Changelog for v1.15.7 (#17871 )

* Changelog for v1.15.7 Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Check if column exist before rename if exist, just return with no error (#17870 ) (#17882 )
2025-08-31 23:00:27 +02:00 · 2021-12-02 21:16:33 +01:00 · 2021-12-02 18:12:11 +01:00 · 2021-12-02 19:52:08 +08:00 · 2021-11-28 12:04:44 +01:00 · 2021-11-26 07:06:26 +00:00
9533 changed files with 2727073 additions and 183977 deletions
--- a/.air.conf
+++ b/.air.conf
@@ -0,0 +1,9 @@
+root = "."
+tmp_dir = ".air"
+
+[build]
+cmd = "make backend"
+bin = "gitea"
+include_ext = ["go", "tmpl"]
+exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
--- a/.air.toml
+++ b/.air.toml
@@ -1,10 +0,0 @@
-root = "."
-tmp_dir = ".air"
-
-[build]
-cmd = "make backend"
-bin = "gitea"
-include_ext = ["go", "tmpl"]
-exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
-exclude_regex = ["_test.go$"]
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -1,6 +1,3 @@
-# config for changelog tool
-# source: https://gitea.com/gitea/changelog
-
 # The full repository name
 repo: go-gitea/gitea

@@ -21,10 +18,6 @@ groups:
    name: SECURITY
    labels:
      - kind/security
-  -
-    name: FEDERATION
-    labels:
-      - theme/federation
  -
    name: FEATURES
    labels:
--- a/.drone.yml
+++ b/.drone.yml
--- a/.eslintrc
+++ b/.eslintrc
@@ -3,27 +3,33 @@ reportUnusedDisableDirectives: true

 ignorePatterns:
  - /web_src/js/vendor
+  - /templates/base/head.tmpl
+  - /templates/repo/activity.tmpl
+  - /templates/repo/view_file.tmpl

 parserOptions:
  sourceType: module
-  ecmaVersion: latest
+  ecmaVersion: 2021

 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
  - eslint-plugin-vue
  - eslint-plugin-html
-  - eslint-plugin-jquery

 extends:
  - plugin:vue/recommended

 env:
-  es2022: true
+  es2021: true
  node: true

 globals:
  __webpack_public_path__: true
+  CodeMirror: false
+  Dropzone: false
+  SimpleMDE: false
+  u2fApi: false

 settings:
  html/html-extensions: [".tmpl"]
@@ -32,6 +38,7 @@ overrides:
  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
+      jquery: true
      node: false
  - files: ["templates/**/*.tmpl"]
    rules:
@@ -113,12 +120,11 @@ rules:
  import/no-amd: [0]
  import/no-anonymous-default-export: [0]
  import/no-commonjs: [0]
-  import/no-cycle: [2, {ignoreExternal: true, maxDepth: 1}]
+  import/no-cycle: [2, {ignoreExternal: true}]
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
  import/no-extraneous-dependencies: [2]
-  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
  import/no-mutable-exports: [2]
  import/no-named-as-default-member: [0]
@@ -127,7 +133,6 @@ rules:
  import/no-named-export: [0]
  import/no-namespace: [0]
  import/no-nodejs-modules: [0]
-  import/no-relative-packages: [0]
  import/no-relative-parent-imports: [0]
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
@@ -141,55 +146,6 @@ rules:
  import/unambiguous: [0]
  indent: [2, 2, {SwitchCase: 1}]
  init-declarations: [0]
-  jquery/no-ajax-events: [2]
-  jquery/no-ajax: [0]
-  jquery/no-animate: [2]
-  jquery/no-attr: [0]
-  jquery/no-bind: [2]
-  jquery/no-class: [0]
-  jquery/no-clone: [2]
-  jquery/no-closest: [0]
-  jquery/no-css: [0]
-  jquery/no-data: [0]
-  jquery/no-deferred: [2]
-  jquery/no-delegate: [2]
-  jquery/no-each: [0]
-  jquery/no-extend: [2]
-  jquery/no-fade: [0]
-  jquery/no-filter: [0]
-  jquery/no-find: [0]
-  jquery/no-global-eval: [2]
-  jquery/no-grep: [2]
-  jquery/no-has: [2]
-  jquery/no-hide: [0]
-  jquery/no-html: [0]
-  jquery/no-in-array: [2]
-  jquery/no-is-array: [2]
-  jquery/no-is-function: [2]
-  jquery/no-is: [0]
-  jquery/no-load: [2]
-  jquery/no-map: [0]
-  jquery/no-merge: [2]
-  jquery/no-param: [2]
-  jquery/no-parent: [0]
-  jquery/no-parents: [0]
-  jquery/no-parse-html: [2]
-  jquery/no-prop: [0]
-  jquery/no-proxy: [2]
-  jquery/no-ready: [0]
-  jquery/no-serialize: [2]
-  jquery/no-show: [0]
-  jquery/no-size: [2]
-  jquery/no-sizzle: [0]
-  jquery/no-slide: [0]
-  jquery/no-submit: [0]
-  jquery/no-text: [0]
-  jquery/no-toggle: [0]
-  jquery/no-trigger: [0]
-  jquery/no-trim: [2]
-  jquery/no-val: [0]
-  jquery/no-when: [2]
-  jquery/no-wrap: [2]
  key-spacing: [2]
  keyword-spacing: [2]
  line-comment-position: [0]
@@ -224,7 +180,6 @@ rules:
  no-confusing-arrow: [0]
  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
-  no-constant-binary-expression: [2]
  no-constant-condition: [0]
  no-constructor-return: [2]
  no-continue: [0]
@@ -330,8 +285,7 @@ rules:
  no-unsafe-negation: [2]
  no-unused-expressions: [2]
  no-unused-labels: [2]
-  no-unused-private-class-members: [2]
-  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, ignoreRestSiblings: false}]
  no-use-before-define: [2, nofunc]
  no-useless-backreference: [0]
  no-useless-call: [2]
@@ -363,7 +317,6 @@ rules:
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
-  prefer-object-has-own: [0]
  prefer-object-spread: [0]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
@@ -410,18 +363,14 @@ rules:
  unicorn/import-style: [0]
  unicorn/new-for-builtins: [2]
  unicorn/no-abusive-eslint-disable: [0]
-  unicorn/no-array-for-each: [2]
+  unicorn/no-array-for-each: [0]
  unicorn/no-array-instanceof: [0]
-  unicorn/no-array-method-this-argument: [2]
  unicorn/no-array-push-push: [2]
-  unicorn/no-await-expression-member: [0]
  unicorn/no-console-spaces: [0]
  unicorn/no-document-cookie: [2]
-  unicorn/no-empty-file: [2]
  unicorn/no-fn-reference-in-iterator: [0]
  unicorn/no-for-loop: [0]
  unicorn/no-hex-escape: [0]
-  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
  unicorn/no-nested-ternary: [0]
@@ -432,17 +381,10 @@ rules:
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
-  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
  unicorn/no-unreadable-array-destructuring: [0]
-  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
  unicorn/no-unused-properties: [2]
-  unicorn/no-useless-fallback-in-spread: [2]
-  unicorn/no-useless-length-check: [2]
-  unicorn/no-useless-promise-resolve-reject: [2]
-  unicorn/no-useless-spread: [2]
-  unicorn/no-useless-switch-case: [2]
  unicorn/no-useless-undefined: [0]
  unicorn/no-zero-fractions: [2]
  unicorn/number-literal-case: [0]
@@ -453,29 +395,20 @@ rules:
  unicorn/prefer-array-flat: [2]
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
-  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [2]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
-  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
-  unicorn/prefer-json-parse-buffer: [0]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
-  unicorn/prefer-modern-math-apis: [2]
  unicorn/prefer-module: [2]
-  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
  unicorn/prefer-node-protocol: [0]
  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
-  unicorn/prefer-object-from-entries: [2]
-  unicorn/prefer-object-has-own: [0]
  unicorn/prefer-optional-catch-binding: [2]
-  unicorn/prefer-prototype-methods: [0]
  unicorn/prefer-query-selector: [0]
  unicorn/prefer-reflect-apply: [0]
  unicorn/prefer-regexp-test: [2]
@@ -487,17 +420,10 @@ rules:
  unicorn/prefer-switch: [0]
  unicorn/prefer-ternary: [0]
  unicorn/prefer-text-content: [2]
-  unicorn/prefer-top-level-await: [0]
  unicorn/prefer-trim-start-end: [2]
  unicorn/prefer-type-error: [0]
  unicorn/prevent-abbreviations: [0]
-  unicorn/relative-url-style: [2]
-  unicorn/require-array-join-separator: [2]
-  unicorn/require-number-to-fixed-digits-argument: [2]
-  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
-  unicorn/template-indent: [2]
-  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,9 +1,6 @@
 * text=auto eol=lf
-*.tmpl linguist-language=Handlebars
+/vendor/** -text -eol linguist-vendored
+/public/vendor/** -text -eol linguist-vendored
+/templates/**/*.tmpl linguist-language=Handlebars
 /.eslintrc linguist-language=YAML
 /.stylelintrc linguist-language=YAML
-/public/vendor/** -text -eol linguist-vendored
-/vendor/** -text -eol linguist-vendored
-/web_src/fomantic/build/** linguist-generated
-/web_src/js/vendor/** -text -eol linguist-vendored
-Dockerfile.* linguist-language=Dockerfile
--- a/.github/ISSUE_TEMPLATE/bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/bug-report.yaml
@@ -1,94 +0,0 @@
-name: Bug Report
-description: Found something you weren't expecting? Report it here!
-labels: kind/bug
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Make sure you are using the latest release and
-         take a moment to check that your issue hasn't been reported before.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. You must give us DEBUG level logs.
-         Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-         In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If you are using a proxy or a CDN (e.g. Cloudflare) in front of Gitea, please disable the proxy/CDN fully and access Gitea directly to confirm the issue still persists without those services.
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) of your instance
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: markdown
-  attributes:
-    value: |
-      It's really important to provide pertinent logs
-      Please read https://docs.gitea.io/en-us/logging-configuration/#debugging-problems
-      In addition, if your problem relates to git commands set `RUN_MODE=dev` at the top of app.ini
- type: input
-  id: logs
-  attributes:
-    label: Log Gist
-    description: Please provide a gist URL of your logs, with any sensitive information (e.g. API keys) removed/hidden
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If this issue involves the Web Interface, please provide one or more screenshots
- type: input
-  id: git-ver
-  attributes:
-    label: Git Version
-    description: The version of git running on the server
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to run Gitea
- type: textarea
-  id: run-info
-  attributes:
-    label: How are you running Gitea?
-    description: |
-      Please include information on whether you built Gitea yourself, used one of our downloads, are using https://try.gitea.io or are using some other package
-      Please also tell us how you are running Gitea, e.g. if it is being run from docker, a command-line, systemd etc.
-      If you are using a package or systemd tell us what distribution you are using
-  validations:
-    required: true
- type: dropdown
-  id: database
-  attributes:
-    label: Database
-    description: What database system are you running?
-    options:
-    - PostgreSQL
-    - MySQL
-    - MSSQL
-    - SQLite
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,17 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Security Concern
-    url: https://tinyurl.com/security-gitea
-    about: For security concerns, please send a mail to security@gitea.io instead of opening a public issue.
-  - name: Discord Server
-    url: https://discord.gg/Gitea
-    about: Please ask questions and discuss configuration or deployment problems here.
-  - name: Discourse Forum
-    url: https://discourse.gitea.io
-    about: Questions and configuration or deployment problems can also be discussed on our forum.    
-  - name: Frequently Asked Questions
-    url: https://docs.gitea.io/en-us/faq
-    about: Please check if your question isn't mentioned here.
-  - name: Crowdin Translations
-    url: https://crowdin.com/project/gitea
-    about: Translations are managed here.
--- a/.github/ISSUE_TEMPLATE/feature-request.yaml
+++ b/.github/ISSUE_TEMPLATE/feature-request.yaml
@@ -1,24 +0,0 @@
-name: Feature Request
-description: Got an idea for a feature that Gitea doesn't have currently?  Submit your idea here!
-labels: ["kind/feature", "kind/proposal"]
-body:
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your feature hasn't already been suggested.
- type: textarea
-  id: description
-  attributes:
-    label: Feature Description
-    placeholder: |
-      I think it would be great if Gitea had...
-  validations:
-    required: true
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: If you can, provide screenshots of an implementation on another site e.g. GitHub
--- a/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
+++ b/.github/ISSUE_TEMPLATE/ui.bug-report.yaml
@@ -1,66 +0,0 @@
-name: Web Interface Bug Report
-description: Something doesn't look quite as it should?  Report it here!
-labels: ["kind/bug", "kind/ui"]
-body:
- type: markdown
-  attributes:
-    value: |
-      NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue.
- type: markdown
-  attributes:
-    value: |
-      1. Please speak English, this is the language all maintainers can speak and write.
-      2. Please ask questions or configuration/deploy problems on our Discord
-         server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
-      3. Please take a moment to check that your issue doesn't already exist.
-      4. Make sure it's not mentioned in the FAQ (https://docs.gitea.io/en-us/faq)
-      5. Please give all relevant information below for bug reports, because
-         incomplete details will be handled as an invalid report.
-      6. In particular it's really important to provide pertinent logs. If you are certain that this is a javascript
-         error, show us the javascript console. If the error appears to relate to Gitea the server you must also give us
-         DEBUG level logs. (See https://docs.gitea.io/en-us/logging-configuration/#debugging-problems)
- type: textarea
-  id: description
-  attributes:
-    label: Description
-    description: |
-      Please provide a description of your issue here, with a URL if you were able to reproduce the issue (see below)
-      If using a proxy or a CDN (e.g. CloudFlare) in front of gitea, please disable the proxy/CDN fully and connect to gitea directly to confirm the issue still persists without those services.
- type: textarea
-  id: screenshots
-  attributes:
-    label: Screenshots
-    description: Please provide at least 1 screenshot showing the issue.
-  validations:
-    required: true
- type: input
-  id: gitea-ver
-  attributes:
-    label: Gitea Version
-    description: Gitea version (or commit reference) your instance is running
-  validations:
-    required: true
- type: dropdown
-  id: can-reproduce
-  attributes:
-    label: Can you reproduce the bug on the Gitea demo site?
-    description: |
-      If so, please provide a URL in the Description field
-      URL of Gitea demo: https://try.gitea.io
-    options:
-    - "Yes"
-    - "No"
-  validations:
-    required: true
- type: input
-  id: os-ver
-  attributes:
-    label: Operating System
-    description: The operating system you are using to access Gitea
- type: input
-  id: browser-ver
-  attributes:
-    label: Browser Version
-    description: The browser and version that you are using to access Gitea
-  validations:
-    required: true
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,7 @@
-<!--
-
 Please check the following:

 1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
-2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md
 3. Describe what your pull request does and which issue you're targeting (if any)

-->  
+**You MUST delete the content above including this line before posting, otherwise your pull request will be invalid.**
--- a/.gitignore
+++ b/.gitignore
@@ -9,8 +9,6 @@ _test

 # IntelliJ
 .idea
-# Goland's output filename can not be set manually
-/go_build_*

 # MS VSCode
 .vscode
@@ -36,8 +34,6 @@ _testmain.go
 coverage.all
 cpu.out

-/modules/migration/bindata.go
-/modules/migration/bindata.go.hash
 /modules/options/bindata.go
 /modules/options/bindata.go.hash
 /modules/public/bindata.go
@@ -87,7 +83,6 @@ cpu.out
 /public/css
 /public/fonts
 /public/img/webpack
-/vendor
 /web_src/fomantic/node_modules
 /web_src/fomantic/build/*
 !/web_src/fomantic/build/semantic.js
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -14,67 +14,18 @@ linters:
    - gofmt
    - misspell
    - gocritic
-    - bidichk
-    - ineffassign
-    - revive
-    - gofumpt
-    - depguard
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: 1.18
-  timeout: 10m
-  skip-dirs:
-    - node_modules
-    - public
-    - web_src
+  timeout: 3m

 linters-settings:
  gocritic:
    disabled-checks:
      - ifElseChain
      - singleCaseSwitch # Every time this occurred in the code, there  was no other way.
-  revive:
-    ignore-generated-header: false
-    severity: warning
-    confidence: 0.8
-    errorCode: 1
-    warningCode: 1
-    rules:
-      - name: blank-imports
-      - name: context-as-argument
-      - name: context-keys-type
-      - name: dot-imports
-      - name: error-return
-      - name: error-strings
-      - name: error-naming
-      - name: exported
-      - name: if-return
-      - name: increment-decrement
-      - name: var-naming
-      - name: var-declaration
-      - name: package-comments
-      - name: range
-      - name: receiver-naming
-      - name: time-naming
-      - name: unexported-return
-      - name: indent-error-flow
-      - name: errorf
-      - name: duplicated-imports
-      - name: modifies-value-receiver
-  gofumpt:
-    extra-rules: true
-    lang-version: "1.18"
-  depguard:
-    # TODO: use depguard to replace import checks in gitea-vet
-    list-type: denylist
-    # Check the list against standard lib.
-    include-go-root: true
-    packages-with-error-message:
-      - encoding/json: "use gitea's modules/json instead of encoding/json"
-      - github.com/unknwon/com: "use gitea's util and replacements"

 issues:
  exclude-rules:
@@ -159,6 +110,4 @@ issues:
      linters:
        - staticcheck
      text: "svc.IsAnInteractiveSession is deprecated: Use IsWindowsService instead."
-    - path: models/user/openid.go
-      linters:
-        - golint
+
--- a/.ignore
+++ b/.ignore
@@ -1,8 +1,5 @@
-*.min.css
-*.min.js
+/vendor
+/public/vendor/plugins
 /modules/options/bindata.go
 /modules/public/bindata.go
 /modules/templates/bindata.go
-/public/vendor/plugins
-/vendor
-node_modules
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,25 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 1
+warningCode = 1
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+[rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.package-comments]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -1,32 +1,15 @@
 extends: stylelint-config-standard

