notice a problem, feel free to leav
 All expected results (errors, success, fail messages) should be documented
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).

-All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
+All JSON input types must be defined as a struct in `models/structs/`
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
 [routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).

-All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
+All JSON responses must be defined as a struct in `models/structs/`
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
-and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
+and referenced in its category in `routers/api/v1/swagger/`
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
@@ -200,16 +209,12 @@ In general, HTTP methods are chosen as follows:
 * **GET** endpoints return requested object and status **OK (200)**
 * **DELETE** endpoints return status **No Content (204)**
 * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
+ * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Obejcts (e.g. User) to something (e.g. Org-Team)
 * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object


 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).

-### Endpoints returning lists should
- * support pagination (`page` & `limit` options in query)
- * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
-

 ## Developer Certificate of Origin (DCO)

@@ -222,7 +227,7 @@ Additionally you could add a line at the end of your commit message.
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```

-If you set your `user.name` and `user.email` Git configs, you can add the
+If you set your `user.name` and `user.email` git configs, you can add the
 line to the end of your commit automatically with `git commit -s`.

 We assume in good faith that the information you provide is legally binding.
@@ -231,18 +236,18 @@ We assume in good faith that the information you provide is legally binding.

 We adopted a release schedule to streamline the process of working
 on, finishing, and issuing releases. The overall goal is to make a
-minor release every three or four months, which breaks down into two or three months of
+minor release every two months, which breaks down into one month of
 general development followed by one month of testing and polishing
 known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
-are made during this period for user testing to
+merged in the first month of one release period. And, during the frozen
+period, a corresponding release branch is open for fixes backported from
+master. Release candidates are made during this period for user testing to
 obtain a final version that is maintained in this branch. A release is
 maintained by issuing patch releases to only correct critical problems
 such as crashes or security issues.

-Major release cycles are seasonal. They always begin on the 25th and end on
-the 24th (i.e., the 25th of December to March 24th).
+Major release cycles are bimonthly. They always begin on the 25th and end on
+the 24th (i.e., the 25th of December to February 24th).

 During a development cycle, we may also publish any necessary minor releases
 for the previous version. For example, if the latest, published release is
@@ -267,7 +272,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
 For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
+if possible provide gpg signed commits.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/

@@ -298,45 +303,35 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:

-* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-
-* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
-* 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-
-* 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
-
-* 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
-
 * 2016-11-04 ~ 2017-12-31
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

+* 2018-01-01 ~ 2018-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+
+* 2019-01-01 ~ 2019-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+
+* 2020-01-01 ~ 2020-12-31
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+
 ## Versions

-Gitea has the `main` branch as a tip branch and has version branches
+Gitea has the `master` branch as a tip branch and has version branches
 such as `release/v0.9`. `release/v0.9` is a release branch and we will
 tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
 pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
+after bringing the bug fix also to the master branch.

-Since the `main` branch is a tip version, if you wish to use Gitea
+Since the `master` branch is a tip version, if you wish to use Gitea
 in production, please download the latest release tag version. All the
 branches will be protected via GitHub, all the PRs to every branch must
 be reviewed by two maintainers and must pass the automatic tests.
@@ -344,14 +339,14 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea

 * Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
-* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
-* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-* If needed send PR for changelog on branch `main`.
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
+* If needed send PR for changelog on branch `master`.
 * Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.