-overrides:
-  - files: ["**/*.less"]
-    customSyntax: postcss-less
-
 rules:
-  alpha-value-notation: null
  at-rule-empty-line-before: null
  block-closing-brace-empty-line-before: null
-  color-function-notation: null
  color-hex-length: null
  comment-empty-line-before: null
-  declaration-block-no-redundant-longhand-properties: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
-  function-no-unknown: null
-  hue-degree-notation: null
  indentation: 2
-  max-line-length: null
  no-descending-specificity: null
-  no-invalid-position-at-import-rule: null
  number-leading-zero: never
-  number-max-precision: null
-  property-no-vendor-prefix: null
  rule-empty-line-before: null
-  selector-class-pattern: null
-  selector-id-pattern: null
  selector-pseudo-element-colon-notation: double
  shorthand-property-no-redundant-values: true
-  string-quotes: null
-  value-no-vendor-prefix: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,921 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.17.0-rc2](https://github.com/go-gitea/gitea/releases/tag/v1.17.0-rc2) - 2022-07-13
-
-* SECURITY
-  * Use git.HOME_PATH for Git HOME directory (#20114) (#20293)
-  * Add write check for creating Commit Statuses (#20332) (#20333)
-* ENHANCEMENTS
-  * Make notification bell more prominent on mobile (#20108, #20236, #20251) (#20269)
-  * Adjust max-widths for the repository file table (#20243) (#20247)
-  * Display full name (#20171) (#20246)
-* BUGFIXES
-  * Allow RSA 2047 bit keys (#20272) (#20396)
-  * Add missing return for when topic isn't found (#20351) (#20395)
-  * Fix commit status icon when in subdirectory (#20285) (#20385)
-  * Initialize cron last (#20373) (#20384)
-  * Set target on create release with existing tag (#20381) (#20382)
-  * Update xorm.io/xorm to fix a interpreting db column sizes issue on 32bit systems (#20371) (#20372)
-  * Make sure `repo_dir` is an empty directory or doesn't exist before 'dump-repo' (#20205) (#20370)
-  * Prevent context deadline error propagation in GetCommitsInfo (#20346) (#20361)
-  * Correctly handle draft releases without a tag (#20314) (#20335)
-  * Prevent "empty" scrollbars on Firefox (#20294) (#20308)
-  * Refactor SSH init code, fix directory creation for TrustedUserCAKeys file (#20299) (#20306)
-  * Bump goldmark to v1.4.13 (#20300) (#20301)
-  * Do not create empty ".ssh" directory when loading config (#20289) (#20298)
-  * Fix NPE when using non-numeric (#20277) (#20278)
-  * Store read access in access for team repositories (#20275) (#20276)
-  * EscapeFilter the group dn membership (#20200) (#20254)
-  * Only show Followers that current user can access (#20220) (#20252)
-  * Update Bluemonday to v1.0.19 (#20199) (#20209)
-  * Refix indices on actions table (#20158) (#20198)
-  * Check if project has the same repository id with issue when assign project to issue (#20133) (#20188)
-  * Fix remove file on initial comment (#20127) (#20128)
-  * Catch the error before the response is processed by goth (#20000) (#20102)
-  * Dashboard feed respect setting.UI.FeedPagingNum again (#20094) (#20099)
-  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
-  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
-  * Return 404 when tag is broken (#20017) (#20024)
-
-## [1.17.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.17.0-rc1) - 2022-06-18
-
-* BREAKING
-  * Require go1.18 for Gitea 1.17 (#19918)
-  * Make AppDataPath absolute against the AppWorkPath if it is not (#19815)
-  * Nuke the incorrect permission report on /api/v1/notifications (#19761)
-  * Refactor git module, make Gitea use internal git config (#19732)
-  * Remove `RequireHighlightJS` field, update plantuml example. (#19615)
-  * Increase minimal required git version to 2.0 (#19577)
-  * Add a directory prefix `gitea-src-VERSION` to release-tar-file (#19396)
-  * Use "main" as default branch name (#19354)
-  * Make cron task no notice on success (#19221)
-  * Add pam account authorization check (#19040)
-  * Show messages for users if the ROOT_URL is wrong, show JavaScript errors (#18971)
-  * Refactor mirror code & fix StartToMirror (#18904)
-  * Remove deprecated SSH ciphers from default (#18697)
-  * Add the possibility to allow the user to have a favicon which differs from the main logo (#18542)
-  * Update reserved usernames list (#18438)
-  * Support custom ACME provider (#18340)
-  * Change initial TrustModel to committer (#18335)
-  * Update HTTP status codes (#18063)
-  * Upgrade Alpine from 3.13 to 3.15 (#18050)
-  * Restrict email address validation (#17688) 
-  * Refactor Router Logger (#17308)
-* SECURITY
-  * Remove deprecated SSH ciphers from default (#18697)
-* FEDERATION
-  * Return statistic information for nodeinfo (#19561)
-  * Add Webfinger endpoint (#19462)
-  * Store the foreign ID of issues during migration (#18446)
-* FEATURES
-  * Automatically render wiki TOC (#19873)
-  * Adding button to link accounts from user settings (#19792)
-  * Allow set default merge style while creating repo (#19751)
-  * Auto merge pull requests when all checks succeeded (#9307 & #19648)
-  * Improve reviewing PR UX (#19612)
-  * Add support for rendering console output with colors (#19497)
-  * Add Helm Chart registry (#19406)
-  * Add Goroutine stack inspector to admin/monitor (#19207)
-  * RSS/Atom support for Orgs & Repos (#17714 & #19055)
-  * Add button for issue deletion (#19032)
-  * Allow to mark files in a PR as viewed (#19007)
-  * Add Index to comment for migrations and mirroring (#18806)
-  * Add health check endpoint (#18465)
-  * Add packagist webhook (#18224)
-  * Add "Allow edits from maintainer" feature (#18002)
-  * Add apply-patch, basic revert and cherry-pick functionality (#17902)
-  * Add Package Registry (#16510)
-  * Add LDAP group sync to Teams (#16299)
-  * Pause queues (#15928)
-  * Added auto-save whitespace behavior if it changed manually (#15566)
-  * Find files in repo (#15028)
-  * Provide configuration to allow camo-media proxying (#12802)
-* API
-  * Add endpoint to serve blob or LFS file content (#19689)
-  * Add endpoint to check if team has repo access (#19540)
-  * More commit info (#19252)
-  * Allow to create file on empty repo (#19224)
-  * Allow removing issues (#18879)
-  * Add endpoint to query collaborators permission for a repository (#18761)
-  * Return primary language and repository language stats API URL (#18396)
-  * Implement http signatures support for the API (#17565)
-* ENHANCEMENTS
-  * Add dbconsistency checks for Stopwatches (#20010)
-  * Add fetch.writeCommitGraph to gitconfig (#20006)
-  * Add fgprof pprof profiler (#20005)
-  * Move agit dependency (#19998)
-  * Empty log queue on flush and close (#19994)
-  * Remove tab/TabName usage where it's not needed (#19973)
-  * Improve file header on mobile (#19945)
-  * Move issues related files into models/issues (#19931)
-  * Add breaking email restrictions checker in doctor (#19903)
-  * Improve UX on modal for deleting an access token (#19894)
-  * Add alt text to logo (#19892)
-  * Move some code into models/git (#19879)
-  * Remove customized (unmaintained) dropdown, improve aria a11y for dropdown (#19861)
-  * Make user profile image show full image on mobile (#19840)
-  * Replace blue button and label classes with primary (#19763)
-  * Remove fomantic progress module (#19760)
-  * Allows repo search to match against "owner/repo" pattern strings (#19754)
-  * Move org functions (#19753)
-  * Move almost all functions' parameter db.Engine to context.Context (#19748)
-  * Show source/target branches on PR's list (#19747)
-  * Use http.StatusTemporaryRedirect(307) when serve avatar directly (#19739)
-  * Add doctor orphan check for orphaned pull requests without an existing base repo  (#19731)
-  * Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
-  * Update go-chi/cache to utilize Ping() (#19719)
-  * Improve commit list/view on mobile (#19712)
-  * Move some repository related code into sub package (#19711)
-  * Use a better OlderThan for DeleteInactiveUsers (#19693)
-  * Introduce eslint-plugin-jquery (#19690)
-  * Tidy up `<head>` template (#19678)
-  * Calculate filename hash only once (#19654)
-  * Simplify `IsVendor` (#19626)
-  * Add "Reference" section to Issue view sidebar (#19609)
-  * Only set CanColorStdout / CanColorStderr to true if the stdout/stderr is a terminal (#19581)
-  * Use for a repo action one database transaction (#19576)
-  * Simplify loops to copy (#19569)
-  * Added X-Mailer header to outgoing emails (#19562)
-  * use middleware to open gitRepo (#19559)
-  * Mute link in diff header (#19556)
-  * Improve UI on mobile (#19546)
-  * Fix Pull Request comment filename word breaks (#19535)
-  * Permalink files In PR diff (#19534)
-  * PullService lock via pullID (#19520)
-  * Make repository file list useable on mobile (#19515)
-  * more context for models  (#19511)
-  * Allow package dump skipping (#19506)
-  * Refactor readme file renderer (#19502)
-  * By default force vertical tabs on mobile (#19486)
-  * Github style following followers (#19482)
-  * Improve action table indices (#19472)
-  * Use horizontal tabs for repo header on mobile (#19468)
-  * pass gitRepo down since its used for main repo and wiki (#19461)
-  * Admin should not delete himself (#19423)
-  * Use queue instead of memory queue in webhook send service (#19390)
-  * Simplify the code to get issue count (#19380)
-  * Add commit status popup to issuelist (#19375)
-  * Add RSS Feed buttons to Repo, User and Org pages (#19370)
-  * Add logic to switch between source/rendered on Markdown (#19356)
-  * Move some helper files out of models (#19355)
-  * Move access and repo permission to models/perm/access (#19350)
-  * Disallow selecting the text of buttons (#19330)
-  * Allow custom redirect for landing page (#19324)
-  * Repository level enable package or disable (#19323)
-  * Remove dependent on session auth for api/v1 routers (#19321)
-  * Never use /api/v1 from Gitea UI Pages (#19318)
-  * Remove legacy unmaintained packages, refactor to support change default locale (#19308)
-  * Move milestone to models/issues/ (#19278)
-  * Configure OpenSSH log level via Environment in Docker (#19274)
-  * Move reaction to models/issues/ (#19264)
-  * Make git.OpenRepository accept Context (#19260)
-  * Move some issue methods as functions (#19255)
-  * Show last cron messages on monitor page (#19223)
-  * New cron task: delete old system notices (#19219)
-  * Add Redis Sentinel Authentication Support (#19213)
-  * Add auto logging of goroutine pid label (#19212)
-  * Set OpenGraph title to DisplayName in profile pages  (#19206)
-  * Add pprof labels in processes and for lifecycles (#19202)
-  * Let web and API routes have different auth methods group (#19168)
-  * Move init repository related functions to modules (#19159)
-  * Feeds: render markdown to html (#19058)
-  * Allow users to self-request a PR review (#19030)
-  * Allow render HTML with css/js external links (#19017)
-  * Fix script compatiable with OpenWrt (#19000)
-  * Support ignore all santize for external renderer (#18984)
-  * Add note to GPG key response if user has no keys (#18961)
-  * Improve Stopwatch behavior (#18930)
-  * Improve mirror iterator (#18928)
-  * Uncapitalize errors (#18915)
-  * Prevent Stats Indexer reporting error if repo dir missing (#18870)
-  * Refactor SecToTime() function (#18863)
-  * Replace deprecated String.prototype.substr() with String.prototype.slice() (#18796)
-  * Move deletebeans into models/db (#18781)
-  * Fix display time of milestones (#18753)
-  * Add config option to disable "Update branch by rebase" (#18745)
-  * Display template path of current page in dev mode (#18717)
-  * Add number in queue status to monitor page (#18712)
-  * Change git.cmd to RunWithContext (#18693)
-  * Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
-  * Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552)
-  * Move organization related structs into sub package (#18518)
-  * Warn at startup if the provided `SCRIPT_TYPE` is not on the PATH (#18467)
-  * Use `CryptoRandomBytes` instead of `CryptoRandomString` (#18439)
-  * Use explicit jQuery import, remove unused eslint globals (#18435)
-  * Allow to filter repositories by language in explore, user and organization repositories lists (#18430)
-  * Use base32 for 2FA scratch token (#18384)
-  * Unexport var git.GlobalCommandArgs (#18376)
-  * Don't underline commit status icon on hover (#18372)
-  * Always use git command but not os.Command (#18363)
-  * Switch to non-deprecation setting (#18358)
-  * Set the LastModified header for raw files (#18356)
-  * Refactor jwt.StandardClaims to RegisteredClaims (#18344)
-  * Enable deprecation error for v1.17.0 (#18341)
-  * Refactor httplib (#18338)
-  * Limit max-height of CodeMirror editors for issue comment and wiki (#18271)
-  * Validate migration files (#18203)
-  * Format with gofumpt (#18184)
-  * Allow custom default merge message with .gitea/default_merge_message/<merge_style>_TEMPLATE.md (#18177)
-  * Prettify number of issues (#17760)
-  * Add a "admin user generate-access-token" subcommand (#17722)
-  * Move project files into models/project sub package (#17704)
-  * Custom regexp external issues (#17624)
-  * Add smtp password to install page (#17564)
-  * Add config options to hide issue events (#17414)
-  * Prevent double click new issue/pull/comment button (#16157)
-  * Show issue assignee on project board (#15232)
-* BUGFIXES
-  * Alter hook_task TEXT fields to LONGTEXT (#20038) (#20041)
-  * Respond with a 401 on git push when password isn't changed yet (#20026) (#20027)
-  * Return 404 when tag is broken (#20017) (#20024)
-  * Write Commit-Graphs in RepositoryDumper (#20004)
-  * Use DisplayName() instead of FullName in Oauth Provider (#19991)
-  * Don't buffer doctor logger (#19982)
-  * Always try to fetch repo for mirrors (#19975)
-  * Uppercase first languages letters (#19965)
-  * Fix cli command restore-repo: "units" should be parsed as StringSlice (#19953)
-  * Ensure minimum mirror interval is reported on settings page (#19895)
-  * Exclude Archived repos from Dashboard Milestones (#19882)
-  * gitconfig: set safe.directory = * (#19870)
-  * Prevent NPE on update mirror settings (#19864)
-  * Only return valid stopwatches to the EventSource (#19863)
-  * Prevent NPE whilst migrating if there is a team request review (#19855)
-  * Fix inconsistency in doctor output (#19836)
-  * Fix release tag for webhook (#19830)
-  * Add title attribute to dependencies in sidebar (#19807)
-  * Estimate Action Count in Statistics (#19775)
-  * Do not update user stars numbers unless fix is specified (#19750)
-  * Improved ref comment link when origin is body/title (#19741)
-  * Fix nodeinfo caching and prevent NPE if cache non-existent (#19721)
-  * Fix duplicate entry error when add team member (#19702)
-  * Fix sending empty notifications (#19589)
-  * Update image URL for Discord webhook (#19536)
-  * Don't let repo clone URL overflow (#19517)
-  * Allow commit status popup on /pulls page (#19507)
-  * Fix two UI bugs: JS error in imagediff.js, 500 error in diff/compare.tmpl (#19494)
-  * Fix logging of Transfer API (#19456)
-  * Fix panic in teams API when requesting members (#19360)
-  * Refactor CSRF protection modules, make sure CSRF tokens can be up-to-date. (#19337)
-  * An attempt to sync a non-mirror repo must give 400 (Bad Request) (#19300)
-  * Move checks for pulls before merge into own function (#19271)
-  * Fix `contrib/upgrade.sh` (#19222)
-  * Set the default branch for repositories generated from templates (#19136)
-  * Fix EasyMDE error when input Enter (#19004)
-  * Don't clean up hardcoded `tmp` (#18983)
-  * Delete related notifications on issue deletion too (#18953)
-  * Fix trace log to show value instead of pointers (#18926)
-  * Fix behavior or checkbox submission. (#18851)
-  * Add `ContextUser` (#18798)
-  * Fix some mirror bugs (#18649)
-  * Quote MAKE to prevent path expansion with space error (#18622)
-  * Preserve users if restoring a repository on the same Gitea instance (#18604)
-  * Fix non-ASCII search on database  (#18437)
-  * Automatically pause queue if index service is unavailable (#15066)
-* TESTING
-  * Allow postgres integration tests to run over unix pipe (#19875)
-  * Prevent intermittent NPE in queue tests (#19301)
-  * Add test for importing pull requests in gitea uploader for migrations (#18752)
-  * Remove redundant comparison in repo dump/restore (#18660)
-  * More repo dump/restore tests, including pull requests  (#18621)
-  * Add test coverage for original author conversion during migrations (#18506)
-* TRANSLATION
-  * Update issue_no_dependencies description (#19112)
-  * Refactor webhooks i18n (#18380)
-* BUILD
-  * Use alpine 3.16 (#19797)
-  * Require node 14.0 (#19451)
-* DOCS
-  * Update documents (git/fomantic/db, etc) (#19868)
-  * Update the ROOT documentation and error messages (#19832)
-  * Update document to use FHS `/usr/local/bin/gitea` instead of `/app/...` for Docker (#19794)
-  * Update documentation to disable duration settings with -1 instead of 0 (#19647)
-  * Add warning to set SENDMAIL_ARGS to --  (#19102)
-  * Update nginx reverse proxy docs (#18922)
-  * Add example to render html files (#18736)
-  * Make SSH passtrough documentation better (#18687)
-  * Changelog 1.16.0 & 1.15.11 (#18468 & #18455)  (#18470)
-  * Update the SSH passthrough documentation (#18366)
-  * Add `contrib/upgrade.sh` (#18286)
-* MISC
-  * Fix aria for logo (#19955)
-  * In code search, get code unit accessible repos in one (main) query (#19764)
-  * Enable packages by default again (#19746)
-  * Add tooltip to pending PR comments (#19662)
-  * Improve sync performance for pull-mirrors (#19125)
-  * Improve dashboard's repo list performance (#18963)
-  * Avoid database lookups for `DescriptionHTML` (#18924)
-  * Remove CodeMirror dependencies (#18911)
-  * Disable unnecessary mirroring elements (#18527)
-  * Disable unnecessary OpenID/OAuth2 elements (#18491)
-  * Disable unnecessary GitHooks elements (#18485)
-  * Change some logging levels (#18421)
-  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385)
-  * Use correct translation key for errors (#18342)
-
-## [1.16.8](https://github.com/go-gitea/gitea/releases/tag/v1.16.8) - 2022-05-16
-
-* ENHANCEMENTS
-  * Add doctor check/fix for bogus action rows (#19656) (#19669)
-  * Make .cs highlighting legible on dark themes. (#19604) (#19605)
-* BUGFIXES
-  * Fix oauth setting list bug (#19681)
-  * Delete user related oauth stuff on user deletion too (#19677) (#19680)
-  * Fix new release from tags list UI (#19670) (#19673)
-  * Prevent NPE when checking repo units if the user is nil (#19625) (#19630)
-  * GetFeeds must always discard actions with dangling repo_id (#19598) (#19629)
-  * Call MultipartForm.RemoveAll when request finishes (#19606) (#19607)
-  * Avoid MoreThanOne error when creating a branch whose name conflicts with other ref names (#19557) (#19591)
-  * Fix sending empty notifications (#19589) (#19590)
-  * Ignore DNS error when doing migration allow/block check (#19566) (#19567)
-  * Fix issue overview for teams (#19652) (#19653)
-
-## [1.16.7](https://github.com/go-gitea/gitea/releases/tag/v1.16.7) - 2022-05-02
-
-* SECURITY
-  * Escape git fetch remote (#19487) (#19490)
-* BUGFIXES
-  * Don't overwrite err with nil (#19572) (#19574)
-  * On Migrations, only write commit-graph if wiki clone was successful (#19563) (#19568)
-  * Respect DefaultUserIsRestricted system default when creating new user (#19310) (#19560)
-  * Don't error when branch's commit doesn't exist (#19547) (#19548)
-  * Support `hostname:port` to pass host matcher's check (#19543) (#19544)
-  * Prevent intermittent race in attribute reader close (#19537) (#19539)
-  * Fix 64-bit atomic operations on 32-bit machines (#19531) (#19532)
-  * Prevent dangling archiver goroutine (#19516) (#19526)
-  * Fix migrate release from github (#19510) (#19523)
-  * When view _Siderbar or _Footer, just display once (#19501) (#19522)
-  * Fix blame page select range error and some typos (#19503)
-  * Fix name of doctor fix "authorized-keys" in hints (#19464) (#19484)
-  * User specific repoID or xorm builder conditions for issue search (#19475) (#19476)
-  * Prevent dangling cat-file calls (goroutine alternative) (#19454) (#19466)
-  * RepoAssignment ensure to close before overwrite (#19449) (#19460)
-  * Set correct PR status on 3way on conflict checking (#19457) (#19458)
-  * Mark TemplateLoading error as "UnprocessableEntity" (#19445) (#19446)
-
-## [1.16.6](https://github.com/go-gitea/gitea/releases/tag/v1.16.6) - 2022-04-20
-
-* ENHANCEMENTS
-  * Only request write when necessary (#18657) (#19422)
-  * Disable service worker by default (#18914) (#19342)
-* BUGFIXES
-  * When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
-  * Fix DELETE request for non-existent public key (#19443) (#19444)
-  * Don't panic on ErrEmailInvalid (#19441) (#19442)
-  * Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)
-  * Warn on SSH connection for incorrect configuration (#19317) (#19437)
-  * Search Issues via API, dont show 500 if filter result in empty list (#19244) (#19436)
-  * When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)
-  * Fix nil error when some pages are rendered outside request context (#19427) (#19428)
-  * Fix double blob-hunk on diff page (#19404) (#19405)
-  * Don't allow merging PR's which are being conflict checked (#19357) (#19358)
-  * Fix middleware function's placements (#19377) (#19378)
-  * Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
-  * Restore user autoregistration with email addresses (#19261) (#19312)
-  * Move checks for pulls before merge into own function (#19271) (#19277)
-  * Granular webhook events in editHook (#19251) (#19257)
-  * Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)
-  * Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)
-  * Touch mirrors on even on fail to update (#19217) (#19233)
-  * Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
-  * Fix clone url JS error for the empty repo page (#19209)
-  * Bump goldmark to v1.4.11 (#19201) (#19203)
-* TESTING
-  * Prevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)
-* BUILD
-  * Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)
-* MISC
-  * Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)
-  * Check go and nodejs version by go.mod and package.json (#19197) (#19254)
-
-## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/v1.16.5) - 2022-03-23
-
-* BREAKING
-  * Bump to build with go1.18 (#19120 et al) (#19127)
-* SECURITY
-  * Prevent redirect to Host (2) (#19175) (#19186)
-  * Try to prevent autolinking of displaynames by email readers (#19169) (#19183)
-  * Clean paths when looking in Storage (#19124) (#19179)
-  * Do not send notification emails to inactive users (#19131) (#19139)
-  * Do not send activation email if manual confirm is set (#19119) (#19122)
-* ENHANCEMENTS
-  * Use the new/choose link for New Issue on project page (#19172) (#19176)
-* BUGFIXES
-  * Fix showing issues in your repositories (#18916) (#19191)
-  * Fix compare link in active feeds for new branch (#19149) (#19185)
-  * Redirect .wiki/* ui link to /wiki (#18831) (#19184)
-  * Ensure deploy keys with write access can push (#19010) (#19182)
-  * Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)
-  * Cleanup protected branches when deleting users & teams (#19158) (#19174)
-  * Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)
-  * Fix NPE /repos/issues/search when not signed in (#19154) (#19155)
-  * Use custom favicon when viewing static files if it exists (#19130) (#19152)
-  * Fix the editor height in review box (#19003) (#19147)
-  * Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
-  * Fix wrong scopes caused by empty scope input (#19029) (#19145)
-  * Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
-  * Handle email address not exist (#19089) (#19121)
-* MISC
-  * Update json-iterator to allow compilation with go1.18 (#18644) (#19100)
-  * Update golang.org/x/crypto (#19097) (#19098)
-
-## [1.16.4](https://github.com/go-gitea/gitea/releases/tag/v1.16.4) - 2022-03-14
-
-* SECURITY
-  * Restrict email address validation (#17688) (#19085)
-  * Fix lfs bug (#19072) (#19080)
-* ENHANCEMENTS
-  * Improve SyncMirrors logging (#19045) (#19050)
-* BUGFIXES
-  * Refactor mirror code & fix `StartToMirror` (#18904) (#19075)
-  * Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
-  * Prevent 500 when there is an error during new auth source post (#19041) (#19059)
-  * If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)
-  * Fix flag validation (#19046) (#19051)
-  * Add pam account authorization check (#19040) (#19047)
-  * Ignore missing comment for user notifications (#18954) (#19043)
-  * Set `rel="nofollow noindex"` on new issue links (#19023) (#19042)
-  * Upgrading binding package (#19034) (#19035)
-  * Don't show context cancelled errors in attribute reader (#19006) (#19027)
-  * Fix update hint bug (#18996) (#19002)
-* MISC
-  *  Fix potential assignee query for repo (#18994) (#18999)
-
-## [1.16.3](https://github.com/go-gitea/gitea/releases/tag/v1.16.3) - 2022-03-02
-
-* SECURITY
- * Git backend ignore replace objects (#18979) (#18980) 
-* ENHANCEMENTS
-  * Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
-* BUGFIXES
-  * Set max text height to prevent overflow (#18862) (#18977)
-  * Fix newAttachmentPaths deletion for DeleteRepository() (#18973) (#18974)
-  * Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964)
-  * Send 404 on `/{org}.gpg` (#18959) (#18962)
-  * Fix admin user list pagination (#18957) (#18960)
-  * Fix lfs management setting (#18947) (#18946)
-  * Fix login with email panic when email is not exist (#18942)
-  * Update go-org to v1.6.1 (#18932) (#18933)
-  * Fix `<strong>` html in translation (#18929) (#18931)
-  * Fix page and missing return on unadopted repos API (#18848) (#18927)
-  * Allow adminstrator teams members to see other teams (#18918) (#18919)
-  * Don't treat BOM escape sequence as hidden character. (#18909) (#18910)
-  * Correctly link URLs to users/repos with dashes, dots or underscores (… (#18908)
-  * Fix redirect when using lowercase repo name (#18775) (#18902)
-  * Fix migration v210 (#18893) (#18892)
-  * Fix team management UI (#18887) (18886)
-  * BeforeSourcePath should point to base commit (#18880) (#18799)
-* TRANSLATION
-  * Backport locales from master (#18944)
-* MISC
-  * Don't update email for organisation (#18905) (#18906)
-
-## [1.16.2](https://github.com/go-gitea/gitea/releases/tag/v1.16.2) - 2022-02-24
-
-* ENHANCEMENTS
-  * Show fullname on issue edits and gpg/ssh signing info (#18828)
-  * Immediately Hammer if second kill is sent (#18823) (#18826)
-  * Allow mermaid render error to wrap (#18791)
-* BUGFIXES
-  * Fix ldap user sync missed email in email_address table (#18786) (#18876) 
-  * Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
-  * Don't report signal: killed errors in serviceRPC (#18850) (#18865)
-  * Fix bug where certain LDAP settings were reverted (#18859)
-  * Update go-org to 1.6.0 (#18824) (#18839)
-  * Fix login with email for ldap users (#18800) (#18836)
-  * Fix bug for get user by email (#18834)
-  * Fix panic in EscapeReader (#18820) (#18821)
-  * Fix ldap loginname (#18789) (#18804)
-  * Remove redundant call to UpdateRepoStats during migration (#18591) (#18794)
-  * In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788)
-  * Fix template bug of LFS lock (#18784) (#18787)
-  * Attempt to fix the webauthn migration again - part 3 (#18770) (#18771)
-  * Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707) (#18765)
-  * Fix a broken link in commits_list_small.tmpl (#18763) (#18764)
-  * Increase the size of the webauthn_credential credential_id field (#18739) (#18756)
-  * Prevent dangling GetAttribute calls (#18754) (#18755)
-  * Fix isempty detection of git repository (#18746) (#18750)
-  * Fix source code line highlighting on external tracker (#18729) (#18740)
-  * Prevent double encoding of branch names in delete branch (#18714) (#18738)
-  * Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
-  * Fix forked repositories missed tags (#18719) (#18735)
-  * Fix release typo (#18728) (#18731)
-  * Separate the details links of commit-statuses in headers (#18661) (#18730)
-  * Update object repo with the migrated repository (#18684) (#18726)
-  * Fix bug for version update hint (#18701) (#18705)
-  * Fix issue with docker-rootless shimming script (#18690) (#18699)
-  * Let `MinUnitAccessMode` return correct perm (#18675) (#18689)
-  * Prevent security failure due to bad APP_ID (#18678) (#18682)
-  * Restart zero worker if there is still work to do (#18658) (#18672)
-  * If rendering has failed due to a net.OpError stop rendering (#18642) (#18645)
-* TESTING
-  * Ensure git tag tests and others create test repos in tmpdir (#18447) (#18767)
-* BUILD
-  * Reduce CI go module downloads, add make targets (#18708, #18475, #18443) (#18741)
-* MISC
-  * Put buttons back in org dashboard (#18817) (#18825)
-  * Various Mermaid improvements (#18776) (#18780)
-  * C preprocessor colors improvement (#18671) (#18696)
-  * Fix the missing i18n key for update checker (#18646) (#18665)
-
-## [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) - 2022-02-06
-
-* SECURITY
-  * Update JS dependencies, fix lint (#18389) (#18540)
-* ENHANCEMENTS
-  * Add dropdown icon to label set template dropdown (#18564) (#18571)
-* BUGFIXES
-  * comments on migrated issues/prs must link to the comment ID (#18630) (#18637)
-  * Stop logging an error when notes are not found (#18626) (#18635)
-  * Ensure that blob-excerpt links work for wiki (#18587) (#18624)
-  * Only attempt to flush queue if the underlying worker pool is not finished (#18593) (#18620)
-  * Ensure commit-statuses box is sized correctly in headers (#18538) (#18606)
-  * Prevent merge messages from being sorted to the top of email chains (#18566) (#18588)
-  * Prevent panic on prohibited user login with oauth2 (#18562) (#18563)
-  * Collaborator trust model should trust collaborators (#18539) (#18557)
-  * Detect conflicts with 3way merge (#18536) (#18537)
-  * In docker rootless use $GITEA_APP_INI if provided (#18524) (#18535)
-  * Add `GetUserTeams` (#18499) (#18531)
-  * Fix review excerpt (#18502) (#18530)
-  * Fix for AvatarURL database type (#18487) (#18529)
-  * Use `ImagedProvider` for gplus oauth2 provider (#18504) (#18505)
-  * Fix OAuth Source Edit Page (#18495) (#18503)
-  * Use "read" value for General Access (#18496) (#18500)
-  * Prevent NPE on partial match of compare URL and allow short SHA1 compare URLs (#18472) (#18473)
-* BUILD
-  * Make docker gitea/gitea:v1.16-dev etc refer to the latest build on that branch (#18551) (#18569)
-* DOCS
-  * Update 1.16.0 changelog to set #17846 as breaking (#18533) (#18534)
-
-## [1.16.0](https://github.com/go-gitea/gitea/releases/tag/v1.16.0) - 2022-01-30
-
-* BREAKING
-  * Remove golang vendored directory (#18277)
-  * Paginate releases page & set default page size to 10 (#16857)
-  * Use shadowing script for docker (#17846)
-  * Only allow webhook to send requests to allowed hosts (#17482)
-* SECURITY
-  * Disable content sniffing on `PlainTextBytes` (#18359) (#18365)
-  * Only view milestones from current repo (#18414) (#18417)
-  * Sanitize user-input on file name (#17666)
-  * Use `hostmatcher` to replace `matchlist` to improve blocking of bad hosts in Webhooks (#17605)
-* FEATURES
-  * Add/update SMTP auth providers via cli (#18197)
-  * Support webauthn (#17957)
-  * Team permission allow different unit has different permission (#17811)
-  * Implement Well-Known URL for password change (#17777)
-  * Add support for ssh commit signing (#17743)
-  * Allow Loading of Diffs that are too large (#17739)
-  * Add copy button to markdown code blocks (#17638)
-  * Add .gitattribute assisted language detection to blame, diff and render (#17590)
-  * Add `PULL_LIMIT` and `PUSH_LIMIT` to cron.update_mirror task (#17568)
-  * Add Reindex buttons to repository settings page (#17494)
-  * Make SSL cipher suite configurable (#17440)
-  * Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
-  * Add simple update checker to Gitea (#17212)
-  * Migrated Repository will show modifications when possible (#17191)
-  * Create pub/priv keypair for federation (#17071)
-  * Make LDAP be able to skip local 2FA (#16954)
-  * Add nodeinfo endpoint for federation purposes (#16953)
-  * Save and view issue/comment content history (#16909)
-  * Use git attributes to determine generated and vendored status for language stats and diffs (#16773)
-  * Add migrate from Codebase (#16768)
-  * Add migration from GitBucket (#16767)
-  * Add OAuth2 introspection endpoint (#16752)
-  * Add proxy settings and support for migration and webhook (#16704)
-  * Add microsoft oauth2 providers (#16544)
-  * Send registration email on user autoregistration (#16523)
-  * Defer Last Commit Info (#16467)
-  * Support unprotected file patterns (#16395)
-  * Add migrate from OneDev (#16356)
-  * Add option to update pull request by `rebase` (#16125)
-  * Add RSS/Atom feed support for user actions (#16002)
-  * Add support for corporate WeChat webhooks (#15910)
-  * Add a simple way to rename branch like gh (#15870)
-  * Add bundle download for repository (#14538)
-  * Add agit flow support in gitea (#14295)
-* API
-  * Add MirrorUpdated field to Repository API type (#18267)
-  * Adjust Fork API to allow setting a custom repository name (#18066)
-  * Add API to manage repo tranfers (#17963)
-  * Add API to get file commit history (#17652)
-  * Add API to get issue/pull comments and events (timeline) (#17403)
-  * Add API to get/edit wiki (#17278)
-  * Add API for get user org permissions (#17232)
-  * Add HTML urls to notification API (#17178)
-  * Add API to get commit diff/patch (#17095)
-  * Respond with updated notifications in API (#17064)
-  * Add API to fetch git notes (#16649)
-  * Generalize list header for API (#16551)
-  * Add API Token Cache (#16547)
-  * Allow Token API calls be authorized using the reverse-proxy header (#15119)
-* ENHANCEMENTS
-  * Make the height of the editor in Review Box smaller (4 lines as GitHub) (#18319)
-  * Return nicer error if trying to pull from non-existent user (#18288)
-  * Show pull link for agit pull request also (#18235)
-  * Enable partial clone by default (#18195)
-  * Added replay of webhooks (#18191)
-  * Show OAuth callback error message (#18185)
-  * Increase Salt randomness (#18179)
-  * Add MP4 as default allowed attachment type (#18170)
-  * Include folders into size cost (#18158)
-  * Remove `/email2user` endpoint (#18127)
-  * Handle invalid issues (#18111)
-  * Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)
-  * Support open compare page directly (#17975)
-  * Prefer "Hiragino Kaku Gothic ProN" in system-ui-ja (#17954)
-  * Clean legacy SimpleMDE code (#17926)
-  * Refactor install page (db type) (#17919)
-  * Improve interface when comparing a branch which has created a pull request (#17911)
-  * Allow default branch to be inferred on compare page (#17908)
-  * Display issue/comment role even if repo archived (#17907)
-  * Always set a message-id on mails (#17900)
-  * Change `<a>` elements to underline on hover (#17898)
-  * Render issue references in file table (#17897)
-  * Handle relative unix socket paths (#17836)
-  * Move accessmode into models/perm (#17828)
-  * Fix some org style problems (#17807)
-  * Add List-Unsubscribe header (#17804)
-  * Create menus for organization pages (#17802)
-  * Switch archive URL code back to href attributes (#17796)
-  * Refactor "refs/*" string usage by using constants (#17784)
-  * Allow forks to org if you can create repos (#17783)
-  * Improve install code to avoid low-level mistakes. (#17779)
-  * Improve ellipsis buttons (#17773)
-  * Add restrict and no-user-rc to authorized_keys (#17772)
-  * Add copy Commit ID button in commits list (#17759)
-  * Make `bind` error more readable (#17750)
-  * Fix navbar on project view (#17749)
-  * More pleasantly handle broken or missing git repositories (#17747)
-  * Use `*PushUpdateOptions` as receiver (#17724)
-  * Remove unused `user` paramater (#17723)
-  * Better builtin avatar generator (#17707)
-  * Cleanup and use global style on popups (#17674)
-  * Move user/org deletion to services (#17673)
-  * Added comment for changing issue ref (#17672)
-  * Allow admins to change user avatars (#17661)
-  * Only set `data-path` once for each file in diff pages (#17657)
-  * Add icon to vscode clone link (#17641)
-  * Add download button for file viewer (#17640)
-  * Add pagination to fork list (#17639)
-  * Use a standalone struct name for Organization (#17632)
-  * Minor readability patch. (#17627)
-  * Add context support for GetUserByID (#17602)
-  * Move merge-section to `> .content` (#17582)
-  * Remove NewSession method from db.Engine interface (#17577)
-  * Move unit into models/unit/ (#17576)
-  * Restrict GetDeletedBranchByID to the repositories deleted branches (#17570)
-  * Refactor commentTags functionality (#17558)
-  * Make Repo Code Indexer an Unique Queue (#17515)
-  * Simplify Gothic to use our session store instead of creating a different store (#17507)
-  * Add settings to allow different SMTP envelope from address (#17479)
-  * Properly determine CSV delimiter (#17459)
-  * Hide label comments if labels were added and removed immediately (#17455)
-  * Tune UI alignment for nav bar notification icon, avatar image, issue label (#17438)
-  * Add appearance section in settings (#17433)
-  * Move key forms before list and add cancel button (#17432)
-  * When copying executables to the docker chmod them (#17423)
-  * Remove deprecated `extendDefaultPlugins` method of svgo (#17399)
-  * Fix the click behavior for <tr> and <td> with [data-href] (#17388)
-  * Refactor update checker to use AppState (#17387)
-  * Improve async/await usage, and sort init calls in `index.js` (#17386)
-  * Use a variable but a function for IsProd because of a slight performance increment (#17368)
-  * Frontend refactor, PascalCase to camelCase, remove unused code (#17365)
-  * Hide command line merge instructions when user can't push (#17339)
-  * Move session to models/login (#17338)
-  * Sync gitea app path for git hooks and authorized keys when starting (#17335)
-  * Make the Mirror Queue a queue (#17326)
-  * Add "Copy branch name" button to pull request page (#17323)
-  * Fix repository summary on mobile (#17322)
-  * Split `index.js` to separate files (#17315)
-  * Show direct match on top for user search (#17303)
-  * Frontend refactor: move Vue related code from `index.js` to `components` dir, and remove unused codes. (#17301)
-  * Upgrade chi to v5 (#17298)
-  * Disable form autofill (#17291)
-  * Improve behavior of "Fork" button (#17288)
-  * Open markdown image links in new window (#17287)
-  * Add hints for special Wiki pages (#17283)
-  * Move add deploy key form before the list and add a cancel button (#17228)
-  * Allow adding multiple issues to a project  (#17226)
-  * Add metrics to get issues by repository (#17225)
-  * Add specific event type to header (#17222)
-  * Redirect on project after issue created (#17211)
-  * Reference in new issue modal: dont pre-populate issue title (#17208)
-  * Always set a unique Message-ID header (#17206)
-  * Add projects and project boards in exposed metrics (#17202)
-  * Add metrics to get issues by label (#17201)
-  * Add protection to disable Gitea when run as root (#17168)
-  * Don't return binary file changes in raw PR diffs by default (#17158)
-  * Support sorting for project board issuses (#17152)
-  * Force color-adjust for markdown checkboxes (#17146)
-  * Add option to copy line permalink (#17145)
-  * Move twofactor to models/login (#17143)
-  * Multiple tokens support for migrating from github (#17134)
-  * Unify issue and PR subtitles (#17133)
-  * Make Requests Processes and create process hierarchy. Associate OpenRepository with context. (#17125)
-  * Fix problem when database id is not increment as expected (#17124)
-  * Avatar refactor, move avatar code from `models` to `models.avatars`, remove duplicated code (#17123)
-  * Re-allow clipboard copy on non-https sites (#17118)
-  * DBContext is just a Context (#17100)
-  * Move login related structs and functions to models/login (#17093)
-  * Add SkipLocal2FA option to pam and smtp sources (#17078)
-  * Move db related basic functions to models/db (#17075)
-  * Fixes username tagging in "Reference in new issue" (#17074)
-  * Use light/dark theme based on system preference (#17051)
-  * Always emit the configuration path (#17036)
-  * Add `AbsoluteListOptions` (#17028)
-  * Use common sessioner for API and Web (#17027)
-  * Fix overflow label in small view (#17020)
-  * Report the associated filter if there is an error in LDAP (#17014)
-  * Add "new issue" btn on project (#17001)
-  * Add doctor dbconsistency check for release and attachment (#16978)
-  * Disable Fomantic's CSS tooltips (#16974)
-  * Add Cache-Control to avatar redirects (#16973)
-  * Make mirror feature more configurable (#16957)
-  * Add skip and limit to git.GetTags (#16897)
-  * Remove ParseQueueConnStr as it is unused (#16878)
-  * Remove unused Fomantic sidebar module (#16853)
-  * Allow LDAP Sources to provide Avatars (#16851)
-  * Remove Dashboard/Home button from the navbar (#16844)
-  * Use conditions but not repo ids as query condition (#16839)
-  * Add user settings key/value DB table (#16834)
-  * Add buttons to allow loading of incomplete diffs (#16829)
-  * Add information for migrate failure (#16803)
-  * Add EdDSA JWT signing algorithm (#16786)
-  * Add user status filter to admin user management page (#16770)
-  * Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along with Setting Scopes (#16766)
-  * Do not use thin scrollbars on Firefox (#16738)
-  * Download LFS in git and web workflow from minio/s3 directly (SERVE_DIRECT) (#16731)
-  * Compute proper foreground color for labels (#16729)
-  * Add edit button to wiki sidebar and footer (#16719)
-  * Fix migration svg color (#16715)
-  * Add link to vscode to repo header (#16664)
-  * Add filter by owner and team to issue/pulls search endpoint (#16662)
-  * Kanban colored boards (#16647)
-  * Allow setting X-FRAME-OPTIONS (#16643)
-  * Separate open and closed issue in metrics (#16637)
-  * Support direct comparison (git diff a..b) as well merge comparison (a…b) (#16635)
-  * Add setting to OAuth handlers to skip local 2FA authentication (#16594)
-  * Make PR merge options more intuitive (#16582)
-  * Show correct text when comparing commits on empty pull request (#16569)
-  * Pre-fill suggested New File 'name' and 'content' with Query Params (#16556)
-  * Add an abstract json layout to make it's easier to change json library (#16528)
-  * Make Mermaid.js limit configurable (#16519)
-  * Improve 2FA autofill (#16473)
-  * Add modals to Organization and Team remove/leave (#16471)
-  * Show tag name on dashboard items list (#16466)
-  * Change default cron schedules from @every 24h to @midnight (#16431)
-  * Prevent double sanitize (#16386)
-  * Replace `list.List` with slices (#16311)
-  * Add configuration option to restrict users by default (#16256)
-  * Move login out of models (#16199)
-  * Support pagination of organizations on user settings pages (#16083)
-  * Switch migration icon to svg (#15954)
-  * Add left padding for chunk header of split diff view (#13397)
-  * Allow U2F 2FA without TOTP (#11573)
-* BUGFIXES
-  * GitLab reviews may not have the updated_at field set (#18450) (#18461)
-  * Fix detection of no commits when the default branch is not master (#18422) (#18423)
-  * Fix broken oauth2 authentication source edit page (#18412) (#18419)
-  * Place inline diff comment dialogs on split diff in 4th and 8th columns (#18403) (#18404)
-  * Fix restore without topic failure (#18387) (#18400)
-  * Fix commit's time (#18375) (#18392)
-  * Fix partial cloning a repo (#18373) (#18377)
-  * Stop trimming preceding and suffixing spaces from editor filenames (#18334)
-  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18386)
-  * Fix mime-type detection for HTTP server (#18370) (#18371)
-  * Stop trimming preceding and suffixing spaces from editor filenames (#18334)
-  * Restore propagation of ErrDependenciesLeft (#18325)
-  * Fix PR comments UI (#18323)
-  * Use indirect comparison when showing pull requests (#18313)
-  * Replace satori/go.uuid with gofrs/uuid (#18311)
-  * Fix commit links on compare page (#18310)
-  * Don't show double error response in git hook (#18292)
-  * Handle missing default branch better in owner/repo/branches page (#18290)
-  * Fix CheckRepoStats and reuse it during migration (#18264)
-  * Prevent underline hover on cards (#18259)
-  * Don't delete branch if other PRs with this branch are open (#18164)
-  * Require codereview to have content (#18156)
-  * Allow admin to associate missing LFS objects for repositories (#18143)
-  * When attempting to subscribe other user to issue report why access denied (#18091)
-  * Add option to convert CRLF to LF line endings for sendmail (#18075)
-  * Only create pprof files for gitea serv if explicitly asked for (#18068)
-  * Abort merge if head has been updated before pressing merge (#18032)
-  * Improve TestPatch to use git read-tree -m and implement git-merge-one-file functionality (#18004)
-  * Use JSON module instead of stdlib json (#18003)
-  * Fixed issue merged/closed wording (#17973)
-  * Return nicer error for ForcePrivate (#17971)
-  * Fix overflow in commit graph (#17947)
-  * Prevent services/mailer/mailer_test.go tests from deleteing data directory (#17941)
-  * Use disable_form_autofill on Codebase and Gitbucket (#17936)
-  * Fix a panic in NotifyCreateIssueComment (caused by string truncation) (#17928)
-  * Fix markdown URL parsing (#17924)
-  * Apply CSS Variables to all message elements (#17920)
-  * Improve checkBranchName (#17901)
-  * Update chi/middleware to chi/v5/middleware (#17888)
-  * Fix position of label color picker colors (#17866)
-  * Fix ListUnadoptedRepositories incorrect total count (#17865)
-  * Remove whitespace inside rendered code `<td>` (#17859)
-  * Make Co-committed-by and co-authored-by trailers optional (#17848)
-  * Fix value of User.IsRestricted when oauth2 user registration (#17839)
-  * Use new OneDev /milestones endpoint (#17782)
-  * Prevent deadlock in TestPersistableChannelQueue (#17717)
-  * Simplify code for writing SHA to name-rev (#17696)
-  * Fix database deadlock when update issue labels (#17649)
-  * Add warning for BIDI characters in page renders and in diffs (#17562)
-  * Fix ipv6 parsing for builtin ssh server (#17561)
-  * Multiple Escaping Improvements (#17551)
-  * Fixes #16559 - Do not trim leading spaces for tab delimited (#17442)
-  * Show client-side error if wiki page is empty (#17415)
-  * Fix context popup error (#17398)
-  * Stop sanitizing full name in API (#17396)
-  * Fix issue close/comment buttons on mobile (#17317)
-  * Fix navbar UI (#17235)
-  * Fix problem when database id is not increment as expected (#17229)
-  * Open the DingTalk link in browser (#17084)
-  * Remove heads pointing to missing old refs (#17076)
-  * Fix commit status index problem (#17061)
-  * Handle broken references in mirror sync (#17013)
-  * Fix for create repo page layout (#17012)
-  * Improve LDAP synchronization efficiency (#16994)
-  * Add repo_id for attachment (#16958)
-  * Clean-up HookPreReceive and restore functionality for pushing non-standard refs (#16705)
-  * Remove duplicate csv import in modules/csv/csv.go (#16631)
-  * Improve SMTP authentication and Fix user creation bugs  (#16612)
-  * Fixed emoji alias not parsed in links (#16221)
-  * Calculate label URL on API  (#16186)
-* TRANSLATION
-  * Fix mispelling of starred as stared (#17465)
-  * Re-separate the color translation strings (#17390)
-  * Enable Malayalam, Greek, Persian, Hungarian & Indonesian by default (#16998)
-* BUILD
-  * Add lockfile-check (#18285)
-  * Don't store assets modified time into generated files (#18193)
-* MISC
-  * Update JS dependencies (#17611)
-
-## [1.15.11](https://github.com/go-gitea/gitea/releases/tag/v1.15.11) - 2022-01-29
-
-* SECURITY
-  * Only view milestones from current repo (#18414) (#18418)
-* BUGFIXES
-  * Fix broken when no commits and default branch is not master (#18422) (#18424)
-  * Fix commit's time (#18375) (#18409)
-  * Fix restore without topic failure (#18387) (#18401)
-  * Fix mermaid import in 1.15 (it uses ESModule now) (#18382)
-  * Update to go/text 0.3.7 (#18336)
-* MISC
-  * Upgrade EasyMDE to 2.16.1 (#18278) (#18279)
-
-## [1.15.10](https://github.com/go-gitea/gitea/releases/tag/v1.15.10) - 2022-01-14
-
-* BUGFIXES
-  * Fix inconsistent PR comment counts (#18260) (#18261)
-  * Fix release link broken (#18252) (#18253)
-  * Fix update user from site administration page bug (#18250) (#18251)
-  * Set HeadCommit when creating tags (#18116) (#18173)
-  * Use correct translation key for error messages due to max repo limits (#18135 & #18153) (#18152)
-  * Fix purple color in suggested label colors (#18241) (#18242)
-* SECURITY
-  * Bump mermaid from 8.10.1 to 8.13.8 (#18198) (#18206)
-
-## [1.15.9](https://github.com/go-gitea/gitea/releases/tag/v1.15.9) - 2021-12-30
-
-* BUGFIXES
-  * Fix wrong redirect on org labels (#18128) (#18134)
-  * Fix: unstable sort skips/duplicates issues across pages (#18094) (#18095)
-  * Revert "Fix delete u2f keys bug (#18042)" (#18107)
-  * Migrating wiki don't require token, so we should move it out of the require form (#17645) (#18104)
-  * Prevent NPE if gitea uploader fails to open url (#18080) (#18101)
-  * Reset locale on login (#17734) (#18100)
-  * Correctly handle failed migrations (#17575) (#18099)
-  * Instead of using routerCtx just escape the url before routing (#18086) (#18098)
-  * Quote references to the user table in consistency checks (#18072) (#18073)
-  * Add NotFound handler (#18062) (#18067)
-  * Ensure that git repository is closed before transfer (#18049) (#18057)
-  * Use common sessioner for API and web routes (#18114)
-* TRANSLATION
-  * Fix code search result hint on zh-CN (#18053)
-
-## [1.15.8](https://github.com/go-gitea/gitea/releases/tag/v1.15.8) - 2021-12-20
-
-* BUGFIXES
-  * Move POST /{username}/action/{action} to simply POST /{username} (#18045) (#18046)
-  * Fix delete u2f keys bug (#18040) (#18042)
-  * Reset Session ID on login (#18018) (#18041)
-  * Prevent off-by-one error on comments on newly appended lines (#18029) (#18035)
-  * Stop printing 03d after escaped characters in logs (#18030) (#18034)
-  * Reset locale on login (#18023) (#18025)
-  * Fix reset password email template (#17025) (#18022)
-  * Fix outType on gitea dump (#18000) (#18016)
-  * Ensure complexity, minlength and isPwned are checked on password setting (#18005) (#18015)
-  * Fix rename notification bug (#18011)
-  * Prevent double decoding of % in url params  (#17997) (#18001)
-  * Prevent hang in git cat-file if the repository is not a valid repository (Partial #17991) (#17992)
-  * Prevent deadlock in create issue (#17970) (#17982)
-* TESTING
-  * Use non-expiring key. (#17984) (#17985)
-
 ## [1.15.7](https://github.com/go-gitea/gitea/releases/tag/v1.15.7) - 2021-12-01