 ## Copyright
@@ -359,7 +354,7 @@ be reviewed by two maintainers and must pass the automatic tests.
 Code that you contribute should use the standard copyright header:

 ```
-// Copyright 2020 The Gitea Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/22
+++ b/22
@@ -1,15 +1,14 @@

 ###################################
-#Build stage - temporarily using techknowlogick image until we upgrade to latest official alpine/go image
-FROM techknowlogick/go:1.17-alpine3.13 AS build-env
+#Build stage
+FROM golang:1.13-alpine3.11 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}

 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata timetzdata $TAGS"
-ARG CGO_EXTRA_CFLAGS
+ENV TAGS "bindata $TAGS"

 #Build deps
 RUN apk --no-cache add build-base git nodejs npm
@@ -20,12 +19,9 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea

 #Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean-all build
+ && make clean build

-# Begin env-to-ini build
-RUN go build contrib/environment-to-ini/environment-to-ini.go
-
-FROM alpine:3.13
+FROM alpine:3.11
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -41,7 +37,7 @@ RUN apk --no-cache add \
    s6 \
    sqlite \
    su-exec \
-    gnupg
+    tzdata

 RUN addgroup \
    -S -g 1000 \
@@ -53,7 +49,7 @@ RUN addgroup \
    -u 1000 \
    -G git \
    git && \
-  echo "git:*" | chpasswd -e
+  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd

 ENV USER git
 ENV GITEA_CUSTOM /data/gitea
@@ -65,6 +61,4 @@ CMD ["/bin/s6-svscan", "/etc/s6"]

 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,75 +0,0 @@
-
-###################################
-#Build stage - temporarily using techknowlogick image until we upgrade to latest official alpine/go image
-FROM techknowlogick/go:1.17-alpine3.13 AS build-env
-
-ARG GOPROXY
-ENV GOPROXY ${GOPROXY:-direct}
-
-ARG GITEA_VERSION
-ARG TAGS="sqlite sqlite_unlock_notify"
-ENV TAGS "bindata timetzdata $TAGS"
-ARG CGO_EXTRA_CFLAGS
-
-#Build deps
-RUN apk --no-cache add build-base git nodejs npm
-
-#Setup repo
-COPY . ${GOPATH}/src/code.gitea.io/gitea
-WORKDIR ${GOPATH}/src/code.gitea.io/gitea
-
-#Checkout version if set
-RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean-all build
-
-# Begin env-to-ini build
-RUN go build contrib/environment-to-ini/environment-to-ini.go
-
-FROM alpine:3.13
-LABEL maintainer="maintainers@gitea.io"
-
-EXPOSE 2222 3000
-
-RUN apk --no-cache add \
-    bash \
-    ca-certificates \
-    gettext \
-    git \
-    curl \
-    gnupg
-
-RUN addgroup \
-    -S -g 1000 \
-    git && \
-  adduser \
-    -S -H -D \
-    -h /var/lib/gitea/git \
-    -s /bin/bash \
-    -u 1000 \
-    -G git \
-    git
-
-RUN mkdir -p /var/lib/gitea /etc/gitea
-RUN chown git:git /var/lib/gitea /etc/gitea
-
-COPY docker/rootless /
-COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
-COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-
-#git:git
-USER 1000:1000
-ENV GITEA_WORK_DIR /var/lib/gitea
-ENV GITEA_CUSTOM /var/lib/gitea/custom
-ENV GITEA_TEMP /tmp/gitea
-ENV TMPDIR /tmp/gitea
-
-#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
-ENV GITEA_APP_INI /etc/gitea/app.ini
-ENV HOME "/var/lib/gitea/git"
-VOLUME ["/var/lib/gitea", "/etc/gitea"]
-WORKDIR /var/lib/gitea
-
-ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
-CMD []
-
--- a/12
+++ b/12
@@ -1,4 +1,5 @@
 Alexey Makhov <amakhov@avito.ru> (@makhov)
+Andrey Nering <andrey.nering@gmail.com> (@andreynering)
 Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
 Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
 Kees de Vries <bouwko@gmail.com> (@Bwko)
@@ -35,14 +36,3 @@ Mura Li <typeless@ctli.io> (@typeless)
 6543 <6543@obermui.de> (@6543)
 jaqra <jaqra@hotmail.com> (@jaqra)
 David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)
-a1012112796 <1012112796@qq.com> (@a1012112796)
-Karl Heinz Marbaise <kama@soebes.de> (@khmarbaise)
-Norwin Roosen <git@nroo.de> (@noerw)
-Kyle Dumont <kdumontnu@gmail.com> (@kdumontnu)
-Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
-Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
-Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
-Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
-Leon Hofmeister <dev.lh@web.de> (@delvh) 
-Gusted <williamzijl7@hotmail.com) (@Gusted)
-singuliere <singuliere@autistici.org> (@singuliere)
--- a/680
+++ b/680
@@ -1,72 +1,33 @@
-ifeq ($(USE_REPO_TEST_DIR),1)
-
-# This rule replaces the whole Makefile when we're trying to use /tmp repository temporary files
-location = $(CURDIR)/$(word $(words $(MAKEFILE_LIST)),$(MAKEFILE_LIST))
-self := $(location)
-
-%:
-	@tmpdir=`mktemp --tmpdir -d` ; \
-	echo Using temporary directory $$tmpdir for test repositories ; \
-	USE_REPO_TEST_DIR= $(MAKE) -f $(self) --no-print-directory REPO_TEST_DIR=$$tmpdir/ $@ ; \
-	STATUS=$$? ; rm -r "$$tmpdir" ; exit $$STATUS
-
-else
-
-# This is the "normal" part of the Makefile
-
 DIST := dist
-DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
-export GO111MODULE=on
+export GO111MODULE=off

 GO ?= go
+SED_INPLACE := sed -i
 SHASUM ?= shasum -a 256
-HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
-COMMA := ,

-XGO_VERSION := go-1.17.x
-MIN_GO_VERSION := 001016000
-MIN_NODE_VERSION := 012017000
-MIN_GOLANGCI_LINT_VERSION := 001043000
-
-DOCKER_IMAGE ?= gitea/gitea
-DOCKER_TAG ?= latest
-DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
-
-ifeq ($(HAS_GO), GO)
-	GOPATH ?= $(shell $(GO) env GOPATH)
-	export PATH := $(GOPATH)/bin:$(PATH)
-
-	CGO_EXTRA_CFLAGS := -DSQLITE_MAX_VARIABLE_NUMBER=32766
-	CGO_CFLAGS ?= $(shell $(GO) env CGO_CFLAGS) $(CGO_EXTRA_CFLAGS)
-endif
+export PATH := $($(GO) env GOPATH)/bin:$(PATH)

 ifeq ($(OS), Windows_NT)
-	GOFLAGS := -v -buildmode=exe
-	EXECUTABLE ?= gitea.exe
-else ifeq ($(OS), Windows)
-	GOFLAGS := -v -buildmode=exe
 	EXECUTABLE ?= gitea.exe
 else
-	GOFLAGS := -v
 	EXECUTABLE ?= gitea
+	UNAME_S := $(shell uname -s)
+	ifeq ($(UNAME_S),Darwin)
+		SED_INPLACE := sed -i ''
+	endif
+	ifeq ($(UNAME_S),FreeBSD)
+		SED_INPLACE := sed -i ''
+	endif
 endif

-ifeq ($(shell sed --version 2>/dev/null | grep -q GNU && echo gnu),gnu)
-	SED_INPLACE := sed -i
-else
-	SED_INPLACE := sed -i ''
-endif
+GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go")
+GOFMT ?= gofmt -s

+GOFLAGS := -v
 EXTRA_GOFLAGS ?=

 MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
-MAKE_EVIDENCE_DIR := .make_evidence
-
-ifeq ($(RACE_ENABLED),true)
-	GOFLAGS += -race
-	GOTESTFLAGS += -race
-endif

 STORED_VERSION_FILE := VERSION

@@ -77,7 +38,7 @@ else
 	ifneq ($(DRONE_BRANCH),)
 		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
-		VERSION ?= main
+		VERSION ?= master
 	endif

 	STORED_VERSION=$(shell cat $(STORED_VERSION_FILE) 2>/dev/null)
@@ -90,47 +51,28 @@ endif

 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"

-LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64
+PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell GO111MODULE=on $(GO) list -mod=vendor ./... | grep -v /vendor/)))

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
-
-FOMANTIC_WORK_DIR := web_src/fomantic
-
-WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
-WEBPACK_CONFIGS := webpack.config.js
-WEBPACK_DEST := public/js/index.js public/css/index.css
-WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
+GO_SOURCES ?= $(shell find . -name "*.go" -type f)
+JS_SOURCES ?= $(shell find web_src/js web_src/css -type f)
+CSS_SOURCES ?= $(shell find web_src/less -type f)

+JS_DEST := public/js/index.js
+CSS_DEST := public/css/index.css
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
-BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))

-SVG_DEST_DIR := public/img/svg
-
-AIR_TMP_DIR := .air
+JS_DEST_DIR := public/js
+CSS_DEST_DIR := public/css

 TAGS ?=
-TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
-TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags

-TEST_TAGS ?= sqlite sqlite_unlock_notify
+TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')

-TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)
-
-GO_DIRS := cmd integrations models modules routers build services tools
-
-GO_SOURCES := $(wildcard *.go)
-GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
-
-ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
-	GO_SOURCES += $(BINDATA_DEST)
-endif
-
-#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
-SWAGGER := $(GO) run github.com/go-swagger/go-swagger/cmd/swagger
+#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.20.1
+SWAGGER := GO111MODULE=on $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
-SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
-SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
-SWAGGER_EXCLUDE := code.gitea.io/sdk
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
 SWAGGER_NEWLINE_COMMAND := -e '$$a\'

 TEST_MYSQL_HOST ?= mysql:3306
@@ -145,57 +87,45 @@ TEST_PGSQL_HOST ?= pgsql:5432
 TEST_PGSQL_DBNAME ?= testgitea
 TEST_PGSQL_USERNAME ?= postgres
 TEST_PGSQL_PASSWORD ?= postgres
-TEST_PGSQL_SCHEMA ?= gtestschema
 TEST_MSSQL_HOST ?= mssql:1433
 TEST_MSSQL_DBNAME ?= gitea
 TEST_MSSQL_USERNAME ?= sa
 TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1

+# $(call strip-suffix,filename)
+strip-suffix = $(firstword $(subst ., ,$(1)))
+
 .PHONY: all
 all: build

+include docker/Makefile
+
 .PHONY: help
 help:
 	@echo "Make Routines:"
-	@echo " - \"\"                               equivalent to \"build\""
-	@echo " - build                            build everything"
-	@echo " - frontend                         build frontend files"
-	@echo " - backend                          build backend files"
-	@echo " - watch                            watch everything and continuously rebuild"
-	@echo " - watch-frontend                   watch frontend files and continuously rebuild"
-	@echo " - watch-backend                    watch backend files and continuously rebuild"
-	@echo " - clean                            delete backend and integration files"
-	@echo " - clean-all                        delete backend, frontend and integration files"
-	@echo " - lint                             lint everything"
-	@echo " - lint-frontend                    lint frontend files"
-	@echo " - lint-backend                     lint backend files"
-	@echo " - checks                           run various consistency checks"
-	@echo " - checks-frontend                  check frontend files"
-	@echo " - checks-backend                   check backend files"
-	@echo " - test                             test everything"
-	@echo " - test-frontend                    test frontend files"
-	@echo " - test-backend                     test backend files"
-	@echo " - webpack                          build webpack files"
-	@echo " - svg                              build svg files"
-	@echo " - fomantic                         build fomantic files"
-	@echo " - generate                         run \"go generate\""
-	@echo " - fmt                              format the Go code"
-	@echo " - generate-license                 update license files"
-	@echo " - generate-gitignore               update gitignore files"
-	@echo " - generate-manpage                 generate manpage"
-	@echo " - generate-swagger                 generate the swagger spec from code comments"
-	@echo " - swagger-validate                 check if the swagger spec is valid"
-	@echo " - golangci-lint                    run golangci-lint linter"
-	@echo " - vet                              examines Go source code and reports suspicious constructs"
-	@echo " - test[\#TestSpecificName]    	    run unit test"
-	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
-	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"
+	@echo " - \"\"                equivalent to \"build\""
+	@echo " - build             build everything"
+	@echo " - frontend          build frontend files"
+	@echo " - backend           build backend files"
+	@echo " - clean             delete backend and integration files"
+	@echo " - clean-all         delete backend, frontend and integration files"
+	@echo " - css               rebuild only css files"
+	@echo " - js                rebuild only js files"
+	@echo " - generate          run \"go generate\""
+	@echo " - fmt               format the Go code"
+	@echo " - generate-swagger  generate the swagger spec from code comments"
+	@echo " - swagger-validate  check if the swagger spec is valide"
+	@echo " - revive            run code linter revive"
+	@echo " - misspell          check if a word is written wrong"
+	@echo " - vet               examines Go source code and reports suspicious constructs"
+	@echo " - test              run unit test"
+	@echo " - test-sqlite       run integration test for sqlite"

 .PHONY: go-check
 go-check:
-	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
-	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go 1.16 or greater to build. You can get it at https://golang.org/dl/"; \
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell go version | grep -Eo '[0-9]+\.?[0-9]+?\.?[0-9]?[[:space:]]' | tr '.' ' ');))
+	@if [ "$(GO_VERSION)" -lt "001011000" ]; then \
+		echo "Gitea requires Go 1.11.0 or greater to build. You can get it at https://golang.org/dl/"; \
 		exit 1; \
 	fi

@@ -208,50 +138,37 @@ git-check:

 .PHONY: node-check
 node-check:
-	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | tr '.' ' ');))
-	$(eval MIN_NODE_VER_FMT := $(shell printf "%g.%g.%g" $(shell echo $(MIN_NODE_VERSION) | grep -o ...)))
+	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | grep -Eo '[0-9]+\.?[0-9]+?\.?[0-9]?' | tr '.' ' ');))
 	$(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1))
-	@if [ "$(NODE_VERSION)" -lt "$(MIN_NODE_VERSION)" -o "$(NPM_MISSING)" = "1" ]; then \
-		echo "Gitea requires Node.js $(MIN_NODE_VER_FMT) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
+	@if [ "$(NODE_VERSION)" -lt "010000000" -o "$(NPM_MISSING)" = "1" ]; then \
+		echo "Gitea requires Node.js 10.0.0 or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
 		exit 1; \
 	fi

 .PHONY: clean-all
 clean-all: clean
-	rm -rf $(WEBPACK_DEST_ENTRIES) node_modules
+	rm -rf $(JS_DEST_DIR) $(CSS_DEST_DIR)

 .PHONY: clean
 clean:
 	$(GO) clean -i ./...
-	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
+	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) \
 		integrations*.test \
 		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
 		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini

 .PHONY: fmt
 fmt:
-	@echo "Running gitea-fmt(with gofmt)..."
-	@$(GO) run build/code-batch-process.go gitea-fmt -s -w '{file-list}'
+	$(GOFMT) -w $(GOFILES)

 .PHONY: vet
 vet:
-	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
-	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)
-
-.PHONY: $(TAGS_EVIDENCE)
-$(TAGS_EVIDENCE):
-	@mkdir -p $(MAKE_EVIDENCE_DIR)
-	@echo "$(TAGS)" > $(TAGS_EVIDENCE)
-
-ifneq "$(TAGS)" "$(shell cat $(TAGS_EVIDENCE) 2>/dev/null)"
-TAGS_PREREQ := $(TAGS_EVIDENCE)
-endif
+	$(GO) vet $(PACKAGES)

 .PHONY: generate-swagger
 generate-swagger:
-	$(SWAGGER) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
+	$(SWAGGER) generate spec -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'

@@ -262,7 +179,7 @@ swagger-check: generate-swagger
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi
+	fi;

 .PHONY: swagger-validate
 swagger-validate:
@@ -273,444 +190,356 @@ swagger-validate:
 .PHONY: errcheck
 errcheck:
 	@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install github.com/kisielk/errcheck@8ddee489636a8311a376fc92e27a6a13c6658344; \
+		$(GO) get -u github.com/kisielk/errcheck; \
 	fi
-	@echo "Running errcheck..."
-	@errcheck $(GO_PACKAGES)
+	errcheck $(PACKAGES)
+
+.PHONY: lint
+lint:
+	@echo 'make lint is depricated. Use "make revive" if you want to use the old lint tool, or "make golangci-lint" to run a complete code check.'
+
+.PHONY: revive
+revive:
+	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/mgechev/revive; \
+	fi
+	revive -config .revive.toml -exclude=./vendor/... ./... || exit 1
+
+.PHONY: misspell-check
+misspell-check:
+	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
+	fi
+	misspell -error -i unknwon,destory $(GOFILES)
+
+.PHONY: misspell
+misspell:
+	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
+	fi
+	misspell -w -i unknwon $(GOFILES)

 .PHONY: fmt-check
 fmt-check:
-	# get all go files and run gitea-fmt (with gofmt) on them
-	@diff=$$($(GO) run build/code-batch-process.go gitea-fmt -s -d '{file-list}'); \
+	# get all go files and run go fmt on them
+	@diff=$$($(GOFMT) -d $(GOFILES)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi
-
-.PHONY: checks
-checks: checks-frontend checks-backend
-
-.PHONY: checks-frontend
-checks-frontend: lockfile-check svg-check
-
-.PHONY: checks-backend
-checks-backend: gomod-check swagger-check swagger-validate
-
-.PHONY: lint
-lint: lint-frontend lint-backend
-
-.PHONY: lint-frontend
-lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
-	npx stylelint --color --max-warnings=0 web_src/less
-	npx editorconfig-checker templates
-
-.PHONY: lint-backend
-lint-backend: golangci-lint vet
-
-.PHONY: watch
-watch:
-	bash tools/watch.sh
-
-.PHONY: watch-frontend
-watch-frontend: node-check node_modules
-	rm -rf $(WEBPACK_DEST_ENTRIES)
-	NODE_ENV=development npx webpack --watch --progress
-
-.PHONY: watch-backend
-watch-backend: go-check
-	@hash air > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install github.com/cosmtrek/air@bedc18201271882c2be66d216d0e1a275b526ec4; \
-	fi
-	air -c .air.toml
+	fi;

 .PHONY: test
-test: test-frontend test-backend
-
-.PHONY: test-backend
-test-backend:
-	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)
-
-.PHONY: test-frontend
-test-frontend: node_modules
-	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color
-
-.PHONY: test-check
-test-check:
-	@echo "Running test-check...";
-	@diff=$$(git status -s); \
-	if [ -n "$$diff" ]; then \
-		echo "make test-backend has changed files in the source tree:"; \
-		echo "$${diff}"; \
-		echo "You should change the tests to create these files in a temporary directory."; \
-		echo "Do not simply add these files to .gitignore"; \
-		exit 1; \
-	fi
+test:
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' $(PACKAGES)

 .PHONY: test\#%
 test\#%:
-	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' -run $* $(PACKAGES)

 .PHONY: coverage
 coverage:
-	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
-	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
+	@hash gocovmerge > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/wadey/gocovmerge; \
+	fi
+	gocovmerge integration.coverage.out $(shell find . -type f -name "coverage.out") > coverage.all;\

 .PHONY: unit-test-coverage
 unit-test-coverage:
-	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: vendor
 vendor:
-	$(GO) mod tidy && $(GO) mod vendor
+	GO111MODULE=on $(GO) mod tidy && GO111MODULE=on $(GO) mod vendor

-.PHONY: gomod-check
-gomod-check:
-	@$(GO) mod tidy
-	@diff=$$(git diff go.sum); \
+.PHONY: test-vendor
+test-vendor: vendor
+	@diff=$$(git diff vendor/); \
 	if [ -n "$$diff" ]; then \
-		echo "Please run '$(GO) mod tidy' and commit the result:"; \
+		echo "Please run 'make vendor' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
-	fi
-
-generate-ini-sqlite:
-	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-			integrations/sqlite.ini.tmpl > integrations/sqlite.ini
+	fi;

 .PHONY: test-sqlite
-test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test
+test-sqlite: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test

 .PHONY: test-sqlite\#%
-test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+test-sqlite\#%: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $*

 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test

 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
-		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 			integrations/mysql.ini.tmpl > integrations/mysql.ini

 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test

 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $*

 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
+

 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
 		-e 's|{{TEST_MYSQL8_DBNAME}}|${TEST_MYSQL8_DBNAME}|g' \
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
-		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 			integrations/mysql8.ini.tmpl > integrations/mysql8.ini

 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test

 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $*

 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
+

 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
 		-e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \
 		-e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
-		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
-		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 			integrations/pgsql.ini.tmpl > integrations/pgsql.ini

 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test

 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $*

 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
+

 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
 		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
-		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
 			integrations/mssql.ini.tmpl > integrations/mssql.ini

 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test

 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $*

 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.individual.mssql.test -test.failfast
+test-mssql-migration: migrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test
+

 .PHONY: bench-sqlite
-bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+bench-sqlite: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+

 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

-integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
+integrations.mysql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test

-integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
+integrations.mysql8.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql8.test

-integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
+integrations.pgsql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.pgsql.test

-integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
+integrations.mssql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test

-integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+integrations.sqlite.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test

 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test

 .PHONY: migrations.mysql8.test
 migrations.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test

 .PHONY: migrations.pgsql.test
 migrations.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test

 .PHONY: migrations.mssql.test
 migrations.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test

 .PHONY: migrations.sqlite.test
 migrations.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
-
-.PHONY: migrations.individual.mysql.test
-migrations.individual.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test
-
-.PHONY: migrations.individual.mysql8.test
-migrations.individual.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test
-
-.PHONY: migrations.individual.pgsql.test
-migrations.individual.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test
-
-.PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test
-
-.PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 .PHONY: check
 check: test

-.PHONY: install $(TAGS_PREREQ)
+.PHONY: install
 install: $(wildcard *.go)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'
+	$(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'

 .PHONY: build
 build: frontend backend

 .PHONY: frontend
-frontend: $(WEBPACK_DEST)
+frontend: node-check js css

 .PHONY: backend
 backend: go-check generate $(EXECUTABLE)

 .PHONY: generate
-generate: $(TAGS_PREREQ)
-	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
+generate:
+	GO111MODULE=on $(GO) generate -mod=vendor $(PACKAGES)

-$(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+$(EXECUTABLE): $(GO_SOURCES)
+	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-dirs release-windows release-linux release-darwin release-copy release-compress release-sources release-check

-$(DIST_DIRS):
-	mkdir -p $(DIST_DIRS)
+.PHONY: release-dirs
+release-dirs:
+	mkdir -p $(DIST)/binaries $(DIST)/release

 .PHONY: release-windows
-release-windows: | $(DIST_DIRS)
+release-windows:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install src.techknowlogick.com/xgo@latest; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
-ifeq (,$(findstring gogit,$(TAGS)))
-	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
-endif
+	xgo -go go-1.13 -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
-release-linux: | $(DIST_DIRS)
+release-linux:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install src.techknowlogick.com/xgo@latest; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+	xgo -go go-1.13 -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/mips64le,linux/mips,linux/mipsle' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
-release-darwin: | $(DIST_DIRS)
+release-darwin:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install src.techknowlogick.com/xgo@latest; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
+	xgo -go go-1.13 -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
-release-copy: | $(DIST_DIRS)
+release-copy:
 	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
-release-check: | $(DIST_DIRS)
+release-check:
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;

 .PHONY: release-compress
-release-compress: | $(DIST_DIRS)
+release-compress:
 	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) install github.com/ulikunitz/xz/cmd/gxz@v0.5.10; \
+		$(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
 	fi
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;

 .PHONY: release-sources
-release-sources: | $(DIST_DIRS)
+release-sources: | node_modules
 	echo $(VERSION) > $(STORED_VERSION_FILE)
-# bsdtar needs a ^ to prevent matching subdirectories
-	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	tar --exclude=./$(DIST) --exclude=./.git --exclude=./node_modules/.cache -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

-.PHONY: release-docs
-release-docs: | $(DIST_DIRS) docs
-	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs/public .
-
-.PHONY: docs
-docs:
-	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
-	fi
-	cd docs; make trans-copy clean build-offline;
-
 node_modules: package-lock.json
 	npm install --no-save
-	@touch node_modules

 .PHONY: npm-update
-npm-update: node-check | node_modules
+npm-update: node-check node_modules
 	npx updates -cu
 	rm -rf node_modules package-lock.json
 	npm install --package-lock
-	@touch node_modules

-.PHONY: fomantic
-fomantic:
-	rm -rf $(FOMANTIC_WORK_DIR)/build
-	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
-	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
-	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
-	cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
-	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
-	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*
+.PHONY: js
+js: node-check $(JS_DEST)

-.PHONY: webpack
-webpack: $(WEBPACK_DEST)
-
-$(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json
-	@$(MAKE) -s node-check node_modules
-	rm -rf $(WEBPACK_DEST_ENTRIES)
+$(JS_DEST): node_modules $(JS_SOURCES)
+	npx eslint web_src/js webpack.config.js
 	npx webpack
-	@touch $(WEBPACK_DEST)

-.PHONY: svg
-svg: node-check | node_modules
-	rm -rf $(SVG_DEST_DIR)
-	node build/generate-svg.js
+.PHONY: css
+css: node-check $(CSS_DEST)

-.PHONY: svg-check
-svg-check: svg
-	@git add $(SVG_DEST_DIR)
-	@diff=$$(git diff --cached $(SVG_DEST_DIR)); \
-	if [ -n "$$diff" ]; then \
-		echo "Please run 'make svg' and 'git add $(SVG_DEST_DIR)' and commit the result:"; \
-		echo "$${diff}"; \
-		exit 1; \
-	fi
+$(CSS_DEST): node_modules $(CSS_SOURCES)
+	npx stylelint web_src/less
+	npx lessc web_src/less/index.less public/css/index.css
+	$(foreach file, $(filter-out web_src/less/themes/_base.less, $(wildcard web_src/less/themes/*)),npx lessc web_src/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
+	npx postcss --use autoprefixer --use cssnano --no-map --replace public/css/*

-.PHONY: lockfile-check
-lockfile-check:
-	npm install --package-lock-only
-	@diff=$$(git diff package-lock.json); \
-	if [ -n "$$diff" ]; then \
-		echo "package-lock.json is inconsistent with package.json"; \
-		echo "Please run 'npm install --package-lock-only' and commit the result:"; \
-		echo "$${diff}"; \
-		exit 1; \
-	fi
+.PHONY: javascripts
+javascripts:
+	echo "'make javascripts' is deprecated, please use 'make js'"
+	$(MAKE) js
+
+.PHONY: stylesheets-check
+stylesheets-check:
+	echo "'make stylesheets-check' is deprecated, please use 'make css'"
+	$(MAKE) css
+
+.PHONY: generate-stylesheets
+generate-stylesheets:
+	echo "'make generate-stylesheets' is deprecated, please use 'make css'"
+	$(MAKE) css
+
+.PHONY: swagger-ui
+swagger-ui:
+	rm -Rf public/vendor/assets/swagger-ui
+	git clone --depth=10 -b v3.13.4 --single-branch https://github.com/swagger-api/swagger-ui.git $(TMPDIR)/swagger-ui
+	mv $(TMPDIR)/swagger-ui/dist public/vendor/assets/swagger-ui
+	rm -Rf $(TMPDIR)/swagger-ui
+	$(SED_INPLACE) "s;http://petstore.swagger.io/v2/swagger.json;../../../swagger.v1.json;g" public/vendor/assets/swagger-ui/index.html

 .PHONY: update-translations
 update-translations:
@@ -722,57 +551,42 @@ update-translations:
 	mv ./translations/*.ini ./options/locale/
 	rmdir ./translations

-.PHONY: generate-license
-generate-license:
-	GO111MODULE=on $(GO) run build/generate-licenses.go
-
-.PHONY: generate-gitignore
-generate-gitignore:
-	GO111MODULE=on $(GO) run build/generate-gitignores.go
-
 .PHONY: generate-images
-generate-images: | node_modules
-	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
-	node build/generate-images.js $(TAGS)
+generate-images:
+	mkdir -p $(TMPDIR)/images
+	inkscape -f $(PWD)/assets/logo.svg -w 880 -h 880 -e $(PWD)/public/img/gitea-lg.png
+	inkscape -f $(PWD)/assets/logo.svg -w 512 -h 512 -e $(PWD)/public/img/gitea-512.png
+	inkscape -f $(PWD)/assets/logo.svg -w 192 -h 192 -e $(PWD)/public/img/gitea-192.png
+	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer1 -e $(TMPDIR)/images/sm-1.png
+	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer2 -e $(TMPDIR)/images/sm-2.png
+	composite -compose atop $(TMPDIR)/images/sm-2.png $(TMPDIR)/images/sm-1.png $(PWD)/public/img/gitea-sm.png
+	inkscape -f $(PWD)/assets/logo.svg -w 200 -h 200 -e $(PWD)/public/img/avatar_default.png
+	inkscape -f $(PWD)/assets/logo.svg -w 180 -h 180 -e $(PWD)/public/img/favicon.png
+	inkscape -f $(PWD)/assets/logo.svg -w 128 -h 128 -e $(TMPDIR)/images/128-raw.png
+	inkscape -f $(PWD)/assets/logo.svg -w 64 -h 64 -e $(TMPDIR)/images/64-raw.png
+	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer1 -e $(TMPDIR)/images/32-1.png
+	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer2 -e $(TMPDIR)/images/32-2.png
+	composite -compose atop $(TMPDIR)/images/32-2.png $(TMPDIR)/images/32-1.png $(TMPDIR)/images/32-raw.png
+	inkscape -f $(PWD)/assets/logo.svg -w 16 -h 16 -jC -i layer1 -e $(TMPDIR)/images/16-raw.png
+	zopflipng -m -y $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
+	zopflipng -m -y $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
+	zopflipng -m -y $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
+	zopflipng -m -y $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
+	rm -f $(TMPDIR)/images/*-*.png
+	convert $(TMPDIR)/images/16.png $(TMPDIR)/images/32.png \
+					$(TMPDIR)/images/64.png $(TMPDIR)/images/128.png \
+					$(PWD)/public/img/favicon.ico
+	rm -rf $(TMPDIR)/images
+	$(foreach file, $(shell find public/img -type f -name '*.png'),zopflipng -m -y $(file) $(file);)

-.PHONY: generate-manpage
-generate-manpage:
-	@[ -f gitea ] || make backend
-	@mkdir -p man/man1/ man/man5
-	@./gitea docs --man > man/man1/gitea.1
-	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
-	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page
-
-.PHONY: pr\#%
-pr\#%: clean-all
-	$(GO) run contrib/pr/checkout.go $*
+.PHONY: pr
+pr:
+	$(GO) run contrib/pr/checkout.go $(PR)

 .PHONY: golangci-lint
-golangci-lint: golangci-lint-check
-	golangci-lint run --timeout 10m
-
-.PHONY: golangci-lint-check
-golangci-lint-check:
-	$(eval GOLANGCI_LINT_VERSION := $(shell printf "%03d%03d%03d" $(shell golangci-lint --version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
-	$(eval MIN_GOLANGCI_LINT_VER_FMT := $(shell printf "%g.%g.%g" $(shell echo $(MIN_GOLANGCI_LINT_VERSION) | grep -o ...)))
+golangci-lint:
 	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		echo "Downloading golangci-lint v${MIN_GOLANGCI_LINT_VER_FMT}"; \
 		export BINARY="golangci-lint"; \
-		curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/v${MIN_GOLANGCI_LINT_VER_FMT}/install.sh" | sh -s -- -b $(GOPATH)/bin v$(MIN_GOLANGCI_LINT_VER_FMT); \
-	elif [ "$(GOLANGCI_LINT_VERSION)" -lt "$(MIN_GOLANGCI_LINT_VERSION)" ]; then \
-		echo "Downloading newer version of golangci-lint v${MIN_GOLANGCI_LINT_VER_FMT}"; \
-		export BINARY="golangci-lint"; \
-		curl -sfL "https://raw.githubusercontent.com/golangci/golangci-lint/v${MIN_GOLANGCI_LINT_VER_FMT}/install.sh" | sh -s -- -b $(GOPATH)/bin v$(MIN_GOLANGCI_LINT_VER_FMT); \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.20.0; \
 	fi
-
-.PHONY: docker
-docker:
-	docker build --disable-content-trust=false -t $(DOCKER_REF) .
-# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .
-
-.PHONY: docker-build
-docker-build:
-	docker run -ti --rm -v "$(CURDIR):/srv/app/src/code.gitea.io/gitea" -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" CGO_EXTRA_CFLAGS="$(CGO_EXTRA_CFLAGS)" webhippie/golang:edge make clean build
-
-# This endif closes the if at the top of the file
-endif
+	golangci-lint run --timeout 5m
--- a/README.md
+++ b/README.md
@@ -1,52 +1,18 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+[简体中文](README_ZH.md)

-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+<h1> <img src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png" alt="logo" width="30" height="30"> Gitea - Git with a cup of tea</h1>

-<p align="center">
-  <a href="README_ZH.md">View the chinese version of this document</a>
-</p>
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
+[![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
+[![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
+[![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
+[![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
+[![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

 ## Purpose

@@ -67,18 +33,14 @@ From the root of the source tree, run:

    TAGS="bindata" make build

-or if SQLite support is required:
-
-    TAGS="bindata sqlite sqlite_unlock_notify" make build
-
 The `build` target is split into two sub-targets:

- `make backend` which requires [Go 1.16](https://golang.org/dl/) or greater.
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
+- `make backend` which requires [Go 1.11](https://golang.org/dl/) or greater.
+- `make frontend` which requires [Node.js 10.0.0](https://nodejs.org/en/download/) or greater.

-When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.
+If pre-built frontend files are present it is possible to only build the backend:

-Parallelism (`make -j <num>`) is not supported.
+    TAGS="bindata" make backend

 More info: https://docs.gitea.io/en-us/install-from-source/

@@ -98,24 +60,13 @@ NOTES:
 1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
 2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!

-## Translating
-
-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 
-
-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.
-
-https://docs.gitea.io/en-us/translation-guidelines/
-
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
 ## Further information

-For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
-If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).
-
-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
-The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
-The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
+For more information and instructions about how to install Gitea, please look
+at our [documentation](https://docs.gitea.io/en-us/). If you have questions
+that are not covered by the documentation, you can get in contact with us on
+our [Discord server](https://discord.gg/NsatcWJ),
+or [forum](https://discourse.gitea.io/)!

 ## Authors

@@ -157,7 +108,7 @@ We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
 ## License

 This project is licensed under the MIT License.
-See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
+See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file
 for the full license text.

 ## Screenshots
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -1,52 +1,18 @@
-<p align="center">
-  <a href="https://gitea.io/">
-    <img alt="Gitea" src="https://raw.githubusercontent.com/go-gitea/gitea/main/public/img/gitea.svg" width="220"/>
-  </a>
-</p>
-<h1 align="center">Gitea - Git with a cup of tea</h1>
+[English](README.md)

-<p align="center">
-  <a href="https://drone.gitea.io/go-gitea/gitea" title="Build Status">
-    <img src="https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg?ref=refs/heads/main">
-  </a>
-  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
-    <img src="https://img.shields.io/discord/322538954119184384.svg">
-  </a>
-  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
-    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
-  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
-    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
-  </a>
-  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
-  </a>
-  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
-    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
-  </a>
-  <a href="https://www.codetriage.com/go-gitea/gitea" title="Help Contribute to Open Source">
-    <img src="https://www.codetriage.com/go-gitea/gitea/badges/users.svg">
-  </a>
-  <a href="https://opencollective.com/gitea" title="Become a backer/sponsor of gitea">
-    <img src="https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen">
-  </a>
-  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
-    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
-  </a>
-  <a href="https://crowdin.com/project/gitea" title="Crowdin">
-    <img src="https://badges.crowdin.net/gitea/localized.svg">
-  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
-  </a>
-  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
-    <img src="https://img.shields.io/bountysource/team/gitea/activity">
-  </a>
-</p>
+<h1> <img src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png" alt="logo" width="30" height="30"> Gitea - Git with a cup of tea</h1>

-<p align="center">
-  <a href="README.md">View the english version of this document</a>
-</p>
+[![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
+[![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
+[![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
+[![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
+[![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
+[![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

 ## 目标

@@ -68,11 +34,6 @@ Gitea 的首要目标是创建一个极易安装，运行非常快速，安装

 Fork -> Patch -> Push -> Pull Request

-## 翻译
-
-多语言翻译是基于Crowdin进行的.
-[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
-
 ## 作者

 * [Maintainers](https://github.com/orgs/go-gitea/people)
@@ -81,7 +42,7 @@ Fork -> Patch -> Push -> Pull Request

 ## 授权许可

-本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) 文件中。
+本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) 文件中。

 ## 截图

--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,10 +0,0 @@
-# Reporting security issues
-
-The Gitea maintainers take security seriously.  
-If you discover a security issue, please bring it to their attention right away!
-
-### Reporting a Vulnerability
-
-Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.
-
-Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/logo.svg
+++ b/assets/logo.svg
@@ -1,31 +1,160 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<!-- Created with Inkscape (http://www.inkscape.org/) -->
+
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="512"
+   height="512"
+   viewBox="0 0 135.46667 135.46667"
+   version="1.1"
+   id="svg8"
+   sodipodi:docname="logo.svg"
+   inkscape:version="0.92.1 r15371"
+   inkscape:export-filename=""
+   inkscape:export-xdpi="48.000004"
+   inkscape:export-ydpi="48.000004">
+  <defs
+     id="defs2" />
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.70710678"