 * ENHANCEMENTS
@@ -986,7 +71,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Fix unwanted team review request deletion (#17257) (#17264)
  * Fix broken Activities link in team dashboard (#17255) (#17258)
  * API pull's head/base have correct permission(#17214) (#17245)
-  * Fix strange behavior of DownloadPullDiffOrPatch in incorrect index (#17223) (#17227)
+  * Fix stange behavior of DownloadPullDiffOrPatch in incorect index (#17223) (#17227)
  * Upgrade xorm to v1.2.5 (#17177) (#17188)
  * Fix missing repo link in issue/pull assigned emails (#17183) (#17184)
  * Fix bug of get context user (#17169) (#17172)
@@ -1001,6 +86,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 * TRANSLATION
  * v1.15 fix Sprintf format 'verbs' in locale files (#17187)

+
 ## [1.15.3](https://github.com/go-gitea/gitea/releases/tag/v1.15.3) - 2021-09-19

 * ENHANCEMENTS
@@ -1311,15 +397,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Remove utf8 option from installation page (#16126)
  * Use Wants= over Requires= in systemd file (#15897)

-## [1.14.7](https://github.com/go-gitea/gitea/releases/tag/v1.14.7) - 2021-09-02
-
-* BUGFIXES
-  * Add missing gitRepo close at GetDiffRangeWithWhitespaceBehavior (Partial #16894) (#16896)
-  * Fix wiki raw commit diff/patch view (#16891) (#16893)
-  * Ensure wiki repos are all closed (#16886) (#16889)
-  * Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16849)
-  * Recreate Tables should Recreate indexes on MySQL (#16718) (#16740)
-
 ## [1.14.6](https://github.com/go-gitea/gitea/releases/tag/v1.14.6) - 2021-08-04

 * SECURITY
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -81,22 +81,23 @@ Here's how to run the test suite:
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |

- run test code (Suggest run in Linux)  
+- run test code (Suggest run in linux)  

 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
-|[More details about integrations](integrations/README.md)  |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for sqlite |  
+|[More detail message about integrations](integrations/README.md)  |

 ## Vendoring

-We manage dependencies via [Go Modules](https://golang.org/cmd/go/#hdr-Module_maintenance), more details: [go mod](https://go.dev/ref/mod).
+We keep a cached copy of dependencies within the `vendor/` directory,
+managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).

-Pull requests should only include `go.mod`, `go.sum` updates if they are part of
+Pull requests should only include `vendor/` updates if they are part of
 the same change, be it a bugfix or a feature addition.

-The `go.mod`, `go.sum` update needs to be justified as part of the PR description,
+The `vendor/` update needs to be justified as part of the PR description,
 and must be verified by the reviewers and/or merger to always reference
 an existing upstream commit.

@@ -105,7 +106,7 @@ You can find more information on how to get started with it on the [Modules Wiki
 ## Translation

 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
-The only translation that is maintained in this Git repository is
+The only translation that is maintained in this git repository is
 [`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
 and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
@@ -134,15 +135,6 @@ Some of the key points:
  if that is not related to your PR, please make *another* PR for that.
 * Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
-* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
-
-If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:
-
-```
-## :warning: BREAKING :warning:
-```
-
-To explain how this could affect users and how to mitigate these changes.

 ## Styleguide

@@ -150,8 +142,8 @@ For imports you should use the following format (_without_ the comments)
 ```go
 import (
  // stdlib
+  "encoding/json"
  "fmt"
-  "math"

  // local packages
  "code.gitea.io/gitea/models"
@@ -165,7 +157,7 @@ import (

 ## Design guideline

-To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:
+To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:

 - **integration:** Integrations tests
 - **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
@@ -212,74 +204,9 @@ In general, HTTP methods are chosen as follows:
 * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
 * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object

+
 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-### Endpoints returning lists should
- * support pagination (`page` & `limit` options in query)
- * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

-## Large Character Comments
-
-Throughout the codebase there are large-text comments for sections of code, e.g.:
-
-```go
-// __________            .__               
-// \______   \ _______  _|__| ______  _  __
-//  |       _// __ \  \/ /  |/ __ \ \/ \/ /
-//  |    |   \  ___/\   /|  \  ___/\     / 
-//  |____|_  /\___  >\_/ |__|\___  >\/\_/  
-//         \/     \/             \/        
-```
-
-These were created using the `figlet` tool with the `graffiti` font.
-
-A simple way of creating these is to use the following:
-
-```bash
-figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
-```
-
-## Backports and Frontports
-
-Occasionally backports of PRs are required.
-
-The backported PR title should be:
-
-```
-Title of backported PR (#ORIGINAL_PR_NUMBER)
-```
-
-The first two lines of the summary of the backporting PR should be:
-
-```
-Backport #ORIGINAL_PR_NUMBER
-
-```
-
-with the rest of the summary matching the original PR. Similarly for frontports
-
---
-
-The below is a script that may be helpful in creating backports. YMMV.
-
-```bash
-#!/bin/sh
-PR="$1"
-SHA="$2"
-VERSION="$3"
-
-if [ -z "$SHA" ]; then
-    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
-fi
-
-if [ -z "$VERSION" ]; then
-    VERSION="v1.16"
-fi
-
-echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
-git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
-
-```

 ## Developer Certificate of Origin (DCO)

@@ -292,7 +219,7 @@ Additionally you could add a line at the end of your commit message.
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```

-If you set your `user.name` and `user.email` Git configs, you can add the
+If you set your `user.name` and `user.email` git configs, you can add the
 line to the end of your commit automatically with `git commit -s`.

 We assume in good faith that the information you provide is legally binding.
@@ -304,8 +231,8 @@ on, finishing, and issuing releases. The overall goal is to make a
 minor release every three or four months, which breaks down into two or three months of
 general development followed by one month of testing and polishing
 known as the release freeze. All the feature pull requests should be
-merged before feature freeze. And, during the frozen period, a corresponding
-release branch is open for fixes backported from main branch. Release candidates
+merged before feature freeze. And, during the frozen period, a corresponding 
+release branch is open for fixes backported from main branch. Release candidates 
 are made during this period for user testing to
 obtain a final version that is maintained in this branch. A release is
 maintained by issuing patch releases to only correct critical problems
@@ -337,7 +264,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
 For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide GPG signed commits.
+if possible provide gpg signed commits.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/

@@ -368,11 +295,6 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:

-* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
-
 * 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
@@ -400,13 +322,13 @@ they served:

 ## Versions

-Gitea has the `main` branch as a tip branch and has version branches
+Gitea has the `master` branch as a tip branch and has version branches
 such as `release/v0.9`. `release/v0.9` is a release branch and we will
 tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
 pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
-after bringing the bug fix also to the main branch.
+after bringing the bug fix also to the master branch.

-Since the `main` branch is a tip version, if you wish to use Gitea
+Since the `master` branch is a tip version, if you wish to use Gitea
 in production, please download the latest release tag version. All the
 branches will be protected via GitHub, all the PRs to every branch must
 be reviewed by two maintainers and must pass the automatic tests.
@@ -414,26 +336,22 @@ be reviewed by two maintainers and must pass the automatic tests.
 ## Releasing Gitea

 * Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
-* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
-* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
-* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
-* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
+* If needed send PR for changelog on branch `master`.
 * Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
-* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  * bump the version of https://dl.gitea.io/gitea/version.json
-  * merge the blog post PR
-  * announce the release in discord `#announcements`

 ## Copyright

 Code that you contribute should use the standard copyright header:

 ```
-// Copyright 2022 The Gitea Authors. All rights reserved.
+// Copyright 2020 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/9
+++ b/9
@@ -1,5 +1,7 @@
+
+###################################
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.16-alpine3.13 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +25,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -64,5 +66,4 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,7 @@
+
+###################################
 #Build stage
-FROM golang:1.18-alpine3.16 AS build-env
+FROM golang:1.16-alpine3.13 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -7,7 +9,7 @@ ENV GOPROXY ${GOPROXY:-direct}
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata timetzdata $TAGS"
-ARG CGO_EXTRA_CFLAGS
+ARG CGO_EXTRA_CFLAGS 

 #Build deps
 RUN apk --no-cache add build-base git nodejs npm
@@ -23,7 +25,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.16
+FROM alpine:3.13
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
@@ -51,9 +53,8 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea

 COPY docker/rootless /
-COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini

 #git:git
 USER 1000:1000
--- a/5
+++ b/5
@@ -1,4 +1,5 @@
 Alexey Makhov <amakhov@avito.ru> (@makhov)
+Andrey Nering <andrey.nering@gmail.com> (@andreynering)
 Bo-Yi Wu <appleboy.tw@gmail.com> (@appleboy)
 Ethan Koenig <ethantkoenig@gmail.com> (@ethantkoenig)
 Kees de Vries <bouwko@gmail.com> (@Bwko)
@@ -43,7 +44,3 @@ Patrick Schratz <patrick.schratz@gmail.com> (@pat-s)
 Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
-Leon Hofmeister <dev.lh@web.de> (@delvh) 
-Gusted <williamzijl7@hotmail.com) (@Gusted)
-silentcode <silentcode@senga.org> (@silentcodeg)
-Wim <wim@42.be> (@42wim)
--- a/245
+++ b/245
@@ -24,17 +24,9 @@ SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.18.x
-
-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0
-GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
-MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
-XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
+XGO_VERSION := go-1.16.x
+MIN_GO_VERSION := 001016000
+MIN_NODE_VERSION := 012017000

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -65,9 +57,11 @@ else
 	SED_INPLACE := sed -i ''
 endif

+GOFMT ?= gofmt -s
+
 EXTRA_GOFLAGS ?=

-MAKE_VERSION := $(shell "$(MAKE)" -v | head -n 1)
+MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
 MAKE_EVIDENCE_DIR := .make_evidence

 ifeq ($(RACE_ENABLED),true)
@@ -99,7 +93,7 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list -mod=vendor ./... | grep -v /vendor/))

 FOMANTIC_WORK_DIR := web_src/fomantic

@@ -123,7 +117,7 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify

 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)

-GO_DIRS := cmd integrations models modules routers build services tools
+GO_DIRS := cmd integrations models modules routers build services vendor tools

 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
@@ -132,6 +126,10 @@ ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
 endif

+GO_SOURCES_OWN := $(filter-out vendor/% %/bindata.go, $(GO_SOURCES))
+
+#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger
+SWAGGER := $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|g
 SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl \| JSEscape \| Safe}}/api/v1"|"basePath": "/api/v1"|g
@@ -171,9 +169,6 @@ help:
 	@echo " - watch-backend                    watch backend files and continuously rebuild"
 	@echo " - clean                            delete backend and integration files"
 	@echo " - clean-all                        delete backend, frontend and integration files"
-	@echo " - deps                             install dependencies"
-	@echo " - deps-frontend                    install frontend dependencies"
-	@echo " - deps-backend                     install backend dependencies"
 	@echo " - lint                             lint everything"
 	@echo " - lint-frontend                    lint frontend files"
 	@echo " - lint-backend                     lint backend files"
@@ -194,19 +189,18 @@ help:
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
+	@echo " - revive                           run revive linter"
+	@echo " - misspell                         check for misspellings"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
-	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
 	@echo " - test-sqlite[\#TestSpecificName]  run integration test for sqlite"
 	@echo " - pr#<index>                       build and start gitea from a PR with integration test data loaded"

 .PHONY: go-check
 go-check:
-	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
 	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
-		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
+		echo "Gitea requires Go 1.16 or greater to build. You can get it at https://golang.org/dl/"; \
 		exit 1; \
 	fi

@@ -219,12 +213,11 @@ git-check:

 .PHONY: node-check
 node-check:
-	$(eval MIN_NODE_VERSION_STR := $(shell grep -Eo '"node":.*[0-9.]+"' package.json | sed -n 's/.*[^0-9.]\([0-9.]*\)"/\1/p'))
-	$(eval MIN_NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_NODE_VERSION_STR)' | tr '.' ' ')))
 	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | cut -c2- | tr '.' ' ');))
+	$(eval MIN_NODE_VER_FMT := $(shell printf "%g.%g.%g" $(shell echo $(MIN_NODE_VERSION) | grep -o ...)))
 	$(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1))
 	@if [ "$(NODE_VERSION)" -lt "$(MIN_NODE_VERSION)" -o "$(NPM_MISSING)" = "1" ]; then \
-		echo "Gitea requires Node.js $(MIN_NODE_VERSION_STR) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
+		echo "Gitea requires Node.js $(MIN_NODE_VER_FMT) or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
 		exit 1; \
 	fi

@@ -243,13 +236,14 @@ clean:

 .PHONY: fmt
 fmt:
-	@echo "Running gitea-fmt (with gofumpt)..."
-	@MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
+	@echo "Running go fmt..."
+	@$(GOFMT) -w $(GO_SOURCES_OWN)

 .PHONY: vet
 vet:
 	@echo "Running go vet..."
-	@GOOS= GOARCH= $(GO) build code.gitea.io/gitea-vet
+	@$(GO) vet $(GO_PACKAGES)
+	@GOOS= GOARCH= $(GO) build -mod=vendor code.gitea.io/gitea-vet
 	@$(GO) vet -vettool=gitea-vet $(GO_PACKAGES)

 .PHONY: $(TAGS_EVIDENCE)
@@ -263,7 +257,7 @@ endif

 .PHONY: generate-swagger
 generate-swagger:
-	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
+	$(SWAGGER) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'

@@ -279,18 +273,44 @@ swagger-check: generate-swagger
 .PHONY: swagger-validate
 swagger-validate:
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)'
-	$(GO) run $(SWAGGER_PACKAGE) validate './$(SWAGGER_SPEC)'
+	$(SWAGGER) validate './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'

 .PHONY: errcheck
 errcheck:
+	@hash errcheck > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/kisielk/errcheck; \
+	fi
 	@echo "Running errcheck..."
-	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)
+	@errcheck $(GO_PACKAGES)
+
+.PHONY: revive
+revive:
+	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/mgechev/revive; \
+	fi
+	@revive -config .revive.toml -exclude=./vendor/... ./...
+
+.PHONY: misspell-check
+misspell-check:
+	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
+	fi
+	@echo "Running misspell-check..."
+	@misspell -error -i unknwon $(GO_SOURCES_OWN)
+
+.PHONY: misspell
+misspell:
+	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/client9/misspell/cmd/misspell; \
+	fi
+	@echo "Running go misspell..."
+	@misspell -w -i unknwon $(GO_SOURCES_OWN)

 .PHONY: fmt-check
 fmt-check:
-	# get all go files and run gitea-fmt (with gofmt) on them
-	@diff=$$(MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
+	# get all go files and run go fmt on them
+	@diff=$$($(GOFMT) -d $(GO_SOURCES_OWN)); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make fmt' and commit the result:"; \
 		echo "$${diff}"; \
@@ -301,21 +321,22 @@ fmt-check:
 checks: checks-frontend checks-backend

 .PHONY: checks-frontend
-checks-frontend: lockfile-check svg-check
+checks-frontend: svg-check

 .PHONY: checks-backend
-checks-backend: gomod-check swagger-check swagger-validate
+checks-backend: misspell-check test-vendor swagger-check swagger-validate

 .PHONY: lint
 lint: lint-frontend lint-backend

 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
+	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js
 	npx stylelint --color --max-warnings=0 web_src/less
+	npx editorconfig-checker templates

 .PHONY: lint-backend
-lint-backend: golangci-lint vet editorconfig-checker
+lint-backend: golangci-lint revive vet

 .PHONY: watch
 watch:
@@ -328,15 +349,18 @@ watch-frontend: node-check node_modules

 .PHONY: watch-backend
 watch-backend: go-check
-	$(GO) run $(AIR_PACKAGE) -c .air.toml
+	@hash air > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/cosmtrek/air; \
+	fi
+	air -c .air.conf

 .PHONY: test
 test: test-frontend test-backend

 .PHONY: test-backend
 test-backend:
-	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)
+	@echo "Running go test with -tags '$(TEST_TAGS)'..."
+	@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' $(GO_PACKAGES)

 .PHONY: test-frontend
 test-frontend: node_modules
@@ -357,33 +381,26 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)
+	@$(GO) test -mod=vendor $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)

 .PHONY: coverage
 coverage:
-	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
-	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)
+	GO111MODULE=on $(GO) run -mod=vendor build/gocovmerge.go integration.coverage.out $(shell find . -type f -name "coverage.out") > coverage.all

 .PHONY: unit-test-coverage
 unit-test-coverage:
-	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
-
-.PHONY: tidy
-tidy:
-	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
-	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
+	@echo "Running unit-test-coverage -tags '$(TEST_TAGS)'..."
+	@$(GO) test $(GOTESTFLAGS) -mod=vendor -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: vendor
-vendor: tidy
-	$(GO) mod vendor
+vendor:
+	$(GO) mod tidy && $(GO) mod vendor

-.PHONY: gomod-check
-gomod-check: tidy
-	@diff=$$(git diff go.sum); \
+.PHONY: test-vendor
+test-vendor: vendor
+	@diff=$$(git diff vendor/); \
 	if [ -n "$$diff" ]; then \
-		echo "Please run 'make tidy' and commit the result:"; \
+		echo "Please run 'make vendor' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi
@@ -405,11 +422,6 @@ test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test