+     inkscape:cx="418.13805"
+     inkscape:cy="177.57445"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer2"
+     showgrid="false"
+     units="px"
+     width="256px"
+     showguides="false"
+     inkscape:window-width="1920"
+     inkscape:window-height="1137"
+     inkscape:window-x="1912"
+     inkscape:window-y="-8"
+     inkscape:window-maximized="1"
+     inkscape:pagecheckerboard="false"
+     inkscape:measure-start="283.373,243.952"
+     inkscape:measure-end="290.267,236.527">
+    <sodipodi:guide
+       position="0,0"
+       orientation="0,512"
+       id="guide3699"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,0"
+       orientation="-512,0"
+       id="guide3701"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="135.46667,135.46667"
+       orientation="0,-512"
+       id="guide3703"
+       inkscape:locked="false" />
+    <sodipodi:guide
+       position="0,135.46667"
+       orientation="512,0"
+       id="guide3705"
+       inkscape:locked="false" />
+  </sodipodi:namedview>
+  <metadata
+     id="metadata5">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(0,-161.53334)"
+     style="display:inline">
+    <path
+       style="fill:#609926;fill-opacity:1;stroke:#428f29;stroke-width:1;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1;stroke-miterlimit:4;stroke-dasharray:none"
+       d="m 27.709937,195.15095 c -9.546573,-0.0272 -22.3392732,6.79805 -21.6317552,23.90397 1.105534,26.72889 25.4565952,29.20839 35.1916502,29.42301 1.068023,5.01357 12.521798,22.30563 21.001818,23.21667 h 37.15277 c 22.27763,-1.66785 38.9607,-75.75671 26.59321,-76.03825 -46.781583,2.47691 -49.995146,2.13838 -88.599758,0 -2.495053,-0.0266 -5.972321,-0.49474 -9.707935,-0.5054 z m 2.491319,9.45886 c 1.351378,13.69267 3.555849,21.70359 8.018216,33.94345 -11.382872,-1.50473 -21.069822,-5.22443 -22.851515,-19.10984 -0.950962,-7.4112 2.390428,-15.16769 14.833299,-14.83361 z"
+       id="path3722"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="sscccccsccsc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer2"
+     inkscape:label="Layer 2"
+     style="display:inline">
+    <rect
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.24757317;stroke-opacity:1"
+       id="rect4599"
+       width="34.762054"
+       height="34.762054"
+       x="87.508659"
+       y="18.291576"
+       transform="rotate(25.914715)"
+       ry="5.4825778" />
+    <path
+       style="display:inline;fill:#ffffff;fill-opacity:1;stroke:none;stroke-width:0.26644793px;stroke-linecap:butt;stroke-linejoin:miter;stroke-opacity:1"
+       d="m 79.804947,57.359056 3.241146,1.609954 V 35.255731 h -3.262698 z"
+       id="path4525"
+       inkscape:connector-curvature="0"
+       sodipodi:nodetypes="ccccc" />
+  </g>
+  <g
+     inkscape:groupmode="layer"
+     id="layer3"
+     inkscape:label="Layer 3"
+     style="display:inline">
+    <g
+       style="display:inline"
+       id="g4539">
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="90.077766"
+         cx="49.064713"
+         id="path4606"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="102.1049"
+         cx="36.810425"
+         id="path4606-3"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <circle
+         transform="rotate(-19.796137)"
+         r="3.4745038"
+         cy="111.43928"
+         cx="46.484283"
+         id="path4606-1"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.26458332;stroke-opacity:1" />
+      <rect
+         transform="rotate(26.024158)"
+         y="18.061695"
+         x="97.333458"
+         height="27.261492"
+         width="2.6726954"
+         id="rect4629-8"
+         style="fill:#609926;fill-opacity:1;stroke:none;stroke-width:0.27444693;stroke-opacity:1" />
+      <path
+         sodipodi:nodetypes="cc"
+         inkscape:connector-curvature="0"
+         id="path4514"
+         d="m 76.558096,68.116343 c 12.97589,6.395378 13.012989,4.101862 4.890858,20.907244"
+         style="fill:none;stroke:#609926;stroke-width:2.68000007;stroke-linecap:butt;stroke-linejoin:miter;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
+    </g>
+  </g>
 </svg>
--- a/build.go
+++ b/build.go
@@ -1,25 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build vendor
-// +build vendor
-
-package main
-
-// Libraries that are included to vendor utilities used during build.
-// These libraries will not be included in a normal compilation.
-
-import (
-	// for embed
-	_ "github.com/shurcooL/vfsgen"
-
-	// for cover merge
-	_ "golang.org/x/tools/cover"
-
-	// for vet
-	_ "code.gitea.io/gitea-vet"
-
-	// for swagger
-	_ "github.com/go-swagger/go-swagger/cmd/swagger"
-)
--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,284 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"code.gitea.io/gitea/build/codeformat"
-)
-
-// Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
-
-// We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
-
-var optionLogVerbose bool
-
-func logVerbose(msg string, args ...interface{}) {
-	if optionLogVerbose {
-		log.Printf(msg, args...)
-	}
-}
-
-func passThroughCmd(cmd string, args []string) error {
-	foundCmd, err := exec.LookPath(cmd)
-	if err != nil {
-		log.Fatalf("can not find cmd: %s", cmd)
-	}
-	c := exec.Cmd{
-		Path:   foundCmd,
-		Args:   args,
-		Stdin:  os.Stdin,
-		Stdout: os.Stdout,
-		Stderr: os.Stderr,
-	}
-	return c.Run()
-}
-
-type fileCollector struct {
-	dirs            []string
-	includePatterns []*regexp.Regexp
-	excludePatterns []*regexp.Regexp
-	batchSize       int
-}
-
-func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error) {
-	co := &fileCollector{batchSize: batchSize}
-	if fileFilter == "go-own" {
-		co.dirs = []string{
-			"build",
-			"cmd",
-			"contrib",
-			"integrations",
-			"models",
-			"modules",
-			"routers",
-			"services",
-			"tools",
-		}
-		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
-
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`services/gitdiff/testdata`))
-	}
-
-	if co.dirs == nil {
-		return nil, fmt.Errorf("unknown file-filter: %s", fileFilter)
-	}
-	return co, nil
-}
-
-func (fc *fileCollector) matchPatterns(path string, regexps []*regexp.Regexp) bool {
-	path = strings.ReplaceAll(path, "\\", "/")
-	for _, re := range regexps {
-		if re.MatchString(path) {
-			return true
-		}
-	}
-	return false
-}
-
-func (fc *fileCollector) collectFiles() (res [][]string, err error) {
-	var batch []string
-	for _, dir := range fc.dirs {
-		err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
-			include := len(fc.includePatterns) == 0 || fc.matchPatterns(path, fc.includePatterns)
-			exclude := fc.matchPatterns(path, fc.excludePatterns)
-			process := include && !exclude
-			if !process {
-				if d.IsDir() {
-					if exclude {
-						logVerbose("exclude dir %s", path)
-						return filepath.SkipDir
-					}
-					// for a directory, if it is not excluded explicitly, we should walk into
-					return nil
-				}
-				// for a file, we skip it if it shouldn't be processed
-				logVerbose("skip process %s", path)
-				return nil
-			}
-			if d.IsDir() {
-				// skip dir, we don't add dirs to the file list now
-				return nil
-			}
-			if len(batch) >= fc.batchSize {
-				res = append(res, batch)
-				batch = nil
-			}
-			batch = append(batch, path)
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
-	}
-	res = append(res, batch)
-	return res, nil
-}
-
-// substArgFiles expands the {file-list} to a real file list for commands
-func substArgFiles(args []string, files []string) []string {
-	for i, s := range args {
-		if s == "{file-list}" {
-			newArgs := append(args[:i], files...)
-			newArgs = append(newArgs, args[i+1:]...)
-			return newArgs
-		}
-	}
-	return args
-}
-
-func exitWithCmdErrors(subCmd string, subArgs []string, cmdErrors []error) {
-	for _, err := range cmdErrors {
-		if err != nil {
-			if exitError, ok := err.(*exec.ExitError); ok {
-				exitCode := exitError.ExitCode()
-				log.Printf("run command failed (code=%d): %s %v", exitCode, subCmd, subArgs)
-				os.Exit(exitCode)
-			} else {
-				log.Fatalf("run command failed (err=%s) %s %v", err, subCmd, subArgs)
-			}
-		}
-	}
-}
-
-func parseArgs() (mainOptions map[string]string, subCmd string, subArgs []string) {
-	mainOptions = map[string]string{}
-	for i := 1; i < len(os.Args); i++ {
-		arg := os.Args[i]
-		if arg == "" {
-			break
-		}
-		if arg[0] == '-' {
-			arg = strings.TrimPrefix(arg, "-")
-			arg = strings.TrimPrefix(arg, "-")
-			fields := strings.SplitN(arg, "=", 2)
-			if len(fields) == 1 {
-				mainOptions[fields[0]] = "1"
-			} else {
-				mainOptions[fields[0]] = fields[1]
-			}
-		} else {
-			subCmd = arg
-			subArgs = os.Args[i+1:]
-			break
-		}
-	}
-	return
-}
-
-func showUsage() {
-	fmt.Printf(`Usage: %[1]s [options] {command} [arguments]
-
-Options:
-  --verbose
-  --file-filter=go-own
-  --batch-size=100
-
-Commands:
-  %[1]s gofmt ...
-  %[1]s misspell ...
-
-Arguments:
-  {file-list}     the file list
-
-Example:
-  %[1]s gofmt -s -d {file-list}
-
-`, "file-batch-exec")
-}
-
-func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
-	fileFilter := mainOptions["file-filter"]
-	if fileFilter == "" {
-		fileFilter = "go-own"
-	}
-	batchSize, _ := strconv.Atoi(mainOptions["batch-size"])
-	if batchSize == 0 {
-		batchSize = 100
-	}
-
-	return newFileCollector(fileFilter, batchSize)
-}
-
-func containsString(a []string, s string) bool {
-	for _, v := range a {
-		if v == s {
-			return true
-		}
-	}
-	return false
-}
-
-func giteaFormatGoImports(files []string) error {
-	for _, file := range files {
-		if err := codeformat.FormatGoImports(file); err != nil {
-			log.Printf("failed to format go imports: %s, err=%v", file, err)
-			return err
-		}
-	}
-	return nil
-}
-
-func main() {
-	mainOptions, subCmd, subArgs := parseArgs()
-	if subCmd == "" {
-		showUsage()
-		os.Exit(1)
-	}
-	optionLogVerbose = mainOptions["verbose"] != ""
-
-	fc, err := newFileCollectorFromMainOptions(mainOptions)
-	if err != nil {
-		log.Fatalf("can not create file collector: %s", err.Error())
-	}
-
-	fileBatches, err := fc.collectFiles()
-	if err != nil {
-		log.Fatalf("can not collect files: %s", err.Error())
-	}
-
-	processed := 0
-	var cmdErrors []error
-	for _, files := range fileBatches {
-		if len(files) == 0 {
-			break
-		}
-		substArgs := substArgFiles(subArgs, files)
-		logVerbose("batch cmd: %s %v", subCmd, substArgs)
-		switch subCmd {
-		case "gitea-fmt":
-			if containsString(subArgs, "-w") {
-				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
-			}
-			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", substArgs))
-		case "misspell":
-			cmdErrors = append(cmdErrors, passThroughCmd("misspell", substArgs))
-		default:
-			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
-		}
-		processed += len(files)
-	}
-
-	logVerbose("processed %d files", processed)
-	exitWithCmdErrors(subCmd, subArgs, cmdErrors)
-}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,187 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package codeformat
-
-import (
-	"bytes"
-	"errors"
-	"io"
-	"os"
-	"sort"
-	"strings"
-)
-
-var importPackageGroupOrders = map[string]int{
-	"":                     1, // internal
-	"code.gitea.io/gitea/": 2,
-}
-
-var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
-
-var importBlockBegin = []byte("\nimport (\n")
-var importBlockEnd = []byte("\n)")
-
-type importLineParsed struct {
-	group   string
-	pkg     string
-	content string
-}
-
-func parseImportLine(line string) (*importLineParsed, error) {
-	il := &importLineParsed{content: line}
-	p1 := strings.IndexRune(line, '"')
-	if p1 == -1 {
-		return nil, errors.New("invalid import line: " + line)
-	}
-	p1++
-	p := strings.IndexRune(line[p1:], '"')
-	if p == -1 {
-		return nil, errors.New("invalid import line: " + line)
-	}
-	p2 := p1 + p
-	il.pkg = line[p1:p2]
-
-	pDot := strings.IndexRune(il.pkg, '.')
-	pSlash := strings.IndexRune(il.pkg, '/')
-	if pDot != -1 && pDot < pSlash {
-		il.group = "domain-package"
-	}
-	for groupName := range importPackageGroupOrders {
-		if groupName == "" {
-			continue // skip internal
-		}
-		if strings.HasPrefix(il.pkg, groupName) {
-			il.group = groupName
-		}
-	}
-	return il, nil
-}
-
-type importLineGroup []*importLineParsed
-type importLineGroupMap map[string]importLineGroup
-
-func formatGoImports(contentBytes []byte) ([]byte, error) {
-	p1 := bytes.Index(contentBytes, importBlockBegin)
-	if p1 == -1 {
-		return nil, nil
-	}
-	p1 += len(importBlockBegin)
-	p := bytes.Index(contentBytes[p1:], importBlockEnd)
-	if p == -1 {
-		return nil, nil
-	}
-	p2 := p1 + p
-
-	importGroups := importLineGroupMap{}
-	r := bytes.NewBuffer(contentBytes[p1:p2])
-	eof := false
-	for !eof {
-		line, err := r.ReadString('\n')
-		eof = err == io.EOF
-		if err != nil && !eof {
-			return nil, err
-		}
-		line = strings.TrimSpace(line)
-		if line != "" {
-			if strings.HasPrefix(line, "//") || strings.HasPrefix(line, "/*") {
-				return nil, errInvalidCommentBetweenImports
-			}
-			importLine, err := parseImportLine(line)
-			if err != nil {
-				return nil, err
-			}
-			importGroups[importLine.group] = append(importGroups[importLine.group], importLine)
-		}
-	}
-
-	var groupNames []string
-	for groupName, importLines := range importGroups {
-		groupNames = append(groupNames, groupName)
-		sort.Slice(importLines, func(i, j int) bool {
-			return strings.Compare(importLines[i].pkg, importLines[j].pkg) < 0
-		})
-	}
-
-	sort.Slice(groupNames, func(i, j int) bool {
-		n1 := groupNames[i]
-		n2 := groupNames[j]
-		o1 := importPackageGroupOrders[n1]
-		o2 := importPackageGroupOrders[n2]
-		if o1 != 0 && o2 != 0 {
-			return o1 < o2
-		}
-		if o1 == 0 && o2 == 0 {
-			return strings.Compare(n1, n2) < 0
-		}
-		return o1 != 0
-	})
-
-	formattedBlock := bytes.Buffer{}
-	for _, groupName := range groupNames {
-		hasNormalImports := false
-		hasDummyImports := false
-		// non-dummy import comes first
-		for _, importLine := range importGroups[groupName] {
-			if strings.HasPrefix(importLine.content, "_") {
-				hasDummyImports = true
-			} else {
-				formattedBlock.WriteString("\t" + importLine.content + "\n")
-				hasNormalImports = true
-			}
-		}
-		// dummy (_ "pkg") comes later
-		if hasDummyImports {
-			if hasNormalImports {
-				formattedBlock.WriteString("\n")
-			}
-			for _, importLine := range importGroups[groupName] {
-				if strings.HasPrefix(importLine.content, "_") {
-					formattedBlock.WriteString("\t" + importLine.content + "\n")
-				}
-			}
-		}
-		formattedBlock.WriteString("\n")
-	}
-	formattedBlockBytes := bytes.TrimRight(formattedBlock.Bytes(), "\n")
-
-	var formattedBytes []byte
-	formattedBytes = append(formattedBytes, contentBytes[:p1]...)
-	formattedBytes = append(formattedBytes, formattedBlockBytes...)
-	formattedBytes = append(formattedBytes, contentBytes[p2:]...)
-	return formattedBytes, nil
-}
-
-//FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string) error {
-	f, err := os.Open(file)
-	if err != nil {
-		return err
-	}
-	var contentBytes []byte
-	{
-		defer f.Close()
-		contentBytes, err = io.ReadAll(f)
-		if err != nil {
-			return err
-		}
-	}
-	formattedBytes, err := formatGoImports(contentBytes)
-	if err != nil {
-		return err
-	}
-	if formattedBytes == nil {
-		return nil
-	}
-	if bytes.Equal(contentBytes, formattedBytes) {
-		return nil
-	}
-	f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0644)
-	if err != nil {
-		return err
-	}
-	defer f.Close()
-	_, err = f.Write(formattedBytes)
-	return err
-}
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,125 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package codeformat
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFormatImportsSimple(t *testing.T) {
-	formatted, err := formatGoImports([]byte(`
-package codeformat
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-`))
-
-	expected := `
-package codeformat
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-`
-
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(formatted))
-}
-
-func TestFormatImportsGroup(t *testing.T) {
-	// gofmt/goimports won't group the packages, for example, they produce such code:
-	//     "bytes"
-	//     "image"
-	//        (a blank line)
-	//     "fmt"
-	//     "image/color/palette"
-	// our formatter does better, and these packages are grouped into one.
-
-	formatted, err := formatGoImports([]byte(`
-package test
-
-import (
-	"bytes"
-	"fmt"
-	"image"
-	"image/color"
-
-	_ "image/gif"  // for processing gif images
-	_ "image/jpeg" // for processing jpeg images
-	_ "image/png"  // for processing png images
-
-	"code.gitea.io/other/package"
-
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-  "xorm.io/the/package"
-
-	"github.com/issue9/identicon"
-	"github.com/nfnt/resize"
-	"github.com/oliamb/cutter"
-)
-`))
-
-	expected := `
-package test
-
-import (
-	"bytes"
-	"fmt"
-	"image"
-	"image/color"
-
-	_ "image/gif"  // for processing gif images
-	_ "image/jpeg" // for processing jpeg images
-	_ "image/png"  // for processing png images
-
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-	"code.gitea.io/other/package"
-	"github.com/issue9/identicon"
-	"github.com/nfnt/resize"
-	"github.com/oliamb/cutter"
-	"xorm.io/the/package"
-)
-`
-
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(formatted))
-}
-
-func TestFormatImportsInvalidComment(t *testing.T) {
-	// why we shouldn't write comments between imports: it breaks the grouping of imports
-	// for example:
-	//    "pkg1"
-	//    "pkg2"
-	//    // a comment
-	//    "pkgA"
-	//    "pkgB"
-	// the comment splits the packages into two groups, pkg1/2 are sorted separately, pkgA/B are sorted separately
-	// we don't want such code, so the code should be:
-	//    "pkg1"
-	//    "pkg2"
-	//    "pkgA" // a comment
-	//    "pkgB"
-
-	_, err := formatGoImports([]byte(`
-package test
-
-import (
-  "image/jpeg"
-	// for processing gif images
-	"image/gif"
-)
-`))
-	assert.ErrorIs(t, err, errInvalidCommentBetweenImports)
-}
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -1,91 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"bytes"
-	"crypto/sha1"
-	"fmt"
-	"log"
-	"net/http"
-	"os"
-	"path/filepath"
-	"strconv"
-
-	"github.com/shurcooL/vfsgen"
-)
-
-func needsUpdate(dir string, filename string) (bool, []byte) {
-	needRegen := false
-	_, err := os.Stat(filename)
-	if err != nil {
-		needRegen = true
-	}
-
-	oldHash, err := os.ReadFile(filename + ".hash")
-	if err != nil {
-		oldHash = []byte{}
-	}
-
-	hasher := sha1.New()
-
-	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
-		if err != nil {
-			return err
-		}
-		_, _ = hasher.Write([]byte(info.Name()))
-		_, _ = hasher.Write([]byte(info.ModTime().String()))
-		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
-		return nil
-	})
-	if err != nil {
-		return true, oldHash
-	}
-
-	newHash := hasher.Sum([]byte{})
-
-	if bytes.Compare(oldHash, newHash) != 0 {
-
-		return true, newHash
-	}
-
-	return needRegen, newHash
-}
-
-func main() {
-	if len(os.Args) < 4 {
-		log.Fatal("Insufficient number of arguments. Need: directory packageName filename")
-	}
-
-	dir, packageName, filename := os.Args[1], os.Args[2], os.Args[3]
-	var useGlobalModTime bool
-	if len(os.Args) == 5 {
-		useGlobalModTime, _ = strconv.ParseBool(os.Args[4])
-	}
-
-	update, newHash := needsUpdate(dir, filename)
-
-	if !update {
-		fmt.Printf("bindata for %s already up-to-date\n", packageName)
-		return
-	}
-
-	fmt.Printf("generating bindata for %s\n", packageName)
-	var fsTemplates http.FileSystem = http.Dir(dir)
-	err := vfsgen.Generate(fsTemplates, vfsgen.Options{
-		PackageName:      packageName,
-		BuildTags:        "bindata",
-		VariableName:     "Assets",
-		Filename:         filename,
-		UseGlobalModTime: useGlobalModTime,
-	})
-	if err != nil {
-		log.Fatalf("%v\n", err)
-	}
-	_ = os.WriteFile(filename+".hash", newHash, 0666)
-}
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -1,224 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Copyright 2015 Kenneth Shaw
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"flag"
-	"fmt"
-	"go/format"
-	"io"
-	"log"
-	"net/http"
-	"os"
-	"regexp"
-	"sort"
-	"strconv"
-	"strings"
-	"unicode/utf8"
-
-	"code.gitea.io/gitea/modules/json"
-)
-
-const (
-	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 12
-)
-
-var (
-	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
-)
-
-// Gemoji is a set of emoji data.
-type Gemoji []Emoji
-
-// Emoji represents a single emoji and associated data.
-type Emoji struct {
-	Emoji          string   `json:"emoji"`
-	Description    string   `json:"description,omitempty"`
-	Aliases        []string `json:"aliases"`
-	UnicodeVersion string   `json:"unicode_version,omitempty"`
-	SkinTones      bool     `json:"skin_tones,omitempty"`
-}
-
-// Don't include some fields in JSON
-func (e Emoji) MarshalJSON() ([]byte, error) {
-	type emoji Emoji
-	x := emoji(e)
-	x.UnicodeVersion = ""
-	x.Description = ""
-	x.SkinTones = false
-	return json.Marshal(x)
-}
-
-func main() {
-	var err error
-
-	flag.Parse()
-
-	// generate data
-	buf, err := generate()
-	if err != nil {
-		log.Fatal(err)
-	}
-
-	// write
-	err = os.WriteFile(*flagOut, buf, 0644)
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-var replacer = strings.NewReplacer(
-	"main.Gemoji", "Gemoji",
-	"main.Emoji", "\n",
-	"}}", "},\n}",
-	", Description:", ", ",
-	", Aliases:", ", ",
-	", UnicodeVersion:", ", ",
-	", SkinTones:", ", ",
-)
-
-var emojiRE = regexp.MustCompile(`\{Emoji:"([^"]*)"`)
-
-func generate() ([]byte, error) {
-	var err error
-
-	// load gemoji data
-	res, err := http.Get(gemojiURL)
-	if err != nil {
-		return nil, err
-	}
-	defer res.Body.Close()
-
-	// read all
-	body, err := io.ReadAll(res.Body)
-	if err != nil {
-		return nil, err
-	}
-
-	// unmarshal
-	var data Gemoji
-	err = json.Unmarshal(body, &data)
-	if err != nil {
-		return nil, err
-	}
-
-	var skinTones = make(map[string]string)
-
-	skinTones["\U0001f3fb"] = "Light Skin Tone"
-	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
-	skinTones["\U0001f3fd"] = "Medium Skin Tone"
-	skinTones["\U0001f3fe"] = "Medium-Dark Skin Tone"
-	skinTones["\U0001f3ff"] = "Dark Skin Tone"
-
-	var tmp Gemoji
-
-	//filter out emoji that require greater than max unicode version
-	for i := range data {
-		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
-		if int(val) <= maxUnicodeVersion {
-			tmp = append(tmp, data[i])
-		}
-	}
-	data = tmp
-
-	sort.Slice(data, func(i, j int) bool {
-		return data[i].Aliases[0] < data[j].Aliases[0]
-	})
-
-	aliasMap := make(map[string]int, len(data))
-
-	for i, e := range data {
-		if e.Emoji == "" || len(e.Aliases) == 0 {
-			continue
-		}
-		for _, a := range e.Aliases {
-			if a == "" {
-				continue
-			}
-			aliasMap[a] = i
-		}
-	}
-
-	// gitea customizations
-	i, ok := aliasMap["tada"]
-	if ok {
-		data[i].Aliases = append(data[i].Aliases, "hooray")
-	}
-	i, ok = aliasMap["laughing"]
-	if ok {
-		data[i].Aliases = append(data[i].Aliases, "laugh")
-	}
-
-	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
-	file, _ := json.Marshal(data)
-	_ = os.WriteFile("assets/emoji.json", file, 0644)
-
-	// Add skin tones to emoji that support it
-	var (
-		s              []string
-		newEmoji       string
-		newDescription string
-		newData        Emoji
-	)
-
-	for i := range data {
-		if data[i].SkinTones {
-			for k, v := range skinTones {
-				s = strings.Split(data[i].Emoji, "")
-
-				if utf8.RuneCountInString(data[i].Emoji) == 1 {
-					s = append(s, k)
-				} else {
-					// insert into slice after first element because all emoji that support skin tones
-					// have that modifier placed at this spot
-					s = append(s, "")
-					copy(s[2:], s[1:])
-					s[1] = k
-				}
-
-				newEmoji = strings.Join(s, "")
-				newDescription = data[i].Description + ": " + v
-				newAlias := data[i].Aliases[0] + "_" + strings.ReplaceAll(v, " ", "_")
-
-				newData = Emoji{newEmoji, newDescription, []string{newAlias}, "12.0", false}
-				data = append(data, newData)
-			}
-		}
-	}
-
-	// add header
-	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))
-
-	// change the format of the unicode string
-	str = emojiRE.ReplaceAllStringFunc(str, func(s string) string {
-		var err error
-		s, err = strconv.Unquote(s[len("{Emoji:"):])
-		if err != nil {
-			panic(err)
-		}
-		return "{" + strconv.QuoteToASCII(s)
-	})
-
-	// format
-	return format.Source([]byte(str))
-}
-
-const hdr = `
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package emoji
-
-// Code generated by gen.go. DO NOT EDIT.
-// Sourced from %s
-//
-var GemojiData = %#v
-`
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@@ -1,130 +0,0 @@
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"flag"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-
-	"code.gitea.io/gitea/modules/util"
-)
-
-func main() {
-	var (
-		prefix         = "gitea-gitignore"
-		url            = "https://api.github.com/repos/github/gitignore/tarball"
-		githubApiToken = ""
-		githubUsername = ""
-		destination    = ""
-	)
-
-	flag.StringVar(&destination, "dest", "options/gitignore/", "destination for the gitignores")
-	flag.StringVar(&githubUsername, "username", "", "github username")
-	flag.StringVar(&githubApiToken, "token", "", "github api token")
-	flag.Parse()
-
-	file, err := os.CreateTemp(os.TempDir(), prefix)
-
-	if err != nil {
-		log.Fatalf("Failed to create temp file. %s", err)
-	}
-
-	defer util.Remove(file.Name())
-
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		log.Fatalf("Failed to download archive. %s", err)
-	}
-
-	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
-		req.SetBasicAuth(githubUsername, githubApiToken)
-	}
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		log.Fatalf("Failed to download archive. %s", err)
-	}
-	defer resp.Body.Close()
-
-	if _, err := io.Copy(file, resp.Body); err != nil {
-		log.Fatalf("Failed to copy archive to file. %s", err)
-	}
-
-	if _, err := file.Seek(0, 0); err != nil {
-		log.Fatalf("Failed to reset seek on archive. %s", err)
-	}
-
-	gz, err := gzip.NewReader(file)
-
-	if err != nil {
-		log.Fatalf("Failed to gunzip the archive. %s", err)
-	}
-
-	tr := tar.NewReader(gz)
-
-	filesToCopy := make(map[string]string, 0)
-
-	for {
-		hdr, err := tr.Next()
-
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			log.Fatalf("Failed to iterate archive. %s", err)
-		}
-
-		if filepath.Ext(hdr.Name) != ".gitignore" {
-			continue
-		}
-
-		if hdr.Typeflag == tar.TypeSymlink {
-			fmt.Printf("Found symlink %s -> %s\n", hdr.Name, hdr.Linkname)
-			filesToCopy[strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")] = strings.TrimSuffix(filepath.Base(hdr.Linkname), ".gitignore")
-			continue
-		}
-
-		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
-
-		if err != nil {
-			log.Fatalf("Failed to create new file. %s", err)
-		}
-
-		defer out.Close()
-
-		if _, err := io.Copy(out, tr); err != nil {
-			log.Fatalf("Failed to write new file. %s", err)
-		} else {
-			fmt.Printf("Written %s\n", out.Name())
-		}
-	}
-
-	for dst, src := range filesToCopy {
-		// Read all content of src to data
-		src = path.Join(destination, src)
-		data, err := os.ReadFile(src)
-		if err != nil {
-			log.Fatalf("Failed to read src file. %s", err)
-		}
-		// Write data to dst
-		dst = path.Join(destination, dst)
-		err = os.WriteFile(dst, data, 0644)
-		if err != nil {
-			log.Fatalf("Failed to write new file. %s", err)
-		}
-		fmt.Printf("Written (copy of %s) %s\n", src, dst)
-	}
-
-	fmt.Println("Done")
-}
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -1,84 +0,0 @@
-import imageminZopfli from 'imagemin-zopfli';
-import {optimize} from 'svgo';
-import {fabric} from 'fabric';
-import fs from 'fs';
-import {resolve, dirname} from 'path';
-import {fileURLToPath} from 'url';
-
-const {readFile, writeFile} = fs.promises;
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const logoFile = resolve(__dirname, '../assets/logo.svg');
-
-function exit(err) {
-  if (err) console.error(err);
-  process.exit(err ? 1 : 0);
-}
-
-function loadSvg(svg) {
-  return new Promise((resolve) => {
-    fabric.loadSVGFromString(svg, (objects, options) => {
-      resolve({objects, options});
-    });
-  });
-}
-
-async function generate(svg, outputFile, {size, bg}) {
-  if (outputFile.endsWith('.svg')) {
-    const {data} = optimize(svg, {
-      plugins: [
-        'preset-default',
-        'removeDimensions',
-        {
-          name: 'addAttributesToSVGElement',
-          params: {attributes: [{width: size}, {height: size}]}
-        },
-      ],
-    });
-    await writeFile(outputFile, data);
-    return;
-  }
-
-  const {objects, options} = await loadSvg(svg);
-  const canvas = new fabric.Canvas();
-  canvas.setDimensions({width: size, height: size});
-  const ctx = canvas.getContext('2d');
-  ctx.scale(options.width ? (size / options.width) : 1, options.height ? (size / options.height) : 1);
-
-  if (bg) {
-    canvas.add(new fabric.Rect({
-      left: 0,
-      top: 0,
-      height: size * (1 / (size / options.height)),
-      width: size * (1 / (size / options.width)),
-      fill: 'white',
-    }));
-  }
-
-  canvas.add(fabric.util.groupSVGElements(objects, options));
-  canvas.renderAll();
-
-  let png = Buffer.from([]);
-  for await (const chunk of canvas.createPNGStream()) {
-    png = Buffer.concat([png, chunk]);
-  }
-
-  png = await imageminZopfli({more: true})(png);
-  await writeFile(outputFile, png);
-}
-
-async function main() {
-  const gitea = process.argv.slice(2).includes('gitea');
-  const svg = await readFile(logoFile, 'utf8');
-
-  await Promise.all([
-    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
-    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
-    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
-    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
-    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
-    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
-  ]);
-}
-
-main().then(exit).catch(exit);
-
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -1,118 +0,0 @@
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"archive/tar"
-	"compress/gzip"
-	"flag"
-	"fmt"
-	"io"
-	"log"
-	"net/http"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-
-	"code.gitea.io/gitea/modules/util"
-)
-
-func main() {
-	var (
-		prefix         = "gitea-licenses"
-		url            = "https://api.github.com/repos/spdx/license-list-data/tarball"
-		githubApiToken = ""
-		githubUsername = ""
-		destination    = ""
-	)
-
-	flag.StringVar(&destination, "dest", "options/license/", "destination for the licenses")
-	flag.StringVar(&githubUsername, "username", "", "github username")
-	flag.StringVar(&githubApiToken, "token", "", "github api token")
-	flag.Parse()
-
-	file, err := os.CreateTemp(os.TempDir(), prefix)
-
-	if err != nil {
-		log.Fatalf("Failed to create temp file. %s", err)
-	}
-
-	defer util.Remove(file.Name())
-
-	req, err := http.NewRequest("GET", url, nil)
-	if err != nil {
-		log.Fatalf("Failed to download archive. %s", err)
-	}
-
-	if len(githubApiToken) > 0 && len(githubUsername) > 0 {
-		req.SetBasicAuth(githubUsername, githubApiToken)
-	}
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		log.Fatalf("Failed to download archive. %s", err)
-	}
-
-	defer resp.Body.Close()
-
-	if _, err := io.Copy(file, resp.Body); err != nil {
-		log.Fatalf("Failed to copy archive to file. %s", err)
-	}
-
-	if _, err := file.Seek(0, 0); err != nil {
-		log.Fatalf("Failed to reset seek on archive. %s", err)
-	}
-
-	gz, err := gzip.NewReader(file)
-
-	if err != nil {
-		log.Fatalf("Failed to gunzip the archive. %s", err)
-	}
-
-	tr := tar.NewReader(gz)
-
-	for {
-		hdr, err := tr.Next()
-
-		if err == io.EOF {
-			break
-		}
-
-		if err != nil {
-			log.Fatalf("Failed to iterate archive. %s", err)
-		}
-
-		if !strings.Contains(hdr.Name, "/text/") {
-			continue
-		}
-
-		if filepath.Ext(hdr.Name) != ".txt" {
-			continue
-		}
-
-		if strings.HasPrefix(filepath.Base(hdr.Name), "README") {
-			continue
-		}
-
-		if strings.HasPrefix(filepath.Base(hdr.Name), "deprecated_") {
-			continue
-		}
-		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
-
-		if err != nil {
-			log.Fatalf("Failed to create new file. %s", err)
-		}
-
-		defer out.Close()
-
-		if _, err := io.Copy(out, tr); err != nil {
-			log.Fatalf("Failed to write new file. %s", err)
-		} else {
-			fmt.Printf("Written %s\n", out.Name())
-		}
-	}
-
-	fmt.Println("Done")
-}
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,58 +0,0 @@
-import fastGlob from 'fast-glob';
-import {optimize} from 'svgo';
-import {resolve, parse, dirname} from 'path';
-import fs from 'fs';
-import {fileURLToPath} from 'url';
-
-const {readFile, writeFile, mkdir} = fs.promises;
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
-const outputDir = resolve(__dirname, '../public/img/svg');
-
-function exit(err) {
-  if (err) console.error(err);
-  process.exit(err ? 1 : 0);
-}
-
-async function processFile(file, {prefix, fullName} = {}) {
-  let name;
-
-  if (fullName) {
-    name = fullName;
-  } else {
-    name = parse(file).name;
-    if (prefix) name = `${prefix}-${name}`;
-    if (prefix === 'octicon') name = name.replace(/-[0-9]+$/, ''); // chop of '-16' on octicons
-  }
-
-  const {data} = optimize(await readFile(file, 'utf8'), {
-    plugins: [
-      {name: 'preset-default'},
-      {name: 'removeXMLNS'},
-      {name: 'removeDimensions'},
-      {name: 'prefixIds', params: {prefix: () => name}},
-      {name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
-      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
-    ],
-  });
-  await writeFile(resolve(outputDir, `${name}.svg`), data);
-}
-
-function processFiles(pattern, opts) {
-  return glob(pattern).map((file) => processFile(file, opts));
-}
-
-async function main() {
-  try {
-    await mkdir(outputDir);
-  } catch {}
-
-  await Promise.all([
-    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
-    ...processFiles('../web_src/svg/*.svg'),
-    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
-  ]);
-}
-
-main().then(exit).catch(exit);
-
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -1,27 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"log"
-	"os"
-
-	"code.gitea.io/gitea/build/codeformat"
-)
-
-func main() {
-	if len(os.Args) <= 1 {
-		log.Fatalf("Usage: gitea-format-imports [files...]")
-	}
-
-	for _, file := range os.Args[1:] {
-		if err := codeformat.FormatGoImports(file); err != nil {
-			log.Fatalf("can not format file %s, err=%v", file, err)
-		}
-	}
-}
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -1,120 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Copyright (c) 2015, Wade Simmons
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-// gocovmerge takes the results from multiple `go test -coverprofile` runs and
-// merges them into one profile
-
-//go:build ignore
-// +build ignore
-
-package main
-
-import (
-	"flag"
-	"fmt"
-	"io"
-	"log"
-	"os"
-	"sort"
-
-	"golang.org/x/tools/cover"
-)
-
-func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
-	if p.Mode != merge.Mode {
-		log.Fatalf("cannot merge profiles with different modes")
-	}
-	// Since the blocks are sorted, we can keep track of where the last block
-	// was inserted and only look at the blocks after that as targets for merge
-	startIndex := 0
-	for _, b := range merge.Blocks {
-		startIndex = mergeProfileBlock(p, b, startIndex)
-	}
-}
-
-func mergeProfileBlock(p *cover.Profile, pb cover.ProfileBlock, startIndex int) int {
-	sortFunc := func(i int) bool {
-		pi := p.Blocks[i+startIndex]
-		return pi.StartLine >= pb.StartLine && (pi.StartLine != pb.StartLine || pi.StartCol >= pb.StartCol)
-	}
-
-	i := 0
-	if sortFunc(i) != true {
-		i = sort.Search(len(p.Blocks)-startIndex, sortFunc)
-	}
-	i += startIndex
-	if i < len(p.Blocks) && p.Blocks[i].StartLine == pb.StartLine && p.Blocks[i].StartCol == pb.StartCol {
-		if p.Blocks[i].EndLine != pb.EndLine || p.Blocks[i].EndCol != pb.EndCol {
-			log.Fatalf("OVERLAP MERGE: %v %v %v", p.FileName, p.Blocks[i], pb)
-		}
-		switch p.Mode {
-		case "set":
-			p.Blocks[i].Count |= pb.Count
-		case "count", "atomic":
-			p.Blocks[i].Count += pb.Count
-		default:
-			log.Fatalf("unsupported covermode: '%s'", p.Mode)
-		}
-	} else {
-		if i > 0 {
-			pa := p.Blocks[i-1]
-			if pa.EndLine >= pb.EndLine && (pa.EndLine != pb.EndLine || pa.EndCol > pb.EndCol) {
-				log.Fatalf("OVERLAP BEFORE: %v %v %v", p.FileName, pa, pb)
-			}
-		}
-		if i < len(p.Blocks)-1 {
-			pa := p.Blocks[i+1]
-			if pa.StartLine <= pb.StartLine && (pa.StartLine != pb.StartLine || pa.StartCol < pb.StartCol) {
-				log.Fatalf("OVERLAP AFTER: %v %v %v", p.FileName, pa, pb)
-			}
-		}
-		p.Blocks = append(p.Blocks, cover.ProfileBlock{})
-		copy(p.Blocks[i+1:], p.Blocks[i:])
-		p.Blocks[i] = pb
-	}
-	return i + 1
-}
-
-func addProfile(profiles []*cover.Profile, p *cover.Profile) []*cover.Profile {
-	i := sort.Search(len(profiles), func(i int) bool { return profiles[i].FileName >= p.FileName })
-	if i < len(profiles) && profiles[i].FileName == p.FileName {
-		mergeProfiles(profiles[i], p)
-	} else {
-		profiles = append(profiles, nil)
-		copy(profiles[i+1:], profiles[i:])
-		profiles[i] = p
-	}
-	return profiles
-}
-
-func dumpProfiles(profiles []*cover.Profile, out io.Writer) {
-	if len(profiles) == 0 {
-		return
-	}
-	fmt.Fprintf(out, "mode: %s\n", profiles[0].Mode)
-	for _, p := range profiles {
-		for _, b := range p.Blocks {
-			fmt.Fprintf(out, "%s:%d.%d,%d.%d %d %d\n", p.FileName, b.StartLine, b.StartCol, b.EndLine, b.EndCol, b.NumStmt, b.Count)
-		}
-	}
-}
-
-func main() {
-	flag.Parse()
-
-	var merged []*cover.Profile
-
-	for _, file := range flag.Args() {
-		profiles, err := cover.ParseProfiles(file)
-		if err != nil {
-			log.Fatalf("failed to parse profile '%s': %v", file, err)
-		}
-		for _, p := range profiles {
-			merged = addProfile(merged, p)
-		}
-	}
-
-	dumpProfiles(merged, os.Stdout)
-}
--- a/build/test-env-check.sh
+++ b/build/test-env-check.sh
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ ! -f ./build/test-env-check.sh ]; then
-  echo "${0} can only be executed in gitea source root directory"
-  exit 1
-fi
-
-
-echo "check uid ..."
-
-# the uid of gitea defined in "https://gitea.com/gitea/test-env" is 1000
-gitea_uid=$(id -u gitea)
-if [ "$gitea_uid" != "1000" ]; then
-  echo "The uid of linux user 'gitea' is expected to be 1000, but it is $gitea_uid"
-  exit 1
-fi
-
-cur_uid=$(id -u)
-if [ "$cur_uid" != "0" -a "$cur_uid" != "$gitea_uid" ]; then
-  echo "The uid of current linux user is expected to be 0 or $gitea_uid, but it is $cur_uid"
-  exit 1
-fi
--- a/build/test-env-prepare.sh
+++ b/build/test-env-prepare.sh
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ ! -f ./build/test-env-prepare.sh ]; then
-  echo "${0} can only be executed in gitea source root directory"
-  exit 1
-fi
-
-echo "change the owner of files to gitea ..."
-chown -R gitea:gitea .
--- a/build/update-locales.sh
+++ b/build/update-locales.sh
@@ -1,23 +0,0 @@
-#!/bin/sh
-
-mv ./options/locale/locale_en-US.ini ./options/
-
-# Make sure to only change lines that have the translation enclosed between quotes
-sed -i -r -e '/^[a-zA-Z0-9_.-]+[ ]*=[ ]*".*"$/ {
-	s/^([a-zA-Z0-9_.-]+)[ ]*="/\1=/
-	s/\\"/"/g
-	s/"$//
-	}' ./options/locale/*.ini
-
-# Remove translation under 25% of en_us
-baselines=$(wc -l "./options/locale_en-US.ini" | cut -d" " -f1)
-baselines=$((baselines / 4))
-for filename in ./options/locale/*.ini; do
-  lines=$(wc -l "$filename" | cut -d" " -f1)
-  if [ $lines -lt $baselines ]; then
-    echo "Removing $filename: $lines/$baselines"
-    rm "$filename"
-  fi
-done
-
-mv ./options/locale_en-US.ini ./options/locale/
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -6,30 +6,18 @@
 package cmd

 import (
-	"context"
 	"errors"
 	"fmt"
 	"os"
-	"strings"
 	"text/tabwriter"

 	"code.gitea.io/gitea/models"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	pwd "code.gitea.io/gitea/modules/password"
-	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	auth_service "code.gitea.io/gitea/services/auth"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
-	"code.gitea.io/gitea/services/auth/source/smtp"
-	repo_service "code.gitea.io/gitea/services/repository"
-	user_service "code.gitea.io/gitea/services/user"

 	"github.com/urfave/cli"
 )
@@ -40,39 +28,16 @@ var (
 		Name:  "admin",
 		Usage: "Command line interface to perform common administrative operations",
 		Subcommands: []cli.Command{
-			subcmdUser,
+			subcmdCreateUser,
+			subcmdChangePassword,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
 			subcmdAuth,
-			subcmdSendMail,
 		},
 	}

-	subcmdUser = cli.Command{
-		Name:  "user",
-		Usage: "Modify users",
-		Subcommands: []cli.Command{
-			microcmdUserCreate,
-			microcmdUserList,
-			microcmdUserChangePassword,
-			microcmdUserDelete,
-		},
-	}
-
-	microcmdUserList = cli.Command{
-		Name:   "list",
-		Usage:  "List users",
-		Action: runListUsers,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name:  "admin",
-				Usage: "List only admin users",
-			},
-		},
-	}
-
-	microcmdUserCreate = cli.Command{
-		Name:   "create",
+	subcmdCreateUser = cli.Command{
+		Name:   "create-user",
 		Usage:  "Create a new user in database",
 		Action: runCreateUser,
 		Flags: []cli.Flag{
@@ -116,7 +81,7 @@ var (
 		},
 	}

-	microcmdUserChangePassword = cli.Command{
+	subcmdChangePassword = cli.Command{
 		Name:   "change-password",
 		Usage:  "Change a user's password",
 		Action: runChangePassword,
@@ -134,26 +99,6 @@ var (
 		},
 	}

-	microcmdUserDelete = cli.Command{
-		Name:  "delete",
-		Usage: "Delete specific user by id, name or email",
-		Flags: []cli.Flag{
-			cli.Int64Flag{
-				Name:  "id",
-				Usage: "ID of user of the user to delete",
-			},
-			cli.StringFlag{
-				Name:  "username,u",
-				Usage: "Username of the user to delete",
-			},
-			cli.StringFlag{
-				Name:  "email,e",
-				Usage: "Email of the user to delete",
-			},
-		},
-		Action: runDeleteUser,
-	}
-
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -191,8 +136,6 @@ var (
 			cmdAuthUpdateLdapBindDn,
 			cmdAuthAddLdapSimpleAuth,
 			cmdAuthUpdateLdapSimpleAuth,
-			microcmdAuthAddSMTP,
-			microcmdAuthUpdateSMTP,
 			microcmdAuthList,
 			microcmdAuthDelete,
 		},
@@ -202,32 +145,6 @@ var (
 		Name:   "list",
 		Usage:  "List auth sources",
 		Action: runListAuth,
-		Flags: []cli.Flag{
-			cli.IntFlag{
-				Name:  "min-width",
-				Usage: "Minimal cell width including any padding for the formatted table",
-				Value: 0,
-			},
-			cli.IntFlag{
-				Name:  "tab-width",
-				Usage: "width of tab characters in formatted table (equivalent number of spaces)",
-				Value: 8,
-			},
-			cli.IntFlag{
-				Name:  "padding",
-				Usage: "padding added to a cell before computing its width",
-				Value: 1,
-			},
-			cli.StringFlag{
-				Name:  "pad-char",
-				Usage: `ASCII char used for padding if padchar == '\\t', the Writer will assume that the width of a '\\t' in the formatted output is tabwidth, and cells are left-aligned independent of align_left (for correct-looking results, tabwidth must correspond to the tab width in the viewer displaying the result)`,
-				Value: "\t",
-			},
-			cli.BoolFlag{
-				Name:  "vertical-bars",
-				Usage: "Set to true to print vertical bars between columns",
-			},
-		},
 	}

 	idFlag = cli.Int64Flag{
@@ -293,45 +210,6 @@ var (
 			Value: "",
 			Usage: "Use a custom Email URL (option for GitHub)",
 		},
-		cli.StringFlag{
-			Name:  "icon-url",
-			Value: "",
-			Usage: "Custom icon URL for OAuth2 login source",
-		},
-		cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		cli.StringSliceFlag{
-			Name:  "scopes",
-			Value: nil,
-			Usage: "Scopes to request when to authenticate against this OAuth2 source",
-		},
-		cli.StringFlag{
-			Name:  "required-claim-name",
-			Value: "",
-			Usage: "Claim name that has to be set to allow users to login with this source",
-		},
-		cli.StringFlag{
-			Name:  "required-claim-value",
-			Value: "",
-			Usage: "Claim value that has to be set to allow users to login with this source",
-		},
-		cli.StringFlag{
-			Name:  "group-claim-name",
-			Value: "",
-			Usage: "Claim name providing group names for this source",
-		},
-		cli.StringFlag{
-			Name:  "admin-group",
-			Value: "",
-			Usage: "Group Claim value for administrator users",
-		},
-		cli.StringFlag{
-			Name:  "restricted-group",
-			Value: "",
-			Usage: "Group Claim value for restricted users",
-		},
 	}

 	microcmdAuthUpdateOauth = cli.Command{
@@ -347,94 +225,6 @@ var (
 		Action: runAddOauth,
 		Flags:  oauthCLIFlags,
 	}
-
-	subcmdSendMail = cli.Command{
-		Name:   "sendmail",
-		Usage:  "Send a message to all users",
-		Action: runSendMail,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "title",
-				Usage: `a title of a message`,
-				Value: "",
-			},
-			cli.StringFlag{
-				Name:  "content",
-				Usage: "a content of a message",
-				Value: "",
-			},
-			cli.BoolFlag{
-				Name:  "force,f",
-				Usage: "A flag to bypass a confirmation step",
-			},
-		},
-	}
-
-	smtpCLIFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "name",
-			Value: "",
-			Usage: "Application Name",
-		},
-		cli.StringFlag{
-			Name:  "auth-type",
-			Value: "PLAIN",
-			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
-		},
-		cli.StringFlag{
-			Name:  "host",
-			Value: "",
-			Usage: "SMTP Host",
-		},
-		cli.IntFlag{
-			Name:  "port",
-			Usage: "SMTP Port",
-		},
-		cli.BoolTFlag{
-			Name:  "force-smtps",
-			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
-		},
-		cli.BoolTFlag{
-			Name:  "skip-verify",
-			Usage: "Skip TLS verify.",
-		},
-		cli.StringFlag{
-			Name:  "helo-hostname",
-			Value: "",
-			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
-		},
-		cli.BoolTFlag{
-			Name:  "disable-helo",
-			Usage: "Disable SMTP helo.",
-		},
-		cli.StringFlag{
-			Name:  "allowed-domains",
-			Value: "",
-			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
-		},
-		cli.BoolTFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Skip 2FA to log on.",
-		},
-		cli.BoolTFlag{
-			Name:  "active",
-			Usage: "This Authentication Source is Activated.",
-		},
-	}
-
-	microcmdAuthAddSMTP = cli.Command{
-		Name:   "add-smtp",
-		Usage:  "Add new SMTP authentication source",
-		Action: runAddSMTP,
-		Flags:  smtpCLIFlags,
-	}
-
-	microcmdAuthUpdateSMTP = cli.Command{
-		Name:   "update-smtp",
-		Usage:  "Update existing SMTP authentication source",
-		Action: runUpdateSMTP,
-		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
-	}
 )

 func runChangePassword(c *cli.Context) error {
@@ -442,36 +232,23 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}
-	if len(c.String("password")) < setting.MinPasswordLength {
-		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
-	}
-
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
-	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
-	if err != nil {
-		return err
-	}
-	if pwned {
-		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
-	}
 	uname := c.String("username")
-	user, err := user_model.GetUserByName(uname)
+	user, err := models.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
-	if err = user.SetPassword(c.String("password")); err != nil {
+	if user.Salt, err = models.GetUserSalt(); err != nil {
 		return err
 	}
+	user.HashPassword(c.String("password"))

-	if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
 		return err
 	}

@@ -503,10 +280,7 @@ func runCreateUser(c *cli.Context) error {
 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -529,7 +303,7 @@ func runCreateUser(c *cli.Context) error {

 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(); n == 0 {
+	if n := models.CountUsers(); n == 0 {
 		changePassword = false
 	}

@@ -537,7 +311,7 @@ func runCreateUser(c *cli.Context) error {
 		changePassword = c.Bool("must-change-password")
 	}

-	u := &user_model.User{
+	u := &models.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
@@ -547,7 +321,7 @@ func runCreateUser(c *cli.Context) error {
 		Theme:              setting.UI.DefaultTheme,
 	}

-	if err := user_model.CreateUser(u); err != nil {
+	if err := models.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}

@@ -568,97 +342,17 @@ func runCreateUser(c *cli.Context) error {
 	return nil
 }

-func runListUsers(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	users, err := user_model.GetAllUsers()
-
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
-
-	if c.IsSet("admin") {
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
-		for _, u := range users {
-			if u.IsAdmin {
-				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
-			}
-		}
-	} else {
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
-		for _, u := range users {
-			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
-		}
-
-	}
-
-	w.Flush()
-	return nil
-
-}
-
-func runDeleteUser(c *cli.Context) error {
-	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return fmt.Errorf("You must provide the id, username or email of a user to delete")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if err := storage.Init(); err != nil {
-		return err
-	}
-
-	var err error
-	var user *user_model.User
-	if c.IsSet("email") {
-		user, err = user_model.GetUserByEmail(c.String("email"))
-	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(c.String("username"))
-	} else {
-		user, err = user_model.GetUserByID(c.Int64("id"))
-	}
-	if err != nil {
-		return err
-	}
-	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
-		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
-	}
-
-	if c.IsSet("id") && user.ID != c.Int64("id") {
-		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
-	}
-
-	return user_service.DeleteUser(user)
-}
-
-func runRepoSyncReleases(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+func runRepoSyncReleases(c *cli.Context) error {
+	if err := initDB(); err != nil {
 		return err
 	}

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
 		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
-			ListOptions: db.ListOptions{
-				PageSize: models.RepositoryListDefaultPageSize,
-				Page:     page,
-			},
-			Private: true,
+			Page:     page,
+			PageSize: models.RepositoryListDefaultPageSize,
+			Private:  true,
 		})
 		if err != nil {
 			return fmt.Errorf("SearchRepositoryByName: %v", err)
@@ -681,7 +375,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			}
 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)

-			if err = repo_module.SyncReleasesWithTags(repo, gitRepo); err != nil {
+			if err = repository.SyncReleasesWithTags(repo, gitRepo); err != nil {
 				log.Warn(" SyncReleasesWithTags: %v", err)
 				gitRepo.Close()
 				continue
@@ -712,27 +406,21 @@ func getReleaseCount(id int64) (int64, error) {
 	)
 }

-func runRegenerateHooks(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+func runRegenerateHooks(c *cli.Context) error {
+	if err := initDB(); err != nil {
 		return err
 	}
-	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
+	return models.SyncRepositoryHooks()
 }

-func runRegenerateKeys(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+func runRegenerateKeys(c *cli.Context) error {
+	if err := initDB(); err != nil {
 		return err
 	}
-	return asymkey_model.RewriteAllPublicKeys()
+	return models.RewriteAllPublicKeys()
 }

-func parseOAuth2Config(c *cli.Context) *oauth2.Source {
+func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
 	var customURLMapping *oauth2.CustomURLMapping
 	if c.IsSet("use-custom-urls") {
 		customURLMapping = &oauth2.CustomURLMapping{
@@ -744,36 +432,25 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 	} else {
 		customURLMapping = nil
 	}
-	return &oauth2.Source{
+	return &models.OAuth2Config{
 		Provider:                      c.String("provider"),
 		ClientID:                      c.String("key"),
 		ClientSecret:                  c.String("secret"),
 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
 		CustomURLMapping:              customURLMapping,
-		IconURL:                       c.String("icon-url"),
-		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
-		Scopes:                        c.StringSlice("scopes"),
-		RequiredClaimName:             c.String("required-claim-name"),
-		RequiredClaimValue:            c.String("required-claim-value"),
-		GroupClaimName:                c.String("group-claim-name"),
-		AdminGroup:                    c.String("admin-group"),
-		RestrictedGroup:               c.String("restricted-group"),
 	}
 }

 func runAddOauth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	return auth.CreateSource(&auth.Source{
-		Type:     auth.OAuth2,
-		Name:     c.String("name"),
-		IsActive: true,
-		Cfg:      parseOAuth2Config(c),
+	return models.CreateLoginSource(&models.LoginSource{
+		Type:      models.LoginOAuth2,
+		Name:      c.String("name"),
+		IsActived: true,
+		Cfg:       parseOAuth2Config(c),
 	})
 }

@@ -782,19 +459,16 @@ func runUpdateOauth(c *cli.Context) error {
 		return fmt.Errorf("--id flag is missing")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}

-	oAuth2Config := source.Cfg.(*oauth2.Source)
+	oAuth2Config := source.OAuth2()

 	if c.IsSet("name") {
 		source.Name = c.String("name")
@@ -816,32 +490,6 @@ func runUpdateOauth(c *cli.Context) error {
 		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
 	}

-	if c.IsSet("icon-url") {
-		oAuth2Config.IconURL = c.String("icon-url")
-	}
-
-	if c.IsSet("scopes") {
-		oAuth2Config.Scopes = c.StringSlice("scopes")
-	}
-
-	if c.IsSet("required-claim-name") {
-		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
-
-	}
-	if c.IsSet("required-claim-value") {
-		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
-	}
-
-	if c.IsSet("group-claim-name") {
-		oAuth2Config.GroupClaimName = c.String("group-claim-name")
-	}
-	if c.IsSet("admin-group") {
-		oAuth2Config.AdminGroup = c.String("admin-group")
-	}
-	if c.IsSet("restricted-group") {
-		oAuth2Config.RestrictedGroup = c.String("restricted-group")
-	}
-
 	// update custom URL mapping
 	var customURLMapping = &oauth2.CustomURLMapping{}

@@ -870,150 +518,25 @@ func runUpdateOauth(c *cli.Context) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

-	return auth.UpdateSource(source)
-}
-
-func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
-	if c.IsSet("auth-type") {
-		conf.Auth = c.String("auth-type")
-		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
-			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
-		}
-		conf.Auth = c.String("auth-type")
-	}
-	if c.IsSet("host") {
-		conf.Host = c.String("host")
-	}
-	if c.IsSet("port") {
-		conf.Port = c.Int("port")
-	}
-	if c.IsSet("allowed-domains") {
-		conf.AllowedDomains = c.String("allowed-domains")
-	}
-	if c.IsSet("force-smtps") {
-		conf.ForceSMTPS = c.BoolT("force-smtps")
-	}
-	if c.IsSet("skip-verify") {
-		conf.SkipVerify = c.BoolT("skip-verify")
-	}
-	if c.IsSet("helo-hostname") {
-		conf.HeloHostname = c.String("helo-hostname")
-	}
-	if c.IsSet("disable-helo") {
-		conf.DisableHelo = c.BoolT("disable-helo")
-	}
-	if c.IsSet("skip-local-2fa") {
-		conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")
-	}
-	return nil
-}
-
-func runAddSMTP(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if !c.IsSet("name") || len(c.String("name")) == 0 {
-		return errors.New("name must be set")
-	}
-	if !c.IsSet("host") || len(c.String("host")) == 0 {
-		return errors.New("host must be set")
-	}
-	if !c.IsSet("port") {
-		return errors.New("port must be set")
-	}
-	var active = true
-	if c.IsSet("active") {
-		active = c.BoolT("active")
-	}
-
-	var smtpConfig smtp.Source
-	if err := parseSMTPConfig(c, &smtpConfig); err != nil {
-		return err
-	}
-
-	// If not set default to PLAIN
-	if len(smtpConfig.Auth) == 0 {
-		smtpConfig.Auth = "PLAIN"
-	}
-
-	return auth.CreateSource(&auth.Source{
-		Type:     auth.SMTP,
-		Name:     c.String("name"),
-		IsActive: active,
-		Cfg:      &smtpConfig,
-	})
-}
-
-func runUpdateSMTP(c *cli.Context) error {
-	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	source, err := auth.GetSourceByID(c.Int64("id"))
-	if err != nil {
-		return err
-	}
-
-	smtpConfig := source.Cfg.(*smtp.Source)
-
-	if err := parseSMTPConfig(c, smtpConfig); err != nil {
-		return err
-	}
-
-	if c.IsSet("name") {
-		source.Name = c.String("name")
-	}
-
-	if c.IsSet("active") {
-		source.IsActive = c.BoolT("active")
-	}
-
-	source.Cfg = smtpConfig
-
-	return auth.UpdateSource(source)
+	return models.UpdateSource(source)
 }

 func runListAuth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	authSources, err := auth.Sources()
+	loginSources, err := models.LoginSources()

 	if err != nil {
 		return err
 	}

-	flags := tabwriter.AlignRight
-	if c.Bool("vertical-bars") {
-		flags |= tabwriter.Debug
-	}
-
-	padChar := byte('\t')
-	if len(c.String("pad-char")) > 0 {
-		padChar = c.String("pad-char")[0]
-	}
-
 	// loop through each source and print
-	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.AlignRight)
 	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
-	for _, source := range authSources {
-		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
+	for _, source := range loginSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
 	}
 	w.Flush()

@@ -1025,17 +548,14 @@ func runDeleteAuth(c *cli.Context) error {
 		return fmt.Errorf("--id flag is missing")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}

-	return auth_service.DeleteSource(source)
+	return models.DeleteSource(source)
 }
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -5,22 +5,21 @@
 package cmd

 import (
-	"context"
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/services/auth/source/ldap"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/ldap"

 	"github.com/urfave/cli"
 )

 type (
 	authService struct {
-		initDB            func(ctx context.Context) error
-		createAuthSource  func(*auth.Source) error
-		updateAuthSource  func(*auth.Source) error
-		getAuthSourceByID func(id int64) (*auth.Source, error)
+		initDB             func() error
+		createLoginSource  func(loginSource *models.LoginSource) error
+		updateLoginSource  func(loginSource *models.LoginSource) error
+		getLoginSourceByID func(id int64) (*models.LoginSource, error)
 	}
 )

@@ -62,10 +61,6 @@ var (
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
-		cli.StringFlag{
-			Name:  "restricted-filter",
-			Usage: "An LDAP filter specifying if a user should be given restricted status.",
-		},
 		cli.BoolFlag{
 			Name:  "allow-deactivate-all",
 			Usage: "Allow empty search results to deactivate all users.",
@@ -90,14 +85,6 @@ var (
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
-		cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		cli.StringFlag{
-			Name:  "avatar-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
-		},
 	}

 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
@@ -168,106 +155,96 @@ var (
 // newAuthService creates a service with default functions.
 func newAuthService() *authService {
 	return &authService{
-		initDB:            initDB,
-		createAuthSource:  auth.CreateSource,
-		updateAuthSource:  auth.UpdateSource,
-		getAuthSourceByID: auth.GetSourceByID,
+		initDB:             initDB,
+		createLoginSource:  models.CreateLoginSource,
+		updateLoginSource:  models.UpdateSource,
+		getLoginSourceByID: models.GetLoginSourceByID,
 	}
 }

-// parseAuthSource assigns values on authSource according to command line flags.
-func parseAuthSource(c *cli.Context, authSource *auth.Source) {
+// parseLoginSource assigns values on loginSource according to command line flags.
+func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
 	if c.IsSet("name") {
-		authSource.Name = c.String("name")
+		loginSource.Name = c.String("name")
 	}
 	if c.IsSet("not-active") {
-		authSource.IsActive = !c.Bool("not-active")
+		loginSource.IsActived = !c.Bool("not-active")
 	}
 	if c.IsSet("synchronize-users") {
-		authSource.IsSyncEnabled = c.Bool("synchronize-users")
+		loginSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
 }

 // parseLdapConfig assigns values on config according to command line flags.
-func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
+func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
 	if c.IsSet("name") {
-		config.Name = c.String("name")
+		config.Source.Name = c.String("name")
 	}
 	if c.IsSet("host") {
-		config.Host = c.String("host")
+		config.Source.Host = c.String("host")
 	}
 	if c.IsSet("port") {
-		config.Port = c.Int("port")
+		config.Source.Port = c.Int("port")
 	}
 	if c.IsSet("security-protocol") {
 		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
 		if !ok {
 			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
 		}
-		config.SecurityProtocol = p
+		config.Source.SecurityProtocol = p
 	}
 	if c.IsSet("skip-tls-verify") {
-		config.SkipVerify = c.Bool("skip-tls-verify")
+		config.Source.SkipVerify = c.Bool("skip-tls-verify")
 	}
 	if c.IsSet("bind-dn") {
-		config.BindDN = c.String("bind-dn")
+		config.Source.BindDN = c.String("bind-dn")
 	}
 	if c.IsSet("user-dn") {
-		config.UserDN = c.String("user-dn")
+		config.Source.UserDN = c.String("user-dn")
 	}
 	if c.IsSet("bind-password") {
-		config.BindPassword = c.String("bind-password")
+		config.Source.BindPassword = c.String("bind-password")
 	}
 	if c.IsSet("user-search-base") {
-		config.UserBase = c.String("user-search-base")
+		config.Source.UserBase = c.String("user-search-base")
 	}
 	if c.IsSet("username-attribute") {
-		config.AttributeUsername = c.String("username-attribute")
+		config.Source.AttributeUsername = c.String("username-attribute")
 	}
 	if c.IsSet("firstname-attribute") {
-		config.AttributeName = c.String("firstname-attribute")
+		config.Source.AttributeName = c.String("firstname-attribute")
 	}
 	if c.IsSet("surname-attribute") {
-		config.AttributeSurname = c.String("surname-attribute")
+		config.Source.AttributeSurname = c.String("surname-attribute")
 	}
 	if c.IsSet("email-attribute") {
-		config.AttributeMail = c.String("email-attribute")
+		config.Source.AttributeMail = c.String("email-attribute")
 	}
 	if c.IsSet("attributes-in-bind") {
-		config.AttributesInBind = c.Bool("attributes-in-bind")
+		config.Source.AttributesInBind = c.Bool("attributes-in-bind")
 	}
 	if c.IsSet("public-ssh-key-attribute") {
-		config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
-	}
-	if c.IsSet("avatar-attribute") {
-		config.AttributeAvatar = c.String("avatar-attribute")
+		config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
 	}
 	if c.IsSet("page-size") {
-		config.SearchPageSize = uint32(c.Uint("page-size"))
+		config.Source.SearchPageSize = uint32(c.Uint("page-size"))
 	}
 	if c.IsSet("user-filter") {
-		config.Filter = c.String("user-filter")
+		config.Source.Filter = c.String("user-filter")
 	}
 	if c.IsSet("admin-filter") {
-		config.AdminFilter = c.String("admin-filter")
-	}
-	if c.IsSet("restricted-filter") {
-		config.RestrictedFilter = c.String("restricted-filter")
+		config.Source.AdminFilter = c.String("admin-filter")
 	}
 	if c.IsSet("allow-deactivate-all") {
-		config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
+		config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all")
 	}
-	if c.IsSet("skip-local-2fa") {
-		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
-	}
-
 	return nil
 }

 // findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
 // It returns the value of the security protocol and if it was found.
 func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
-	for i, n := range ldap.SecurityProtocolNames {
+	for i, n := range models.SecurityProtocolNames {
 		if strings.EqualFold(name, n) {
 			return i, true
 		}
@@ -275,23 +252,23 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
 	return 0, false
 }

-// getAuthSource gets the login source by its id defined in the command line flags.
+// getLoginSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
-func (a *authService) getAuthSource(c *cli.Context, authType auth.Type) (*auth.Source, error) {
+func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
 	if err := argsSet(c, "id"); err != nil {
 		return nil, err
 	}

-	authSource, err := a.getAuthSourceByID(c.Int64("id"))
+	loginSource, err := a.getLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return nil, err
 	}

-	if authSource.Type != authType {
-		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", authType.String(), authSource.Type.String())
+	if loginSource.Type != loginType {
+		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
 	}

-	return authSource, nil
+	return loginSource, nil
 }

 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
@@ -300,49 +277,45 @@ func (a *authService) addLdapBindDn(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource := &auth.Source{
-		Type:     auth.LDAP,
-		IsActive: true, // active by default
-		Cfg: &ldap.Source{
-			Enabled: true, // always true
+	loginSource := &models.LoginSource{
+		Type:      models.LoginLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
 		},
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createLoginSource(loginSource)
 }

 // updateLdapBindDn updates a new LDAP via Bind DN authentication source.
 func (a *authService) updateLdapBindDn(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.LDAP)
+	loginSource, err := a.getLoginSource(c, models.LoginLDAP)
 	if err != nil {
 		return err
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateLoginSource(loginSource)
 }

 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
@@ -351,47 +324,43 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource := &auth.Source{
-		Type:     auth.DLDAP,
-		IsActive: true, // active by default
-		Cfg: &ldap.Source{
-			Enabled: true, // always true
+	loginSource := &models.LoginSource{
+		Type:      models.LoginDLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
 		},
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createLoginSource(loginSource)
 }

 // updateLdapBindDn updates a new LDAP (simple auth) authentication source.
 func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.DLDAP)
+	loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
 	if err != nil {
 		return err
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateLoginSource(loginSource)
 }
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -7,16 +7,10 @@
 package cmd

 import (
-	"context"
 	"errors"
 	"fmt"
-	"os"
-	"os/signal"
-	"strings"
-	"syscall"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

@@ -38,59 +32,17 @@ func argsSet(c *cli.Context, args ...string) error {
 	return nil
 }

-// confirm waits for user input which confirms an action
-func confirm() (bool, error) {
-	var response string
-
-	_, err := fmt.Scanln(&response)
-	if err != nil {
-		return false, err
-	}
-
-	switch strings.ToLower(response) {
-	case "y", "yes":
-		return true, nil
-	case "n", "no":
-		return false, nil
-	default:
-		return false, errors.New(response + " isn't a correct confirmation string")
-	}
+func initDB() error {
+	return initDBDisableConsole(false)
 }

-func initDB(ctx context.Context) error {
-	setting.LoadFromExisting()
+func initDBDisableConsole(disableConsole bool) error {
+	setting.NewContext()
 	setting.InitDBConfig()
-	setting.NewXORMLogService(false)

-	if setting.Database.Type == "" {
-		log.Fatal(`Database settings are missing from the configuration file: %q.
-Ensure you are running in the correct environment or set the correct configuration file with -c.
-If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
-	}
-	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
+	setting.NewXORMLogService(disableConsole)
+	if err := models.SetEngine(); err != nil {
+		return fmt.Errorf("models.SetEngine: %v", err)
 	}
 	return nil
 }
-
-func installSignals() (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(context.Background())
-	go func() {
-		// install notify
-		signalChannel := make(chan os.Signal, 1)
-
-		signal.Notify(
-			signalChannel,
-			syscall.SIGINT,
-			syscall.SIGTERM,
-		)
-		select {
-		case <-signalChannel:
-		case <-ctx.Done():
-		}
-		cancel()
-		signal.Reset()
-	}()
-
-	return ctx, cancel
-}
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"fmt"

-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

@@ -23,25 +23,22 @@ var CmdConvert = cli.Command{
 }

 func runConvert(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	log.Info("AppPath: %s", setting.AppPath)
-	log.Info("AppWorkPath: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()

 	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}

-	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+	if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
 		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
 		return err
 	}
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -1,65 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"strings"
-
-	"github.com/urfave/cli"
-)
-
-// CmdDocs represents the available docs sub-command.
-var CmdDocs = cli.Command{
-	Name:        "docs",
-	Usage:       "Output CLI documentation",
-	Description: "A command to output Gitea's CLI documentation, optionally to a file.",
-	Action:      runDocs,
-	Flags: []cli.Flag{
-		&cli.BoolFlag{
-			Name:  "man",
-			Usage: "Output man pages instead",
-		},
-		&cli.StringFlag{
-			Name:  "output, o",
-			Usage: "Path to output to instead of stdout (will overwrite if exists)",
-		},
-	},
-}
-
-func runDocs(ctx *cli.Context) error {
-	docs, err := ctx.App.ToMarkdown()
-	if ctx.Bool("man") {
-		docs, err = ctx.App.ToMan()
-	}
-	if err != nil {
-		return err
-	}
-
-	if !ctx.Bool("man") {
-		// Clean up markdown. The following bug was fixed in v2, but is present in v1.
-		// It affects markdown output (even though the issue is referring to man pages)
-		// https://github.com/urfave/cli/issues/1040
-		firstHashtagIndex := strings.Index(docs, "#")
-
-		if firstHashtagIndex > 0 {
-			docs = docs[firstHashtagIndex:]
-		}
-	}
-
-	out := os.Stdout
-	if ctx.String("output") != "" {
-		fi, err := os.Create(ctx.String("output"))
-		if err != nil {
-			return err
-		}
-		defer fi.Close()
-		out = fi
-	}
-
-	_, err = fmt.Fprintln(out, docs)
-	return err
-}
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -1,219 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"context"
-	"fmt"
-	golog "log"
-	"os"
-	"strings"
-	"text/tabwriter"
-
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/migrations"
-	"code.gitea.io/gitea/modules/doctor"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-	"xorm.io/xorm"
-)
-
-// CmdDoctor represents the available doctor sub-command.
-var CmdDoctor = cli.Command{
-	Name:        "doctor",
-	Usage:       "Diagnose problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
-	Action:      runDoctor,
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "list",
-			Usage: "List the available checks",
-		},
-		cli.BoolFlag{
-			Name:  "default",
-			Usage: "Run the default checks (if neither --run or --all is set, this is the default behaviour)",
-		},
-		cli.StringSliceFlag{
-			Name:  "run",
-			Usage: "Run the provided checks - (if --default is set, the default checks will also run)",
-		},
-		cli.BoolFlag{
-			Name:  "all",
-			Usage: "Run all the available checks",
-		},
-		cli.BoolFlag{
-			Name:  "fix",
-			Usage: "Automatically fix what we can",
-		},
-		cli.StringFlag{
-			Name:  "log-file",
-			Usage: `Name of the log file (default: "doctor.log"). Set to "-" to output to stdout, set to "" to disable`,
-		},
-		cli.BoolFlag{
-			Name:  "color, H",
-			Usage: "Use color for outputted information",
-		},
-	},
-	Subcommands: []cli.Command{
-		cmdRecreateTable,
-	},
-}
-
-var cmdRecreateTable = cli.Command{
-	Name:      "recreate-table",
-	Usage:     "Recreate tables from XORM definitions and copy the data.",
-	ArgsUsage: "[TABLE]... : (TABLEs to recreate - leave blank for all)",
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "debug",
-			Usage: "Print SQL commands sent",
-		},
-	},
-	Description: `The database definitions Gitea uses change across versions, sometimes changing default values and leaving old unused columns.
-
-This command will cause Xorm to recreate tables, copying over the data and deleting the old table.
-
-You should back-up your database before doing this and ensure that your database is up-to-date first.`,
-	Action: runRecreateTable,
-}
-
-func runRecreateTable(ctx *cli.Context) error {
-	// Redirect the default golog to here
-	golog.SetFlags(0)
-	golog.SetPrefix("")
-	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
-
-	setting.LoadFromExisting()
-	setting.InitDBConfig()
-
-	setting.EnableXORMLog = ctx.Bool("debug")
-	setting.Database.LogSQL = ctx.Bool("debug")
-	setting.Cfg.Section("log").Key("XORM").SetValue(",")
-
-	setting.NewXORMLogService(!ctx.Bool("debug"))
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := db.InitEngine(stdCtx); err != nil {
-		fmt.Println(err)
-		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
-		return nil
-	}
-
-	args := ctx.Args()
-	names := make([]string, 0, ctx.NArg())
-	for i := 0; i < ctx.NArg(); i++ {
-		names = append(names, args.Get(i))
-	}
-
-	beans, err := db.NamesToBean(names...)
-	if err != nil {
-		return err
-	}
-	recreateTables := migrations.RecreateTables(beans...)
-
-	return db.InitEngineWithMigration(context.Background(), func(x *xorm.Engine) error {
-		if err := migrations.EnsureUpToDate(x); err != nil {
-			return err
-		}
-		return recreateTables(x)
-	})
-
-}
-
-func runDoctor(ctx *cli.Context) error {
-	// Silence the default loggers
-	log.DelNamedLogger("console")
-	log.DelNamedLogger(log.DEFAULT)
-
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	// Now setup our own
-	logFile := ctx.String("log-file")
-	if !ctx.IsSet("log-file") {
-		logFile = "doctor.log"
-	}
-
-	colorize := log.CanColorStdout
-	if ctx.IsSet("color") {
-		colorize = ctx.Bool("color")
-	}
-
-	if len(logFile) == 0 {
-		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"NONE","stacktracelevel":"NONE","colorize":%t}`, colorize))
-	} else if logFile == "-" {
-		log.NewLogger(1000, "doctor", "console", fmt.Sprintf(`{"level":"trace","stacktracelevel":"NONE","colorize":%t}`, colorize))
-	} else {
-		log.NewLogger(1000, "doctor", "file", fmt.Sprintf(`{"filename":%q,"level":"trace","stacktracelevel":"NONE"}`, logFile))
-	}
-
-	// Finally redirect the default golog to here
-	golog.SetFlags(0)
-	golog.SetPrefix("")
-	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
-
-	if ctx.IsSet("list") {
-		w := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', 0)
-		_, _ = w.Write([]byte("Default\tName\tTitle\n"))
-		for _, check := range doctor.Checks {
-			if check.IsDefault {
-				_, _ = w.Write([]byte{'*'})
-			}
-			_, _ = w.Write([]byte{'\t'})
-			_, _ = w.Write([]byte(check.Name))
-			_, _ = w.Write([]byte{'\t'})
-			_, _ = w.Write([]byte(check.Title))
-			_, _ = w.Write([]byte{'\n'})
-		}
-		return w.Flush()
-	}
-
-	var checks []*doctor.Check
-	if ctx.Bool("all") {
-		checks = doctor.Checks
-	} else if ctx.IsSet("run") {
-		addDefault := ctx.Bool("default")
-		names := ctx.StringSlice("run")
-		for i, name := range names {
-			names[i] = strings.ToLower(strings.TrimSpace(name))
-		}
-
-		for _, check := range doctor.Checks {
-			if addDefault && check.IsDefault {
-				checks = append(checks, check)
-				continue
-			}
-			for _, name := range names {
-				if name == check.Name {
-					checks = append(checks, check)
-					break
-				}
-			}
-		}
-	} else {
-		for _, check := range doctor.Checks {
-			if check.IsDefault {
-				checks = append(checks, check)
-			}
-		}
-	}
-
-	// Now we can set up our own logger to return information about what the doctor is doing
-	if err := log.NewNamedLogger("doctorouter",
-		1000,
-		"console",
-		"console",
-		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
-		fmt.Println(err)
-		return err
-	}
-
-	logger := log.GetLogger("doctorouter")
-	defer logger.Close()
-	return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
-}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -7,89 +7,21 @@ package cmd

 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
-	"strings"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/modules/util"

-	"gitea.com/go-chi/session"
-	archiver "github.com/mholt/archiver/v3"
+	"github.com/unknwon/cae/zip"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )

-func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
-	if verbose {
-		log.Info("Adding file %s\n", filePath)
-	}
-	file, err := os.Open(absPath)
-	if err != nil {
-		return err
-	}
-	defer file.Close()
-	fileInfo, err := file.Stat()
-	if err != nil {
-		return err
-	}
-
-	return w.Write(archiver.File{
-		FileInfo: archiver.FileInfo{
-			FileInfo:   fileInfo,
-			CustomName: filePath,
-		},
-		ReadCloser: file,
-	})
-}
-
-func isSubdir(upper, lower string) (bool, error) {
-	if relPath, err := filepath.Rel(upper, lower); err != nil {
-		return false, err
-	} else if relPath == "." || !strings.HasPrefix(relPath, ".") {
-		return true, nil
-	}
-	return false, nil
-}
-
-type outputType struct {
-	Enum     []string
-	Default  string
-	selected string
-}
-
-func (o outputType) Join() string {
-	return strings.Join(o.Enum, ", ")
-}
-
-func (o *outputType) Set(value string) error {
-	for _, enum := range o.Enum {
-		if enum == value {
-			o.selected = value
-			return nil
-		}
-	}
-
-	return fmt.Errorf("allowed values are %s", o.Join())
-}
-
-func (o outputType) String() string {
-	if o.selected == "" {
-		return o.Default
-	}
-	return o.selected
-}
-
-var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "rar", "tar", "sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
-	Default: "zip",
-}
-
 // CmdDump represents the available dump sub-command.
 var CmdDump = cli.Command{
 	Name:  "dump",
@@ -101,7 +33,7 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 		cli.StringFlag{
 			Name:  "file, f",
 			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
-			Usage: "Name of the dump file which will be created. Supply '-' for stdout. See type for available types.",
+			Usage: "Name of the dump file which will be created.",
 		},
 		cli.BoolFlag{
 			Name:  "verbose, V",
@@ -120,27 +52,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-repository, R",
 			Usage: "Skip the repository dumping",
 		},
-		cli.BoolFlag{
-			Name:  "skip-log, L",
-			Usage: "Skip the log dumping",
-		},
-		cli.BoolFlag{
-			Name:  "skip-custom-dir",
-			Usage: "Skip custom directory",
-		},
-		cli.BoolFlag{
-			Name:  "skip-lfs-data",
-			Usage: "Skip LFS data",
-		},
-		cli.BoolFlag{
-			Name:  "skip-attachment-data",
-			Usage: "Skip attachment data",
-		},
-		cli.GenericFlag{
-			Name:  "type",
-			Value: outputTypeEnum,
-			Usage: fmt.Sprintf("Dump output format: %s", outputTypeEnum.Join()),
-		},
 	},
 }

@@ -150,118 +61,52 @@ func fatal(format string, args ...interface{}) {
 }

 func runDump(ctx *cli.Context) error {
-	var file *os.File
-	fileName := ctx.String("file")
-	outType := ctx.String("type")
-	if fileName == "-" {
-		file = os.Stdout
-		err := log.DelLogger("console")
-		if err != nil {
-			fatal("Deleting default logger failed. Can not write to stdout: %v", err)
-		}
-	} else {
-		fileName = strings.TrimSuffix(fileName, path.Ext(fileName))
-		fileName += "." + outType
-	}
-	setting.LoadFromExisting()
-
-	// make sure we are logging to the console no matter what the configuration tells us do to
-	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
-		fatal("Setting logging mode to console failed: %v", err)
-	}
-	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
-		fatal("Setting console logger to stderr failed: %v", err)
-	}
-	if !setting.InstallLock {
-		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
-		return fmt.Errorf("gitea is not initialized")
-	}
+	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise

-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	err := db.InitEngine(stdCtx)
+	err := models.SetEngine()
 	if err != nil {
 		return err
 	}

-	if err := storage.Init(); err != nil {
-		return err
-	}
-
-	if file == nil {
-		file, err = os.Create(fileName)
-		if err != nil {
-			fatal("Unable to open %s: %v", fileName, err)
-		}
-	}
-	defer file.Close()
-
-	absFileName, err := filepath.Abs(fileName)
-	if err != nil {
-		return err
-	}
-
-	verbose := ctx.Bool("verbose")
-	var iface interface{}
-	if fileName == "-" {
-		iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
-	} else {
-		iface, err = archiver.ByExtension(fileName)
-	}
-	if err != nil {
-		fatal("Unable to get archiver for extension: %v", err)
-	}
-
-	w, _ := iface.(archiver.Writer)
-	if err := w.Create(file); err != nil {
-		fatal("Creating archiver.Writer failed: %v", err)
-	}
-	defer w.Close()
-
-	if ctx.IsSet("skip-repository") && ctx.Bool("skip-repository") {
-		log.Info("Skip dumping local repositories")
-	} else {
-		log.Info("Dumping local repositories... %s", setting.RepoRootPath)
-		if err := addRecursiveExclude(w, "repos", setting.RepoRootPath, []string{absFileName}, verbose); err != nil {
-			fatal("Failed to include repositories: %v", err)
-		}
-
-		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
-			log.Info("Skip dumping LFS data")
-		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
-			info, err := object.Stat()
-			if err != nil {
-				return err
-			}
-
-			return w.Write(archiver.File{
-				FileInfo: archiver.FileInfo{
-					FileInfo:   info,
-					CustomName: path.Join("data", "lfs", objPath),
-				},
-				ReadCloser: object,
-			})
-		}); err != nil {
-			fatal("Failed to dump LFS objects: %v", err)
-		}
-	}
-
 	tmpDir := ctx.String("tempdir")
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