-.PHONY: test-sqlite-migration\#%
-test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
-
-
 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
@@ -515,30 +527,23 @@ bench-pgsql: integrations.pgsql.test generate-ini-pgsql
 integration-test-coverage: integrations.cover.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

-.PHONY: integration-test-coverage-sqlite
-integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
-
 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test

 integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql8.test

 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.pgsql.test

 integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test

 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test
-
-integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

 .PHONY: migrations.mysql.test
 migrations.mysql.test: $(GO_SOURCES)
@@ -599,44 +604,53 @@ backend: go-check generate $(EXECUTABLE)
 .PHONY: generate
 generate: $(TAGS_PREREQ)
 	@echo "Running go generate..."
-	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)
+	@CC= GOOS= GOARCH= $(GO) generate -mod=vendor -tags '$(TAGS)' $(GO_PACKAGES)

 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-windows release-linux release-darwin release-copy release-compress release-sources release-docs release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)

 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
+	fi
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq (,$(findstring gogit,$(TAGS)))
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
-ifeq ($(CI),true)
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
 release-linux: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
+	fi
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets '$(LINUX_ARCHS)' -out gitea-$(VERSION) .
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
 release-darwin: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) install src.techknowlogick.com/xgo@latest; \
+	fi
+	CGO_CFLAGS="$(CGO_CFLAGS)" xgo -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin-10.12/amd64,darwin-10.12/arm64' -out gitea-$(VERSION) .
+ifeq ($(CI),drone)
 	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
-	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
 release-check: | $(DIST_DIRS)
@@ -644,16 +658,17 @@ release-check: | $(DIST_DIRS)

 .PHONY: release-compress
 release-compress: | $(DIST_DIRS)
-	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && $(GO) run $(GXZ_PAGAGE) -k -9 $${file}; done;
+	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		GO111MODULE=off $(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
+	fi
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;

 .PHONY: release-sources
 release-sources: | $(DIST_DIRS)
 	echo $(VERSION) > $(STORED_VERSION_FILE)
 # bsdtar needs a ^ to prevent matching subdirectories
 	$(eval EXCL := --exclude=$(shell tar --help | grep -q bsdtar && echo "^")./)
-# use transform to a add a release-folder prefix; in bsdtar the transform parameter equivalent is -s
-	$(eval TRANSFORM := $(shell tar --help | grep -q bsdtar && echo "-s '/^./gitea-src-$(VERSION)/'" || echo "--transform 's|^./|gitea-src-$(VERSION)/|'"))
-	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) $(TRANSFORM) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
+	tar $(addprefix $(EXCL),$(TAR_EXCLUDES)) -czf $(DIST)/release/gitea-src-$(VERSION).tar.gz .
 	rm -f $(STORED_VERSION_FILE)

 .PHONY: release-docs
@@ -667,25 +682,6 @@ docs:
 	fi
 	cd docs; make trans-copy clean build-offline;

-.PHONY: deps
-deps: deps-frontend deps-backend
-
-.PHONY: deps-frontend
-deps-frontend: node_modules
-
-.PHONY: deps-backend
-deps-backend:
-	$(GO) mod download
-	$(GO) install $(AIR_PACKAGE)
-	$(GO) install $(EDITORCONFIG_CHECKER_PACKAGE)
-	$(GO) install $(ERRCHECK_PACKAGE)
-	$(GO) install $(GOFUMPT_PACKAGE)
-	$(GO) install $(GOLANGCI_LINT_PACKAGE)
-	$(GO) install $(GXZ_PAGAGE)
-	$(GO) install $(MISSPELL_PACKAGE)
-	$(GO) install $(SWAGGER_PACKAGE)
-	$(GO) install $(XGO_PACKAGE)
-
 node_modules: package-lock.json
 	npm install --no-save
 	@touch node_modules
@@ -703,9 +699,8 @@ fomantic:
 	cd $(FOMANTIC_WORK_DIR) && npm install --no-save
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
+	cp -f web_src/js/vendor/dropdown.js $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/definitions/modules
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
-	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
-	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

 .PHONY: webpack
 webpack: $(WEBPACK_DEST)
@@ -731,17 +726,6 @@ svg-check: svg
 		exit 1; \
 	fi

-.PHONY: lockfile-check
-lockfile-check:
-	npm install --package-lock-only
-	@diff=$$(git diff package-lock.json); \
-	if [ -n "$$diff" ]; then \
-		echo "package-lock.json is inconsistent with package.json"; \
-		echo "Please run 'npm install --package-lock-only' and commit the result:"; \
-		echo "$${diff}"; \
-		exit 1; \
-	fi
-
 .PHONY: update-translations
 update-translations:
 	mkdir -p ./translations
@@ -762,7 +746,7 @@ generate-gitignore:

 .PHONY: generate-images
 generate-images: | node_modules
-	npm install --no-save --no-package-lock fabric@5 imagemin-zopfli@7
+	npm install --no-save --no-package-lock fabric@4 imagemin-zopfli@7
 	node build/generate-images.js $(TAGS)

 .PHONY: generate-manpage
@@ -779,18 +763,11 @@ pr\#%: clean-all

 .PHONY: golangci-lint
 golangci-lint:
-	$(GO) run $(GOLANGCI_LINT_PACKAGE) run
-
-# workaround step for the lint-backend-windows CI task because 'go run' can not
-# have distinct GOOS/GOARCH for its build and run steps
-.PHONY: golangci-lint-windows
-golangci-lint-windows:
-	@GOOS= GOARCH= $(GO) install $(GOLANGCI_LINT_PACKAGE)
-	golangci-lint run
-
-.PHONY: editorconfig-checker
-editorconfig-checker:
-	$(GO) run $(EDITORCONFIG_CHECKER_PACKAGE) templates
+	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		export BINARY="golangci-lint"; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.37.0; \
+	fi
+	golangci-lint run --timeout 10m

 .PHONY: docker
 docker:
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@
  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
@@ -36,8 +36,8 @@
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
+  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
+    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
  </a>
  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
@@ -67,14 +67,14 @@ From the root of the source tree, run:

    TAGS="bindata" make build

-or if SQLite support is required:
+or if sqlite support is required:

    TAGS="bindata sqlite sqlite_unlock_notify" make build

 The `build` target is split into two sub-targets:

- `make backend` which requires [Go Stable](https://go.dev/dl/), required version is defined in [go.mod](/go.mod).
- `make frontend` which requires [Node.js LTS](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.
+- `make backend` which requires [Go 1.13](https://golang.org/dl/) or greater.
+- `make frontend` which requires [Node.js 12.17](https://nodejs.org/en/download/) or greater and Internet connectivity to download npm dependencies.

 When building from the official source tarballs which include pre-built frontend files, the `frontend` target will not be triggered, making it possible to build without Node.js and Internet connectivity.

--- a/README_ZH.md
+++ b/README_ZH.md
@@ -12,10 +12,13 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
+  <a href="https://microbadger.com/images/gitea/gitea" title="Get your own image badge on microbadger.com">
+    <img src="https://images.microbadger.com/badges/image/gitea/gitea.svg">
+  </a>
  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
-  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
@@ -36,8 +39,8 @@
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
-  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
-    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
+  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea" title="TODOs">
+    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea">
  </a>
  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
--- a/assets/favicon.svg
+++ b/assets/favicon.svg
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<svg version="1.1" id="main_outline" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px"
-	 y="0px" viewBox="0 0 640 640" style="enable-background:new 0 0 640 640;" xml:space="preserve">
-<g>
-	<path id="teabag" style="fill:#FFFFFF" d="M395.9,484.2l-126.9-61c-12.5-6-17.9-21.2-11.8-33.8l61-126.9c6-12.5,21.2-17.9,33.8-11.8
-		c17.2,8.3,27.1,13,27.1,13l-0.1-109.2l16.7-0.1l0.1,117.1c0,0,57.4,24.2,83.1,40.1c3.7,2.3,10.2,6.8,12.9,14.4
-		c2.1,6.1,2,13.1-1,19.3l-61,126.9C423.6,484.9,408.4,490.3,395.9,484.2z"/>
-	<g>
-		<g>
-			<path style="fill:#609926" d="M622.7,149.8c-4.1-4.1-9.6-4-9.6-4s-117.2,6.6-177.9,8c-13.3,0.3-26.5,0.6-39.6,0.7c0,39.1,0,78.2,0,117.2
-				c-5.5-2.6-11.1-5.3-16.6-7.9c0-36.4-0.1-109.2-0.1-109.2c-29,0.4-89.2-2.2-89.2-2.2s-141.4-7.1-156.8-8.5
-				c-9.8-0.6-22.5-2.1-39,1.5c-8.7,1.8-33.5,7.4-53.8,26.9C-4.9,212.4,6.6,276.2,8,285.8c1.7,11.7,6.9,44.2,31.7,72.5
-				c45.8,56.1,144.4,54.8,144.4,54.8s12.1,28.9,30.6,55.5c25,33.1,50.7,58.9,75.7,62c63,0,188.9-0.1,188.9-0.1s12,0.1,28.3-10.3
-				c14-8.5,26.5-23.4,26.5-23.4s12.9-13.8,30.9-45.3c5.5-9.7,10.1-19.1,14.1-28c0,0,55.2-117.1,55.2-231.1
-				C633.2,157.9,624.7,151.8,622.7,149.8z M125.6,353.9c-25.9-8.5-36.9-18.7-36.9-18.7S69.6,321.8,60,295.4
-				c-16.5-44.2-1.4-71.2-1.4-71.2s8.4-22.5,38.5-30c13.8-3.7,31-3.1,31-3.1s7.1,59.4,15.7,94.2c7.2,29.2,24.8,77.7,24.8,77.7
-				S142.5,359.9,125.6,353.9z M425.9,461.5c0,0-6.1,14.5-19.6,15.4c-5.8,0.4-10.3-1.2-10.3-1.2s-0.3-0.1-5.3-2.1l-112.9-55
-				c0,0-10.9-5.7-12.8-15.6c-2.2-8.1,2.7-18.1,2.7-18.1L322,273c0,0,4.8-9.7,12.2-13c0.6-0.3,2.3-1,4.5-1.5c8.1-2.1,18,2.8,18,2.8
-				l110.7,53.7c0,0,12.6,5.7,15.3,16.2c1.9,7.4-0.5,14-1.8,17.2C474.6,363.8,425.9,461.5,425.9,461.5z"/>
-			<path style="fill:#609926" d="M326.8,380.1c-8.2,0.1-15.4,5.8-17.3,13.8c-1.9,8,2,16.3,9.1,20c7.7,4,17.5,1.8,22.7-5.4
-				c5.1-7.1,4.3-16.9-1.8-23.1l24-49.1c1.5,0.1,3.7,0.2,6.2-0.5c4.1-0.9,7.1-3.6,7.1-3.6c4.2,1.8,8.6,3.8,13.2,6.1
-				c4.8,2.4,9.3,4.9,13.4,7.3c0.9,0.5,1.8,1.1,2.8,1.9c1.6,1.3,3.4,3.1,4.7,5.5c1.9,5.5-1.9,14.9-1.9,14.9
-				c-2.3,7.6-18.4,40.6-18.4,40.6c-8.1-0.2-15.3,5-17.7,12.5c-2.6,8.1,1.1,17.3,8.9,21.3c7.8,4,17.4,1.7,22.5-5.3
-				c5-6.8,4.6-16.3-1.1-22.6c1.9-3.7,3.7-7.4,5.6-11.3c5-10.4,13.5-30.4,13.5-30.4c0.9-1.7,5.7-10.3,2.7-21.3
-				c-2.5-11.4-12.6-16.7-12.6-16.7c-12.2-7.9-29.2-15.2-29.2-15.2s0-4.1-1.1-7.1c-1.1-3.1-2.8-5.1-3.9-6.3c4.7-9.7,9.4-19.3,14.1-29
-				c-4.1-2-8.1-4-12.2-6.1c-4.8,9.8-9.7,19.7-14.5,29.5c-6.7-0.1-12.9,3.5-16.1,9.4c-3.4,6.3-2.7,14.1,1.9,19.8
-				C343.2,346.5,335,363.3,326.8,380.1z"/>
-		</g>
-	</g>
-</g>
-</svg>
--- a/build.go
+++ b/build.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build vendor
+// +build vendor

 package main

--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,284 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"regexp"
-	"strconv"
-	"strings"
-
-	"code.gitea.io/gitea/build/codeformat"
-)
-
-// Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt/misspell) batch by batch
-
-// We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.
-
-var optionLogVerbose bool
-
-func logVerbose(msg string, args ...interface{}) {
-	if optionLogVerbose {
-		log.Printf(msg, args...)
-	}
-}
-
-func passThroughCmd(cmd string, args []string) error {
-	foundCmd, err := exec.LookPath(cmd)
-	if err != nil {
-		log.Fatalf("can not find cmd: %s", cmd)
-	}
-	c := exec.Cmd{
-		Path:   foundCmd,
-		Args:   append([]string{cmd}, args...),
-		Stdin:  os.Stdin,
-		Stdout: os.Stdout,
-		Stderr: os.Stderr,
-	}
-	return c.Run()
-}
-
-type fileCollector struct {
-	dirs            []string
-	includePatterns []*regexp.Regexp
-	excludePatterns []*regexp.Regexp
-	batchSize       int
-}
-
-func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error) {
-	co := &fileCollector{batchSize: batchSize}
-	if fileFilter == "go-own" {
-		co.dirs = []string{
-			"build",
-			"cmd",
-			"contrib",
-			"integrations",
-			"models",
-			"modules",
-			"routers",
-			"services",
-			"tools",
-		}
-		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))
-
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`services/gitdiff/testdata`))
-	}
-
-	if co.dirs == nil {
-		return nil, fmt.Errorf("unknown file-filter: %s", fileFilter)
-	}
-	return co, nil
-}
-
-func (fc *fileCollector) matchPatterns(path string, regexps []*regexp.Regexp) bool {
-	path = strings.ReplaceAll(path, "\\", "/")
-	for _, re := range regexps {
-		if re.MatchString(path) {
-			return true
-		}
-	}
-	return false
-}
-
-func (fc *fileCollector) collectFiles() (res [][]string, err error) {
-	var batch []string
-	for _, dir := range fc.dirs {
-		err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
-			include := len(fc.includePatterns) == 0 || fc.matchPatterns(path, fc.includePatterns)
-			exclude := fc.matchPatterns(path, fc.excludePatterns)
-			process := include && !exclude
-			if !process {
-				if d.IsDir() {
-					if exclude {
-						logVerbose("exclude dir %s", path)
-						return filepath.SkipDir
-					}
-					// for a directory, if it is not excluded explicitly, we should walk into
-					return nil
-				}
-				// for a file, we skip it if it shouldn't be processed
-				logVerbose("skip process %s", path)
-				return nil
-			}
-			if d.IsDir() {
-				// skip dir, we don't add dirs to the file list now
-				return nil
-			}
-			if len(batch) >= fc.batchSize {
-				res = append(res, batch)
-				batch = nil
-			}
-			batch = append(batch, path)
-			return nil
-		})
-		if err != nil {
-			return nil, err
-		}
-	}
-	res = append(res, batch)
-	return res, nil
-}
-
-// substArgFiles expands the {file-list} to a real file list for commands
-func substArgFiles(args, files []string) []string {
-	for i, s := range args {
-		if s == "{file-list}" {
-			newArgs := append(args[:i], files...)
-			newArgs = append(newArgs, args[i+1:]...)
-			return newArgs
-		}
-	}
-	return args
-}
-
-func exitWithCmdErrors(subCmd string, subArgs []string, cmdErrors []error) {
-	for _, err := range cmdErrors {
-		if err != nil {
-			if exitError, ok := err.(*exec.ExitError); ok {
-				exitCode := exitError.ExitCode()
-				log.Printf("run command failed (code=%d): %s %v", exitCode, subCmd, subArgs)
-				os.Exit(exitCode)
-			} else {
-				log.Fatalf("run command failed (err=%s) %s %v", err, subCmd, subArgs)
-			}
-		}
-	}
-}
-
-func parseArgs() (mainOptions map[string]string, subCmd string, subArgs []string) {
-	mainOptions = map[string]string{}
-	for i := 1; i < len(os.Args); i++ {
-		arg := os.Args[i]
-		if arg == "" {
-			break
-		}
-		if arg[0] == '-' {
-			arg = strings.TrimPrefix(arg, "-")
-			arg = strings.TrimPrefix(arg, "-")
-			fields := strings.SplitN(arg, "=", 2)
-			if len(fields) == 1 {
-				mainOptions[fields[0]] = "1"
-			} else {
-				mainOptions[fields[0]] = fields[1]
-			}
-		} else {
-			subCmd = arg
-			subArgs = os.Args[i+1:]
-			break
-		}
-	}
-	return
-}
-
-func showUsage() {
-	fmt.Printf(`Usage: %[1]s [options] {command} [arguments]
-
-Options:
-  --verbose
-  --file-filter=go-own
-  --batch-size=100
-
-Commands:
-  %[1]s gofmt ...
-  %[1]s misspell ...
-
-Arguments:
-  {file-list}     the file list
-
-Example:
-  %[1]s gofmt -s -d {file-list}
-
-`, "file-batch-exec")
-}
-
-func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
-	fileFilter := mainOptions["file-filter"]
-	if fileFilter == "" {
-		fileFilter = "go-own"
-	}
-	batchSize, _ := strconv.Atoi(mainOptions["batch-size"])
-	if batchSize == 0 {
-		batchSize = 100
-	}
-
-	return newFileCollector(fileFilter, batchSize)
-}
-
-func containsString(a []string, s string) bool {
-	for _, v := range a {
-		if v == s {
-			return true
-		}
-	}
-	return false
-}
-
-func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
-	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
-			log.Printf("failed to format go imports: %s, err=%v", file, err)
-			return err
-		}
-	}
-	return nil
-}
-
-func main() {
-	mainOptions, subCmd, subArgs := parseArgs()
-	if subCmd == "" {
-		showUsage()
-		os.Exit(1)
-	}
-	optionLogVerbose = mainOptions["verbose"] != ""
-
-	fc, err := newFileCollectorFromMainOptions(mainOptions)
-	if err != nil {
-		log.Fatalf("can not create file collector: %s", err.Error())
-	}
-
-	fileBatches, err := fc.collectFiles()
-	if err != nil {
-		log.Fatalf("can not collect files: %s", err.Error())
-	}
-
-	processed := 0
-	var cmdErrors []error
-	for _, files := range fileBatches {
-		if len(files) == 0 {
-			break
-		}
-		substArgs := substArgFiles(subArgs, files)
-		logVerbose("batch cmd: %s %v", subCmd, substArgs)
-		switch subCmd {
-		case "gitea-fmt":
-			if containsString(subArgs, "-d") {
-				log.Print("the -d option is not supported by gitea-fmt")
-			}
-			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
-		case "misspell":
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
-		default:
-			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
-		}
-		processed += len(files)
-	}
-
-	logVerbose("processed %d files", processed)
-	exitWithCmdErrors(subCmd, subArgs, cmdErrors)
-}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,201 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package codeformat
-
-import (
-	"bytes"
-	"errors"
-	"fmt"
-	"io"
-	"os"
-	"sort"
-	"strings"
-)
-
-var importPackageGroupOrders = map[string]int{
-	"":                     1, // internal
-	"code.gitea.io/gitea/": 2,
-}
-
-var errInvalidCommentBetweenImports = errors.New("comments between imported packages are invalid, please move comments to the end of the package line")
-
-var (
-	importBlockBegin = []byte("\nimport (\n")
-	importBlockEnd   = []byte("\n)")
-)
-
-type importLineParsed struct {
-	group   string
-	pkg     string
-	content string
-}
-
-func parseImportLine(line string) (*importLineParsed, error) {
-	il := &importLineParsed{content: line}
-	p1 := strings.IndexRune(line, '"')
-	if p1 == -1 {
-		return nil, errors.New("invalid import line: " + line)
-	}
-	p1++
-	p := strings.IndexRune(line[p1:], '"')
-	if p == -1 {
-		return nil, errors.New("invalid import line: " + line)
-	}
-	p2 := p1 + p
-	il.pkg = line[p1:p2]
-
-	pDot := strings.IndexRune(il.pkg, '.')
-	pSlash := strings.IndexRune(il.pkg, '/')
-	if pDot != -1 && pDot < pSlash {
-		il.group = "domain-package"
-	}
-	for groupName := range importPackageGroupOrders {
-		if groupName == "" {
-			continue // skip internal
-		}
-		if strings.HasPrefix(il.pkg, groupName) {
-			il.group = groupName
-		}
-	}
-	return il, nil
-}
-
-type (
-	importLineGroup    []*importLineParsed
-	importLineGroupMap map[string]importLineGroup
-)
-
-func formatGoImports(contentBytes []byte) ([]byte, error) {
-	p1 := bytes.Index(contentBytes, importBlockBegin)
-	if p1 == -1 {
-		return nil, nil
-	}
-	p1 += len(importBlockBegin)
-	p := bytes.Index(contentBytes[p1:], importBlockEnd)
-	if p == -1 {
-		return nil, nil
-	}
-	p2 := p1 + p
-
-	importGroups := importLineGroupMap{}
-	r := bytes.NewBuffer(contentBytes[p1:p2])
-	eof := false
-	for !eof {
-		line, err := r.ReadString('\n')
-		eof = err == io.EOF
-		if err != nil && !eof {
-			return nil, err
-		}
-		line = strings.TrimSpace(line)
-		if line != "" {
-			if strings.HasPrefix(line, "//") || strings.HasPrefix(line, "/*") {
-				return nil, errInvalidCommentBetweenImports
-			}
-			importLine, err := parseImportLine(line)
-			if err != nil {
-				return nil, err
-			}
-			importGroups[importLine.group] = append(importGroups[importLine.group], importLine)
-		}
-	}
-
-	var groupNames []string
-	for groupName, importLines := range importGroups {
-		groupNames = append(groupNames, groupName)
-		sort.Slice(importLines, func(i, j int) bool {
-			return strings.Compare(importLines[i].pkg, importLines[j].pkg) < 0
-		})
-	}
-
-	sort.Slice(groupNames, func(i, j int) bool {
-		n1 := groupNames[i]
-		n2 := groupNames[j]
-		o1 := importPackageGroupOrders[n1]
-		o2 := importPackageGroupOrders[n2]
-		if o1 != 0 && o2 != 0 {
-			return o1 < o2
-		}
-		if o1 == 0 && o2 == 0 {
-			return strings.Compare(n1, n2) < 0
-		}
-		return o1 != 0
-	})
-
-	formattedBlock := bytes.Buffer{}
-	for _, groupName := range groupNames {
-		hasNormalImports := false
-		hasDummyImports := false
-		// non-dummy import comes first
-		for _, importLine := range importGroups[groupName] {
-			if strings.HasPrefix(importLine.content, "_") {
-				hasDummyImports = true
-			} else {
-				formattedBlock.WriteString("\t" + importLine.content + "\n")
-				hasNormalImports = true
-			}
-		}
-		// dummy (_ "pkg") comes later
-		if hasDummyImports {
-			if hasNormalImports {
-				formattedBlock.WriteString("\n")
-			}
-			for _, importLine := range importGroups[groupName] {
-				if strings.HasPrefix(importLine.content, "_") {
-					formattedBlock.WriteString("\t" + importLine.content + "\n")
-				}
-			}
-		}
-		formattedBlock.WriteString("\n")
-	}
-	formattedBlockBytes := bytes.TrimRight(formattedBlock.Bytes(), "\n")
-
-	var formattedBytes []byte
-	formattedBytes = append(formattedBytes, contentBytes[:p1]...)
-	formattedBytes = append(formattedBytes, formattedBlockBytes...)
-	formattedBytes = append(formattedBytes, contentBytes[p2:]...)
-	return formattedBytes, nil
-}
-
-// FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
-	f, err := os.Open(file)
-	if err != nil {
-		return err
-	}
-	var contentBytes []byte
-	{
-		defer f.Close()
-		contentBytes, err = io.ReadAll(f)
-		if err != nil {
-			return err
-		}
-	}
-	formattedBytes, err := formatGoImports(contentBytes)
-	if err != nil {
-		return err
-	}
-	if formattedBytes == nil {
-		return nil
-	}
-	if bytes.Equal(contentBytes, formattedBytes) {
-		return nil
-	}
-
-	if doChangedFiles {
-		fmt.Println(file)
-	}
-
-	if doWriteFile {
-		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
-		if err != nil {
-			return err
-		}
-		defer f.Close()
-		_, err = f.Write(formattedBytes)
-		return err
-	}
-
-	return err
-}
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,125 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package codeformat
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestFormatImportsSimple(t *testing.T) {
-	formatted, err := formatGoImports([]byte(`
-package codeformat
-
-import (
-	"github.com/stretchr/testify/assert"
-	"testing"
-)
-`))
-
-	expected := `
-package codeformat
-
-import (
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-`
-
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(formatted))
-}
-
-func TestFormatImportsGroup(t *testing.T) {
-	// gofmt/goimports won't group the packages, for example, they produce such code:
-	//     "bytes"
-	//     "image"
-	//        (a blank line)
-	//     "fmt"
-	//     "image/color/palette"
-	// our formatter does better, and these packages are grouped into one.
-
-	formatted, err := formatGoImports([]byte(`
-package test
-
-import (
-	"bytes"
-	"fmt"
-	"image"
-	"image/color"
-
-	_ "image/gif"  // for processing gif images
-	_ "image/jpeg" // for processing jpeg images
-	_ "image/png"  // for processing png images
-
-	"code.gitea.io/other/package"
-
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-  "xorm.io/the/package"
-
-	"github.com/issue9/identicon"
-	"github.com/nfnt/resize"
-	"github.com/oliamb/cutter"
-)
-`))
-
-	expected := `
-package test
-
-import (
-	"bytes"
-	"fmt"
-	"image"
-	"image/color"
-
-	_ "image/gif"  // for processing gif images
-	_ "image/jpeg" // for processing jpeg images
-	_ "image/png"  // for processing png images
-
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-	"code.gitea.io/other/package"
-	"github.com/issue9/identicon"
-	"github.com/nfnt/resize"
-	"github.com/oliamb/cutter"
-	"xorm.io/the/package"
-)
-`
-
-	assert.NoError(t, err)
-	assert.Equal(t, expected, string(formatted))
-}
-
-func TestFormatImportsInvalidComment(t *testing.T) {
-	// why we shouldn't write comments between imports: it breaks the grouping of imports
-	// for example:
-	//    "pkg1"
-	//    "pkg2"
-	//    // a comment
-	//    "pkgA"
-	//    "pkgB"
-	// the comment splits the packages into two groups, pkg1/2 are sorted separately, pkgA/B are sorted separately
-	// we don't want such code, so the code should be:
-	//    "pkg1"
-	//    "pkg2"
-	//    "pkgA" // a comment
-	//    "pkgB"
-
-	_, err := formatGoImports([]byte(`
-package test
-
-import (
-  "image/jpeg"
-	// for processing gif images
-	"image/gif"
-)
-`))
-	assert.ErrorIs(t, err, errInvalidCommentBetweenImports)
-}
--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