 		fatal("Path does not exist: %s", tmpDir)
 	}
-
-	dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
+	tmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
 	if err != nil {
-		fatal("Failed to create tmp file: %v", err)
+		fatal("Failed to create tmp work directory: %v", err)
 	}
-	defer func() {
-		if err := util.Remove(dbDump.Name()); err != nil {
-			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
+	log.Info("Creating tmp work dir: %s", tmpWorkDir)
+
+	// work-around #1103
+	if os.Getenv("TMPDIR") == "" {
+		os.Setenv("TMPDIR", tmpWorkDir)
+	}
+
+	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")
+
+	fileName := ctx.String("file")
+	log.Info("Packing dump files...")
+	z, err := zip.Create(fileName)
+	if err != nil {
+		fatal("Failed to create %s: %v", fileName, err)
+	}
+
+	zip.Verbose = ctx.Bool("verbose")
+
+	if ctx.IsSet("skip-repository") {
+		log.Info("Skip dumping local repositories")
+	} else {
+		log.Info("Dumping local repositories...%s", setting.RepoRootPath)
+		reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
+		if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+			fatal("Failed to dump local repositories: %v", err)
 		}
-	}()
+		if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
+			fatal("Failed to include gitea-repo.zip: %v", err)
+		}
+	}

 	targetDBType := ctx.String("database")
 	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
@@ -270,131 +115,69 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Dumping database...")
 	}

-	if err := db.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
+	if err := models.DumpDatabase(dbDump, targetDBType); err != nil {
 		fatal("Failed to dump database: %v", err)
 	}

-	if err := addFile(w, "gitea-db.sql", dbDump.Name(), verbose); err != nil {
+	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
 		fatal("Failed to include gitea-db.sql: %v", err)
 	}

 	if len(setting.CustomConf) > 0 {
 		log.Info("Adding custom configuration file from %s", setting.CustomConf)
-		if err := addFile(w, "app.ini", setting.CustomConf, verbose); err != nil {
+		if err := z.AddFile("app.ini", setting.CustomConf); err != nil {
 			fatal("Failed to include specified app.ini: %v", err)
 		}
 	}

-	if ctx.IsSet("skip-custom-dir") && ctx.Bool("skip-custom-dir") {
-		log.Info("Skipping custom directory")
-	} else {
-		customDir, err := os.Stat(setting.CustomPath)
-		if err == nil && customDir.IsDir() {
-			if is, _ := isSubdir(setting.AppDataPath, setting.CustomPath); !is {
-				if err := addRecursiveExclude(w, "custom", setting.CustomPath, []string{absFileName}, verbose); err != nil {
-					fatal("Failed to include custom: %v", err)
-				}
-			} else {
-				log.Info("Custom dir %s is inside data dir %s, skipped", setting.CustomPath, setting.AppDataPath)
-			}
-		} else {
-			log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+	customDir, err := os.Stat(setting.CustomPath)
+	if err == nil && customDir.IsDir() {
+		if err := z.AddDir("custom", setting.CustomPath); err != nil {
+			fatal("Failed to include custom: %v", err)
 		}
+	} else {
+		log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 	}

-	isExist, err := util.IsExist(setting.AppDataPath)
-	if err != nil {
-		log.Error("Unable to check if %s exists. Error: %v", setting.AppDataPath, err)
-	}
-	if isExist {
+	if com.IsExist(setting.AppDataPath) {
 		log.Info("Packing data directory...%s", setting.AppDataPath)

-		var excludes []string
-		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
-			var opts session.Options
-			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
-				return err
-			}
-			excludes = append(excludes, opts.ProviderConfig)
+		var sessionAbsPath string
+		if setting.SessionConfig.Provider == "file" {
+			sessionAbsPath = setting.SessionConfig.ProviderConfig
 		}
-
-		excludes = append(excludes, setting.RepoRootPath)
-		excludes = append(excludes, setting.LFS.Path)
-		excludes = append(excludes, setting.Attachment.Path)
-		excludes = append(excludes, setting.LogRootPath)
-		excludes = append(excludes, absFileName)
-		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
+		if err := zipAddDirectoryExclude(z, "data", setting.AppDataPath, sessionAbsPath); err != nil {
 			fatal("Failed to include data directory: %v", err)
 		}
 	}

-	if ctx.IsSet("skip-attachment-data") && ctx.Bool("skip-attachment-data") {
-		log.Info("Skip dumping attachment data")
-	} else if err := storage.Attachments.IterateObjects(func(objPath string, object storage.Object) error {
-		info, err := object.Stat()
-		if err != nil {
-			return err
-		}
-
-		return w.Write(archiver.File{
-			FileInfo: archiver.FileInfo{
-				FileInfo:   info,
-				CustomName: path.Join("data", "attachments", objPath),
-			},
-			ReadCloser: object,
-		})
-	}); err != nil {
-		fatal("Failed to dump attachments: %v", err)
-	}
-
-	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
-	// ensuring that it's clear the dump is skipped whether the directory's initialized
-	// yet or not.
-	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
-		log.Info("Skip dumping log files")
-	} else {
-		isExist, err := util.IsExist(setting.LogRootPath)
-		if err != nil {
-			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
-		}
-		if isExist {
-			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
-				fatal("Failed to include log: %v", err)
-			}
+	if com.IsExist(setting.LogRootPath) {
+		if err := z.AddDir("log", setting.LogRootPath); err != nil {
+			fatal("Failed to include log: %v", err)
 		}
 	}

-	if fileName != "-" {
-		if err = w.Close(); err != nil {
-			_ = util.Remove(fileName)
-			fatal("Failed to save %s: %v", fileName, err)
-		}
-
-		if err := os.Chmod(fileName, 0600); err != nil {
-			log.Info("Can't change file access permissions mask to 0600: %v", err)
-		}
+	if err = z.Close(); err != nil {
+		_ = os.Remove(fileName)
+		fatal("Failed to save %s: %v", fileName, err)
 	}

-	if fileName != "-" {
-		log.Info("Finish dumping in file %s", fileName)
-	} else {
-		log.Info("Finish dumping to stdout")
+	if err := os.Chmod(fileName, 0600); err != nil {
+		log.Info("Can't change file access permissions mask to 0600: %v", err)
 	}

+	log.Info("Removing tmp work dir: %s", tmpWorkDir)
+
+	if err := os.RemoveAll(tmpWorkDir); err != nil {
+		fatal("Failed to remove %s: %v", tmpWorkDir, err)
+	}
+	log.Info("Finish dumping in file %s", fileName)
+
 	return nil
 }

-func contains(slice []string, s string) bool {
-	for _, v := range slice {
-		if v == s {
-			return true
-		}
-	}
-	return false
-}
-
-// addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
-func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
+// zipAddDirectoryExclude zips absPath to specified zipPath inside z excluding excludeAbsPath
+func zipAddDirectoryExclude(zip *zip.ZipArchive, zipPath, absPath string, excludeAbsPath string) error {
 	absPath, err := filepath.Abs(absPath)
 	if err != nil {
 		return err
@@ -405,24 +188,24 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 	}
 	defer dir.Close()

+	zip.AddEmptyDir(zipPath)
+
 	files, err := dir.Readdir(0)
 	if err != nil {
 		return err
 	}
 	for _, file := range files {
 		currentAbsPath := path.Join(absPath, file.Name())
-		currentInsidePath := path.Join(insidePath, file.Name())
+		currentZipPath := path.Join(zipPath, file.Name())
 		if file.IsDir() {
-			if !contains(excludeAbsPath, currentAbsPath) {
-				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
-					return err
-				}
-				if err = addRecursiveExclude(w, currentInsidePath, currentAbsPath, excludeAbsPath, verbose); err != nil {
+			if currentAbsPath != excludeAbsPath {
+				if err = zipAddDirectoryExclude(zip, currentZipPath, currentAbsPath, excludeAbsPath); err != nil {
 					return err
 				}
 			}
+
 		} else {
-			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
+			if err = zip.AddFile(currentZipPath, currentAbsPath); err != nil {
 				return err
 			}
 		}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -1,165 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"context"
-	"errors"
-	"strings"
-
-	"code.gitea.io/gitea/modules/convert"
-	"code.gitea.io/gitea/modules/log"
-	base "code.gitea.io/gitea/modules/migration"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/services/migrations"
-
-	"github.com/urfave/cli"
-)
-
-// CmdDumpRepository represents the available dump repository sub-command.
-var CmdDumpRepository = cli.Command{
-	Name:        "dump-repo",
-	Usage:       "Dump the repository from git/github/gitea/gitlab",
-	Description: "This is a command for dumping the repository data.",
-	Action:      runDumpRepository,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "git_service",
-			Value: "",
-			Usage: "Git service, git, github, gitea, gitlab. If clone_addr could be recognized, this could be ignored.",
-		},
-		cli.StringFlag{
-			Name:  "repo_dir, r",
-			Value: "./data",
-			Usage: "Repository dir path to store the data",
-		},
-		cli.StringFlag{
-			Name:  "clone_addr",
-			Value: "",
-			Usage: "The URL will be clone, currently could be a git/github/gitea/gitlab http/https URL",
-		},
-		cli.StringFlag{
-			Name:  "auth_username",
-			Value: "",
-			Usage: "The username to visit the clone_addr",
-		},
-		cli.StringFlag{
-			Name:  "auth_password",
-			Value: "",
-			Usage: "The password to visit the clone_addr",
-		},
-		cli.StringFlag{
-			Name:  "auth_token",
-			Value: "",
-			Usage: "The personal token to visit the clone_addr",
-		},
-		cli.StringFlag{
-			Name:  "owner_name",
-			Value: "",
-			Usage: "The data will be stored on a directory with owner name if not empty",
-		},
-		cli.StringFlag{
-			Name:  "repo_name",
-			Value: "",
-			Usage: "The data will be stored on a directory with repository name if not empty",
-		},
-		cli.StringFlag{
-			Name:  "units",
-			Value: "",
-			Usage: `Which items will be migrated, one or more units should be separated as comma.
-wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
-		},
-	},
-}
-
-func runDumpRepository(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
-		return err
-	}
-
-	log.Info("AppPath: %s", setting.AppPath)
-	log.Info("AppWorkPath: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
-
-	var (
-		serviceType structs.GitServiceType
-		cloneAddr   = ctx.String("clone_addr")
-		serviceStr  = ctx.String("git_service")
-	)
-
-	if strings.HasPrefix(strings.ToLower(cloneAddr), "https://github.com/") {
-		serviceStr = "github"
-	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitlab.com/") {
-		serviceStr = "gitlab"
-	} else if strings.HasPrefix(strings.ToLower(cloneAddr), "https://gitea.com/") {
-		serviceStr = "gitea"
-	}
-	if serviceStr == "" {
-		return errors.New("git_service missed or clone_addr cannot be recognized")
-	}
-	serviceType = convert.ToGitServiceType(serviceStr)
-
-	var opts = base.MigrateOptions{
-		GitServiceType: serviceType,
-		CloneAddr:      cloneAddr,
-		AuthUsername:   ctx.String("auth_username"),
-		AuthPassword:   ctx.String("auth_password"),
-		AuthToken:      ctx.String("auth_token"),
-		RepoName:       ctx.String("repo_name"),
-	}
-
-	if len(ctx.String("units")) == 0 {
-		opts.Wiki = true
-		opts.Issues = true
-		opts.Milestones = true
-		opts.Labels = true
-		opts.Releases = true
-		opts.Comments = true
-		opts.PullRequests = true
-		opts.ReleaseAssets = true
-	} else {
-		units := strings.Split(ctx.String("units"), ",")
-		for _, unit := range units {
-			switch strings.ToLower(unit) {
-			case "wiki":
-				opts.Wiki = true
-			case "issues":
-				opts.Issues = true
-			case "milestones":
-				opts.Milestones = true
-			case "labels":
-				opts.Labels = true
-			case "releases":
-				opts.Releases = true
-			case "release_assets":
-				opts.ReleaseAssets = true
-			case "comments":
-				opts.Comments = true
-			case "pull_requests":
-				opts.PullRequests = true
-			}
-		}
-	}
-
-	if err := migrations.DumpRepository(
-		context.Background(),
-		ctx.String("repo_dir"),
-		ctx.String("owner_name"),
-		opts,
-	); err != nil {
-		log.Fatal("Failed to dump repository: %v", err)
-		return err
-	}
-
-	log.Trace("Dump finished!!!")
-
-	return nil
-}
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -1,334 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build bindata
-// +build bindata
-
-package cmd
-
-import (
-	"errors"
-	"fmt"
-	"os"
-	"path/filepath"
-	"sort"
-	"strings"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/options"
-	"code.gitea.io/gitea/modules/public"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/templates"
-	"code.gitea.io/gitea/modules/util"
-
-	"github.com/gobwas/glob"
-	"github.com/urfave/cli"
-)
-
-// Cmdembedded represents the available extract sub-command.
-var (
-	Cmdembedded = cli.Command{
-		Name:        "embedded",
-		Usage:       "Extract embedded resources",
-		Description: "A command for extracting embedded resources, like templates and images",
-		Subcommands: []cli.Command{
-			subcmdList,
-			subcmdView,
-			subcmdExtract,
-		},
-	}
-
-	subcmdList = cli.Command{
-		Name:   "list",
-		Usage:  "List files matching the given pattern",
-		Action: runList,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name:  "include-vendored,vendor",
-				Usage: "Include files under public/vendor as well",
-			},
-		},
-	}
-
-	subcmdView = cli.Command{
-		Name:   "view",
-		Usage:  "View a file matching the given pattern",
-		Action: runView,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name:  "include-vendored,vendor",
-				Usage: "Include files under public/vendor as well",
-			},
-		},
-	}
-
-	subcmdExtract = cli.Command{
-		Name:   "extract",
-		Usage:  "Extract resources",
-		Action: runExtract,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name:  "include-vendored,vendor",
-				Usage: "Include files under public/vendor as well",
-			},
-			cli.BoolFlag{
-				Name:  "overwrite",
-				Usage: "Overwrite files if they already exist",
-			},
-			cli.BoolFlag{
-				Name:  "rename",
-				Usage: "Rename files as {name}.bak if they already exist (overwrites previous .bak)",
-			},
-			cli.BoolFlag{
-				Name:  "custom",
-				Usage: "Extract to the 'custom' directory as per app.ini",
-			},
-			cli.StringFlag{
-				Name:  "destination,dest-dir",
-				Usage: "Extract to the specified directory",
-			},
-		},
-	}
-
-	sections map[string]*section
-	assets   []asset
-)
-
-type section struct {
-	Path  string
-	Names func() []string
-	IsDir func(string) (bool, error)
-	Asset func(string) ([]byte, error)
-}
-
-type asset struct {
-	Section *section
-	Name    string
-	Path    string
-}
-
-func initEmbeddedExtractor(c *cli.Context) error {
-
-	// Silence the console logger
-	log.DelNamedLogger("console")
-	log.DelNamedLogger(log.DEFAULT)
-
-	// Read configuration file
-	setting.LoadAllowEmpty()
-
-	pats, err := getPatterns(c.Args())
-	if err != nil {
-		return err
-	}
-	sections := make(map[string]*section, 3)
-
-	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
-	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
-	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}
-
-	for _, sec := range sections {
-		assets = append(assets, buildAssetList(sec, pats, c)...)
-	}
-
-	// Sort assets
-	sort.SliceStable(assets, func(i, j int) bool {
-		return assets[i].Path < assets[j].Path
-	})
-
-	return nil
-}
-
-func runList(c *cli.Context) error {
-	if err := runListDo(c); err != nil {
-		fmt.Fprintf(os.Stderr, "%v\n", err)
-		return err
-	}
-	return nil
-}
-
-func runView(c *cli.Context) error {
-	if err := runViewDo(c); err != nil {
-		fmt.Fprintf(os.Stderr, "%v\n", err)
-		return err
-	}
-	return nil
-}
-
-func runExtract(c *cli.Context) error {
-	if err := runExtractDo(c); err != nil {
-		fmt.Fprintf(os.Stderr, "%v\n", err)
-		return err
-	}
-	return nil
-}
-
-func runListDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(c); err != nil {
-		return err
-	}
-
-	for _, a := range assets {
-		fmt.Println(a.Path)
-	}
-
-	return nil
-}
-
-func runViewDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(c); err != nil {
-		return err
-	}
-
-	if len(assets) == 0 {
-		return fmt.Errorf("No files matched the given pattern")
-	} else if len(assets) > 1 {
-		return fmt.Errorf("Too many files matched the given pattern; try to be more specific")
-	}
-
-	data, err := assets[0].Section.Asset(assets[0].Name)
-	if err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
-	}
-
-	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", assets[0].Path, err)
-	}
-
-	return nil
-}
-
-func runExtractDo(c *cli.Context) error {
-	if err := initEmbeddedExtractor(c); err != nil {
-		return err
-	}
-
-	if len(c.Args()) == 0 {
-		return fmt.Errorf("A list of pattern of files to extract is mandatory (e.g. '**' for all)")
-	}
-
-	destdir := "."
-
-	if c.IsSet("destination") {
-		destdir = c.String("destination")
-	} else if c.Bool("custom") {
-		destdir = setting.CustomPath
-		fmt.Println("Using app.ini at", setting.CustomConf)
-	}
-
-	fi, err := os.Stat(destdir)
-	if errors.Is(err, os.ErrNotExist) {
-		// In case Windows users attempt to provide a forward-slash path
-		wdestdir := filepath.FromSlash(destdir)
-		if wfi, werr := os.Stat(wdestdir); werr == nil {
-			destdir = wdestdir
-			fi = wfi
-			err = nil
-		}
-	}
-	if err != nil {
-		return fmt.Errorf("%s: %s", destdir, err)
-	} else if !fi.IsDir() {
-		return fmt.Errorf("%s is not a directory.", destdir)
-	}
-
-	fmt.Printf("Extracting to %s:\n", destdir)
-
-	overwrite := c.Bool("overwrite")
-	rename := c.Bool("rename")
-
-	for _, a := range assets {
-		if err := extractAsset(destdir, a, overwrite, rename); err != nil {
-			// Non-fatal error
-			fmt.Fprintf(os.Stderr, "%s: %v", a.Path, err)
-		}
-	}
-
-	return nil
-}
-
-func extractAsset(d string, a asset, overwrite, rename bool) error {
-	dest := filepath.Join(d, filepath.FromSlash(a.Path))
-	dir := filepath.Dir(dest)
-
-	data, err := a.Section.Asset(a.Name)
-	if err != nil {
-		return fmt.Errorf("%s: %v", a.Path, err)
-	}
-
-	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %v", dir, err)
-	}
-
-	perms := os.ModePerm & 0666
-
-	fi, err := os.Lstat(dest)
-	if err != nil {
-		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %v", dest, err)
-		}
-	} else if !overwrite && !rename {
-		fmt.Printf("%s already exists; skipped.\n", dest)
-		return nil
-	} else if !fi.Mode().IsRegular() {
-		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
-	} else if rename {
-		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
-		}
-		// Attempt to respect file permissions mask (even if user:group will be set anew)
-		perms = fi.Mode()
-	}
-
-	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
-	if err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
-	}
-	defer file.Close()
-
-	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %v", dest, err)
-	}
-
-	fmt.Println(dest)
-
-	return nil
-}
-
-func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
-	var results = make([]asset, 0, 64)
-	for _, name := range sec.Names() {
-		if isdir, err := sec.IsDir(name); !isdir && err == nil {
-			if sec.Path == "public" &&
-				strings.HasPrefix(name, "vendor/") &&
-				!c.Bool("include-vendored") {
-				continue
-			}
-			matchName := sec.Path + "/" + name
-			for _, g := range globs {
-				if g.Match(matchName) {
-					results = append(results, asset{Section: sec,
-						Name: name,
-						Path: sec.Path + "/" + name})
-					break
-				}
-			}
-		}
-	}
-	return results
-}
-
-func getPatterns(args []string) ([]glob.Glob, error) {
-	if len(args) == 0 {
-		args = []string{"**"}
-	}
-	pat := make([]glob.Glob, len(args))
-	for i := range args {
-		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
-		} else {
-			pat[i] = g
-		}
-	}
-	return pat, nil
-}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -1,31 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build !bindata
-// +build !bindata
-
-package cmd
-
-import (
-	"fmt"
-	"os"
-
-	"github.com/urfave/cli"
-)
-
-// Cmdembedded represents the available extract sub-command.
-var (
-	Cmdembedded = cli.Command{
-		Name:        "embedded",
-		Usage:       "Extract embedded resources",
-		Description: "A command for extracting embedded resources, like templates and images",
-		Action:      extractorNotImplemented,
-	}
-)
-
-func extractorNotImplemented(c *cli.Context) error {
-	err := fmt.Errorf("Sorry: the 'embedded' subcommand is not available in builds without bindata")
-	fmt.Fprintf(os.Stderr, "%s\n", err)
-	return err
-}
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -7,11 +7,9 @@ package cmd

 import (
 	"fmt"
-	"os"

 	"code.gitea.io/gitea/modules/generate"

-	"github.com/mattn/go-isatty"
 	"github.com/urfave/cli"
 )

@@ -61,27 +59,17 @@ func runGenerateInternalToken(c *cli.Context) error {
 		return err
 	}

-	fmt.Printf("%s", internalToken)
-
-	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Printf("\n")
-	}
-
+	fmt.Printf("%s\n", internalToken)
 	return nil
 }

 func runGenerateLfsJwtSecret(c *cli.Context) error {
-	JWTSecretBase64, err := generate.NewJwtSecretBase64()
+	JWTSecretBase64, err := generate.NewJwtSecret()
 	if err != nil {
 		return err
 	}

-	fmt.Printf("%s", JWTSecretBase64)
-
-	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Printf("\n")
-	}
-
+	fmt.Printf("%s\n", JWTSecretBase64)
 	return nil
 }

@@ -91,11 +79,6 @@ func runGenerateSecretKey(c *cli.Context) error {
 		return err
 	}

-	fmt.Printf("%s", secretKey)
-
-	if isatty.IsTerminal(os.Stdout.Fd()) {
-		fmt.Printf("\n")
-	}
-
+	fmt.Printf("%s\n", secretKey)
 	return nil
 }
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -19,7 +19,6 @@ import (
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/urfave/cli"
 )
@@ -38,7 +37,6 @@ var (
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
 			subcmdHookPostReceive,
-			subcmdHookProcReceive,
 		},
 	}

@@ -47,45 +45,18 @@ var (
 		Usage:       "Delegate pre-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPreReceive,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
 	}
 	subcmdHookUpdate = cli.Command{
 		Name:        "update",
 		Usage:       "Delegate update Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookUpdate,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
 	}
 	subcmdHookPostReceive = cli.Command{
 		Name:        "post-receive",
 		Usage:       "Delegate post-receive Git hook",
 		Description: "This command should only be called by Git",
 		Action:      runHookPostReceive,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-	}
-	// Note: new hook since git 2.29
-	subcmdHookProcReceive = cli.Command{
-		Name:        "proc-receive",
-		Usage:       "Delegate proc-receive Git hook",
-		Description: "This command should only be called by Git",
-		Action:      runHookProcReceive,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
 	}
 )

@@ -142,8 +113,15 @@ func (d *delayWriter) Close() error {
 	if d == nil {
 		return nil
 	}
-	stopped := util.StopTimer(d.timer)
-	if stopped || d.buf == nil {
+	stopped := d.timer.Stop()
+	if stopped {
+		return nil
+	}
+	select {
+	case <-d.timer.C:
+	default:
+	}
+	if d.buf == nil {
 		return nil
 	}
 	_, err := d.internal.Write(d.buf.Bytes())
@@ -165,26 +143,25 @@ func runHookPreReceive(c *cli.Context) error {
 	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
-	ctx, cancel := installSignals()
-	defer cancel()

-	setup("hooks/pre-receive.log", c.Bool("debug"))
+	setup("hooks/pre-receive.log", false)

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(`Rejecting changes as Gitea environment not set.
+			fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
+		} else {
+			return nil
 		}
-		return nil
 	}

-	// the environment is set by serv command
-	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	// the environment setted on serv command
+	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
 	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)
 	isDeployKey, _ := strconv.ParseBool(os.Getenv(models.EnvIsDeployKey))

 	hookOptions := private.HookOptions{
@@ -192,8 +169,7 @@ Gitea or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
-		GitPushOptions:                  pushOptions(),
-		PullRequestID:                   prID,
+		ProtectedBranchID:               prID,
 		IsDeployKey:                     isDeployKey,
 	}

@@ -218,11 +194,6 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	supportProcRecive := false
-	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcRecive = true
-	}
-
 	for scanner.Scan() {
 		// TODO: support news feeds for wiki
 		if isWiki {
@@ -240,10 +211,8 @@ Gitea or set your environment appropriately.`, "")
 		total++
 		lastline++

-		// If the ref is a branch or tag, check if it's protected
-		// if supportProcRecive all ref should be checked because
-		// permission check was delayed
-		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		// If the ref is a branch, check if it's protected
+		if strings.HasPrefix(refFullName, git.BranchPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -251,19 +220,19 @@ Gitea or set your environment appropriately.`, "")
 			fmt.Fprintf(out, "*")

 			if count >= hookBatchSize {
-				fmt.Fprintf(out, " Checking %d references\n", count)
+				fmt.Fprintf(out, " Checking %d branches\n", count)

 				hookOptions.OldCommitIDs = oldCommitIDs
 				hookOptions.NewCommitIDs = newCommitIDs
 				hookOptions.RefFullNames = refFullNames
-				statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
+				statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
 				switch statusCode {
 				case http.StatusOK:
 					// no-op
 				case http.StatusInternalServerError:
-					return fail("Internal Server Error", msg)
+					fail("Internal Server Error", msg)
 				default:
-					return fail(msg, "")
+					fail(msg, "")
 				}
 				count = 0
 				lastline = 0
@@ -282,17 +251,18 @@ Gitea or set your environment appropriately.`, "")
 		hookOptions.NewCommitIDs = newCommitIDs[:count]
 		hookOptions.RefFullNames = refFullNames[:count]

-		fmt.Fprintf(out, " Checking %d references\n", count)
+		fmt.Fprintf(out, " Checking %d branches\n", count)

-		statusCode, msg := private.HookPreReceive(ctx, username, reponame, hookOptions)
+		statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
 		switch statusCode {
 		case http.StatusInternalServerError:
-			return fail("Internal Server Error", msg)
+			fail("Internal Server Error", msg)
 		case http.StatusForbidden:
-			return fail(msg, "")
+			fail(msg, "")
 		}
 	} else if lastline > 0 {
 		fmt.Fprintf(out, "\n")
+		lastline = 0
 	}

 	fmt.Fprintf(out, "Checked %d references in total\n", total)
@@ -305,28 +275,20 @@ func runHookUpdate(c *cli.Context) error {
 }

 func runHookPostReceive(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	// First of all run update-server-info no matter what
-	if _, err := git.NewCommandContext(ctx, "update-server-info").Run(); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
-	}
-
-	// Now if we're an internal don't do anything else
 	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}

-	setup("hooks/post-receive.log", c.Bool("debug"))
+	setup("hooks/post-receive.log", false)

 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(`Rejecting changes as Gitea environment not set.
+			fail(`Rejecting changes as Gitea environment not set.
 If you are pushing over SSH you must push with a key managed by
 Gitea or set your environment appropriately.`, "")
+		} else {
+			return nil
 		}
-		return nil
 	}

 	var out io.Writer
@@ -342,9 +304,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	// the environment is set by serv command
+	// the environment setted on serv command
 	repoUser := os.Getenv(models.EnvRepoUsername)
-	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	repoName := os.Getenv(models.EnvRepoName)
 	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
 	pusherName := os.Getenv(models.EnvPusherName)
@@ -355,7 +317,6 @@ Gitea or set your environment appropriately.`, "")
 		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
 		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
-		GitPushOptions:                  pushOptions(),
 	}
 	oldCommitIDs := make([]string, hookBatchSize)
 	newCommitIDs := make([]string, hookBatchSize)
@@ -393,11 +354,11 @@ Gitea or set your environment appropriately.`, "")
 			hookOptions.OldCommitIDs = oldCommitIDs
 			hookOptions.NewCommitIDs = newCommitIDs
 			hookOptions.RefFullNames = refFullNames
-			resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
+			resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
 			if resp == nil {
 				_ = dWriter.Close()
 				hookPrintResults(results)
-				return fail("Internal Server Error", err)
+				fail("Internal Server Error", err)
 			}
 			wasEmpty = wasEmpty || resp.RepoWasEmpty
 			results = append(results, resp.Results...)
@@ -408,9 +369,9 @@ Gitea or set your environment appropriately.`, "")
 	if count == 0 {
 		if wasEmpty && masterPushed {
 			// We need to tell the repo to reset the default branch to master
-			err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
+			err := private.SetDefaultBranch(repoUser, repoName, "master")
 			if err != nil {
-				return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
+				fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
 			}
 		}
 		fmt.Fprintf(out, "Processed %d references in total\n", total)
@@ -426,11 +387,11 @@ Gitea or set your environment appropriately.`, "")

 	fmt.Fprintf(out, " Processing %d references\n", count)

-	resp, err := private.HookPostReceive(ctx, repoUser, repoName, hookOptions)
+	resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
 	if resp == nil {
 		_ = dWriter.Close()
 		hookPrintResults(results)
-		return fail("Internal Server Error", err)
+		fail("Internal Server Error", err)
 	}
 	wasEmpty = wasEmpty || resp.RepoWasEmpty
 	results = append(results, resp.Results...)
@@ -439,9 +400,9 @@ Gitea or set your environment appropriately.`, "")

 	if wasEmpty && masterPushed {
 		// We need to tell the repo to reset the default branch to master
-		err := private.SetDefaultBranch(ctx, repoUser, repoName, "master")
+		err := private.SetDefaultBranch(repoUser, repoName, "master")
 		if err != nil {
-			return fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
+			fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
 		}
 	}
 	_ = dWriter.Close()
@@ -468,341 +429,3 @@ func hookPrintResults(results []private.HookPostReceiveBranchResult) {
 		os.Stderr.Sync()
 	}
 }
-
-func pushOptions() map[string]string {
-	opts := make(map[string]string)
-	if pushCount, err := strconv.Atoi(os.Getenv(private.GitPushOptionCount)); err == nil {
-		for idx := 0; idx < pushCount; idx++ {
-			opt := os.Getenv(fmt.Sprintf("GIT_PUSH_OPTION_%d", idx))
-			kv := strings.SplitN(opt, "=", 2)
-			if len(kv) == 2 {
-				opts[kv[0]] = kv[1]
-			}
-		}
-	}
-	return opts
-}
-
-func runHookProcReceive(c *cli.Context) error {
-	setup("hooks/proc-receive.log", c.Bool("debug"))
-
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(`Rejecting changes as Gitea environment not set.
-If you are pushing over SSH you must push with a key managed by
-Gitea or set your environment appropriately.`, "")
-		}
-		return nil
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if git.CheckGitVersionAtLeast("2.29") != nil {
-		return fail("Internal Server Error", "git not support proc-receive.")
-	}
-
-	reader := bufio.NewReader(os.Stdin)
-	repoUser := os.Getenv(models.EnvRepoUsername)
-	repoName := os.Getenv(models.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(models.EnvPusherName)
-
-	// 1. Version and features negotiation.
-	// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
-	// S: flush-pkt
-	// H: PKT-LINE(version=1\0push-options...)
-	// H: flush-pkt
-
-	rs, err := readPktLine(reader, pktLineTypeData)
-	if err != nil {
-		return err
-	}
-
-	const VersionHead string = "version=1"
-
-	var (
-		hasPushOptions bool
-		response       = []byte(VersionHead)
-		requestOptions []string
-	)
-
-	index := bytes.IndexByte(rs.Data, byte(0))
-	if index >= len(rs.Data) {
-		return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
-	}
-
-	if index < 0 {
-		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
-			index = 9
-		} else {
-			return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
-		}
-	}
-
-	if string(rs.Data[0:index]) != VersionHead {
-		return fail("Internal Server Error", "Received unsupported version: %s", string(rs.Data[0:index]))
-	}
-	requestOptions = strings.Split(string(rs.Data[index+1:]), " ")
-
-	for _, option := range requestOptions {
-		if strings.HasPrefix(option, "push-options") {
-			response = append(response, byte(0))
-			response = append(response, []byte("push-options")...)
-			hasPushOptions = true
-		}
-	}
-	response = append(response, '\n')
-
-	_, err = readPktLine(reader, pktLineTypeFlush)
-	if err != nil {
-		return err
-	}
-
-	err = writeDataPktLine(os.Stdout, response)
-	if err != nil {
-		return err
-	}
-
-	err = writeFlushPktLine(os.Stdout)
-	if err != nil {
-		return err
-	}
-
-	// 2. receive commands from server.
-	// S: PKT-LINE(<old-oid> <new-oid> <ref>)
-	// S: ... ...
-	// S: flush-pkt
-	// # [receive push-options]
-	// S: PKT-LINE(push-option)
-	// S: ... ...
-	// S: flush-pkt
-	hookOptions := private.HookOptions{
-		UserName: pusherName,
-		UserID:   pusherID,
-	}
-	hookOptions.OldCommitIDs = make([]string, 0, hookBatchSize)
-	hookOptions.NewCommitIDs = make([]string, 0, hookBatchSize)
-	hookOptions.RefFullNames = make([]string, 0, hookBatchSize)
-
-	for {
-		// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
-		rs, err = readPktLine(reader, pktLineTypeUnknow)
-		if err != nil {
-			return err
-		}
-
-		if rs.Type == pktLineTypeFlush {
-			break
-		}
-		t := strings.SplitN(string(rs.Data), " ", 3)
-		if len(t) != 3 {
-			continue
-		}
-		hookOptions.OldCommitIDs = append(hookOptions.OldCommitIDs, t[0])
-		hookOptions.NewCommitIDs = append(hookOptions.NewCommitIDs, t[1])
-		hookOptions.RefFullNames = append(hookOptions.RefFullNames, t[2])
-	}
-
-	hookOptions.GitPushOptions = make(map[string]string)
-
-	if hasPushOptions {
-		for {
-			rs, err = readPktLine(reader, pktLineTypeUnknow)
-			if err != nil {
-				return err
-			}
-
-			if rs.Type == pktLineTypeFlush {
-				break
-			}
-
-			kv := strings.SplitN(string(rs.Data), "=", 2)
-			if len(kv) == 2 {
-				hookOptions.GitPushOptions[kv[0]] = kv[1]
-			}
-		}
-	}
-
-	// 3. run hook
-	resp, err := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
-	if err != nil {
-		return fail("Internal Server Error", "run proc-receive hook failed :%v", err)
-	}
-
-	// 4. response result to service
-	// # a. OK, but has an alternate reference.  The alternate reference name
-	// # and other status can be given in option directives.
-	// H: PKT-LINE(ok <ref>)
-	// H: PKT-LINE(option refname <refname>)
-	// H: PKT-LINE(option old-oid <old-oid>)
-	// H: PKT-LINE(option new-oid <new-oid>)
-	// H: PKT-LINE(option forced-update)
-	// H: ... ...
-	// H: flush-pkt
-	// # b. NO, I reject it.
-	// H: PKT-LINE(ng <ref> <reason>)
-	// # c. Fall through, let 'receive-pack' to execute it.
-	// H: PKT-LINE(ok <ref>)
-	// H: PKT-LINE(option fall-through)
-
-	for _, rs := range resp.Results {
-		if len(rs.Err) > 0 {
-			err = writeDataPktLine(os.Stdout, []byte("ng "+rs.OriginalRef+" "+rs.Err))
-			if err != nil {
-				return err
-			}
-			continue
-		}
-
-		if rs.IsNotMatched {
-			err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
-			if err != nil {
-				return err
-			}
-			err = writeDataPktLine(os.Stdout, []byte("option fall-through"))
-			if err != nil {
-				return err
-			}
-			continue
-		}
-
-		err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
-		if err != nil {
-			return err
-		}
-		err = writeDataPktLine(os.Stdout, []byte("option refname "+rs.Ref))
-		if err != nil {
-			return err
-		}
-		if rs.OldOID != git.EmptySHA {
-			err = writeDataPktLine(os.Stdout, []byte("option old-oid "+rs.OldOID))
-			if err != nil {
-				return err
-			}
-		}
-		err = writeDataPktLine(os.Stdout, []byte("option new-oid "+rs.NewOID))
-		if err != nil {
-			return err
-		}
-		if rs.IsForcePush {
-			err = writeDataPktLine(os.Stdout, []byte("option forced-update"))
-			if err != nil {
-				return err
-			}
-		}
-	}
-	err = writeFlushPktLine(os.Stdout)
-
-	return err
-}
-
-// git PKT-Line api
-// pktLineType message type of pkt-line
-type pktLineType int64
-
-const (
-	// UnKnow type
-	pktLineTypeUnknow pktLineType = 0
-	// flush-pkt "0000"
-	pktLineTypeFlush pktLineType = iota
-	// data line
-	pktLineTypeData
-)
-
-// gitPktLine pkt-line api
-type gitPktLine struct {
-	Type   pktLineType
-	Length uint64
-	Data   []byte
-}
-
-func readPktLine(in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
-	var (
-		err error
-		r   *gitPktLine
-	)
-
-	// read prefix
-	lengthBytes := make([]byte, 4)
-	for i := 0; i < 4; i++ {
-		lengthBytes[i], err = in.ReadByte()
-		if err != nil {
-			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
-		}
-	}
-
-	r = new(gitPktLine)
-	r.Length, err = strconv.ParseUint(string(lengthBytes), 16, 32)
-	if err != nil {
-		return nil, fail("Internal Server Error", "Pkt-Line format is wrong :%v", err)
-	}
-
-	if r.Length == 0 {
-		if requestType == pktLineTypeData {
-			return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
-		}
-		r.Type = pktLineTypeFlush
-		return r, nil
-	}
-
-	if r.Length <= 4 || r.Length > 65520 || requestType == pktLineTypeFlush {
-		return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
-	}
-
-	r.Data = make([]byte, r.Length-4)
-	for i := range r.Data {
-		r.Data[i], err = in.ReadByte()
-		if err != nil {
-			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
-		}
-	}
-
-	r.Type = pktLineTypeData
-
-	return r, nil
-}
-
-func writeFlushPktLine(out io.Writer) error {
-	l, err := out.Write([]byte("0000"))
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if l != 4 {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	return nil
-}
-
-func writeDataPktLine(out io.Writer, data []byte) error {
-	hexchar := []byte("0123456789abcdef")
-	hex := func(n uint64) byte {
-		return hexchar[(n)&15]
-	}
-
-	length := uint64(len(data) + 4)
-	tmp := make([]byte, 4)
-	tmp[0] = hex(length >> 12)
-	tmp[1] = hex(length >> 8)
-	tmp[2] = hex(length >> 4)
-	tmp[3] = hex(length)
-
-	lr, err := out.Write(tmp)
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if 4 != lr {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	lr, err = out.Write(data)
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if int(length-4) != lr {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	return nil
-}
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,41 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"bufio"
-	"bytes"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestPktLine(t *testing.T) {
-	// test read
-	s := strings.NewReader("0000")
-	r := bufio.NewReader(s)
-	result, err := readPktLine(r, pktLineTypeFlush)
-	assert.NoError(t, err)
-	assert.Equal(t, pktLineTypeFlush, result.Type)
-
-	s = strings.NewReader("0006a\n")
-	r = bufio.NewReader(s)
-	result, err = readPktLine(r, pktLineTypeData)
-	assert.NoError(t, err)
-	assert.Equal(t, pktLineTypeData, result.Type)
-	assert.Equal(t, []byte("a\n"), result.Data)
-
-	// test write
-	w := bytes.NewBuffer([]byte{})
-	err = writeFlushPktLine(w)
-	assert.NoError(t, err)
-	assert.Equal(t, []byte("0000"), w.Bytes())
-
-	w.Reset()
-	err = writeDataPktLine(w, []byte("a\nb"))
-	assert.NoError(t, err)
-	assert.Equal(t, []byte("0007a\nb"), w.Bytes())
-}
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -62,12 +62,9 @@ func runKeys(c *cli.Context) error {
 		return errors.New("No key type and content provided")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
 	setup("keys.log", false)

-	authorizedString, err := private.AuthorizedPublicKeyByContent(ctx, content)
+	authorizedString, err := private.AuthorizedPublicKeyByContent(content)
 	if err != nil {
 		return err
 	}
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -1,55 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"net/http"
-
-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-)
-
-func runSendMail(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setting.LoadFromExisting()
-
-	if err := argsSet(c, "title"); err != nil {
-		return err
-	}
-
-	subject := c.String("title")
-	confirmSkiped := c.Bool("force")
-	body := c.String("content")
-
-	if !confirmSkiped {
-		if len(body) == 0 {
-			fmt.Print("warning: Content is empty")
-		}
-
-		fmt.Print("Proceed with sending email? [Y/n] ")
-		isConfirmed, err := confirm()
-		if err != nil {
-			return err
-		} else if !isConfirmed {
-			fmt.Println("The mail was not sent")
-			return nil
-		}
-	}
-
-	status, message := private.SendEmail(ctx, subject, body, nil)
-	if status != http.StatusOK {
-		fmt.Printf("error: %s\n", message)
-		return nil
-	}
-
-	fmt.Printf("Success: %s\n", message)
-
-	return nil
-}