@@ -10,6 +11,7 @@ import (
 	"bytes"
 	"crypto/sha1"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -19,14 +21,14 @@ import (
 	"github.com/shurcooL/vfsgen"
 )

-func needsUpdate(dir, filename string) (bool, []byte) {
+func needsUpdate(dir string, filename string) (bool, []byte) {
 	needRegen := false
 	_, err := os.Stat(filename)
 	if err != nil {
 		needRegen = true
 	}

-	oldHash, err := os.ReadFile(filename + ".hash")
+	oldHash, err := ioutil.ReadFile(filename + ".hash")
 	if err != nil {
 		oldHash = []byte{}
 	}
@@ -49,6 +51,7 @@ func needsUpdate(dir, filename string) (bool, []byte) {
 	newHash := hasher.Sum([]byte{})

 	if bytes.Compare(oldHash, newHash) != 0 {
+
 		return true, newHash
 	}

@@ -56,15 +59,11 @@ func needsUpdate(dir, filename string) (bool, []byte) {
 }

 func main() {
-	if len(os.Args) < 4 {
+	if len(os.Args) != 4 {
 		log.Fatal("Insufficient number of arguments. Need: directory packageName filename")
 	}

 	dir, packageName, filename := os.Args[1], os.Args[2], os.Args[3]
-	var useGlobalModTime bool
-	if len(os.Args) == 5 {
-		useGlobalModTime, _ = strconv.ParseBool(os.Args[4])
-	}

 	update, newHash := needsUpdate(dir, filename)

@@ -76,14 +75,13 @@ func main() {
 	fmt.Printf("generating bindata for %s\n", packageName)
 	var fsTemplates http.FileSystem = http.Dir(dir)
 	err := vfsgen.Generate(fsTemplates, vfsgen.Options{
-		PackageName:      packageName,
-		BuildTags:        "bindata",
-		VariableName:     "Assets",
-		Filename:         filename,
-		UseGlobalModTime: useGlobalModTime,
+		PackageName:  packageName,
+		BuildTags:    "bindata",
+		VariableName: "Assets",
+		Filename:     filename,
 	})
 	if err != nil {
 		log.Fatalf("%v\n", err)
 	}
-	_ = os.WriteFile(filename+".hash", newHash, 0o666)
+	_ = ioutil.WriteFile(filename+".hash", newHash, 0666)
 }
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -4,6 +4,7 @@
 // license that can be found in the LICENSE file.

 //go:build ignore
+// +build ignore

 package main

@@ -11,17 +12,16 @@ import (
 	"flag"
 	"fmt"
 	"go/format"
-	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
-	"os"
 	"regexp"
 	"sort"
 	"strconv"
 	"strings"
 	"unicode/utf8"

-	"code.gitea.io/gitea/modules/json"
+	jsoniter "github.com/json-iterator/go"
 )

 const (
@@ -29,7 +29,9 @@ const (
 	maxUnicodeVersion = 12
 )

-var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
+var (
+	flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
+)

 // Gemoji is a set of emoji data.
 type Gemoji []Emoji
@@ -50,6 +52,7 @@ func (e Emoji) MarshalJSON() ([]byte, error) {
 	x.UnicodeVersion = ""
 	x.Description = ""
 	x.SkinTones = false
+	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	return json.Marshal(x)
 }

@@ -65,7 +68,7 @@ func main() {
 	}

 	// write
-	err = os.WriteFile(*flagOut, buf, 0o644)
+	err = ioutil.WriteFile(*flagOut, buf, 0644)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -94,19 +97,20 @@ func generate() ([]byte, error) {
 	defer res.Body.Close()

 	// read all
-	body, err := io.ReadAll(res.Body)
+	body, err := ioutil.ReadAll(res.Body)
 	if err != nil {
 		return nil, err
 	}

 	// unmarshal
 	var data Gemoji
+	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	err = json.Unmarshal(body, &data)
 	if err != nil {
 		return nil, err
 	}

-	skinTones := make(map[string]string)
+	var skinTones = make(map[string]string)

 	skinTones["\U0001f3fb"] = "Light Skin Tone"
 	skinTones["\U0001f3fc"] = "Medium-Light Skin Tone"
@@ -116,7 +120,7 @@ func generate() ([]byte, error) {

 	var tmp Gemoji

-	// filter out emoji that require greater than max unicode version
+	//filter out emoji that require greater than max unicode version
 	for i := range data {
 		val, _ := strconv.ParseFloat(data[i].UnicodeVersion, 64)
 		if int(val) <= maxUnicodeVersion {
@@ -155,7 +159,7 @@ func generate() ([]byte, error) {

 	// write a JSON file to use with tribute (write before adding skin tones since we can't support them there yet)
 	file, _ := json.Marshal(data)
-	_ = os.WriteFile("assets/emoji.json", file, 0o644)
+	_ = ioutil.WriteFile("assets/emoji.json", file, 0644)

 	// Add skin tones to emoji that support it
 	var (
--- a/build/generate-gitignores.go
+++ b/build/generate-gitignores.go
@@ -1,4 +1,5 @@
 //go:build ignore
+// +build ignore

 package main

@@ -8,6 +9,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -32,7 +34,8 @@ func main() {
 	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()

-	file, err := os.CreateTemp(os.TempDir(), prefix)
+	file, err := ioutil.TempFile(os.TempDir(), prefix)
+
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -63,6 +66,7 @@ func main() {
 	}

 	gz, err := gzip.NewReader(file)
+
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -93,6 +97,7 @@ func main() {
 		}

 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".gitignore")))
+
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
@@ -109,13 +114,13 @@ func main() {
 	for dst, src := range filesToCopy {
 		// Read all content of src to data
 		src = path.Join(destination, src)
-		data, err := os.ReadFile(src)
+		data, err := ioutil.ReadFile(src)
 		if err != nil {
 			log.Fatalf("Failed to read src file. %s", err)
 		}
 		// Write data to dst
 		dst = path.Join(destination, dst)
-		err = os.WriteFile(dst, data, 0o644)
+		err = ioutil.WriteFile(dst, data, 0644)
 		if err != nil {
 			log.Fatalf("Failed to write new file. %s", err)
 		}
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -1,8 +1,13 @@
-#!/usr/bin/env node
 import imageminZopfli from 'imagemin-zopfli';
-import {optimize} from 'svgo';
+import {optimize, extendDefaultPlugins} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'fs/promises';
+import fs from 'fs';
+import {resolve, dirname} from 'path';
+import {fileURLToPath} from 'url';
+
+const {readFile, writeFile} = fs.promises;
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const logoFile = resolve(__dirname, '../assets/logo.svg');

 function exit(err) {
  if (err) console.error(err);
@@ -17,19 +22,16 @@ function loadSvg(svg) {
  });
 }

-async function generate(svg, path, {size, bg}) {
-  const outputFile = new URL(path, import.meta.url);
-
-  if (String(outputFile).endsWith('.svg')) {
+async function generate(svg, outputFile, {size, bg}) {
+  if (outputFile.endsWith('.svg')) {
    const {data} = optimize(svg, {
-      plugins: [
-        'preset-default',
+      plugins: extendDefaultPlugins([
        'removeDimensions',
        {
          name: 'addAttributesToSVGElement',
          params: {attributes: [{width: size}, {height: size}]}
        },
-      ],
+      ]),
    });
    await writeFile(outputFile, data);
    return;
@@ -65,18 +67,17 @@ async function generate(svg, path, {size, bg}) {

 async function main() {
  const gitea = process.argv.slice(2).includes('gitea');
-  const logoSvg = await readFile(new URL('../assets/logo.svg', import.meta.url), 'utf8');
-  const faviconSvg = await readFile(new URL('../assets/favicon.svg', import.meta.url), 'utf8');
+  const svg = await readFile(logoFile, 'utf8');

  await Promise.all([
-    generate(logoSvg, '../public/img/logo.svg', {size: 32}),
-    generate(logoSvg, '../public/img/logo.png', {size: 512}),
-    generate(faviconSvg, '../public/img/favicon.svg', {size: 32}),
-    generate(faviconSvg, '../public/img/favicon.png', {size: 180}),
-    generate(logoSvg, '../public/img/avatar_default.png', {size: 200}),
-    generate(logoSvg, '../public/img/apple-touch-icon.png', {size: 180, bg: true}),
-    gitea && generate(logoSvg, '../public/img/gitea.svg', {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.svg'), {size: 32}),
+    generate(svg, resolve(__dirname, '../public/img/logo.png'), {size: 512}),
+    generate(svg, resolve(__dirname, '../public/img/favicon.png'), {size: 180}),
+    generate(svg, resolve(__dirname, '../public/img/avatar_default.png'), {size: 200}),
+    generate(svg, resolve(__dirname, '../public/img/apple-touch-icon.png'), {size: 180, bg: true}),
+    gitea && generate(svg, resolve(__dirname, '../public/img/gitea.svg'), {size: 32}),
  ]);
 }

 main().then(exit).catch(exit);
+
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -1,4 +1,5 @@
 //go:build ignore
+// +build ignore

 package main

@@ -8,6 +9,7 @@ import (
 	"flag"
 	"fmt"
 	"io"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"os"
@@ -32,7 +34,8 @@ func main() {
 	flag.StringVar(&githubApiToken, "token", "", "github api token")
 	flag.Parse()

-	file, err := os.CreateTemp(os.TempDir(), prefix)
+	file, err := ioutil.TempFile(os.TempDir(), prefix)
+
 	if err != nil {
 		log.Fatalf("Failed to create temp file. %s", err)
 	}
@@ -64,6 +67,7 @@ func main() {
 	}

 	gz, err := gzip.NewReader(file)
+
 	if err != nil {
 		log.Fatalf("Failed to gunzip the archive. %s", err)
 	}
@@ -97,6 +101,7 @@ func main() {
 			continue
 		}
 		out, err := os.Create(path.Join(destination, strings.TrimSuffix(filepath.Base(hdr.Name), ".txt")))
+
 		if err != nil {
 			log.Fatalf("Failed to create new file. %s", err)
 		}
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,14 +1,13 @@
-#!/usr/bin/env node
 import fastGlob from 'fast-glob';
-import {optimize} from 'svgo';
-import {parse} from 'path';
-import {readFile, writeFile, mkdir} from 'fs/promises';
+import {optimize, extendDefaultPlugins} from 'svgo';
+import {resolve, parse, dirname} from 'path';
+import fs from 'fs';
 import {fileURLToPath} from 'url';

-const glob = (pattern) => fastGlob.sync(pattern, {
-  cwd: fileURLToPath(new URL('..', import.meta.url)),
-  absolute: true,
-});
+const {readFile, writeFile, mkdir} = fs.promises;
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const glob = (pattern) => fastGlob.sync(pattern, {cwd: resolve(__dirname), absolute: true});
+const outputDir = resolve(__dirname, '../public/img/svg');

 function exit(err) {
  if (err) console.error(err);
@@ -17,6 +16,7 @@ function exit(err) {

 async function processFile(file, {prefix, fullName} = {}) {
  let name;
+
  if (fullName) {
    name = fullName;
  } else {
@@ -26,17 +26,21 @@ async function processFile(file, {prefix, fullName} = {}) {
  }

  const {data} = optimize(await readFile(file, 'utf8'), {
-    plugins: [
-      {name: 'preset-default'},
-      {name: 'removeXMLNS'},
-      {name: 'removeDimensions'},
+    plugins: extendDefaultPlugins([
+      'removeXMLNS',
+      'removeDimensions',
      {name: 'prefixIds', params: {prefix: () => name}},
-      {name: 'addClassesToSVGElement', params: {classNames: ['svg', name]}},
-      {name: 'addAttributesToSVGElement', params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]}},
-    ],
+      {
+        name: 'addClassesToSVGElement',
+        params: {classNames: ['svg', name]},
+      },
+      {
+        name: 'addAttributesToSVGElement',
+        params: {attributes: [{'width': '16'}, {'height': '16'}, {'aria-hidden': 'true'}]},
+      },
+    ]),
  });
-
-  await writeFile(fileURLToPath(new URL(`../public/img/svg/${name}.svg`, import.meta.url)), data);
+  await writeFile(resolve(outputDir, `${name}.svg`), data);
 }

 function processFiles(pattern, opts) {
@@ -45,14 +49,15 @@ function processFiles(pattern, opts) {

 async function main() {
  try {
-    await mkdir(fileURLToPath(new URL('../public/img/svg', import.meta.url)), {recursive: true});
+    await mkdir(outputDir);
  } catch {}

  await Promise.all([
-    ...processFiles('node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
-    ...processFiles('web_src/svg/*.svg'),
-    ...processFiles('public/img/gitea.svg', {fullName: 'gitea-gitea'}),
+    ...processFiles('../node_modules/@primer/octicons/build/svg/*-16.svg', {prefix: 'octicon'}),
+    ...processFiles('../web_src/svg/*.svg'),
+    ...processFiles('../public/img/gitea.svg', {fullName: 'gitea-gitea'}),
  ]);
 }

 main().then(exit).catch(exit);
+
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -1,26 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-//go:build ignore
-
-package main
-
-import (
-	"log"
-	"os"
-
-	"code.gitea.io/gitea/build/codeformat"
-)
-
-func main() {
-	if len(os.Args) <= 1 {
-		log.Fatalf("Usage: gitea-format-imports [files...]")
-	}
-
-	for _, file := range os.Args[1:] {
-		if err := codeformat.FormatGoImports(file); err != nil {
-			log.Fatalf("can not format file %s, err=%v", file, err)
-		}
-	}
-}
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -7,6 +7,7 @@
 // merges them into one profile

 //go:build ignore
+// +build ignore

 package main

@@ -21,7 +22,7 @@ import (
 	"golang.org/x/tools/cover"
 )

-func mergeProfiles(p, merge *cover.Profile) {
+func mergeProfiles(p *cover.Profile, merge *cover.Profile) {
 	if p.Mode != merge.Mode {
 		log.Fatalf("cannot merge profiles with different modes")
 	}
@@ -108,7 +109,7 @@ func main() {
 	for _, file := range flag.Args() {
 		profiles, err := cover.ParseProfiles(file)
 		if err != nil {
-			log.Fatalf("failed to parse profile '%s': %v", file, err)
+			log.Fatalf("failed to parse profiles: %v", err)
 		}
 		for _, p := range profiles {
 			merged = addProfile(merged, p)
--- a/build/test-env-check.sh
+++ b/build/test-env-check.sh
@@ -1,24 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ ! -f ./build/test-env-check.sh ]; then
-  echo "${0} can only be executed in gitea source root directory"
-  exit 1
-fi
-
-
-echo "check uid ..."
-
-# the uid of gitea defined in "https://gitea.com/gitea/test-env" is 1000
-gitea_uid=$(id -u gitea)
-if [ "$gitea_uid" != "1000" ]; then
-  echo "The uid of linux user 'gitea' is expected to be 1000, but it is $gitea_uid"
-  exit 1
-fi
-
-cur_uid=$(id -u)
-if [ "$cur_uid" != "0" -a "$cur_uid" != "$gitea_uid" ]; then
-  echo "The uid of current linux user is expected to be 0 or $gitea_uid, but it is $cur_uid"
-  exit 1
-fi
--- a/build/test-env-prepare.sh
+++ b/build/test-env-prepare.sh
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-set -e
-
-if [ ! -f ./build/test-env-prepare.sh ]; then
-  echo "${0} can only be executed in gitea source root directory"
-  exit 1
-fi
-
-echo "change the owner of files to gitea ..."
-chown -R gitea:gitea .
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -14,11 +14,7 @@ import (
 	"text/tabwriter"

 	"code.gitea.io/gitea/models"
-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/models/db"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
+	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
@@ -26,12 +22,6 @@ import (
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
-	"code.gitea.io/gitea/modules/util"
-	auth_service "code.gitea.io/gitea/services/auth"
-	"code.gitea.io/gitea/services/auth/source/oauth2"
-	"code.gitea.io/gitea/services/auth/source/smtp"
-	repo_service "code.gitea.io/gitea/services/repository"
-	user_service "code.gitea.io/gitea/services/user"

 	"github.com/urfave/cli"
 )
@@ -58,7 +48,6 @@ var (
 			microcmdUserList,
 			microcmdUserChangePassword,
 			microcmdUserDelete,
-			microcmdUserGenerateAccessToken,
 		},
 	}

@@ -116,10 +105,6 @@ var (
 				Name:  "access-token",
 				Usage: "Generate access token for the user",
 			},
-			cli.BoolFlag{
-				Name:  "restricted",
-				Usage: "Make a restricted user account",
-			},
 		},
 	}

@@ -161,27 +146,6 @@ var (
 		Action: runDeleteUser,
 	}

-	microcmdUserGenerateAccessToken = cli.Command{
-		Name:  "generate-access-token",
-		Usage: "Generate a access token for a specific user",
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "username,u",
-				Usage: "Username",
-			},
-			cli.StringFlag{
-				Name:  "token-name,t",
-				Usage: "Token name",
-				Value: "gitea-admin",
-			},
-			cli.BoolFlag{
-				Name:  "raw",
-				Usage: "Display only the token value",
-			},
-		},
-		Action: runGenerateAccessToken,
-	}
-
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -219,8 +183,6 @@ var (
 			cmdAuthUpdateLdapBindDn,
 			cmdAuthAddLdapSimpleAuth,
 			cmdAuthUpdateLdapSimpleAuth,
-			microcmdAuthAddSMTP,
-			microcmdAuthUpdateSMTP,
 			microcmdAuthList,
 			microcmdAuthDelete,
 		},
@@ -326,40 +288,6 @@ var (
 			Value: "",
 			Usage: "Custom icon URL for OAuth2 login source",
 		},
-		cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		cli.StringSliceFlag{
-			Name:  "scopes",
-			Value: nil,
-			Usage: "Scopes to request when to authenticate against this OAuth2 source",
-		},
-		cli.StringFlag{
-			Name:  "required-claim-name",
-			Value: "",
-			Usage: "Claim name that has to be set to allow users to login with this source",
-		},
-		cli.StringFlag{
-			Name:  "required-claim-value",
-			Value: "",
-			Usage: "Claim value that has to be set to allow users to login with this source",
-		},
-		cli.StringFlag{
-			Name:  "group-claim-name",
-			Value: "",
-			Usage: "Claim name providing group names for this source",
-		},
-		cli.StringFlag{
-			Name:  "admin-group",
-			Value: "",
-			Usage: "Group Claim value for administrator users",
-		},
-		cli.StringFlag{
-			Name:  "restricted-group",
-			Value: "",
-			Usage: "Group Claim value for restricted users",
-		},
 	}

 	microcmdAuthUpdateOauth = cli.Command{
@@ -397,72 +325,6 @@ var (
 			},
 		},
 	}
-
-	smtpCLIFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "name",
-			Value: "",
-			Usage: "Application Name",
-		},
-		cli.StringFlag{
-			Name:  "auth-type",
-			Value: "PLAIN",
-			Usage: "SMTP Authentication Type (PLAIN/LOGIN/CRAM-MD5) default PLAIN",
-		},
-		cli.StringFlag{
-			Name:  "host",
-			Value: "",
-			Usage: "SMTP Host",
-		},
-		cli.IntFlag{
-			Name:  "port",
-			Usage: "SMTP Port",
-		},
-		cli.BoolTFlag{
-			Name:  "force-smtps",
-			Usage: "SMTPS is always used on port 465. Set this to force SMTPS on other ports.",
-		},
-		cli.BoolTFlag{
-			Name:  "skip-verify",
-			Usage: "Skip TLS verify.",
-		},
-		cli.StringFlag{
-			Name:  "helo-hostname",
-			Value: "",
-			Usage: "Hostname sent with HELO. Leave blank to send current hostname",
-		},
-		cli.BoolTFlag{
-			Name:  "disable-helo",
-			Usage: "Disable SMTP helo.",
-		},
-		cli.StringFlag{
-			Name:  "allowed-domains",
-			Value: "",
-			Usage: "Leave empty to allow all domains. Separate multiple domains with a comma (',')",
-		},
-		cli.BoolTFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Skip 2FA to log on.",
-		},
-		cli.BoolTFlag{
-			Name:  "active",
-			Usage: "This Authentication Source is Activated.",
-		},
-	}
-
-	microcmdAuthAddSMTP = cli.Command{
-		Name:   "add-smtp",
-		Usage:  "Add new SMTP authentication source",
-		Action: runAddSMTP,
-		Flags:  smtpCLIFlags,
-	}
-
-	microcmdAuthUpdateSMTP = cli.Command{
-		Name:   "update-smtp",
-		Usage:  "Update existing SMTP authentication source",
-		Action: runUpdateSMTP,
-		Flags:  append(smtpCLIFlags[:1], append([]cli.Flag{idFlag}, smtpCLIFlags[1:]...)...),
-	}
 )

 func runChangePassword(c *cli.Context) error {
@@ -470,16 +332,9 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}
-	if len(c.String("password")) < setting.MinPasswordLength {
-		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
-	}
-
 	if !pwd.IsComplexEnough(c.String("password")) {
 		return errors.New("Password does not meet complexity requirements")
 	}
@@ -491,7 +346,7 @@ func runChangePassword(c *cli.Context) error {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
-	user, err := user_model.GetUserByName(ctx, uname)
+	user, err := models.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
@@ -499,7 +354,7 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err = models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}

@@ -531,10 +386,7 @@ func runCreateUser(c *cli.Context) error {
 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -553,11 +405,11 @@ func runCreateUser(c *cli.Context) error {
 	}

 	// always default to true
-	changePassword := true
+	var changePassword = true

 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(nil); n == 0 {
+	if n := models.CountUsers(); n == 0 {
 		changePassword = false
 	}

@@ -565,26 +417,17 @@ func runCreateUser(c *cli.Context) error {
 		changePassword = c.Bool("must-change-password")
 	}

-	restricted := util.OptionalBoolNone
-
-	if c.IsSet("restricted") {
-		restricted = util.OptionalBoolOf(c.Bool("restricted"))
-	}
-
-	u := &user_model.User{
+	u := &models.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
+		IsActive:           true,
 		IsAdmin:            c.Bool("admin"),
 		MustChangePassword: changePassword,
+		Theme:              setting.UI.DefaultTheme,
 	}

-	overwriteDefault := &user_model.CreateUserOverwriteOptions{
-		IsActive:     util.OptionalBoolTrue,
-		IsRestricted: restricted,
-	}
-
-	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
+	if err := models.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}

@@ -606,14 +449,12 @@ func runCreateUser(c *cli.Context) error {
 }

 func runListUsers(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	users, err := user_model.GetAllUsers()
+	users, err := models.GetAllUsers()
+
 	if err != nil {
 		return err
 	}
@@ -637,6 +478,7 @@ func runListUsers(c *cli.Context) error {

 	w.Flush()
 	return nil
+
 }

 func runDeleteUser(c *cli.Context) error {
@@ -644,10 +486,7 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("You must provide the id, username or email of a user to delete")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -656,13 +495,13 @@ func runDeleteUser(c *cli.Context) error {
 	}

 	var err error
-	var user *user_model.User
+	var user *models.User
 	if c.IsSet("email") {
-		user, err = user_model.GetUserByEmail(c.String("email"))
+		user, err = models.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(ctx, c.String("username"))
+		user, err = models.GetUserByName(c.String("username"))
 	} else {
-		user, err = user_model.GetUserByID(c.Int64("id"))
+		user, err = models.GetUserByID(c.Int64("id"))
 	}
 	if err != nil {
 		return err
@@ -675,57 +514,19 @@ func runDeleteUser(c *cli.Context) error {
 		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
 	}

-	return user_service.DeleteUser(user)
-}
-
-func runGenerateAccessToken(c *cli.Context) error {
-	if !c.IsSet("username") {
-		return fmt.Errorf("You must provide the username to generate a token for them")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	user, err := user_model.GetUserByName(ctx, c.String("username"))
-	if err != nil {
-		return err
-	}
-
-	t := &models.AccessToken{
-		Name: c.String("token-name"),
-		UID:  user.ID,
-	}
-
-	if err := models.NewAccessToken(t); err != nil {
-		return err
-	}
-
-	if c.Bool("raw") {
-		fmt.Printf("%s\n", t.Token)
-	} else {
-		fmt.Printf("Access token was successfully created: %s\n", t.Token)
-	}
-
-	return nil
+	return models.DeleteUser(user)
 }

 func runRepoSyncReleases(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
-			ListOptions: db.ListOptions{
-				PageSize: repo_model.RepositoryListDefaultPageSize,
+		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+			ListOptions: models.ListOptions{
+				PageSize: models.RepositoryListDefaultPageSize,
 				Page:     page,
 			},
 			Private: true,
@@ -739,7 +540,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 		log.Trace("Processing next %d repos of %d", len(repos), count)
 		for _, repo := range repos {
 			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
-			gitRepo, err := git.OpenRepository(ctx, repo.RepoPath())
+			gitRepo, err := git.OpenRepository(repo.RepoPath())
 			if err != nil {
 				log.Warn("OpenRepository: %v", err)
 				continue
@@ -783,26 +584,20 @@ func getReleaseCount(id int64) (int64, error) {
 }

 func runRegenerateHooks(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}
-	return repo_service.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
+	return repo_module.SyncRepositoryHooks(graceful.GetManager().ShutdownContext())
 }

 func runRegenerateKeys(_ *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}
-	return asymkey_model.RewriteAllPublicKeys()
+	return models.RewriteAllPublicKeys()
 }

-func parseOAuth2Config(c *cli.Context) *oauth2.Source {
+func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
 	var customURLMapping *oauth2.CustomURLMapping
 	if c.IsSet("use-custom-urls") {
 		customURLMapping = &oauth2.CustomURLMapping{
@@ -814,36 +609,26 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 	} else {
 		customURLMapping = nil
 	}
-	return &oauth2.Source{
+	return &models.OAuth2Config{
 		Provider:                      c.String("provider"),
 		ClientID:                      c.String("key"),
 		ClientSecret:                  c.String("secret"),
 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
 		CustomURLMapping:              customURLMapping,
 		IconURL:                       c.String("icon-url"),
-		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
-		Scopes:                        c.StringSlice("scopes"),
-		RequiredClaimName:             c.String("required-claim-name"),
-		RequiredClaimValue:            c.String("required-claim-value"),
-		GroupClaimName:                c.String("group-claim-name"),
-		AdminGroup:                    c.String("admin-group"),
-		RestrictedGroup:               c.String("restricted-group"),
 	}
 }

 func runAddOauth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	return auth.CreateSource(&auth.Source{
-		Type:     auth.OAuth2,
-		Name:     c.String("name"),
-		IsActive: true,
-		Cfg:      parseOAuth2Config(c),
+	return models.CreateLoginSource(&models.LoginSource{
+		Type:      models.LoginOAuth2,
+		Name:      c.String("name"),
+		IsActived: true,
+		Cfg:       parseOAuth2Config(c),
 	})
 }

@@ -852,19 +637,16 @@ func runUpdateOauth(c *cli.Context) error {
 		return fmt.Errorf("--id flag is missing")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}

-	oAuth2Config := source.Cfg.(*oauth2.Source)
+	oAuth2Config := source.OAuth2()

 	if c.IsSet("name") {
 		source.Name = c.String("name")
@@ -890,29 +672,8 @@ func runUpdateOauth(c *cli.Context) error {
 		oAuth2Config.IconURL = c.String("icon-url")
 	}

-	if c.IsSet("scopes") {
-		oAuth2Config.Scopes = c.StringSlice("scopes")
-	}
-
-	if c.IsSet("required-claim-name") {
-		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
-	}
-	if c.IsSet("required-claim-value") {
-		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
-	}
-
-	if c.IsSet("group-claim-name") {
-		oAuth2Config.GroupClaimName = c.String("group-claim-name")
-	}
-	if c.IsSet("admin-group") {
-		oAuth2Config.AdminGroup = c.String("admin-group")
-	}
-	if c.IsSet("restricted-group") {
-		oAuth2Config.RestrictedGroup = c.String("restricted-group")
-	}
-
 	// update custom URL mapping
-	customURLMapping := &oauth2.CustomURLMapping{}
+	var customURLMapping = &oauth2.CustomURLMapping{}

 	if oAuth2Config.CustomURLMapping != nil {
 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@@ -939,130 +700,16 @@ func runUpdateOauth(c *cli.Context) error {
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

-	return auth.UpdateSource(source)
-}
-
-func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
-	if c.IsSet("auth-type") {
-		conf.Auth = c.String("auth-type")
-		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
-			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
-		}
-		conf.Auth = c.String("auth-type")
-	}
-	if c.IsSet("host") {
-		conf.Host = c.String("host")
-	}
-	if c.IsSet("port") {
-		conf.Port = c.Int("port")
-	}
-	if c.IsSet("allowed-domains") {
-		conf.AllowedDomains = c.String("allowed-domains")
-	}
-	if c.IsSet("force-smtps") {
-		conf.ForceSMTPS = c.BoolT("force-smtps")
-	}
-	if c.IsSet("skip-verify") {
-		conf.SkipVerify = c.BoolT("skip-verify")
-	}
-	if c.IsSet("helo-hostname") {
-		conf.HeloHostname = c.String("helo-hostname")
-	}
-	if c.IsSet("disable-helo") {
-		conf.DisableHelo = c.BoolT("disable-helo")
-	}
-	if c.IsSet("skip-local-2fa") {
-		conf.SkipLocalTwoFA = c.BoolT("skip-local-2fa")
-	}
-	return nil
-}
-
-func runAddSMTP(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if !c.IsSet("name") || len(c.String("name")) == 0 {
-		return errors.New("name must be set")
-	}
-	if !c.IsSet("host") || len(c.String("host")) == 0 {
-		return errors.New("host must be set")
-	}
-	if !c.IsSet("port") {
-		return errors.New("port must be set")
-	}
-	active := true
-	if c.IsSet("active") {
-		active = c.BoolT("active")
-	}
-
-	var smtpConfig smtp.Source
-	if err := parseSMTPConfig(c, &smtpConfig); err != nil {
-		return err
-	}
-
-	// If not set default to PLAIN
-	if len(smtpConfig.Auth) == 0 {
-		smtpConfig.Auth = "PLAIN"
-	}
-
-	return auth.CreateSource(&auth.Source{
-		Type:     auth.SMTP,
-		Name:     c.String("name"),
-		IsActive: active,
-		Cfg:      &smtpConfig,
-	})
-}
-
-func runUpdateSMTP(c *cli.Context) error {
-	if !c.IsSet("id") {
-		return fmt.Errorf("--id flag is missing")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	source, err := auth.GetSourceByID(c.Int64("id"))
-	if err != nil {
-		return err
-	}
-
-	smtpConfig := source.Cfg.(*smtp.Source)
-
-	if err := parseSMTPConfig(c, smtpConfig); err != nil {
-		return err
-	}
-
-	if c.IsSet("name") {
-		source.Name = c.String("name")
-	}
-
-	if c.IsSet("active") {
-		source.IsActive = c.BoolT("active")
-	}
-
-	source.Cfg = smtpConfig
-
-	return auth.UpdateSource(source)
+	return models.UpdateSource(source)
 }

 func runListAuth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	authSources, err := auth.Sources()
+	loginSources, err := models.LoginSources()
+
 	if err != nil {
 		return err
 	}
@@ -1080,8 +727,8 @@ func runListAuth(c *cli.Context) error {
 	// loop through each source and print
 	w := tabwriter.NewWriter(os.Stdout, c.Int("min-width"), c.Int("tab-width"), c.Int("padding"), padChar, flags)
 	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
-	for _, source := range authSources {
-		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, source.Type.String(), source.IsActive)
+	for _, source := range loginSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
 	}
 	w.Flush()

@@ -1093,17 +740,14 @@ func runDeleteAuth(c *cli.Context) error {
 		return fmt.Errorf("--id flag is missing")
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

-	source, err := auth.GetSourceByID(c.Int64("id"))
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}

-	return auth_service.DeleteSource(source)
+	return models.DeleteSource(source)
 }
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -5,22 +5,21 @@
 package cmd

 import (
-	"context"
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/models/auth"
-	"code.gitea.io/gitea/services/auth/source/ldap"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/ldap"

 	"github.com/urfave/cli"
 )

 type (
 	authService struct {
-		initDB            func(ctx context.Context) error
-		createAuthSource  func(*auth.Source) error
-		updateAuthSource  func(*auth.Source) error
-		getAuthSourceByID func(id int64) (*auth.Source, error)
+		initDB             func() error
+		createLoginSource  func(loginSource *models.LoginSource) error
+		updateLoginSource  func(loginSource *models.LoginSource) error
+		getLoginSourceByID func(id int64) (*models.LoginSource, error)
 	}
 )

@@ -90,14 +89,6 @@ var (
 			Name:  "public-ssh-key-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
 		},
-		cli.BoolFlag{
-			Name:  "skip-local-2fa",
-			Usage: "Set to true to skip local 2fa for users authenticated by this source",
-		},
-		cli.StringFlag{
-			Name:  "avatar-attribute",
-			Usage: "The attribute of the user’s LDAP record containing the user’s avatar.",
-		},
 	}

 	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
@@ -168,97 +159,91 @@ var (
 // newAuthService creates a service with default functions.
 func newAuthService() *authService {
 	return &authService{
-		initDB:            initDB,
-		createAuthSource:  auth.CreateSource,
-		updateAuthSource:  auth.UpdateSource,
-		getAuthSourceByID: auth.GetSourceByID,
+		initDB:             initDB,
+		createLoginSource:  models.CreateLoginSource,
+		updateLoginSource:  models.UpdateSource,
+		getLoginSourceByID: models.GetLoginSourceByID,
 	}
 }

-// parseAuthSource assigns values on authSource according to command line flags.
-func parseAuthSource(c *cli.Context, authSource *auth.Source) {
+// parseLoginSource assigns values on loginSource according to command line flags.
+func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
 	if c.IsSet("name") {
-		authSource.Name = c.String("name")
+		loginSource.Name = c.String("name")
 	}
 	if c.IsSet("not-active") {
-		authSource.IsActive = !c.Bool("not-active")
+		loginSource.IsActived = !c.Bool("not-active")
 	}
 	if c.IsSet("synchronize-users") {
-		authSource.IsSyncEnabled = c.Bool("synchronize-users")
+		loginSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
 }

 // parseLdapConfig assigns values on config according to command line flags.
-func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
+func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
 	if c.IsSet("name") {
-		config.Name = c.String("name")
+		config.Source.Name = c.String("name")
 	}
 	if c.IsSet("host") {
-		config.Host = c.String("host")
+		config.Source.Host = c.String("host")
 	}
 	if c.IsSet("port") {
-		config.Port = c.Int("port")
+		config.Source.Port = c.Int("port")
 	}
 	if c.IsSet("security-protocol") {
 		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
 		if !ok {
 			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
 		}
-		config.SecurityProtocol = p
+		config.Source.SecurityProtocol = p
 	}
 	if c.IsSet("skip-tls-verify") {
-		config.SkipVerify = c.Bool("skip-tls-verify")
+		config.Source.SkipVerify = c.Bool("skip-tls-verify")
 	}
 	if c.IsSet("bind-dn") {
-		config.BindDN = c.String("bind-dn")
+		config.Source.BindDN = c.String("bind-dn")
 	}
 	if c.IsSet("user-dn") {
-		config.UserDN = c.String("user-dn")
+		config.Source.UserDN = c.String("user-dn")
 	}
 	if c.IsSet("bind-password") {
-		config.BindPassword = c.String("bind-password")
+		config.Source.BindPassword = c.String("bind-password")
 	}
 	if c.IsSet("user-search-base") {
-		config.UserBase = c.String("user-search-base")
+		config.Source.UserBase = c.String("user-search-base")
 	}
 	if c.IsSet("username-attribute") {
-		config.AttributeUsername = c.String("username-attribute")
+		config.Source.AttributeUsername = c.String("username-attribute")
 	}
 	if c.IsSet("firstname-attribute") {
-		config.AttributeName = c.String("firstname-attribute")
+		config.Source.AttributeName = c.String("firstname-attribute")
 	}
 	if c.IsSet("surname-attribute") {
-		config.AttributeSurname = c.String("surname-attribute")
+		config.Source.AttributeSurname = c.String("surname-attribute")
 	}
 	if c.IsSet("email-attribute") {
-		config.AttributeMail = c.String("email-attribute")
+		config.Source.AttributeMail = c.String("email-attribute")
 	}
 	if c.IsSet("attributes-in-bind") {
-		config.AttributesInBind = c.Bool("attributes-in-bind")
+		config.Source.AttributesInBind = c.Bool("attributes-in-bind")
 	}
 	if c.IsSet("public-ssh-key-attribute") {
-		config.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
-	}
-	if c.IsSet("avatar-attribute") {
-		config.AttributeAvatar = c.String("avatar-attribute")
+		config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
 	}
 	if c.IsSet("page-size") {
-		config.SearchPageSize = uint32(c.Uint("page-size"))
+		config.Source.SearchPageSize = uint32(c.Uint("page-size"))
 	}
 	if c.IsSet("user-filter") {
-		config.Filter = c.String("user-filter")
+		config.Source.Filter = c.String("user-filter")
 	}
 	if c.IsSet("admin-filter") {
-		config.AdminFilter = c.String("admin-filter")
+		config.Source.AdminFilter = c.String("admin-filter")
 	}
 	if c.IsSet("restricted-filter") {
-		config.RestrictedFilter = c.String("restricted-filter")
+		config.Source.RestrictedFilter = c.String("restricted-filter")
 	}
 	if c.IsSet("allow-deactivate-all") {
-		config.AllowDeactivateAll = c.Bool("allow-deactivate-all")
-	}
-	if c.IsSet("skip-local-2fa") {
-		config.SkipLocalTwoFA = c.Bool("skip-local-2fa")
+		config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all")
 	}
 	return nil
 }
@@ -266,7 +251,7 @@ func parseLdapConfig(c *cli.Context, config *ldap.Source) error {
 // findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
 // It returns the value of the security protocol and if it was found.
 func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
-	for i, n := range ldap.SecurityProtocolNames {
+	for i, n := range models.SecurityProtocolNames {
 		if strings.EqualFold(name, n) {
 			return i, true
 		}
@@ -274,23 +259,23 @@ func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
 	return 0, false
 }