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -1,478 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-	"time"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
-
-	"github.com/urfave/cli"
-)
-
-var (
-	// CmdManager represents the manager command
-	CmdManager = cli.Command{
-		Name:        "manager",
-		Usage:       "Manage the running gitea process",
-		Description: "This is a command for managing the running gitea process",
-		Subcommands: []cli.Command{
-			subcmdShutdown,
-			subcmdRestart,
-			subcmdFlushQueues,
-			subcmdLogging,
-		},
-	}
-	subcmdShutdown = cli.Command{
-		Name:  "shutdown",
-		Usage: "Gracefully shutdown the running process",
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-		Action: runShutdown,
-	}
-	subcmdRestart = cli.Command{
-		Name:  "restart",
-		Usage: "Gracefully restart the running process - (not implemented for windows servers)",
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-		Action: runRestart,
-	}
-	subcmdFlushQueues = cli.Command{
-		Name:   "flush-queues",
-		Usage:  "Flush queues in the running process",
-		Action: runFlushQueues,
-		Flags: []cli.Flag{
-			cli.DurationFlag{
-				Name:  "timeout",
-				Value: 60 * time.Second,
-				Usage: "Timeout for the flushing process",
-			}, cli.BoolFlag{
-				Name:  "non-blocking",
-				Usage: "Set to true to not wait for flush to complete before returning",
-			},
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-	}
-	defaultLoggingFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "group, g",
-			Usage: "Group to add logger to - will default to \"default\"",
-		}, cli.StringFlag{
-			Name:  "name, n",
-			Usage: "Name of the new logger - will default to mode",
-		}, cli.StringFlag{
-			Name:  "level, l",
-			Usage: "Logging level for the new logger",
-		}, cli.StringFlag{
-			Name:  "stacktrace-level, L",
-			Usage: "Stacktrace logging level",
-		}, cli.StringFlag{
-			Name:  "flags, F",
-			Usage: "Flags for the logger",
-		}, cli.StringFlag{
-			Name:  "expression, e",
-			Usage: "Matching expression for the logger",
-		}, cli.StringFlag{
-			Name:  "prefix, p",
-			Usage: "Prefix for the logger",
-		}, cli.BoolFlag{
-			Name:  "color",
-			Usage: "Use color in the logs",
-		}, cli.BoolFlag{
-			Name: "debug",
-		},
-	}
-	subcmdLogging = cli.Command{
-		Name:  "logging",
-		Usage: "Adjust logging commands",
-		Subcommands: []cli.Command{
-			{
-				Name:  "pause",
-				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runPauseLogging,
-			}, {
-				Name:  "resume",
-				Usage: "Resume logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runResumeLogging,
-			}, {
-				Name:  "release-and-reopen",
-				Usage: "Cause Gitea to release and re-open files used for logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runReleaseReopenLogging,
-			}, {
-				Name:      "remove",
-				Usage:     "Remove a logger",
-				ArgsUsage: "[name] Name of logger to remove",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					}, cli.StringFlag{
-						Name:  "group, g",
-						Usage: "Group to add logger to - will default to \"default\"",
-					},
-				},
-				Action: runRemoveLogger,
-			}, {
-				Name:  "add",
-				Usage: "Add a logger",
-				Subcommands: []cli.Command{
-					{
-						Name:  "console",
-						Usage: "Add a console logger",
-						Flags: append(defaultLoggingFlags,
-							cli.BoolFlag{
-								Name:  "stderr",
-								Usage: "Output console logs to stderr - only relevant for console",
-							}),
-						Action: runAddConsoleLogger,
-					}, {
-						Name:  "file",
-						Usage: "Add a file logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "filename, f",
-								Usage: "Filename for the logger - this must be set.",
-							}, cli.BoolTFlag{
-								Name:  "rotate, r",
-								Usage: "Rotate logs",
-							}, cli.Int64Flag{
-								Name:  "max-size, s",
-								Usage: "Maximum size in bytes before rotation",
-							}, cli.BoolTFlag{
-								Name:  "daily, d",
-								Usage: "Rotate logs daily",
-							}, cli.IntFlag{
-								Name:  "max-days, D",
-								Usage: "Maximum number of daily logs to keep",
-							}, cli.BoolTFlag{
-								Name:  "compress, z",
-								Usage: "Compress rotated logs",
-							}, cli.IntFlag{
-								Name:  "compression-level, Z",
-								Usage: "Compression level to use",
-							},
-						}...),
-						Action: runAddFileLogger,
-					}, {
-						Name:  "conn",
-						Usage: "Add a net conn logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.BoolFlag{
-								Name:  "reconnect-on-message, R",
-								Usage: "Reconnect to host for every message",
-							}, cli.BoolFlag{
-								Name:  "reconnect, r",
-								Usage: "Reconnect to host when connection is dropped",
-							}, cli.StringFlag{
-								Name:  "protocol, P",
-								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
-							}, cli.StringFlag{
-								Name:  "address, a",
-								Usage: "Host address and port to connect to (defaults to :7020)",
-							},
-						}...),
-						Action: runAddConnLogger,
-					}, {
-						Name:  "smtp",
-						Usage: "Add an SMTP logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "username, u",
-								Usage: "Mail server username",
-							}, cli.StringFlag{
-								Name:  "password, P",
-								Usage: "Mail server password",
-							}, cli.StringFlag{
-								Name:  "host, H",
-								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
-							}, cli.StringSliceFlag{
-								Name:  "send-to, s",
-								Usage: "Email address(es) to send to",
-							}, cli.StringFlag{
-								Name:  "subject, S",
-								Usage: "Subject header of sent emails",
-							},
-						}...),
-						Action: runAddSMTPLogger,
-					},
-				},
-			},
-		},
-	}
-)
-
-func runRemoveLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	group := c.String("group")
-	if len(group) == 0 {
-		group = log.DEFAULT
-	}
-	name := c.Args().First()
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.RemoveLogger(ctx, group, name)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runAddSMTPLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "smtp"
-	if c.IsSet("host") {
-		vals["host"] = c.String("host")
-	} else {
-		vals["host"] = "127.0.0.1:25"
-	}
-
-	if c.IsSet("username") {
-		vals["username"] = c.String("username")
-	}
-	if c.IsSet("password") {
-		vals["password"] = c.String("password")
-	}
-
-	if !c.IsSet("send-to") {
-		return fmt.Errorf("Some recipients must be provided")
-	}
-	vals["sendTos"] = c.StringSlice("send-to")
-
-	if c.IsSet("subject") {
-		vals["subject"] = c.String("subject")
-	} else {
-		vals["subject"] = "Diagnostic message from Gitea"
-	}
-
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConnLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "conn"
-	vals["net"] = "tcp"
-	if c.IsSet("protocol") {
-		switch c.String("protocol") {
-		case "udp":
-			vals["net"] = "udp"
-		case "unix":
-			vals["net"] = "unix"
-		}
-	}
-	if c.IsSet("address") {
-		vals["address"] = c.String("address")
-	} else {
-		vals["address"] = ":7020"
-	}
-	if c.IsSet("reconnect") {
-		vals["reconnect"] = c.Bool("reconnect")
-	}
-	if c.IsSet("reconnect-on-message") {
-		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddFileLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "file"
-	if c.IsSet("filename") {
-		vals["filename"] = c.String("filename")
-	} else {
-		return fmt.Errorf("filename must be set when creating a file logger")
-	}
-	if c.IsSet("rotate") {
-		vals["rotate"] = c.Bool("rotate")
-	}
-	if c.IsSet("max-size") {
-		vals["maxsize"] = c.Int64("max-size")
-	}
-	if c.IsSet("daily") {
-		vals["daily"] = c.Bool("daily")
-	}
-	if c.IsSet("max-days") {
-		vals["maxdays"] = c.Int("max-days")
-	}
-	if c.IsSet("compress") {
-		vals["compress"] = c.Bool("compress")
-	}
-	if c.IsSet("compression-level") {
-		vals["compressionLevel"] = c.Int("compression-level")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConsoleLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "console"
-	if c.IsSet("stderr") && c.Bool("stderr") {
-		vals["stderr"] = c.Bool("stderr")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
-	if len(c.String("level")) > 0 {
-		vals["level"] = log.FromString(c.String("level")).String()
-	}
-	if len(c.String("stacktrace-level")) > 0 {
-		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
-	}
-	if len(c.String("expression")) > 0 {
-		vals["expression"] = c.String("expression")
-	}
-	if len(c.String("prefix")) > 0 {
-		vals["prefix"] = c.String("prefix")
-	}
-	if len(c.String("flags")) > 0 {
-		vals["flags"] = log.FlagsFromString(c.String("flags"))
-	}
-	if c.IsSet("color") {
-		vals["colorize"] = c.Bool("color")
-	}
-	group := "default"
-	if c.IsSet("group") {
-		group = c.String("group")
-	}
-	name := mode
-	if c.IsSet("name") {
-		name = c.String("name")
-	}
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runShutdown(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.Shutdown(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runRestart(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.Restart(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runFlushQueues(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.FlushQueues(ctx, c.Duration("timeout"), c.Bool("non-blocking"))
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runPauseLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.PauseLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runResumeLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ResumeLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runReleaseReopenLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ReleaseReopenLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"context"

-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -24,20 +24,17 @@ var CmdMigrate = cli.Command{
 }

 func runMigrate(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	log.Info("AppPath: %s", setting.AppPath)
-	log.Info("AppWorkPath: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()

-	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
+	if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -1,196 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"context"
-	"fmt"
-	"strings"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/migrations"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/storage"
-
-	"github.com/urfave/cli"
-)
-
-// CmdMigrateStorage represents the available migrate storage sub-command.
-var CmdMigrateStorage = cli.Command{
-	Name:        "migrate-storage",
-	Usage:       "Migrate the storage",
-	Description: "This is a command for migrating storage.",
-	Action:      runMigrateStorage,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "type, t",
-			Value: "",
-			Usage: "Kinds of files to migrate, currently only 'attachments' is supported",
-		},
-		cli.StringFlag{
-			Name:  "storage, s",
-			Value: "",
-			Usage: "New storage type: local (default) or minio",
-		},
-		cli.StringFlag{
-			Name:  "path, p",
-			Value: "",
-			Usage: "New storage placement if store is local (leave blank for default)",
-		},
-		cli.StringFlag{
-			Name:  "minio-endpoint",
-			Value: "",
-			Usage: "Minio storage endpoint",
-		},
-		cli.StringFlag{
-			Name:  "minio-access-key-id",
-			Value: "",
-			Usage: "Minio storage accessKeyID",
-		},
-		cli.StringFlag{
-			Name:  "minio-secret-access-key",
-			Value: "",
-			Usage: "Minio storage secretAccessKey",
-		},
-		cli.StringFlag{
-			Name:  "minio-bucket",
-			Value: "",
-			Usage: "Minio storage bucket",
-		},
-		cli.StringFlag{
-			Name:  "minio-location",
-			Value: "",
-			Usage: "Minio storage location to create bucket",
-		},
-		cli.StringFlag{
-			Name:  "minio-base-path",
-			Value: "",
-			Usage: "Minio storage basepath on the bucket",
-		},
-		cli.BoolFlag{
-			Name:  "minio-use-ssl",
-			Usage: "Enable SSL for minio",
-		},
-	},
-}
-
-func migrateAttachments(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
-		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
-		return err
-	})
-}
-
-func migrateLFS(dstStorage storage.ObjectStorage) error {
-	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
-		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
-		return err
-	})
-}
-
-func migrateAvatars(dstStorage storage.ObjectStorage) error {
-	return user_model.IterateUser(func(user *user_model.User) error {
-		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
-		return err
-	})
-}
-
-func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
-		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
-		return err
-	})
-}
-
-func runMigrateStorage(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
-		return err
-	}
-
-	log.Info("AppPath: %s", setting.AppPath)
-	log.Info("AppWorkPath: %s", setting.AppWorkPath)
-	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
-
-	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
-		log.Fatal("Failed to initialize ORM engine: %v", err)
-		return err
-	}
-
-	goCtx := context.Background()
-
-	if err := storage.Init(); err != nil {
-		return err
-	}
-
-	var dstStorage storage.ObjectStorage
-	var err error
-	switch strings.ToLower(ctx.String("storage")) {
-	case "":
-		fallthrough
-	case string(storage.LocalStorageType):
-		p := ctx.String("path")
-		if p == "" {
-			log.Fatal("Path must be given when storage is loal")
-			return nil
-		}
-		dstStorage, err = storage.NewLocalStorage(
-			goCtx,
-			storage.LocalStorageConfig{
-				Path: p,
-			})
-	case string(storage.MinioStorageType):
-		dstStorage, err = storage.NewMinioStorage(
-			goCtx,
-			storage.MinioStorageConfig{
-				Endpoint:        ctx.String("minio-endpoint"),
-				AccessKeyID:     ctx.String("minio-access-key-id"),
-				SecretAccessKey: ctx.String("minio-secret-access-key"),
-				Bucket:          ctx.String("minio-bucket"),
-				Location:        ctx.String("minio-location"),
-				BasePath:        ctx.String("minio-base-path"),
-				UseSSL:          ctx.Bool("minio-use-ssl"),
-			})
-	default:
-		return fmt.Errorf("Unsupported storage type: %s", ctx.String("storage"))
-	}
-	if err != nil {
-		return err
-	}
-
-	tp := strings.ToLower(ctx.String("type"))
-	switch tp {
-	case "attachments":
-		if err := migrateAttachments(dstStorage); err != nil {
-			return err
-		}
-	case "lfs":
-		if err := migrateLFS(dstStorage); err != nil {
-			return err
-		}
-	case "avatars":
-		if err := migrateAvatars(dstStorage); err != nil {
-			return err
-		}
-	case "repo-avatars":
-		if err := migrateRepoAvatars(dstStorage); err != nil {
-			return err
-		}
-	default:
-		return fmt.Errorf("Unsupported storage: %s", ctx.String("type"))
-	}
-
-	log.Warn("All files have been copied to the new placement but old files are still on the original placement.")
-
-	return nil
-}
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -1,68 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"errors"
-	"net/http"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-)
-
-// CmdRestoreRepository represents the available restore a repository sub-command.
-var CmdRestoreRepository = cli.Command{
-	Name:        "restore-repo",
-	Usage:       "Restore the repository from disk",
-	Description: "This is a command for restoring the repository data.",
-	Action:      runRestoreRepository,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "repo_dir, r",
-			Value: "./data",
-			Usage: "Repository dir path to restore from",
-		},
-		cli.StringFlag{
-			Name:  "owner_name",
-			Value: "",
-			Usage: "Restore destination owner name",
-		},
-		cli.StringFlag{
-			Name:  "repo_name",
-			Value: "",
-			Usage: "Restore destination repository name",
-		},
-		cli.StringFlag{
-			Name:  "units",
-			Value: "",
-			Usage: `Which items will be restored, one or more units should be separated as comma.
-wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
-		},
-	},
-}
-
-func runRestoreRepository(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setting.LoadFromExisting()
-
-	statusCode, errStr := private.RestoreRepo(
-		ctx,
-		c.String("repo_dir"),
-		c.String("owner_name"),
-		c.String("repo_name"),
-		c.StringSlice("units"),
-	)
-	if statusCode == http.StatusOK {
-		return nil
-	}
-
-	log.Fatal("Failed to restore repository: %v", errStr)
-	return errors.New(errStr)
-}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -6,6 +6,7 @@
 package cmd

 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -17,18 +18,13 @@ import (
 	"time"

 	"code.gitea.io/gitea/models"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	"code.gitea.io/gitea/models/perm"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/json"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/services/lfs"

-	"github.com/golang-jwt/jwt/v4"
-	"github.com/kballard/go-shellquote"
+	"github.com/dgrijalva/jwt-go"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )

@@ -53,52 +49,46 @@ var CmdServ = cli.Command{
 }

 func setup(logPath string, debug bool) {
-	_ = log.DelLogger("console")
-	if debug {
-		_ = log.NewLogger(1000, "console", "console", `{"level":"trace","stacktracelevel":"NONE","stderr":true}`)
-	} else {
-		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
+	if !debug {
+		_ = log.DelLogger("console")
 	}
-	setting.LoadFromExisting()
+	setting.NewContext()
 	if debug {
-		setting.RunMode = "dev"
+		setting.ProdMode = false
 	}
 }

+func parseCmd(cmd string) (string, string) {
+	ss := strings.SplitN(cmd, " ", 2)
+	if len(ss) != 2 {
+		return "", ""
+	}
+	return ss[0], strings.Replace(ss[1], "'/", "'", 1)
+}
+
 var (
-	allowedCommands = map[string]perm.AccessMode{
-		"git-upload-pack":    perm.AccessModeRead,
-		"git-upload-archive": perm.AccessModeRead,
-		"git-receive-pack":   perm.AccessModeWrite,
-		lfsAuthenticateVerb:  perm.AccessModeNone,
+	allowedCommands = map[string]models.AccessMode{
+		"git-upload-pack":    models.AccessModeRead,
+		"git-upload-archive": models.AccessModeRead,
+		"git-receive-pack":   models.AccessModeWrite,
+		lfsAuthenticateVerb:  models.AccessModeNone,
 	}
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )

-func fail(userMessage, logMessage string, args ...interface{}) error {
-	// There appears to be a chance to cause a zombie process and failure to read the Exit status
-	// if nothing is outputted on stdout.
-	fmt.Fprintln(os.Stdout, "")
+func fail(userMessage, logMessage string, args ...interface{}) {
 	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)

 	if len(logMessage) > 0 {
-		if !setting.IsProd {
+		if !setting.ProdMode {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}
-	ctx, cancel := installSignals()
-	defer cancel()

-	if len(logMessage) > 0 {
-		_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
-	}
-	return cli.NewExitError("", 1)
+	os.Exit(1)
 }

 func runServ(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
 	// FIXME: This needs to internationalised
 	setup("serv.log", c.Bool("debug"))

@@ -116,158 +106,126 @@ func runServ(c *cli.Context) error {

 	keys := strings.Split(c.Args()[0], "-")
 	if len(keys) != 2 || keys[0] != "key" {
-		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
-	}
-	keyID, err := strconv.ParseInt(keys[1], 10, 64)
-	if err != nil {
-		return fail("Key ID format error", "Invalid key argument: %s", c.Args()[1])
+		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
 	}
+	keyID := com.StrTo(keys[1]).MustInt64()

 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
-		key, user, err := private.ServNoCommand(ctx, keyID)
+		key, user, err := private.ServNoCommand(keyID)
 		if err != nil {
-			return fail("Internal error", "Failed to check provided key: %v", err)
+			fail("Internal error", "Failed to check provided key: %v", err)
 		}
-		switch key.Type {
-		case asymkey_model.KeyTypeDeploy:
+		if key.Type == models.KeyTypeDeploy {
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
-		case asymkey_model.KeyTypePrincipal:
-			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
-		default:
+		} else {
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
 		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
-	} else if c.Bool("debug") {
-		log.Debug("SSH_ORIGINAL_COMMAND: %s", os.Getenv("SSH_ORIGINAL_COMMAND"))
 	}

-	words, err := shellquote.Split(cmd)
-	if err != nil {
-		return fail("Error parsing arguments", "Failed to parse arguments: %v", err)
-	}
-
-	if len(words) < 2 {
-		if git.CheckGitVersionAtLeast("2.29") == nil {
-			// for AGit Flow
-			if cmd == "ssh_info" {
-				fmt.Print(`{"type":"gitea","version":1}`)
-				return nil
-			}
-		}
-		return fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
-	}
-
-	verb := words[0]
-	repoPath := words[1]
-	if repoPath[0] == '/' {
-		repoPath = repoPath[1:]
-	}
+	verb, args := parseCmd(cmd)

 	var lfsVerb string
 	if verb == lfsAuthenticateVerb {
 		if !setting.LFS.StartServer {
-			return fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
+			fail("Unknown git command", "LFS authentication request over SSH denied, LFS support is disabled")
 		}

-		if len(words) > 2 {
-			lfsVerb = words[2]
+		argsSplit := strings.Split(args, " ")
+		if len(argsSplit) >= 2 {
+			args = strings.TrimSpace(argsSplit[0])
+			lfsVerb = strings.TrimSpace(argsSplit[1])
 		}
 	}

-	// LowerCase and trim the repoPath as that's how they are stored.
-	repoPath = strings.ToLower(strings.TrimSpace(repoPath))
-
+	repoPath := strings.ToLower(strings.Trim(args, "'"))
 	rr := strings.SplitN(repoPath, "/", 2)
 	if len(rr) != 2 {
-		return fail("Invalid repository path", "Invalid repository path: %v", repoPath)
+		fail("Invalid repository path", "Invalid repository path: %v", args)
 	}

 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

 	if alphaDashDotPattern.MatchString(reponame) {
-		return fail("Invalid repo name", "Invalid repo name: %s", reponame)
+		fail("Invalid repo name", "Invalid repo name: %s", reponame)
 	}

-	if c.Bool("enable-pprof") {
+	if setting.EnablePprof || c.Bool("enable-pprof") {
 		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
-			return fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
+			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}

 		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
 		if err != nil {
-			return fail("Internal Server Error", "Unable to start CPU profile: %v", err)
+			fail("Internal Server Error", "Unable to start CPU profile: %v", err)
 		}
 		defer func() {
 			stopCPUProfiler()
 			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
 			if err != nil {
-				_ = fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
+				fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
 			}
 		}()
 	}

 	requestedMode, has := allowedCommands[verb]
 	if !has {
-		return fail("Unknown git command", "Unknown git command %s", verb)
+		fail("Unknown git command", "Unknown git command %s", verb)
 	}

 	if verb == lfsAuthenticateVerb {
 		if lfsVerb == "upload" {
-			requestedMode = perm.AccessModeWrite
+			requestedMode = models.AccessModeWrite
 		} else if lfsVerb == "download" {
-			requestedMode = perm.AccessModeRead
+			requestedMode = models.AccessModeRead
 		} else {
-			return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
+			fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
 		}
 	}

-	results, err := private.ServCommand(ctx, keyID, username, reponame, requestedMode, verb, lfsVerb)
+	results, err := private.ServCommand(keyID, username, reponame, requestedMode, verb, lfsVerb)
 	if err != nil {
 		if private.IsErrServCommand(err) {
 			errServCommand := err.(private.ErrServCommand)
 			if errServCommand.StatusCode != http.StatusInternalServerError {
-				return fail("Unauthorized", "%s", errServCommand.Error())
+				fail("Unauthorized", "%s", errServCommand.Error())
+			} else {
+				fail("Internal Server Error", "%s", errServCommand.Error())
 			}
-			return fail("Internal Server Error", "%s", errServCommand.Error())
 		}
-		return fail("Internal Server Error", "%s", err.Error())
+		fail("Internal Server Error", "%s", err.Error())
 	}
 	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
 	os.Setenv(models.EnvRepoName, results.RepoName)
 	os.Setenv(models.EnvRepoUsername, results.OwnerName)
 	os.Setenv(models.EnvPusherName, results.UserName)
-	os.Setenv(models.EnvPusherEmail, results.UserEmail)
 	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
-	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
-	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
+	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))
 	os.Setenv(models.EnvIsDeployKey, fmt.Sprintf("%t", results.IsDeployKey))
 	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
-	os.Setenv(models.EnvAppURL, setting.AppURL)

 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
 		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
-		claims := lfs.Claims{
-			// FIXME: we need to migrate to RegisteredClaims
-			StandardClaims: jwt.StandardClaims{ // nolint
-				ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
-				NotBefore: now.Unix(),
-			},
-			RepoID: results.RepoID,
-			Op:     lfsVerb,
-			UserID: results.UserID,
+		claims := jwt.MapClaims{
+			"repo": results.RepoID,
+			"op":   lfsVerb,
+			"exp":  now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
+			"nbf":  now.Unix(),
+			"user": results.UserID,
 		}
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

 		// Sign and get the complete encoded token as a string using the secret
 		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
 		if err != nil {
-			return fail("Internal error", "Failed to sign JWT token: %v", err)
+			fail("Internal error", "Failed to sign JWT token: %v", err)
 		}

 		tokenAuthentication := &models.LFSTokenResponse{
@@ -279,7 +237,7 @@ func runServ(c *cli.Context) error {
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
 		if err != nil {
-			return fail("Internal error", "Failed to encode LFS json response: %v", err)
+			fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
 		return nil
 	}
@@ -292,9 +250,9 @@ func runServ(c *cli.Context) error {
 	var gitcmd *exec.Cmd
 	verbs := strings.Split(verb, " ")
 	if len(verbs) == 2 {
-		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
+		gitcmd = exec.Command(verbs[0], verbs[1], repoPath)
 	} else {
-		gitcmd = exec.CommandContext(ctx, verb, repoPath)
+		gitcmd = exec.Command(verb, repoPath)
 	}

 	gitcmd.Dir = setting.RepoRootPath
@@ -302,13 +260,13 @@ func runServ(c *cli.Context) error {
 	gitcmd.Stdin = os.Stdin
 	gitcmd.Stderr = os.Stderr
 	if err = gitcmd.Run(); err != nil {
-		return fail("Internal error", "Failed to execute git command: %v", err)
+		fail("Internal error", "Failed to execute git command: %v", err)
 	}

 	// Update user key activity.
 	if results.KeyID > 0 {
-		if err = private.UpdatePublicKeyInRepo(ctx, results.KeyID, results.RepoID); err != nil {
-			return fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
+		if err = private.UpdatePublicKeyInRepo(results.KeyID, results.RepoID); err != nil {
+			fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
 		}
 	}

--- a/cmd/web.go
+++ b/cmd/web.go
@@ -7,20 +7,21 @@ package cmd
 import (
 	"context"
 	"fmt"
-	"net"
 	"net/http"
+	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
 	"strings"

-	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
-
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
-	"code.gitea.io/gitea/routers/install"
+	"code.gitea.io/gitea/routers/routes"

+	context2 "github.com/gorilla/context"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
+	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )

@@ -37,24 +38,11 @@ and it takes care of all the other things for you`,
 			Value: "3000",
 			Usage: "Temporary port number to prevent conflict",
 		},
-		cli.StringFlag{
-			Name:  "install-port",
-			Value: "3000",
-			Usage: "Temporary port number to run the install page on to prevent conflict",
-		},
 		cli.StringFlag{
 			Name:  "pid, P",
-			Value: setting.PIDFile,
+			Value: "/var/run/gitea.pid",
 			Usage: "Custom pid file path",
 		},
-		cli.BoolFlag{
-			Name:  "quiet, q",
-			Usage: "Only display Fatal logging errors until logging is set-up",
-		},
-		cli.BoolFlag{
-			Name:  "verbose",
-			Usage: "Set initial logging to TRACE level until logging is properly set-up",
-		},
 	},
 }

@@ -71,27 +59,44 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})

-	var err = runHTTP("tcp", source, "HTTP Redirector", handler)
+	var err = runHTTP("tcp", source, context2.ClearHandler(handler))

 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
 }

-func runWeb(ctx *cli.Context) error {
-	if ctx.Bool("verbose") {
-		_ = log.DelLogger("console")
-		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "trace", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
-	} else if ctx.Bool("quiet") {
-		_ = log.DelLogger("console")
-		log.NewLogger(0, "console", "console", fmt.Sprintf(`{"level": "fatal", "colorize": %t, "stacktraceLevel": "none"}`, log.CanColorStdout))
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(domain),
+		Cache:      autocert.DirCache(directory),
+		Email:      email,
 	}
-	defer func() {
-		if panicked := recover(); panicked != nil {
-			log.Fatal("PANIC: %v\n%s", panicked, string(log.Stack(2)))
+	go func() {
+		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+		// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+		if err != nil {
+			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 		}
 	}()
+	return runHTTPSWithTLSConfig("tcp", listenAddr, certManager.TLSConfig(), context2.ClearHandler(m))
+}

+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
+
+func runWeb(ctx *cli.Context) error {
 	managerCtx, cancel := context.WithCancel(context.Background())
 	graceful.InitManager(managerCtx)
 	defer cancel()
@@ -104,40 +109,59 @@ func runWeb(ctx *cli.Context) error {

 	// Set pid file setting
 	if ctx.IsSet("pid") {
-		setting.PIDFile = ctx.String("pid")
-		setting.WritePIDFile = true
+		setting.CustomPID = ctx.String("pid")
 	}

-	// Perform pre-initialization
-	needsInstall := install.PreloadSettings(graceful.GetManager().HammerContext())
-	if needsInstall {
-		// Flag for port number in case first time run conflict
-		if ctx.IsSet("port") {
-			if err := setPort(ctx.String("port")); err != nil {
-				return err
-			}
-		}
-		if ctx.IsSet("install-port") {
-			if err := setPort(ctx.String("install-port")); err != nil {
-				return err
-			}
-		}
-		c := install.Routes()
-		err := listen(c, false)
-		if err != nil {
-			log.Critical("Unable to open listener for installer. Is Gitea already running?")
-			graceful.GetManager().DoGracefulShutdown()
-		}
-		select {
-		case <-graceful.GetManager().IsShutdown():
-			<-graceful.GetManager().Done()
-			log.Info("PID: %d Gitea Web Finished", os.Getpid())
-			log.Close()
-			return err
+	// Perform global initialization
+	routers.GlobalInit(graceful.GetManager().HammerContext())
+
+	// Set up Macaron
+	m := routes.NewMacaron()
+	routes.RegisterRoutes(m)
+
+	// Flag for port number in case first time run conflict.
+	if ctx.IsSet("port") {
+		setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, ctx.String("port"), 1)
+		setting.HTTPPort = ctx.String("port")
+
+		switch setting.Protocol {
+		case setting.UnixSocket:
+		case setting.FCGI:
+		case setting.FCGIUnix:
 		default:
+			// Save LOCAL_ROOT_URL if port changed
+			cfg := ini.Empty()
+			if com.IsFile(setting.CustomConf) {
+				// Keeps custom settings if there is already something.
+				if err := cfg.Append(setting.CustomConf); err != nil {
+					return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+				}
+			}
+
+			defaultLocalURL := string(setting.Protocol) + "://"
+			if setting.HTTPAddr == "0.0.0.0" {
+				defaultLocalURL += "localhost"
+			} else {
+				defaultLocalURL += setting.HTTPAddr
+			}
+			defaultLocalURL += ":" + setting.HTTPPort + "/"
+
+			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
+
+			if err := cfg.SaveTo(setting.CustomConf); err != nil {
+				return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err)
+			}
 		}
-	} else {
-		NoInstallListener()
+	}
+
+	listenAddr := setting.HTTPAddr
+	if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
+		listenAddr += ":" + setting.HTTPPort
+	}
+	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+
+	if setting.LFS.StartServer {
+		log.Info("LFS server enabled")
 	}

 	if setting.EnablePprof {
@@ -147,109 +171,31 @@ func runWeb(ctx *cli.Context) error {
 		}()
 	}

-	log.Info("Global init")
-	// Perform global initialization
-	setting.LoadFromExisting()
-	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
-
-	// We check that AppDataPath exists here (it should have been created during installation)
-	// We can't check it in `GlobalInitInstalled`, because some integration tests
-	// use cmd -> GlobalInitInstalled, but the AppDataPath doesn't exist during those tests.
-	if _, err := os.Stat(setting.AppDataPath); err != nil {
-		log.Fatal("Can not find APP_DATA_PATH '%s'", setting.AppDataPath)
-	}
-
-	// Override the provided port number within the configuration
-	if ctx.IsSet("port") {
-		if err := setPort(ctx.String("port")); err != nil {
-			return err
-		}
-	}
-
-	// Set up Chi routes
-	c := routers.NormalRoutes()
-	err := listen(c, true)
-	<-graceful.GetManager().Done()
-	log.Info("PID: %d Gitea Web Finished", os.Getpid())
-	log.Close()
-	return err
-}
-
-func setPort(port string) error {
-	setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, port, 1)
-	setting.HTTPPort = port
-
-	switch setting.Protocol {
-	case setting.HTTPUnix:
-	case setting.FCGI:
-	case setting.FCGIUnix:
-	default:
-		defaultLocalURL := string(setting.Protocol) + "://"
-		if setting.HTTPAddr == "0.0.0.0" {
-			defaultLocalURL += "localhost"
-		} else {
-			defaultLocalURL += setting.HTTPAddr
-		}
-		defaultLocalURL += ":" + setting.HTTPPort + "/"
-
-		// Save LOCAL_ROOT_URL if port changed
-		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
-			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
-		})
-	}
-	return nil
-}
-
-func listen(m http.Handler, handleRedirector bool) error {
-	listenAddr := setting.HTTPAddr
-	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
-		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
-	}
-	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
-	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
-	// A user may fix the configuration mistake when he sees this log.
-	// And this is also very helpful to maintainers to provide help to users to resolve their configuration problems.
-	log.Info("AppURL(ROOT_URL): %s", setting.AppURL)
-
-	if setting.LFS.StartServer {
-		log.Info("LFS server enabled")
-	}
-
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		if handleRedirector {
-			NoHTTPRedirector()
-		}
-		err = runHTTP("tcp", listenAddr, "Web", m)
+		NoHTTPRedirector()
+		err = runHTTP("tcp", listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
 		if setting.EnableLetsEncrypt {
-			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, m)
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 			break
 		}
-		if handleRedirector {
-			if setting.RedirectOtherPort {
-				go runHTTPRedirector()
-			} else {
-				NoHTTPRedirector()
-			}
+		if setting.RedirectOtherPort {
+			go runHTTPRedirector()
+		} else {
+			NoHTTPRedirector()
 		}
-		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
+		err = runHTTPS("tcp", listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		if handleRedirector {
-			NoHTTPRedirector()
-		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
-	case setting.HTTPUnix:
-		if handleRedirector {
-			NoHTTPRedirector()
-		}
-		err = runHTTP("unix", listenAddr, "Web", m)
+		NoHTTPRedirector()
+		err = runFCGI("tcp", listenAddr, context2.ClearHandler(m))
+	case setting.UnixSocket:
+		NoHTTPRedirector()
+		err = runHTTP("unix", listenAddr, context2.ClearHandler(m))
 	case setting.FCGIUnix:
-		if handleRedirector {
-			NoHTTPRedirector()
-		}
-		err = runFCGI("unix", listenAddr, "Web", m)
+		NoHTTPRedirector()
+		err = runFCGI("unix", listenAddr, context2.ClearHandler(m))
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
@@ -258,5 +204,8 @@ func listen(m http.Handler, handleRedirector bool) error {
 		log.Critical("Failed to start server: %v", err)
 	}
 	log.Info("HTTP Listener: %s Closed", listenAddr)
-	return err
+	<-graceful.GetManager().Done()
+	log.Info("PID: %d Gitea Web Finished", os.Getpid())
+	log.Close()
+	return nil
 }
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -5,18 +5,25 @@
 package cmd

 import (
+	"crypto/tls"
 	"net"
 	"net/http"
 	"net/http/fcgi"
-	"strings"

 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
 )

-func runHTTP(network, listenAddr, name string, m http.Handler) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
+func runHTTP(network, listenAddr string, m http.Handler) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, m)
+}
+
+func runHTTPS(network, listenAddr, certFile, keyFile string, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLS(network, listenAddr, certFile, keyFile, m)
+}
+
+func runHTTPSWithTLSConfig(network, listenAddr string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, tlsConfig, m)
 }

 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -30,23 +37,12 @@ func NoMainListener() {
 	graceful.GetManager().InformCleanup()
 }

-// NoInstallListener tells our cleanup routine that we will not be using a possibly provided listener
-// for our install HTTP/HTTPS service
-func NoInstallListener() {
-	graceful.GetManager().InformCleanup()
-}
-
-func runFCGI(network, listenAddr, name string, m http.Handler) error {
+func runFCGI(network, listenAddr string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
-	fcgiServer := graceful.NewServer(network, listenAddr, name)
+	fcgiServer := graceful.NewServer(network, listenAddr)

 	err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
-		return fcgi.Serve(listener, http.HandlerFunc(func(resp http.ResponseWriter, req *http.Request) {
-			if setting.AppSubURL != "" {
-				req.URL.Path = strings.TrimPrefix(req.URL.Path, setting.AppSubURL)
-			}
-			m.ServeHTTP(resp, req)
-		}))
+		return fcgi.Serve(listener, m)
 	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,192 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/tls"
-	"net/http"
-	"os"
-	"strings"
-
-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/klauspost/cpuid/v2"
-)
-
-var tlsVersionStringMap = map[string]uint16{
-	"":        tls.VersionTLS12, // Default to tls.VersionTLS12
-	"tlsv1.0": tls.VersionTLS10,
-	"tlsv1.1": tls.VersionTLS11,
-	"tlsv1.2": tls.VersionTLS12,
-	"tlsv1.3": tls.VersionTLS13,
-}
-
-func toTLSVersion(version string) uint16 {
-	tlsVersion, ok := tlsVersionStringMap[strings.TrimSpace(strings.ToLower(version))]
-	if !ok {
-		log.Warn("Unknown tls version: %s", version)
-		return 0
-	}
-	return tlsVersion
-}
-
-var curveStringMap = map[string]tls.CurveID{
-	"x25519": tls.X25519,
-	"p256":   tls.CurveP256,
-	"p384":   tls.CurveP384,
-	"p521":   tls.CurveP521,
-}
-
-func toCurvePreferences(preferences []string) []tls.CurveID {
-	ids := make([]tls.CurveID, 0, len(preferences))
-	for _, pref := range preferences {
-		id, ok := curveStringMap[strings.TrimSpace(strings.ToLower(pref))]
-		if !ok {
-			log.Warn("Unknown curve: %s", pref)
-		}
-		if id != 0 {
-			ids = append(ids, id)
-		}
-	}
-	return ids
-}
-
-var cipherStringMap = map[string]uint16{
-	"rsa_with_rc4_128_sha":                      tls.TLS_RSA_WITH_RC4_128_SHA,
-	"rsa_with_3des_ede_cbc_sha":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-	"rsa_with_aes_128_cbc_sha":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-	"rsa_with_aes_256_cbc_sha":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	"rsa_with_aes_128_cbc_sha256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-	"rsa_with_aes_128_gcm_sha256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-	"rsa_with_aes_256_gcm_sha384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_ecdsa_with_rc4_128_sha":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	"ecdhe_ecdsa_with_aes_128_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	"ecdhe_ecdsa_with_aes_256_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	"ecdhe_rsa_with_rc4_128_sha":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-	"ecdhe_rsa_with_3des_ede_cbc_sha":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	"ecdhe_rsa_with_aes_128_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	"ecdhe_rsa_with_aes_256_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	"ecdhe_ecdsa_with_aes_128_cbc_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-	"ecdhe_rsa_with_aes_128_cbc_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-	"ecdhe_rsa_with_aes_128_gcm_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	"ecdhe_ecdsa_with_aes_128_gcm_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	"ecdhe_rsa_with_aes_256_gcm_sha384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_ecdsa_with_aes_256_gcm_sha384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_rsa_with_chacha20_poly1305_sha256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	"ecdhe_ecdsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-	"ecdhe_rsa_with_chacha20_poly1305":          tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-	"ecdhe_ecdsa_with_chacha20_poly1305":        tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-	"aes_128_gcm_sha256":                        tls.TLS_AES_128_GCM_SHA256,
-	"aes_256_gcm_sha384":                        tls.TLS_AES_256_GCM_SHA384,
-	"chacha20_poly1305_sha256":                  tls.TLS_CHACHA20_POLY1305_SHA256,
-}
-
-func toTLSCiphers(cipherStrings []string) []uint16 {
-	ciphers := make([]uint16, 0, len(cipherStrings))
-	for _, cipherString := range cipherStrings {
-		cipher, ok := cipherStringMap[strings.TrimSpace(strings.ToLower(cipherString))]
-		if !ok {
-			log.Warn("Unknown cipher: %s", cipherString)
-		}
-		if cipher != 0 {
-			ciphers = append(ciphers, cipher)
-		}
-	}
-
-	return ciphers
-}
-
-// defaultCiphers uses hardware support to check if AES is specifically
-// supported by the CPU.
-//
-// If AES is supported AES ciphers will be preferred over ChaCha based ciphers
-// (This code is directly inspired by the certmagic code.)
-func defaultCiphers() []uint16 {
-	if cpuid.CPU.Supports(cpuid.AESNI) {
-		return defaultCiphersAESfirst
-	}
-	return defaultCiphersChaChaFirst
-}
-
-var (
-	defaultCiphersAES = []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	}
-
-	defaultCiphersChaCha = []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-	}
-
-	defaultCiphersAESfirst    = append(defaultCiphersAES, defaultCiphersChaCha...)
-	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
-)
-
-// runHTTPs listens on the provided network address and then calls
-// Serve to handle requests on incoming TLS connections.
-//
-// Filenames containing a certificate and matching private key for the server must
-// be provided. If the certificate is signed by a certificate authority, the
-// certFile should be the concatenation of the server's certificate followed by the
-// CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
-	tlsConfig := &tls.Config{}
-	if tlsConfig.NextProtos == nil {
-		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
-	}
-
-	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
-		tlsConfig.MinVersion = version
-	}
-	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
-		tlsConfig.MaxVersion = version
-	}
-
-	// Set curve preferences
-	tlsConfig.CurvePreferences = []tls.CurveID{
-		tls.X25519,
-		tls.CurveP256,
-	}
-	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
-		tlsConfig.CurvePreferences = curves
-	}
-
-	// Set cipher suites
-	tlsConfig.CipherSuites = defaultCiphers()
-	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
-		tlsConfig.CipherSuites = ciphers
-	}
-
-	tlsConfig.Certificates = make([]tls.Certificate, 1)
-
-	certPEMBlock, err := os.ReadFile(certFile)
-	if err != nil {
-		log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, network, listenAddr, err)
-		return err
-	}
-
-	keyPEMBlock, err := os.ReadFile(keyFile)
-	if err != nil {
-		log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, network, listenAddr, err)
-		return err
-	}
-
-	tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
-	if err != nil {
-		log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, network, listenAddr, err)
-		return err
-	}
-
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
-}
-
-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
-}
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -1,100 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"net/http"
-	"strconv"
-	"strings"
-
-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/caddyserver/certmagic"
-)
-
-func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
-
-	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
-	// Due to docker port mapping this can't be checked programmatically
-	// TODO: these are placeholders until we add options for each in settings with appropriate warning
-	enableHTTPChallenge := true
-	enableTLSALPNChallenge := true
-	altHTTPPort := 0
-	altTLSALPNPort := 0
-
-	if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
-		altHTTPPort = p
-	}
-	if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
-		altTLSALPNPort = p
-	}
-
-	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: directory}
-	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
-		Email:                   email,
-		Agreed:                  setting.LetsEncryptTOS,
-		DisableHTTPChallenge:    !enableHTTPChallenge,
-		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
-		ListenHost:              setting.HTTPAddr,
-		AltTLSALPNPort:          altTLSALPNPort,
-		AltHTTPPort:             altHTTPPort,
-	})
-
-	magic.Issuers = []certmagic.Issuer{myACME}
-
-	// this obtains certificates or renews them if necessary
-	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{domain})
-	if err != nil {
-		return err
-	}
-
-	tlsConfig := magic.TLSConfig()
-	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
-
-	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
-		tlsConfig.MinVersion = version
-	}
-	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
-		tlsConfig.MaxVersion = version
-	}
-
-	// Set curve preferences
-	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
-		tlsConfig.CurvePreferences = curves
-	}
-
-	// Set cipher suites
-	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
-		tlsConfig.CipherSuites = ciphers
-	}
-
-	if enableHTTPChallenge {
-		go func() {
-			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
-			if err != nil {
-				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
-			}
-		}()
-	}
-
-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
-}
-
-func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" && r.Method != "HEAD" {
-		http.Error(w, "Use HTTPS", http.StatusBadRequest)
-		return
-	}
-	// Remove the trailing slash at the end of setting.AppURL, the request
-	// URI always contains a leading slash, which would result in a double
-	// slash
-	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusFound)
-}
--- a/contrib/environment-to-ini/README
+++ b/contrib/environment-to-ini/README
@@ -22,13 +22,11 @@ The environment variables should be of the form:

 	GITEA__SECTION_NAME__KEY_NAME

-Note, SECTION_NAME in the notation above is case-insensitive.
-
 Environment variables are usually restricted to a reduced character
 set "0-9A-Z_" - in order to allow the setting of sections with
 characters outside of that set, they should be escaped as following:
-"_0X2E_" for "." and "_0X2D_" for "-". The entire section and key names 
-can be escaped as a UTF8 byte string if necessary. E.g. to configure:
+"_0X2E_" for ".". The entire section and key names can be escaped as
+a UTF8 byte string if necessary. E.g. to configure:

 	"""
 	...
@@ -42,6 +40,27 @@ You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=fals
 and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
 on the configuration cheat sheet.

-To build locally, run:
+To plug this command in to the docker, you simply compile the provided go file using:
+
+	go build environment-to-ini.go
+
+And copy the resulting `environment-to-ini` command to /app/gitea in the docker.
+
+Apply the below patch to /etc/s6/gitea.setup to wire this in.
+
+If you find this useful please comment on #7287
+
+
+diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
+index f87ce9115..565bfcba9 100755
+--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
+@@ -44,6 +44,8 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+     SECRET_KEY=${SECRET_KEY:-""} \
+     envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
+    /app/gitea/environment-to-ini -c ${GITEA_CUSTOM}/conf/app.ini
+
+     chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
+ fi

-	go build contrib/environment-to-ini/environment-to-ini.go
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -12,8 +12,8 @@ import (

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@@ -97,11 +97,7 @@ func runEnvironmentToIni(c *cli.Context) error {
 	setting.SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath)

 	cfg := ini.Empty()
-	isFile, err := util.IsFile(setting.CustomConf)
-	if err != nil {
-		log.Fatal("Unable to check if %s is a file. Error: %v", setting.CustomConf, err)
-	}
-	if isFile {
+	if com.IsFile(setting.CustomConf) {
 		if err := cfg.Append(setting.CustomConf); err != nil {
 			log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
 		}
@@ -110,8 +106,6 @@ func runEnvironmentToIni(c *cli.Context) error {
 	}
 	cfg.NameMapper = ini.SnackCase

-	changed := false
-
 	prefix := c.String("prefix") + "__"

 	for _, kv := range os.Environ() {
@@ -145,22 +139,15 @@ func runEnvironmentToIni(c *cli.Context) error {
 				continue
 			}
 		}
-		oldValue := key.Value()
-		if !changed && oldValue != value {
-			changed = true
-		}
 		key.SetValue(value)
 	}
 	destination := c.String("out")
 	if len(destination) == 0 {
 		destination = setting.CustomConf
 	}
-	if destination != setting.CustomConf || changed {
-		log.Info("Settings saved to: %q", destination)
-		err = cfg.SaveTo(destination)
-		if err != nil {
-			return err
-		}
+	err := cfg.SaveTo(destination)
+	if err != nil {
+		return err
 	}
 	if c.Bool("clear") {
 		for _, kv := range os.Environ() {
@@ -225,6 +212,7 @@ func DecodeSectionKey(encoded string) (string, string) {
 	if !inKey {
 		if splitter := strings.Index(remaining, "__"); splitter > -1 {
 			section += remaining[:splitter]
+			inKey = true
 			key += remaining[splitter+2:]
 		} else {
 			section += remaining
@@ -232,6 +220,5 @@ func DecodeSectionKey(encoded string) (string, string) {
 	} else {
 		key += remaining
 	}
-	section = strings.ToLower(section)
 	return section, key
 }
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -1,8 +1,8 @@
 #!/bin/bash

-#############################################################################
-# This script sets some defaults for gitea to run in a FHS compliant manner #
-#############################################################################
+########################################################################
+# This script some defaults for gitea to run in a FHS compliant manner #
+########################################################################

 # It assumes that you place this script as gitea in /usr/bin
 #
@@ -36,7 +36,7 @@ if [ -z "$APP_INI_SET" ]; then
 	CONF_ARG="-c \"$APP_INI\""
 fi

-# Provide FHS compliant defaults
-GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" $CONF_ARG "$@"
+# Provide FHS compliant defaults to
+GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"


--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -1,78 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package main
-
-import (
-	"fmt"
-	"os"
-	"path/filepath"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/models/unittest"
-)
-
-// To generate derivative fixtures, execute the following from Gitea's repository base dir:
-// go run -tags 'sqlite sqlite_unlock_notify' contrib/fixtures/fixture_generation.go [fixture...]
-
-var (
-	generators = []struct {
-		gen  func() (string, error)
-		name string
-	}{
-		{
-			models.GetYamlFixturesAccess, "access",
-		},
-	}
-	fixturesDir string
-)
-
-func main() {
-	pathToGiteaRoot := "."
-	fixturesDir = filepath.Join(pathToGiteaRoot, "models", "fixtures")
-	if err := unittest.CreateTestEngine(unittest.FixturesOptions{
-		Dir: fixturesDir,
-	}); err != nil {
-		fmt.Printf("CreateTestEngine: %+v", err)
-		os.Exit(1)
-	}
-	if err := unittest.PrepareTestDatabase(); err != nil {
-		fmt.Printf("PrepareTestDatabase: %+v\n", err)
-		os.Exit(1)
-	}
-	if len(os.Args) == 0 {
-		for _, r := range os.Args {
-			if err := generate(r); err != nil {
-				fmt.Printf("generate '%s': %+v\n", r, err)
-				os.Exit(1)
-			}
-		}
-	} else {
-		for _, g := range generators {
-			if err := generate(g.name); err != nil {
-				fmt.Printf("generate '%s': %+v\n", g.name, err)
-				os.Exit(1)
-			}
-		}
-	}
-}
-
-func generate(name string) error {
-	for _, g := range generators {
-		if g.name == name {
-			data, err := g.gen()
-			if err != nil {
-				return err
-			}
-			path := filepath.Join(fixturesDir, name+".yml")
-			if err := os.WriteFile(path, []byte(data), 0644); err != nil {
-				return fmt.Errorf("%s: %+v", path, err)
-			}
-			fmt.Printf("%s created.\n", path)
-			return nil
-		}
-	}
-
-	return fmt.Errorf("generator not found")
-}
--- a/contrib/gitea-monitoring-mixin/.gitignore
+++ b/contrib/gitea-monitoring-mixin/.gitignore
@@ -1,2 +0,0 @@
-dashboards_out
-vendor
--- a/contrib/gitea-monitoring-mixin/Makefile
+++ b/contrib/gitea-monitoring-mixin/Makefile
@@ -1,31 +0,0 @@
-JSONNET_FMT := jsonnetfmt -n 2 --max-blank-lines 1 --string-style s --comment-style s
-
-.PHONY: all
-all: build dashboards_out
-
-vendor: jsonnetfile.json
-	jb install
-
-.PHONY: build
-build: vendor
-
-.PHONY: fmt
-fmt:
-	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
-		xargs -n 1 -- $(JSONNET_FMT) -i
-
-.PHONY: lint
-lint: build
-	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
-		while read f; do \
-			$(JSONNET_FMT) "$$f" | diff -u "$$f" -; \
-		done
-	mixtool lint mixin.libsonnet
-
-dashboards_out: mixin.libsonnet config.libsonnet $(wildcard dashboards/*)
-	@mkdir -p dashboards_out
-	jsonnet -J vendor -m dashboards_out lib/dashboards.jsonnet
-
-.PHONY: clean
-clean:
-	rm -rf dashboards_out
--- a/contrib/gitea-monitoring-mixin/README.md
+++ b/contrib/gitea-monitoring-mixin/README.md
@@ -1,33 +0,0 @@
-# Gitea Mixin
-
-Gitea Mixin is a set of configurable Grafana dashboards based on the metrics exported by the Gitea built-in metrics endpoint.
-
-## Generate config files
-
-You can manually generate dashboards, but first you should install some tools:
-
-```bash
-go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
-go install github.com/google/go-jsonnet/cmd/jsonnet@latest
-# or in brew: brew install go-jsonnet
-```
-
-For linting and formatting, you would also need `mixtool` and `jsonnetfmt` installed. If you
-have a working Go development environment, it's easiest to run the following:
-
-```bash
-go install github.com/monitoring-mixins/mixtool/cmd/mixtool@latest
-go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
-```
-
-The files in `dashboards_out` need to be imported
-into your Grafana server.  The exact details will be depending on your environment.
-
-Edit `config.libsonnet` if required and then build JSON dashboard files for Grafana:
-
-```bash
-make
-```
-
-For more advanced uses of mixins, see
-https://github.com/monitoring-mixins/docs.
--- a/contrib/gitea-monitoring-mixin/config.libsonnet
+++ b/contrib/gitea-monitoring-mixin/config.libsonnet
@@ -1,99 +0,0 @@
-{
-  _config+:: {
-    local c = self,
-    dashboardNamePrefix: 'Gitea',
-    dashboardTags: ['gitea'],
-    dashboardPeriod: 'now-1h',
-    dashboardTimezone: 'default',
-    dashboardRefresh: '1m',
-
-    // please see https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
-    // Show issue by repository metrics with format gitea_issues_by_repository{repository="org/repo"} 5.
-    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_REPOSITORY set to true.
-    showIssuesByRepository: true,
-    // Show graphs for issue by label metrics with format gitea_issues_by_label{label="bug"} 2.
-    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_LABEL set to true.
-    showIssuesByLabel: true,
-
-    // Requires Gitea 1.16.0.
-    showIssuesOpenClose: true,
-
-    // add or remove metrics from dashboard
-    giteaStatMetrics:
-      [
-        {
-          name: 'gitea_organizations',
-          description: 'Organizations',
-        },
-        {
-          name: 'gitea_teams',
-          description: 'Teams',
-        },
-        {
-          name: 'gitea_users',
-          description: 'Users',
-        },
-        {
-          name: 'gitea_repositories',
-          description: 'Repositories',
-        },
-        {
-          name: 'gitea_milestones',
-          description: 'Milestones',
-        },
-        {
-          name: 'gitea_stars',
-          description: 'Stars',
-        },
-        {
-          name: 'gitea_releases',
-          description: 'Releases',
-        },
-      ]
-      +
-      if c.showIssuesOpenClose then
-        [
-          {
-            name: 'gitea_issues_open',
-            description: 'Issues opened',
-          },
-          {
-            name: 'gitea_issues_closed',
-            description: 'Issues closed',
-          },
-        ] else
-        [
-          {
-            name: 'gitea_issues',
-            description: 'Issues',
-          },
-        ],
-    //set this for using label colors on graphs
-    issueLabels: [
-      {
-        label: 'bug',
-        color: '#ee0701',
-      },
-      {
-        label: 'duplicate',
-        color: '#cccccc',
-      },
-      {
-        label: 'invalid',
-        color: '#e6e6e6',
-      },
-      {
-        label: 'enhancement',
-        color: '#84b6eb',
-      },
-      {
-        label: 'help wanted',
-        color: '#128a0c',
-      },
-      {
-        label: 'question',
-        color: '#cc317c',
-      },
-    ],
-  },
-}
--- a/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
@@ -1 +0,0 @@
-(import 'overview.libsonnet')
--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -1,461 +0,0 @@
-local grafana = import 'github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet';
-local prometheus = grafana.prometheus;
-
-local addIssueLabelsOverrides(labels) =
-  {
-    fieldConfig+: {
-      overrides+: [
-        {
-          matcher: {
-            id: 'byRegexp',
-            options: label.label,
-          },
-          properties: [
-            {
-              id: 'color',
-              value: {
-                fixedColor: label.color,
-                mode: 'fixed',
-              },
-            },
-          ],
-        }
-        for label in labels
-      ],
-    },
-  };
-
-{
-
-  grafanaDashboards+:: {
-
-    local giteaSelector = 'job="$job", instance="$instance"',
-    local giteaStatsPanel =
-      grafana.statPanel.new(
-        'Gitea stats',
-        datasource='$datasource',
-        reducerFunction='lastNotNull',
-        graphMode='none',
-        colorMode='value',
-      )
-      .addTargets(
-        [
-          prometheus.target(expr='%s{%s}' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=10)
-          for metric in $._config.giteaStatMetrics
-        ]
-      )
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              fixedColor: 'blue',
-              mode: 'fixed',
-            },
-          },
-        },
-      },
-
-    local giteaUptimePanel =
-      grafana.statPanel.new(
-        'Uptime',
-        datasource='$datasource',
-        reducerFunction='last',
-        graphMode='area',
-        colorMode='value',
-      )
-      .addTarget(prometheus.target(expr='time()-process_start_time_seconds{%s}' % giteaSelector, intervalFactor=1))
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              fixedColor: 'blue',
-              mode: 'fixed',
-            },
-            unit: 's',
-          },
-        },
-      },
-
-    local giteaMemoryPanel =
-      grafana.graphPanel.new(
-        'Memory usage',
-        datasource='$datasource'
-      )
-      .addTarget(prometheus.target(expr='process_resident_memory_bytes{%s}' % giteaSelector, intervalFactor=2))
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              fillOpacity: 15,
-            },
-            color: {
-              fixedColor: 'green',
-              mode: 'fixed',
-            },
-            unit: 'decbytes',
-          },
-        },
-      },
-
-    local giteaCpuPanel =
-      grafana.graphPanel.new(
-        'CPU usage',
-        datasource='$datasource'
-      )
-      .addTarget(prometheus.target(expr='rate(process_cpu_seconds_total{%s}[$__rate_interval])*100' % giteaSelector, intervalFactor=2))
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              gradientMode: 'scheme',
-              fillOpacity: 15,
-              axisSoftMin: 0,
-              axisSoftMax: 0,
-            },
-            color: {
-              mode: 'continuous-GrYlRd',  // from green to red (100%)
-            },
-            unit: 'percent',
-          },
-          overrides: [
-            {
-              matcher: {
-                id: 'byRegexp',
-                options: '.+',
-              },
-              properties: [
-                {
-                  id: 'max',
-                  value: 100,
-                },
-                {
-                  id: 'min',
-                  value: 0,
-                },
-              ],
-            },
-          ],
-        },
-      },
-
-    local giteaFileDescriptorsPanel =
-      grafana.graphPanel.new(
-        'File descriptors usage',
-        datasource='$datasource',
-      )
-      .addTarget(prometheus.target(expr='process_open_fds{%s}' % giteaSelector, intervalFactor=2))
-      .addTarget(prometheus.target(expr='process_max_fds{%s}' % giteaSelector, intervalFactor=2))
-      .addSeriesOverride(
-        {
-          alias: '/process_max_fds.+/',
-          color: '#F2495C',  // red
-          dashes: true,
-          fill: 0,
-        },
-      )
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              gradientMode: 'scheme',
-              fillOpacity: 0,
-            },
-            color: {
-              fixedColor: 'green',
-              mode: 'fixed',
-            },
-            unit: '',
-          },
-          overrides: [
-            {
-              matcher: {
-                id: 'byFrameRefID',
-                options: 'B',
-              },
-              properties: [
-                {
-                  id: 'custom.lineStyle',
-                  value: {
-                    fill: 'dash',
-                    dash: [
-                      10,
-                      10,
-                    ],
-                  },
-                },
-                {
-                  id: 'color',
-                  value: {
-                    mode: 'fixed',
-                    fixedColor: 'red',
-                  },
-                },
-              ],
-            },
-          ],
-        },
-      },
-
-    local giteaChangesPanelPrototype =
-      grafana.graphPanel.new(
-        '',
-        datasource='$datasource',
-        interval='$agg_interval',
-        maxDataPoints=10000,
-      )
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            calcs+: [
-              'sum',
-            ],
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            noValue: '0',
-            custom+: {
-              drawStyle: 'bars',
-              barAlignment: -1,
-              fillOpacity: 50,
-              gradientMode: 'hue',
-              pointSize: 1,
-              lineWidth: 0,
-              stacking: {
-                group: 'A',
-                mode: 'normal',
-              },
-            },
-          },
-        },
-      },
-
-    local giteaChangesPanelAll =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='changes(process_start_time_seconds{%s}[$__interval]) > 0' % [giteaSelector], legendFormat='Restarts', intervalFactor=1))
-      .addTargets(
-        [
-          prometheus.target(expr='floor(delta(%s{%s}[$__interval])) > 0' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=1)
-          for metric in $._config.giteaStatMetrics
-        ]
-      ) + { id: 200 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesPanelTotal =
-      grafana.statPanel.new(
-        'Changes',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + {
-        targets+: [
-          {
-            panelId: giteaChangesPanelAll.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    local giteaChangesByRepositories =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_repository{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ repository }}', intervalFactor=1))
-      + { id: 210 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesByRepositoriesTotal =
-      grafana.statPanel.new(
-        'Issues by repository',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + {
-        id: 211,
-        targets+: [
-          {
-            panelId: giteaChangesByRepositories.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    local giteaChangesByLabel =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_label{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ label }}', intervalFactor=1))
-      + addIssueLabelsOverrides($._config.issueLabels)
-      + { id: 220 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesByLabelTotal =
-      grafana.statPanel.new(
-        'Issues by labels',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + addIssueLabelsOverrides($._config.issueLabels)
-      + {
-        id: 221,
-        targets+: [
-          {
-            panelId: giteaChangesByLabel.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    'gitea-overview.json':
-      grafana.dashboard.new(
-        '%s Overview' % $._config.dashboardNamePrefix,
-        time_from='%s' % $._config.dashboardPeriod,
-        editable=false,
-        tags=($._config.dashboardTags),
-        timezone='%s' % $._config.dashboardTimezone,
-        refresh='%s' % $._config.dashboardRefresh,
-        graphTooltip='shared_crosshair',
-        uid='gitea-overview'
-      )
-      .addTemplate(
-        {
-          current: {
-            text: 'Prometheus',
-            value: 'Prometheus',
-          },
-          hide: 0,
-          label: 'Data Source',
-          name: 'datasource',
-          options: [],
-          query: 'prometheus',
-          refresh: 1,
-          regex: '',
-          type: 'datasource',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: null,
-          name: 'job',
-          options: [],
-          query: 'label_values(gitea_organizations, job)',
-          refresh: 1,
-          regex: '',
-          type: 'query',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: null,
-          name: 'instance',
-          options: [],
-          query: 'label_values(gitea_organizations{job="$job"}, instance)',
-          refresh: 1,
-          regex: '',
-          type: 'query',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: 'aggregation interval',
-          name: 'agg_interval',
-          auto_min: '1m',
-          auto: true,
-          query: '1m,10m,1h,1d,7d',
-          type: 'interval',
-        },
-      )
-      .addPanel(grafana.row.new(title='General'), gridPos={ x: 0, y: 0, w: 0, h: 0 },)
-      .addPanel(giteaStatsPanel, gridPos={ x: 0, y: 0, w: 16, h: 4 })
-      .addPanel(giteaUptimePanel, gridPos={ x: 16, y: 0, w: 8, h: 4 })
-      .addPanel(giteaMemoryPanel, gridPos={ x: 0, y: 4, w: 8, h: 6 })
-      .addPanel(giteaCpuPanel, gridPos={ x: 8, y: 4, w: 8, h: 6 })
-      .addPanel(giteaFileDescriptorsPanel, gridPos={ x: 16, y: 4, w: 8, h: 6 })
-      .addPanel(grafana.row.new(title='Changes', collapse=false), gridPos={ x: 0, y: 10, w: 24, h: 8 })
-      .addPanel(giteaChangesPanelTotal, gridPos={ x: 0, y: 12, w: 6, h: 8 })
-      +  // use patching instead of .addPanel() to keep static ids
-      {
-        panels+: std.flattenArrays([
-          [
-            giteaChangesPanelAll { gridPos: { x: 6, y: 12, w: 18, h: 8 } },
-          ],
-          if $._config.showIssuesByRepository then
-            [
-              giteaChangesByRepositoriesTotal { gridPos: { x: 0, y: 20, w: 6, h: 8 } },
-              giteaChangesByRepositories { gridPos: { x: 6, y: 20, w: 18, h: 8 } },
-            ] else [],
-          if $._config.showIssuesByLabel then
-            [
-              giteaChangesByLabelTotal { gridPos: { x: 0, y: 28, w: 6, h: 8 } },
-              giteaChangesByLabel { gridPos: { x: 6, y: 28, w: 18, h: 8 } },
-            ] else [],
-        ]),
-      },
-  },
-}
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.json
@@ -1,15 +0,0 @@
-{
-    "version": 1,
-    "dependencies": [
-      {
-        "source": {
-          "git": {
-            "remote": "https://github.com/grafana/grafonnet-lib.git",
-            "subdir": "grafonnet"
-          }
-        },
-        "version": "master"
-      }
-    ],
-    "legacyImports": false
-  }
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
@@ -1,16 +0,0 @@
-{
-  "version": 1,
-  "dependencies": [
-    {
-      "source": {
-        "git": {
-          "remote": "https://github.com/grafana/grafonnet-lib.git",
-          "subdir": "grafonnet"
-        }
-      },
-      "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
-      "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
-    }
-  ],
-  "legacyImports": false
-}
--- a/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
@@ -1 +0,0 @@
-std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)
--- a/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
@@ -1,6 +0,0 @@
-local dashboards = (import '../mixin.libsonnet').grafanaDashboards;
-
-{
-  [name]: dashboards[name]
-  for name in std.objectFields(dashboards)
-}
--- a/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
@@ -1 +0,0 @@
-std.manifestYamlDoc((import '../mixin.libsonnet').prometheusRules)
--- a/contrib/gitea-monitoring-mixin/mixin.libsonnet
+++ b/contrib/gitea-monitoring-mixin/mixin.libsonnet
@@ -1,2 +0,0 @@
-(import 'dashboards/dashboards.libsonnet') +
-(import 'config.libsonnet')
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -19,7 +19,7 @@
      "type": "go",
      "request": "launch",
      "mode": "debug",
-      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
+      "buildFlags": "-tags=\"sqlite sqlite_unlock_notify\"",
      "port": 2345,
      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
--- a/contrib/ide/vscode/settings.json
+++ b/contrib/ide/vscode/settings.json
@@ -1,4 +0,0 @@
-{
-    "go.buildTags": "'sqlite sqlite_unlock_notify'",
-    "go.testFlags": ["-v"]
-}
--- a/contrib/ide/vscode/tasks.json
+++ b/contrib/ide/vscode/tasks.json
@@ -2,7 +2,7 @@
  "version": "2.0.0",
  "tasks": [
    {
-      "label": "Build",
+      "taskName": "Build",
      "type": "shell",
      "command": "go",
      "group": "build",
@@ -12,19 +12,20 @@
        "focus": false,
        "panel": "shared"
      },
+      "args": ["build"],
      "linux": {
-        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
      },
      "osx": {
-        "args": ["build", "-o", "gitea", "${workspaceRoot}/main.go" ]
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
      },
      "windows": {
-        "args": ["build", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": [ "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
      },
      "problemMatcher": ["$go"]
    },
    {
-      "label": "Build (with SQLite3)",
+      "taskName": "Build (with SQLite3)",
      "type": "shell",
      "command": "go",
      "group": "build",
@@ -34,14 +35,15 @@
        "focus": false,
        "panel": "shared"
      },
+      "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\""],
      "linux": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
      },
      "osx": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea", "${workspaceRoot}/main.go"]
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
      },
      "windows": {
-        "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\"", "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+        "args": ["-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
      },
      "problemMatcher": ["$go"]
    }
--- a/contrib/init/debian/gitea
+++ b/contrib/init/debian/gitea
@@ -18,7 +18,7 @@ PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
 DESC="Gitea - Git with a cup of tea"
 NAME=gitea
 SERVICEVERBOSE=yes
-PIDFILE=/run/$NAME.pid
+PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 WORKINGDIR=/var/lib/$NAME
 DAEMON=/usr/local/bin/$NAME
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@@ -7,7 +7,7 @@ start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
 command="/usr/local/bin/gitea"
 command_args="web -c /etc/gitea/app.ini"
 command_background=yes
-pidfile=/run/gitea.pid
+pidfile=/var/run/gitea.pid

 depend()
 {
--- a/contrib/init/suse/gitea
+++ b/contrib/init/suse/gitea
@@ -93,7 +93,7 @@ case "$1" in

 		# Return value is slightly different for the status command:
 		# 0 - service up and running
-		# 1 - service dead, but /run/  pid  file exists
+		# 1 - service dead, but /var/run/  pid  file exists
 		# 2 - service dead, but /var/lock/ lock file exists
 		# 3 - service not running (unused)
 		# 4 - service status unknown :-(
--- a/contrib/k8s/gitea.yml
+++ b/contrib/k8s/gitea.yml
@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  replicas: 1
+  template:
+    metadata:
+      name: gitea
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:latest
+        imagePullPolicy: Always
+        volumeMounts:
+          - mountPath: "/var/lib/gitea"
+            name: "root"
+          - mountPath: "/data"
+            name: "data"
+        ports:
+          - containerPort: 22
+            name: ssh
+            protocol: TCP
+          - containerPort: 3000
+            name: http
+            protocol: TCP
+      restartPolicy: Always
+      volumes:
+        # Set up a data directory for gitea
+        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
+        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
+      - name: "root"
+        hostPath:
+          # directory location on host
+          path: "/var/lib/gitea"
+          # this field is optional
+          type: Directory
+      - name: "data"
+        hostPath:
+          path: "/data/gitea"
+          type: Directory
+  selector:
+    matchLabels:
+      app: gitea
+---
+# Using cluster mode
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-web
+  namespace: gitea
+  labels:
+    app: gitea-web
+spec:
+  ports:
+  - port: 80
+    targetPort: 3000
+    name: http
+  selector:
+    app: gitea
+---
+# Using node-port mode
+# This mainly open a specific TCP port for SSH usage on each host,
+# so you can use a proxy layer to handle it(e.g. slb, nginx)
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+  labels:
+    app: gitea-ssh
+spec:
+  ports:
+  - port: 22
+    targetPort: 22
+    nodePort: 30022
+    name: ssh
+  selector:
+    app: gitea
+  type: NodePort
+---
+# Ingress is always suitable for HTTP usage,
+# we suggest using an proxy layer such as slb to send traffic to different ports.
+# Usually 80/443 for web and 22 directly for SSH.
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  rules:
+  - host: your-gitea-host.com
+    http:
+      paths:
+      - backend:
+          serviceName: gitea-web
+          servicePort: 80
--- a/contrib/legal/privacy.html.sample
+++ b/contrib/legal/privacy.html.sample
@@ -1,196 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
-  <title>Privacy Policy</title>
- </head>
-
- <body>
-  <h1>Privacy Policy</h1>
-
-  <h4>Last updated: January 29, 2020</h4>
-
-  <h2>Who We Are?</h2>
-
-  <p>Your Gitea Instance</p>
-
-  <h2>What Personal Data We Collect?</h2>
-
-  <p>We collect following personal data (collectively called User Personal Information):</p>
-
-  <ol>
-   <li>Registration information (username, email, password, etc.)</li>
-   <li>Profile information for your Account (such as your full name, biography, website, gpg key, and location.)</li>
-   <li>Usage information (pages you view, your IP address, referring site, session information, and request date and time.)</li>
-   <li>Device information (its IP address, client application information, language preference, operating system and application version, device type, ID, model and manufacturer.)</li>
-   <li>Git data that you upload to a repository</li>
-   <li>Cookies and Similar Technologies</li>
-  </ol>
-
-  <p>We may also collect User Personal Information from third-parties (vendors, partners, or affiliates). We don't purchase them from third-party data brokers, though.</p>
-
-  <p>However, we don't intentionally collect sensitive information (such as racial or ethnic origin, political affiliations, religious/philosophical beliefs, biometric data, etc.)</p>
-<!--If you choose to store any of such data on our servers, you are responsible for complying with any regulations regarding them.-->
-
-  <h2>How We Share Information We Collect?</h2>
-
-  <p>We may share your User Personal Information with third-parties under following circumstances:</p>
-
-   <h3>With your Consent</h3>
-
-   <p>We share your User Personal Information, if you consent, after letting you know what information will be shared, with whom, and why. For example, if you allow third party applications to access your Account using <a href="https://docs.gitea.io/en-us/oauth2-provider/">OAuth2 providers</a>, we share all information associated with your Account, including private repos and organizations. You may also direct us through your action on Your Gitea Instance to share your User Personal Information, such as when joining an Organization.</p>
-
-   <h3>With Service Providers</h3>
-
-   <p>We share User Personal Information with a limited number of service providers who process it on our behalf to provide or improve our Service, and who have agreed to privacy restrictions similar to the ones in our Privacy Statement by signing data protection agreements or making similar commitments. Our service providers perform payment processing, customer support ticketing, network data transmission, security, and other similar services. While Your Gitea Instance processes all User Personal Information in the (country/state where Gitea is deployed), our service providers may process data outside of (country/state where Gitea is deployed), the United States or the European Union.</p>
-
-   <h3>For Security Purposes</h3>
-
-   <p>If you are a member of an Organization, Your Gitea Instance may share your username, Usage Information, and Device Information associated with that Organization with an owner and/or administrator of the Organization who has agreed to the Corporate Terms of Service or applicable customer agreements, to the extent that such information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.</p>
-
-   <h3>For Legal Disclosure</h3>
-
-   <p>Your Gitea Instance strives for transparency in complying with legal process and legal obligations. Unless prevented from doing so by law or court order, or in rare, exigent circumstances, we make a reasonable effort to notify users of any legally compelled or required disclosure of their information. Your Gitea Instance may disclose User Personal Information or other information we collect about you to law enforcement if required in response to a valid subpoena, court order, search warrant, a similar government order, or when we believe in good faith that disclosure is necessary to comply with our legal obligations, to protect our property or rights, or those of third parties or the public at large.</p>
-
-   <h3>Change in Control or Sale</h3>
-
-   <p>We may share User Personal Information if we are involved in a merger, sale, or acquisition of corporate entities or business units. If any such change of ownership happens, we will ensure that it is under terms that preserve the confidentiality of User Personal Information, and we will notify you on our Website or by email before any transfer of your User Personal Information. The organization receiving any User Personal Information will have to honor any promises we made in our Privacy Statement or Terms of Service.</p>
-
-   <h3>Aggregate, Non-Personally Identifying Information</h3>
-
-   <p>We share certain aggregated, non-personally identifying information with others about how our users, collectively, use Your Gitea Instance, or how our users respond to our other offerings, such as our conferences or events. For example, we may compile statistics on the open source activity across Your Gitea Instance.</p>
-
-   <p>We <b>don't</b> sell your User Personal Information for monetary or other consideration. </p>
-
-  <h2>How We Use Your Information?</h2>
-
-  <p>We may use your information for following purposes:</p>
-
-  <ol>
-   <li>We use your Registration Information to create your account, and to provide you the Service.</li>
-   <li>We use your User Personal Information, specifically your username, to identify you on Your Gitea Instance.</li>
-   <li>We use your Profile Information to fill out your Account profile and to share that profile with other users if you ask us to.</li>
-   <li>We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay.</li>
-   <li>We use User Personal Information and other data to make recommendations for you, such as to suggest projects you may want to follow or contribute to. We learn from your public behavior on Your Gitea Instance—such as the projects you star—to determine your coding interests, and we recommend similar projects. These recommendations are automated decisions, but they have no legal impact on your rights.</li>
-   <li>We use Usage Information and Device Information to better understand how our Users use Your Gitea Instance and to improve our Website and Service.</li>
-   <li>We may use your User Personal Information if it is necessary for security purposes or to investigate possible fraud or attempts to harm Your Gitea Instance or our Users.</li>
-   <li>We may use your User Personal Information to comply with our legal obligations, protect our intellectual property, and enforce our Terms of Service.</li>
-
-   <li>We limit our use of your User Personal Information to the purposes listed in this Privacy Statement. If we need to use your User Personal Information for other purposes, we will ask your permission first. You can always see what information we have, how we're using it, and what permissions you have given us in your user profile.</li>
-  </ol>
-
-  <h2>How Your Gitea Instance Secures Your Information?</h2>
-
-  <p>Your Gitea Instance takes all measures reasonably necessary to protect User Personal Information from unauthorized access, alteration, or destruction; maintain data accuracy; and help ensure the appropriate use of User Personal Information.</p>
-
-  <p>To the extent above, we enforce a written security information program, which:</p>
-
-  <ul>
-    <li>aligns with industry recognized frameworks;</li>
-    <li>includes security safeguards reasonably designed to protect the confidentiality, integrity, availability, and resilience of our Users' data;</li>
-    <li>is appropriate to the nature, size, and complexity of Your Gitea Instance’s business operations;</li>
-    <li>includes incident response and data breach notification processes; and</li>
-    <li>complies with applicable information security-related laws and regulations in the geographic regions where Your Gitea Instance does business.</li>
-  </ul>
-
-  <p>In the event of a data breach that affects your User Personal Information, we will act promptly to mitigate the impact of a breach and notify any affected Users without undue delay.</p>
-
-  <p>Transmission of data on Your Gitea Instance is encrypted using SSH, HTTPS (TLS), and git repository content is encrypted at rest. We host Your Gitea Instance at our hosting partner, which they provide data centers with high level of physical and network security.</p>
-
-  <p><b>Disclaimer:</b> No method of transmission, or method of electronic storage, is 100% secure, therefore, we cannot guarantee absolute security.</p>
-
-  <h2>Cookies and Tracking Usage</h2>
-
-   <h3>Cookies</h3>
-
-   <p>We uses cookies to make interactions with our service easy and meaningful. Cookies are small text files that websites often store on computer hard drives or mobile devices of visitors. We use cookies (and similar technologies, like HTML5 localStorage) to keep you logged in, remember your preferences, and provide information for future development of Your Gitea Instance. For security purposes, we use cookies to identify a device. By using our Website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use our services.</p>
-
-   <h3>Tracking and Analytics</h3>
-
-   <p>Out of the box, Gitea doesn't use third-party analytics. In case when we opt in to their usage, we do that to help us evaluate our Users' use of Your Gitea Instance, compile statistical reports on activity, and improve our content and Website performance. We only use these third-party analytics providers on certain areas of our Website, and all of them have signed data protection agreements with us that limit the type of User Personal Information they can collect and the purpose for which they can process the information. In addition, we may also deploy internal analytics software to provide similar functionality.</p>
-
-   <p>Some browsers have incorporated "Do Not Track" (DNT) features that can send a signal to the websites you visit indicating you do not wish to be tracked. Your Gitea Instance responds to browser DNT signals and follows the <a href="https://www.w3.org/TR/tracking-dnt/">W3C standard for responding to DNT signals</a>. If you have not enabled DNT on a browser that supports it, cookies on some parts of our Website will track your online browsing activity on other online services over time, though we do not permit third parties other than our analytics and service providers to track Your Gitea Instance Users' activity over time on Your Gitea Instance.</p>
-
-  <h2>Repository Contents</h2>
-
-  <p>Our employees do not access private repositories unless required to for security purposes, for support, to maintain integrity of the Service, or to comply with our legal obligations. While we don't generally search for content in your repositories, we may scan our servers and your content to detect tokens or security signatures, known malwares, or child exploitation imagery.</p>
-
-  <p>If your repository is public, anyone may view its contents. If you include private, confidential or Sensitive Personal Information, such as email addresses or passwords, in your public repository, that information may be indexed by search engines or used by third parties.</p>
-
-  <h2>Public Information</h2>
-
-  <p>Many of our services and feature are public-facing. If your content is public-facing, third parties may access and use it in compliance with our Terms of Service, such as by viewing your profile or repositories or pulling data via our API. We do not sell that content; it is yours. However, we do allow third parties, such as research organizations or archives, to compile public-facing Your Gitea Instance information. Other third parties, such as data brokers, have been known to scrape Your Gitea Instance and compile data as well.</p>
-
-  <p>Your User Personal Information associated with your content could be gathered by third parties in these compilations of Your Gitea Instance data. If you do not want your User Personal Information to appear in third parties’ compilations of Your Gitea Instance data, please do not make your User Personal Information publicly available and be sure to configure your email address to be private in your user profile and in your git commit settings.</p>
-
-  <p>If you would like to compile Your Gitea Instance data, you must comply with our Terms of Service regarding scraping and privacy, and you may only use any public-facing User Personal Information you gather for the purpose for which our user authorized it. For example, where a Your Gitea Instance user has made an email address public-facing for the purpose of identification and attribution, do not use that email address for commercial advertising. We expect you to reasonably secure any User Personal Information you have gathered from Your Gitea Instance, and to respond promptly to complaints, removal requests, and "do not contact" requests from Your Gitea Instance or Your Gitea Instance users.</p>
-
-  <p>In similar fashion, projects on Your Gitea Instance may include publicly available User Personal Information collected as part of the collaborative events.</p>
-
-  <h2>Organizations</h2>
-
-  <p>If you collaborate on or become a member of an Organization, then its Account owners may receive your User Personal Information. When you accept an invitation to an Organization, you will be notified of the types of information owners may be able to see. If you accept an invitation to an Organization with a verified domain, then the owners of that Organization will be able to see your full email address(es) within that Organization's verified domain(s).</p>
-
-  <p>Please note, Your Gitea Instance may share your username, Usage Information, and Device Information with the owner of the Organization you are a member of, to the extent that your User Personal Information is provided only to investigate or respond to a security incident that affects or compromises the security of that particular Organization.</p>
-
-  <p>If you collaborate with or become a member of an Account that has agreed to a Data Protection Addendum (DPA) to this Privacy Policy, then that DPA governs in the event of conflicts between this Privacy Policy and DPA with respect to your activity in the Account.</p>
-
-  <p>Please contact the Account owners for more information about how they might process your User Personal Information in their Organization and the ways for you to access, update, alter, or delete the User Personal Information stored in the Account.</p>
-
-  <h2>How You Can Access and Control the Information We Collect?</h2>
-
-  <p>If you're already a Your Gitea Instance user, you may access, update, alter, or delete your basic user information by editing your user profile. You can control the information we collect about you by limiting what information is in your profile, or by keeping your information current.</p>
-
-  <p>If Your Gitea Instance processes information about you, such as information receives from third parties, and you do not have an account, then you may, subject to applicable law, access, update, alter, delete, or object to the processing of your personal information by contacting our support.</p>
-
-   <h3>Data Portability</h3>
-
-   <p>As a Your Gitea Instance User, you can always take your data with you. You can clone your repositories to your computer, or you can <a href="https://docs.gitea.io/en-us/migrations-interfaces/">perform migrations using the provided interfaces</a>, for example.</p>
-
-   <h3>Data Retention and Deletion of Data</h3>
-
-   <p>In general, Your Gitea Instance retains User Personal Information for as long as your account is active, or as needed to provide you service.</p>
-
-   <p>If you would like to cancel your account or delete your User Personal Information, you may do so in your user profile. We retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile (within reason) within 90 days of your request. Feel free to contact our support to request erasure of the data we process on the bassis of consent within 30 days.</p>
-
-   <p>After an account has been deleted, certain data, such as contributions to other Users' repositories and comments in others' issues, will remain. However, we will delete or de-identify your User Personal Information, including your username and email address, from the author field of issues, pull requests, and comments by associating them with a ghost user.</p>
-
-   <p>That said, the email address you have supplied via your Git commit settings will always be associated with your commits in the Git system. If you choose to make your email address private, you should also update your Git commit settings. We are unable to change or delete data in the Git commit history — the Git software is designed to maintain a record — but we do enable you to control what information you put in that record.</p>
-
-  <h2>Our Global Privacy Practices</h2>
-
-  <p>We store and process the information that we collect in the (country/state where Gitea is deployed) in accordance with this Privacy Statement though our service providers may store and process data outside the (country/state where Gitea is deployed). However, we understand that we have Users from different countries and regions with different privacy expectations, and we try to meet those needs even when the (country/state where Gitea is deployed) does not have the same privacy framework as other countries.</p>
-
-  <p>We provide a high standard of privacy protection—as described in this Privacy Statement—to all our users around the world, regardless of their country of origin or location, and we are proud of the levels of notice, choice, accountability, security, data integrity, access, and recourse we provide. We work hard to comply with the applicable data privacy laws wherever we do business, working with our Data Protection Officer as part of a cross-functional team that oversees our privacy compliance efforts. Additionally, if our vendors or affiliates have access to User Personal Information, they must sign agreements that require them to comply with our privacy policies and with applicable data privacy laws.</p>
-
-  <p>In particular:</p>
-
-  <ul>
-   <li>Your Gitea Instance provides clear methods of unambiguous, informed, specific, and freely given consent at the time of data collection, when we collect your User Personal Information using consent as a basis.</li>
-   <li>We collect only the minimum amount of User Personal Information necessary for our purposes, unless you choose to provide more. We encourage you to only give us the amount of data you are comfortable sharing.</li>
-   <li>We offer you simple methods of accessing, altering, or deleting the User Personal Information we have collected, where legally permitted.</li>
-   <li>We provide our Users notice, choice, accountability, security, and access regarding their User Personal Information, and we limit the purpose for processing it. We also provide our Users a method of recourse and enforcement. These are the Privacy Shield Principles, but they are also just good practices.</li>
-  </ul>
-
-  <h2>How We Communicate with You?</h2>
-
-  <p>We use your email address to communicate with you, if you've said that's okay, and only for the reasons you’ve said that’s okay. For example, if you contact our support with a request, we respond to you via email. You have a lot of control over how your email address is used and shared on and through Your Gitea instance. You may manage your communication preferences in your user profile.</p>
-
-  <p>By design, the Git version control system associates many actions with a User's email address, such as commit messages. We are not able to change many aspects of the Git system. If you would like your email address to remain private, even when you’re commenting on public repositories, you can create a private email address in your user profile. You should also update your local Git configuration to use your private email address. This will not change how we contact you, but it will affect how others see you.</p>
-
-  <p>Depending on your email settings, Your Gitea instance may occasionally send notification emails about changes in a repository you’re watching, new features, requests for feedback, important policy changes, or to offer customer support. We also send marketing emails, based on your choices and in accordance with applicable laws and regulations. There's an “unsubscribe” link located at the bottom of each of the marketing emails we send you. Note that you can opt out of any communications with us, except the important ones (like from our support and system emails).</p>
-
-  <p>Our emails may contain a pixel tag, which is a small, clear image that can tell us whether or not you have opened an email and what your IP address is. We use this pixel tag to make our email more effective for you and to make sure we’re not sending you unwanted email.</p>
-
-  <h2>Changes to this Privacy Policy</h2>
-
-  <p>Although most changes are likely to be minor, Your Gitea Instance may change our Privacy Statement from time to time. We will provide notification to Users of material changes to this Privacy Statement through our Website at least 30 days prior to the change taking effect by posting a notice on our home page or sending email to the primary email address specified in your account.</p> 
-
-  <h2>Contact</h2>
-
-  <p>If you have any concerns about privacy, please contact us at <a href="mailto:privacy@your-gitea-instance">privacy@your-gitea-instance</a>. We will respond promptly, within 45 days.</p>
-
-  <h2>COPYING</h2>
-
-  <p>This document is licensed under CC0 Public Domain License. See <a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode">full legal code here</a>.</p>
- </body>
-</html>
--- a/contrib/legal/tos.html.sample
+++ b/contrib/legal/tos.html.sample
@@ -1,245 +0,0 @@
-<!DOCTYPE html>
-<html>
- <head>
-  <title>Terms of Service</title>
- </head>
-
- <body>
-  <h1>Terms of Service</h1>
-
-  <h4>Last updated: January 29, 2020</h4>
-
-  <p>Thank you for choosing Your Gitea Instance! Before you use it, please read this Terms of Service agreement carefully, which contains important contract between us and our users.</p>
-
-  <h2>Definitions</h2>
-
-   <ol>
-    <li>An "Account" represents your legal relationship with Your Gitea Instance. A “User Account” represents an individual User’s authorization to log in to and use the Service and serves as a User’s identity on Your Gitea Instance. “Organizations” are shared workspaces that may be associated with a single entity or with one or more Users where multiple Users can collaborate across many projects at once. A User Account can be a member of any number of Organizations.</li>
-
-    <li>The "Agreement" collectively refers to all terms, conditions, and notices referenced or contained in this document and other operating rules, policies (including Privacy Policy) and procedures that we may publish from time to time on this Website.</li>
-
-    <li>“Content” refers to content featured or displayed through the Website, including without limitation code, text, data, articles, images, photographs, graphics, software, applications, packages, designs, features, and other materials that are available on the Website or otherwise available through the Service. "Content" also includes Services. “User-Generated Content” is Content, written or otherwise, created or uploaded by our Users. "Your Content" is Content that you create or own.</li>
-
-    <li>"Your Gitea Instance", "We", and "Us" refers to Your Gitea Instance, as well as our affiliates, directors, subsidiaries, contractors, licensors, officers, agents, and employees.</li>
-
-    <li>The "Service" refers to applications/software, products, and services provided by Your Gitea Instance.</li>
-
-    <li>The "User", "You", and "Your" refers to individual person or institution (organizations or company) that has visited or using the Service; that have access or use any part of the Account; or that directs to use the Account to perform its function. Please note that additional terms may apply for Accounts related to business or government.</li>
-
-    <li>The "Website" refers to Your Gitea Instance's website at <a href="https://your-gitea-instance">your-gitea-instance</a>, including its subdomains and other websites owned by Your Gitea Instance.</li>
-   </ol>
-
-  <h2>Account Terms</h2>
-
-   <h3>Account Controls</h3>
-
-   <ul>
-    <li>Users: Subject to these Terms, you retain ultimate administrative control over your User Account and the Content within it.</li>
-
-    <li>Organizations. The "owner" of an Organization that was created under these Terms has ultimate administrative control over that Organization and the Content within it. Within the Service, an owner can manage User access to the Organization’s data and projects. An Organization may have multiple owners, but there must be at least one User Account designated as an owner of an Organization. If you are the owner of an Organization under these Terms, we consider you responsible for the actions that are performed on or through that Organization.</li>
-   </ul>
-
-  <h3>Required Information</h3>
-
-  <p>You must provide a valid email address in order to complete the signup process. Any other information requested, such as your real name, is optional, unless you are accepting these terms on behalf of a legal entity (in which case we need more information about the legal entity).</p>
-
-  <h3>Account Requirements</h3>
-
-  <ul>
-   <li>You must be a human to create an Account. Accounts registered by "bots" or other automated methods are not permitted. We do permit machine accounts:</li>
-   <li>A machine account is an Account set up by an individual human who accepts the Terms on behalf of the Account, provides a valid email address, and is responsible for its actions. A machine account is used exclusively for performing automated tasks. Multiple users may direct the actions of a machine account, but the owner of the Account is ultimately responsible for the machine's actions.</li>
-   <li>You must be age 13 or older. If we learn of any User under that age, we will immediately terminate that User's Account. Different countries may have different minimum age; in such cases you are responsible for complying with your country's regulation. By using Your Gitea Instance, you agree to comply with <a href="https://www.ftc.gov/enforcement/rules/rulemaking-regulatory-reform-proceedings/childrens-online-privacy-protection-rule">COPPA</a> and/or similar law in your country.</li>
-  </ul>
-
-   <h3>User Account Security</h3>
-
-   <p>You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account's security, but the content of your Account and its security are up to you.</p>
-
-   <h3>Additional Terms</h3>
-
-   <p>In some situations, third parties' terms may apply to your use of Your Gitea Instance. For example, you may be a member of an organization on Your Gitea Instance with its own terms or license agreements; you may download an application that integrates with Your Gitea Instance; or you may use Your Gitea Instance to authenticate to another service. Please be aware that while these Terms are our full agreement with you, other parties' terms govern their relationships with you.</p>
-
-  <h2>Acceptable Use</h2>
-
-  <p>Your use of the Website and Service must not violate any applicable laws, including copyright or trademark laws, export control or sanctions laws, or other laws in your jurisdiction. You are responsible for making sure that your use of the Service is in compliance with laws and any applicable regulations.</p>
-
-  <h2>User-Generated Content</h2>
-
-   <ol>
-    <li>You may create or upload User-Generated Content while using the Service. You are solely responsible for the content of, and for any harm resulting from, any User-Generated Content that you post, upload, link to or otherwise make available via the Service, regardless of the form of that Content. We are not responsible for any public display or misuse of your User-Generated Content.</li>
-
-    <li>We do not pre-screen User-Generated Content, but we have the right (though not the obligation) to refuse or remove any User-Generated Content that, in our sole discretion, violates any our terms or policies.</li>
-
-    <li>
-     <p>You retain ownership of and responsibility for Your Content. If you're posting anything you did not create yourself or do not own the rights to, you agree that you are responsible for any Content you post; that you will only submit Content that you have the right to post; and that you will fully comply with any third party licenses relating to Content you post.</p>
-
-     <p>Because of above, we need you to grant us -- and other Your Gitea Instance users -- certain legal permissions, listed below in this section. If you upload Content that already comes with a license granting Your Gitea Instance the permissions we need to run our Service, no additional license is required. You understand that you will not receive any payment for any of the rights granted below. The licenses you grant to us will end when you remove Your Content from our servers, unless other Users have forked it.</p>
-    </li>
-
-    <li>
-     <p>We need the legal right to do things like host Your Content, publish it, and share it. You grant us and our legal successors the right to store, parse, and display Your Content, and make incidental copies as necessary to render the Website and provide the Service. This includes the right to do things like copy it to our database and make backups; show it to you and other users; parse it into a search index or otherwise analyze it on our servers; share it with other users; and perform it, in case Your Content is something like music or video.</p>
-
-     <p>This license, however, doesn't grant Your Gitea Instance the right to sell Your Content or otherwise distribute or use it outside of our provision of the Service.</p>
-    </li>
-
-    <li>
-     <p>Any User-Generated Content you post publicly, including issues, comments, and contributions to other Users' repositories, may be viewed by others. By setting your repositories to be viewed publicly, you agree to allow others to view and "fork" your repositories (this means that others may make their own copies of Content from your repositories in repositories they control).</p>
-
-     <p>If you set your pages and repositories to be viewed publicly, you grant each User of Your Gitea Instance a nonexclusive, worldwide license to use, display, and perform Your Content through the Your Gitea Instance Service and to reproduce Your Content solely on Your Gitea Instance as permitted through Your Gitea Instance's functionality (for example, through forking). You may grant further rights if you adopt a license. If you are uploading Content you did not create or own, you are responsible for ensuring that the Content you upload is licensed under terms that grant these permissions to other Your Gitea Instance Users.</p>
-    </li>
-
-    <li>
-     <p>Whenever you make a contribution to a repository containing notice of a license, you license your contribution under the same terms, and you agree that you have the right to license your contribution under those terms. If you have a separate agreement to license your contributions under different terms, such as a contributor license agreement, that agreement will supersede.</p>
-
-     <p><i>Isn't this just how it works already? Yep. This is widely accepted as the norm in the open-source community; it's commonly referred to by the shorthand "inbound=outbound". We're just making it explicit.</i></p>
-    </li>
-
-    <li>
-     <p>You retain all moral rights to Your Content that you upload, publish, or submit to any part of the Service, including the rights of integrity and attribution. However, you waive these rights and agree not to assert them against us, to enable us to reasonably exercise the rights granted above, but not otherwise.</p>
-
-     <p>To the extent this agreement is not enforceable by applicable law, you grant Your Gitea Instance the rights we need to use Your Content without attribution and to make reasonable adaptations of Your Content as necessary to render the Website and provide the Service.</p>
-    </li>
-   </ol>
-
-  <h2>Private Repositories</h2>
-
-   <ol>
-    <li>Some Accounts may have private repositories, which allow the User to control access to Content.</li>
-
-    <li>Your Gitea Instance considers the contents of private repositories to be confidential to you. Your Gitea Instance will protect the contents of private repositories from unauthorized use, access, or disclosure in the same manner that we would use to protect our own confidential information of a similar nature and in no event with less than a reasonable degree of care.</li>
-
-    <li>
-     <p>Your Gitea Instance employees may only access the content of your private repositories in the following situations:</p>
-
-     <ul>
-      <li>With your consent and knowledge, for support reasons. If Your Gitea Instance accesses a private repository for support reasons, we will only do so with the owner’s consent and knowledge.</li>
-      <li>When access is required for security reasons, including when access is required to maintain ongoing confidentiality, integrity, availability and resilience of Your Gitea Instance's systems and Service.</li>
-     </ul>
-    </li>
-
-    <li>You may choose to enable additional access to your private repositories. For example: You may enable various Your Gitea Instance services or features that require additional rights to Your Content in private repositories. These rights may vary depending on the service or feature, but Your Gitea Instance will continue to treat your private repository Content as confidential. If those services or features require rights in addition to those we need to provide the Your Gitea Instance Service, we will provide an explanation of those rights.</li>
-   </ol>
-
-  <h2>Copyright Infringement and DMCA Policy</h2>
-
-  <p>If you are copyright owner and believe that content on our website violates your copyright, please contact us at <a href="mailto:copyright@your-gitea-instance">copyright@your-gitea-instance</a>. Please note that before sending a takedown notice, consider legal uses (such as fair use and licensed use); and legal consequences for sending false notices.</p>
-
-  <h2>Intellectual Properties and COPYING</h2>
-
-  <p>Your Gitea Instance and our licensors, vendors, agents, and/or our content providers retain ownership of all intellectual property rights of any kind related to the Website and Service. We reserve all rights that are not expressly granted to you under this Agreement or by law. The look and feel of the Website and Service is copyright © Your Gitea Instance. All rights reserved.</p>
-
-  <p>If you'd like to use our trademarks, you must follow all of our trademark guidelines.</p>
-
-  <p>This Agreement is licensed under <a href="https://creativecommons.org/publicdomain/zero/1.0/legalcode">CCO Public Domain License</a>.</p>
-
-  <h2>API Terms</h2>
-
-  <p>Abuse or excessively frequent requests to Your Gitea Instance via the API may result in the temporary or permanent suspension of your Account's access to the API. Your Gitea Instance, in our sole discretion, will determine abuse or excessive usage of the API. We will make a reasonable attempt to warn you via email prior to suspension.</p>
-
-  <p>You may not share API tokens to exceed Your Gitea Instance's rate limitations.</p>
-
-  <p>You may not use the API to download data or Content from Your Gitea Instance for spamming purposes, including for the purposes of selling Your Gitea Instance users' personal information, such as to recruiters, headhunters, and job boards.</p>
-
-  <p>All use of the Your Gitea Instance API is subject to these Terms of Service and the Your Gitea Instance Privacy Statement.</p>
-
-  <p>However, we may provide subscription-based access to our API for Users who need high-throughput access or reselling our Service.</p>
-
-
-  <h2>Cancellation and Termination</h2>
-
-   <h3>Account Cancellation</h3>
-
-   <p>It is your responsibility to properly cancel your Account with Your Gitea Instance. You can cancel your Account at any time by going into your Settings in the global navigation bar at the top of the screen. The Account screen provides a simple, no questions asked cancellation link. We are not able to cancel Accounts in response to an email or phone request.</p>
-
-   <h3>Upon Cancellation</h3>
-
-   <p>We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements, but barring legal requirements, we will delete your full profile and the Content of your repositories within 90 days of cancellation or termination (though some information may remain in encrypted backups). This information can not be recovered once your Account is cancelled.</p>
-
-   <p>We will not delete Content that you have contributed to other Users' repositories or that other Users have forked.</p>
-
-   <p>Upon request, we will make a reasonable effort to provide an Account owner with a copy of your lawful, non-infringing Account contents after Account cancellation or termination. You must make this request within 90 days of cancellation or termination.</p>
-
-   <h3>We May Terminate</h3>
-
-   <p>Your Gitea Instance has the right to suspend or terminate your access to all or any part of the Website at any time, with or without cause, with or without notice, effective immediately. Your Gitea Instance reserves the right to refuse service to anyone for any reason at any time.</p>
-
-   <h3>Survival</h3>
-
-   <p>All provisions of this Agreement which, by their nature, should survive termination will survive termination — including, without limitation: ownership provisions, warranty disclaimers, indemnity, and limitations of liability.</p>
-
-  <h2>Communications with Us</h2>
-
-   <h3>Electronic Communications Required</h3>
-
-   <p>For contractual purposes, you (1) consent to receive communications from us in an electronic form via the email address you have submitted or via the Service; and (2) agree that all Terms of Service, agreements, notices, disclosures, and other communications that we provide to you electronically satisfy any legal requirement that those communications would satisfy if they were on paper. This section does not affect your non-waivable rights.</p>
-
-   <h3>Legal Notices to Us Must Be in Writing</h3>
-
-   <p>Communications made through email or Your Gitea Instance Support's messaging system will not constitute legal notice to Your Gitea Instance or any of its officers, employees, agents or representatives in any situation where notice to Your Gitea Instance is required by contract or any law or regulation. Legal notice to Your Gitea Instance must be in writing and served on Your Gitea Instance's legal agent.</p>
-
-   <h3>No Phone Support</h3>
-
-   <p>We only offer support via email, in-Service communications, and electronic messages. We do not offer telephone support.</p>
-
-  <h2>Disclaimer of Warranties</h2>
-
-  <p>Your Gitea Instance provides the Website and the Service “as is” and “as available,” without warranty of any kind. Without limiting this, we expressly disclaim all warranties, whether express, implied or statutory, regarding the Website and the Service including without limitation any warranty of merchantability, fitness for a particular purpose, title, security, accuracy and non-infringement.</p>
-
-  <p>Your Gitea Instance does not warrant that the Service will meet your requirements; that the Service will be uninterrupted, timely, secure, or error-free; that the information provided through the Service is accurate, reliable or correct; that any defects or errors will be corrected; that the Service will be available at any particular time or location; or that the Service is free of viruses or other harmful components. You assume full responsibility and risk of loss resulting from your downloading and/or use of files, information, content or other material obtained from the Service.</p>
-
-  <h2>Limitation of Liability</h2>
-
-  <p>You understand and agree that we will not be liable to you or any third party for any loss of profits, use, goodwill, or data, or for any incidental, indirect, special, consequential or exemplary damages, however arising, that result from:</p>
-
-  <ul>
-    <li>the use, disclosure, or display of your User-Generated Content;</li>
-
-    <li>your use or inability to use the Service;</li>
-
-    <li>any modification, price change, suspension or discontinuance of the Service;</li>
-
-    <li>the Service generally or the software or systems that make the Service available;</li>
-
-    <li>unauthorized access to or alterations of your transmissions or data;</li>
-
-    <li>statements or conduct of any third party on the Service;</li>
-
-    <li>any other user interactions that you input or receive through your use of the Service; or
-    any other matter relating to the Service.</li>
-  </ul>
-
-  <p>Our liability is limited whether or not we have been informed of the possibility of such damages, and even if a remedy set forth in this Agreement is found to have failed of its essential purpose. We will have no liability for any failure or delay due to matters beyond our reasonable control.</p>
-
-  <h2>Release and Indemnification</h2>
-
-  <p>If you have a dispute with one or more Users, you agree to release Your Gitea Instance from any and all claims, demands and damages (actual and consequential) of every kind and nature, known and unknown, arising out of or in any way connected with such disputes.</p>
-
-  <p>You agree to indemnify us, defend us, and hold us harmless from and against any and all claims, liabilities, and expenses, including attorneys’ fees, arising out of your use of the Website and the Service, including but not limited to your violation of this Agreement, provided that Your Gitea Instance (1) promptly gives you written notice of the claim, demand, suit or proceeding; (2) gives you sole control of the defense and settlement of the claim, demand, suit or proceeding (provided that you may not settle any claim, demand, suit or proceeding unless the settlement unconditionally releases Your Gitea Instance of all liability); and (3) provides to you all reasonable assistance, at your expense.</p>
-
-  <h2>Changes to These Terms</h2>
-
-  <p>We reserve the right, at our sole discretion, to amend these Terms of Service at any time and will update these Terms of Service in the event of any such amendments. We will notify our Users of material changes to this Agreement, such as price changes, at least 30 days prior to the change taking effect by posting a notice on our Website. For non-material modifications, your continued use of the Website constitutes agreement to our revisions of these Terms of Service.</p>
-
-  <h2>Miscellaneous</h2>
-
-   <h3>Governing Law</h3>
-
-   <p>Except to the extent applicable law provides otherwise, this Agreement between you and us and any access to or use of the Website or the Service are governed by (national laws of country/state where Gitea is deployed) and (regional laws of locality where Gitea is deployed), without regard to conflict of law provisions. You and Your Gitea Instance agree to submit to the exclusive jurisdiction and venue of the courts located in (locality where Gitea is deployed).</p>
-
-   <h3>Non-Assignability</h3>
-
-   <p>Your Gitea Instance may assign or delegate these Terms of Service and/or our Privacy Policy in whole or in part, to any person or entity at any time with or without your consent, including the license granted in <i>User-Generated Content</i>. You may not assign or delegate any rights or obligations under the Terms of Service or Privacy Statement without our prior written consent, and any unauthorized assignment and delegation by you is void.</p>
-
-   <h3>Severablity, No Waiver, and Survival</h3>
-
-   <p>If any part of this Agreement is held invalid or unenforceable, that portion of the Agreement will be construed to reflect the parties’ original intent. The remaining portions will remain in full force and effect. Any failure on the part of Your Gitea Instance to enforce any provision of this Agreement will not be considered a waiver of our right to enforce such provision. Our rights under this Agreement will survive any termination of this Agreement.</p>
-
-   <h3>Amendments and Complete Agreement</h3>
-
-   <p>This Agreement may only be modified by a written amendment signed by an authorized representative of Your Gitea Instance, or by the posting by Your Gitea Instance of a revised version in accordance with <i>Changes to These Terms</i>. These Terms of Service, together with the Your Gitea Instance Privacy Policy, represent the complete and exclusive statement of the agreement between you and us. This Agreement supersedes any proposal or prior agreement oral or written, and any other communications between you and Your Gitea Instance relating to the subject matter of these terms including any confidentiality or nondisclosure agreements.</p>
-
-   <h3>Contact</h3>
-
-   <p>If you have questions about these Terms of Service, you can <a href="mailto:support@your-gitea-instance">contact our support</a>.</p>
- </body>
-</html>
--- a/contrib/options/label/Advanced
+++ b/contrib/options/label/Advanced
@@ -1,26 +0,0 @@
-#424242 Status: Needs feedback ; Feedback is needed
-#fbc02d Status: In progress ; Work is in progress
-#43a047 Status: Completed ; Work is complete
-#00796b Status: Help wanted ; 
-#880e4f Status: Blocked ; 
-#b0bec5 Status: Stale ; 
-
-#d32f2f Kind: Bug ; 
-#607d8b Kind: Question ; 
-#9c27b0 Kind: Security ; 
-#795548 Kind: Testing ; 
-#c62828 Kind: Breaking ; 
-#37474f Kind: Documentation ; 
-#0288d1 Kind: Feature ; 
-#2e7d32 Kind: Enhancement ; 
-#f4511e Kind: Maintenance ; 
-
-#546e7a Reviewed: Invalid ; Something was marked as invalid
-#616161 Reviewed: Duplicate; Something exists already
-#795548 Reviewed: Confirmed ; Something has been confirmed
-#eeeeee Reviewed: Wontfix ; Something won't be fixed
-
-#d32f2f Priority: High ; The priority is high
-#e64a19 Priority: Medium ; The priority is medium
-#4caf50 Priority: Low ; The priority is low
-#b71c1c Priority: Critical ; The priority is critical
--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)`