-// getAuthSource gets the login source by its id defined in the command line flags.
+// getLoginSource gets the login source by its id defined in the command line flags.
 // It returns an error if the id is not set, does not match any source or if the source is not of expected type.
-func (a *authService) getAuthSource(c *cli.Context, authType auth.Type) (*auth.Source, error) {
+func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
 	if err := argsSet(c, "id"); err != nil {
 		return nil, err
 	}

-	authSource, err := a.getAuthSourceByID(c.Int64("id"))
+	loginSource, err := a.getLoginSourceByID(c.Int64("id"))
 	if err != nil {
 		return nil, err
 	}

-	if authSource.Type != authType {
-		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", authType.String(), authSource.Type.String())
+	if loginSource.Type != loginType {
+		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
 	}

-	return authSource, nil
+	return loginSource, nil
 }

 // addLdapBindDn adds a new LDAP via Bind DN authentication source.
@@ -299,49 +284,45 @@ func (a *authService) addLdapBindDn(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource := &auth.Source{
-		Type:     auth.LDAP,
-		IsActive: true, // active by default
-		Cfg: &ldap.Source{
-			Enabled: true, // always true
+	loginSource := &models.LoginSource{
+		Type:      models.LoginLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
 		},
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createLoginSource(loginSource)
 }

 // updateLdapBindDn updates a new LDAP via Bind DN authentication source.
 func (a *authService) updateLdapBindDn(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.LDAP)
+	loginSource, err := a.getLoginSource(c, models.LoginLDAP)
 	if err != nil {
 		return err
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateLoginSource(loginSource)
 }

 // addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
@@ -350,47 +331,43 @@ func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
 		return err
 	}

-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource := &auth.Source{
-		Type:     auth.DLDAP,
-		IsActive: true, // active by default
-		Cfg: &ldap.Source{
-			Enabled: true, // always true
+	loginSource := &models.LoginSource{
+		Type:      models.LoginDLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
 		},
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.createAuthSource(authSource)
+	return a.createLoginSource(loginSource)
 }

 // updateLdapBindDn updates a new LDAP (simple auth) authentication source.
 func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := a.initDB(ctx); err != nil {
+	if err := a.initDB(); err != nil {
 		return err
 	}

-	authSource, err := a.getAuthSource(c, auth.DLDAP)
+	loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
 	if err != nil {
 		return err
 	}

-	parseAuthSource(c, authSource)
-	if err := parseLdapConfig(c, authSource.Cfg.(*ldap.Source)); err != nil {
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
 		return err
 	}

-	return a.updateAuthSource(authSource)
+	return a.updateLoginSource(loginSource)
 }
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -180,7 +180,7 @@ func runCert(c *cli.Context) error {
 	}
 	log.Println("Written cert.pem")

-	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0o600)
+	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -15,8 +15,7 @@ import (
 	"strings"
 	"syscall"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

@@ -31,7 +30,7 @@ func argsSet(c *cli.Context, args ...string) error {
 			return errors.New(a + " is not set")
 		}

-		if util.IsEmptyString(c.String(a)) {
+		if util.IsEmptyString(a) {
 			return errors.New(a + " is required")
 		}
 	}
@@ -57,18 +56,17 @@ func confirm() (bool, error) {
 	}
 }

-func initDB(ctx context.Context) error {
-	setting.LoadFromExisting()
-	setting.InitDBConfig()
-	setting.NewXORMLogService(false)
+func initDB() error {
+	return initDBDisableConsole(false)
+}

-	if setting.Database.Type == "" {
-		log.Fatal(`Database settings are missing from the configuration file: %q.
-Ensure you are running in the correct environment or set the correct configuration file with -c.
-If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
-	}
-	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
+func initDBDisableConsole(disableConsole bool) error {
+	setting.NewContext()
+	setting.InitDBConfig()
+
+	setting.NewXORMLogService(disableConsole)
+	if err := models.SetEngine(); err != nil {
+		return fmt.Errorf("models.SetEngine: %v", err)
 	}
 	return nil
 }
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"fmt"

-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

@@ -23,10 +23,7 @@ var CmdConvert = cli.Command{
 }

 func runConvert(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -34,14 +31,14 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	setting.InitDBConfig()

 	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}

-	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+	if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
 		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
 		return err
 	}
--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -5,27 +5,29 @@
 package cmd

 import (
+	"context"
 	"fmt"
 	golog "log"
 	"os"
 	"strings"
 	"text/tabwriter"

-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/urfave/cli"
 	"xorm.io/xorm"
+
+	"github.com/urfave/cli"
 )

 // CmdDoctor represents the available doctor sub-command.
 var CmdDoctor = cli.Command{
 	Name:        "doctor",
-	Usage:       "Diagnose and optionally fix problems",
-	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration. Some problems can optionally be fixed by modifying the database or data storage.",
+	Usage:       "Diagnose problems",
+	Description: "A command to diagnose problems with the current Gitea instance according to the given configuration.",
 	Action:      runDoctor,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@@ -86,7 +88,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

-	setting.LoadFromExisting()
+	setting.NewContext()
 	setting.InitDBConfig()

 	setting.EnableXORMLog = ctx.Bool("debug")
@@ -94,10 +96,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	setting.Cfg.Section("log").Key("XORM").SetValue(",")

 	setting.NewXORMLogService(!ctx.Bool("debug"))
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := db.InitEngine(stdCtx); err != nil {
+	if err := models.SetEngine(); err != nil {
 		fmt.Println(err)
 		fmt.Println("Check if you are using the right config file. You can use a --config directive to specify one.")
 		return nil
@@ -109,18 +108,19 @@ func runRecreateTable(ctx *cli.Context) error {
 		names = append(names, args.Get(i))
 	}

-	beans, err := db.NamesToBean(names...)
+	beans, err := models.NamesToBean(names...)
 	if err != nil {
 		return err
 	}
 	recreateTables := migrations.RecreateTables(beans...)

-	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
+	return models.NewEngine(context.Background(), func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
 			return err
 		}
 		return recreateTables(x)
 	})
+
 }

 func runDoctor(ctx *cli.Context) error {
@@ -128,9 +128,6 @@ func runDoctor(ctx *cli.Context) error {
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)

-	stdCtx, cancel := installSignals()
-	defer cancel()
-
 	// Now setup our own
 	logFile := ctx.String("log-file")
 	if !ctx.IsSet("log-file") {
@@ -203,7 +200,7 @@ func runDoctor(ctx *cli.Context) error {

 	// Now we can set up our own logger to return information about what the doctor is doing
 	if err := log.NewNamedLogger("doctorouter",
-		0,
+		1000,
 		"console",
 		"console",
 		fmt.Sprintf(`{"level":"INFO","stacktracelevel":"NONE","colorize":%t,"flags":-1}`, colorize)); err != nil {
@@ -213,5 +210,5 @@ func runDoctor(ctx *cli.Context) error {

 	logger := log.GetLogger("doctorouter")
 	defer logger.Close()
-	return doctor.RunChecks(stdCtx, logger, ctx.Bool("fix"), checks)
+	return doctor.RunChecks(logger, ctx.Bool("fix"), checks)
 }
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -7,40 +7,29 @@ package cmd

 import (
 	"fmt"
-	"io"
+	"io/ioutil"
 	"os"
 	"path"
 	"path/filepath"
 	"strings"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"

 	"gitea.com/go-chi/session"
-	"github.com/mholt/archiver/v3"
+	jsoniter "github.com/json-iterator/go"
+	archiver "github.com/mholt/archiver/v3"
 	"github.com/urfave/cli"
 )

-func addReader(w archiver.Writer, r io.ReadCloser, info os.FileInfo, customName string, verbose bool) error {
+func addFile(w archiver.Writer, filePath string, absPath string, verbose bool) error {
 	if verbose {
-		log.Info("Adding file %s", customName)
+		log.Info("Adding file %s\n", filePath)
 	}
-
-	return w.Write(archiver.File{
-		FileInfo: archiver.FileInfo{
-			FileInfo:   info,
-			CustomName: customName,
-		},
-		ReadCloser: r,
-	})
-}
-
-func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 	file, err := os.Open(absPath)
 	if err != nil {
 		return err
@@ -51,10 +40,16 @@ func addFile(w archiver.Writer, filePath, absPath string, verbose bool) error {
 		return err
 	}

-	return addReader(w, file, fileInfo, filePath, verbose)
+	return w.Write(archiver.File{
+		FileInfo: archiver.FileInfo{
+			FileInfo:   fileInfo,
+			CustomName: filePath,
+		},
+		ReadCloser: file,
+	})
 }

-func isSubdir(upper, lower string) (bool, error) {
+func isSubdir(upper string, lower string) (bool, error) {
 	if relPath, err := filepath.Rel(upper, lower); err != nil {
 		return false, err
 	} else if relPath == "." || !strings.HasPrefix(relPath, ".") {
@@ -92,7 +87,7 @@ func (o outputType) String() string {
 }

 var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
+	Enum:    []string{"zip", "tar", "tar.gz", "tar.xz", "tar.bz2"},
 	Default: "zip",
 }

@@ -142,10 +137,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-attachment-data",
 			Usage: "Skip attachment data",
 		},
-		cli.BoolFlag{
-			Name:  "skip-package-data",
-			Usage: "Skip package data",
-		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@@ -162,24 +153,14 @@ func fatal(format string, args ...interface{}) {
 func runDump(ctx *cli.Context) error {
 	var file *os.File
 	fileName := ctx.String("file")
-	outType := ctx.String("type")
 	if fileName == "-" {
 		file = os.Stdout
 		err := log.DelLogger("console")
 		if err != nil {
 			fatal("Deleting default logger failed. Can not write to stdout: %v", err)
 		}
-	} else {
-		for _, suffix := range outputTypeEnum.Enum {
-			if strings.HasSuffix(fileName, "."+suffix) {
-				fileName = strings.TrimSuffix(fileName, "."+suffix)
-				break
-			}
-		}
-		fileName += "." + outType
 	}
-	setting.LoadFromExisting()
-
+	setting.NewContext()
 	// make sure we are logging to the console no matter what the configuration tells us do to
 	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
@@ -193,10 +174,7 @@ func runDump(ctx *cli.Context) error {
 	}
 	setting.NewServices() // cannot access session settings otherwise

-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	err := db.InitEngine(stdCtx)
+	err := models.SetEngine()
 	if err != nil {
 		return err
 	}
@@ -219,6 +197,7 @@ func runDump(ctx *cli.Context) error {
 	}

 	verbose := ctx.Bool("verbose")
+	outType := ctx.String("type")
 	var iface interface{}
 	if fileName == "-" {
 		iface, err = archiver.ByExtension(fmt.Sprintf(".%s", outType))
@@ -251,7 +230,13 @@ func runDump(ctx *cli.Context) error {
 				return err
 			}

-			return addReader(w, object, info, path.Join("data", "lfs", objPath), verbose)
+			return w.Write(archiver.File{
+				FileInfo: archiver.FileInfo{
+					FileInfo:   info,
+					CustomName: path.Join("data", "lfs", objPath),
+				},
+				ReadCloser: object,
+			})
 		}); err != nil {
 			fatal("Failed to dump LFS objects: %v", err)
 		}
@@ -262,7 +247,7 @@ func runDump(ctx *cli.Context) error {
 		fatal("Path does not exist: %s", tmpDir)
 	}

-	dbDump, err := os.CreateTemp(tmpDir, "gitea-db.sql")
+	dbDump, err := ioutil.TempFile(tmpDir, "gitea-db.sql")
 	if err != nil {
 		fatal("Failed to create tmp file: %v", err)
 	}
@@ -279,7 +264,7 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Dumping database...")
 	}

-	if err := db.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
+	if err := models.DumpDatabase(dbDump.Name(), targetDBType); err != nil {
 		fatal("Failed to dump database: %v", err)
 	}

@@ -321,6 +306,7 @@ func runDump(ctx *cli.Context) error {
 		var excludes []string
 		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
+			json := jsoniter.ConfigCompatibleWithStandardLibrary
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
 			}
@@ -330,7 +316,6 @@ func runDump(ctx *cli.Context) error {
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
-		excludes = append(excludes, setting.Packages.Path)
 		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
@@ -346,24 +331,17 @@ func runDump(ctx *cli.Context) error {
 			return err
 		}

-		return addReader(w, object, info, path.Join("data", "attachments", objPath), verbose)
+		return w.Write(archiver.File{
+			FileInfo: archiver.FileInfo{
+				FileInfo:   info,
+				CustomName: path.Join("data", "attachments", objPath),
+			},
+			ReadCloser: object,
+		})
 	}); err != nil {
 		fatal("Failed to dump attachments: %v", err)
 	}

-	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
-		log.Info("Skip dumping package data")
-	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
-		info, err := object.Stat()
-		if err != nil {
-			return err
-		}
-
-		return addReader(w, object, info, path.Join("data", "packages", objPath), verbose)
-	}); err != nil {
-		fatal("Failed to dump packages: %v", err)
-	}
-
 	// Doesn't check if LogRootPath exists before processing --skip-log intentionally,
 	// ensuring that it's clear the dump is skipped whether the directory's initialized
 	// yet or not.
@@ -387,7 +365,7 @@ func runDump(ctx *cli.Context) error {
 			fatal("Failed to save %s: %v", fileName, err)
 		}

-		if err := os.Chmod(fileName, 0o600); err != nil {
+		if err := os.Chmod(fileName, 0600); err != nil {
 			log.Info("Can't change file access permissions mask to 0600: %v", err)
 		}
 	}
@@ -439,23 +417,8 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 				}
 			}
 		} else {
-			// only copy regular files and symlink regular files, skip non-regular files like socket/pipe/...
-			shouldAdd := file.Mode().IsRegular()
-			if !shouldAdd && file.Mode()&os.ModeSymlink == os.ModeSymlink {
-				target, err := filepath.EvalSymlinks(currentAbsPath)
-				if err != nil {
-					return err
-				}
-				targetStat, err := os.Stat(target)
-				if err != nil {
-					return err
-				}
-				shouldAdd = targetStat.Mode().IsRegular()
-			}
-			if shouldAdd {
-				if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
-					return err
-				}
+			if err = addFile(w, currentInsidePath, currentAbsPath, verbose); err != nil {
+				return err
 			}
 		}
 	}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -7,18 +7,14 @@ package cmd
 import (
 	"context"
 	"errors"
-	"fmt"
-	"os"
 	"strings"

 	"code.gitea.io/gitea/modules/convert"
-	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
-	base "code.gitea.io/gitea/modules/migration"
+	"code.gitea.io/gitea/modules/migrations"
+	"code.gitea.io/gitea/modules/migrations/base"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
-	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
 )
@@ -80,15 +76,7 @@ wiki, issues, labels, releases, release_assets, milestones, pull_requests, comme
 }

 func runDumpRepository(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
-		return err
-	}
-
-	// migrations.GiteaLocalUploader depends on git module
-	if err := git.InitSimple(context.Background()); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -96,7 +84,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	setting.InitDBConfig()

 	var (
 		serviceType structs.GitServiceType
@@ -116,7 +104,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	}
 	serviceType = convert.ToGitServiceType(serviceStr)

-	opts := base.MigrateOptions{
+	var opts = base.MigrateOptions{
 		GitServiceType: serviceType,
 		CloneAddr:      cloneAddr,
 		AuthUsername:   ctx.String("auth_username"),
@@ -137,9 +125,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	} else {
 		units := strings.Split(ctx.String("units"), ",")
 		for _, unit := range units {
-			switch strings.ToLower(strings.TrimSpace(unit)) {
-			case "":
-				continue
+			switch strings.ToLower(unit) {
 			case "wiki":
 				opts.Wiki = true
 			case "issues":
@@ -156,29 +142,13 @@ func runDumpRepository(ctx *cli.Context) error {
 				opts.Comments = true
 			case "pull_requests":
 				opts.PullRequests = true
-			default:
-				return errors.New("invalid unit: " + unit)
 			}
 		}
 	}

-	// the repo_dir will be removed if error occurs in DumpRepository
-	// make sure the directory doesn't exist or is empty, prevent from deleting user files
-	repoDir := ctx.String("repo_dir")
-	if exists, err := util.IsExist(repoDir); err != nil {
-		return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err)
-	} else if exists {
-		if isDir, _ := util.IsDir(repoDir); !isDir {
-			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
-		}
-		if dir, _ := os.ReadDir(repoDir); len(dir) > 0 {
-			return fmt.Errorf("repo_dir %q is not empty", repoDir)
-		}
-	}
-
 	if err := migrations.DumpRepository(
 		context.Background(),
-		repoDir,
+		ctx.String("repo_dir"),
 		ctx.String("owner_name"),
 		opts,
 	); err != nil {
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build bindata
+// +build bindata

 package cmd

@@ -108,12 +109,13 @@ type asset struct {
 }

 func initEmbeddedExtractor(c *cli.Context) error {
+
 	// Silence the console logger
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)

 	// Read configuration file
-	setting.LoadAllowEmpty()
+	setting.NewContext()

 	pats, err := getPatterns(c.Args())
 	if err != nil {
@@ -258,7 +260,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s: %v", dir, err)
 	}

-	perms := os.ModePerm & 0o666
+	perms := os.ModePerm & 0666

 	fi, err := os.Lstat(dest)
 	if err != nil {
@@ -294,7 +296,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 }

 func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
-	results := make([]asset, 0, 64)
+	var results = make([]asset, 0, 64)
 	for _, name := range sec.Names() {
 		if isdir, err := sec.IsDir(name); !isdir && err == nil {
 			if sec.Path == "public" &&
@@ -305,11 +307,9 @@ func buildAssetList(sec *section, globs []glob.Glob, c *cli.Context) []asset {
 			matchName := sec.Path + "/" + name
 			for _, g := range globs {
 				if g.Match(matchName) {
-					results = append(results, asset{
-						Section: sec,
-						Name:    name,
-						Path:    sec.Path + "/" + name,
-					})
+					results = append(results, asset{Section: sec,
+						Name: name,
+						Path: sec.Path + "/" + name})
 					break
 				}
 			}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -3,6 +3,7 @@
 // license that can be found in the LICENSE file.

 //go:build !bindata
+// +build !bindata

 package cmd

--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -15,9 +15,9 @@ import (
 	"strings"
 	"time"

+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"

@@ -38,7 +38,6 @@ var (
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
 			subcmdHookPostReceive,
-			subcmdHookProcReceive,
 		},
 	}

@@ -75,18 +74,6 @@ var (
 			},
 		},
 	}
-	// Note: new hook since git 2.29
-	subcmdHookProcReceive = cli.Command{
-		Name:        "proc-receive",
-		Usage:       "Delegate proc-receive Git hook",
-		Description: "This command should only be called by Git",
-		Action:      runHookProcReceive,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-		},
-	}
 )

 type delayWriter struct {
@@ -162,7 +149,7 @@ func (n *nilWriter) WriteString(s string) (int, error) {
 }

 func runHookPreReceive(c *cli.Context) error {
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 	ctx, cancel := installSignals()
@@ -180,12 +167,12 @@ Gitea or set your environment appropriately.`, "")
 	}

 	// the environment is set by serv command
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
-	username := os.Getenv(repo_module.EnvRepoUsername)
-	reponame := os.Getenv(repo_module.EnvRepoName)
-	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
-	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	username := os.Getenv(models.EnvRepoUsername)
+	reponame := os.Getenv(models.EnvRepoName)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.EnvPRID), 10, 64)
+	isDeployKey, _ := strconv.ParseBool(os.Getenv(models.EnvIsDeployKey))

 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -194,7 +181,7 @@ Gitea or set your environment appropriately.`, "")
 		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
-		DeployKeyID:                     deployKeyID,
+		IsDeployKey:                     isDeployKey,
 	}

 	scanner := bufio.NewScanner(os.Stdin)
@@ -218,11 +205,6 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	supportProcRecive := false
-	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcRecive = true
-	}
-
 	for scanner.Scan() {
 		// TODO: support news feeds for wiki
 		if isWiki {
@@ -241,9 +223,7 @@ Gitea or set your environment appropriately.`, "")
 		lastline++

 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcRecive all ref should be checked because
-		// permission check was delayed
-		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -293,6 +273,7 @@ Gitea or set your environment appropriately.`, "")
 		}
 	} else if lastline > 0 {
 		fmt.Fprintf(out, "\n")
+		lastline = 0
 	}

 	fmt.Fprintf(out, "Checked %d references in total\n", total)
@@ -308,18 +289,18 @@ func runHookPostReceive(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setup("hooks/post-receive.log", c.Bool("debug"))
-
 	// First of all run update-server-info no matter what
-	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
+	if _, err := git.NewCommand("update-server-info").SetParentContext(ctx).Run(); err != nil {
 		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}

 	// Now if we're an internal don't do anything else
-	if isInternal, _ := strconv.ParseBool(os.Getenv(repo_module.EnvIsInternal)); isInternal {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}

+	setup("hooks/post-receive.log", c.Bool("debug"))
+
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
 			return fail(`Rejecting changes as Gitea environment not set.
@@ -343,11 +324,11 @@ Gitea or set your environment appropriately.`, "")
 	}

 	// the environment is set by serv command
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
-	isWiki, _ := strconv.ParseBool(os.Getenv(repo_module.EnvRepoIsWiki))
-	repoName := os.Getenv(repo_module.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
+	repoUser := os.Getenv(models.EnvRepoUsername)
+	isWiki := os.Getenv(models.EnvRepoIsWiki) == "true"
+	repoName := os.Getenv(models.EnvRepoName)
+	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	pusherName := os.Getenv(models.EnvPusherName)

 	hookOptions := private.HookOptions{
 		UserName:                        pusherName,
@@ -482,327 +463,3 @@ func pushOptions() map[string]string {
 	}
 	return opts
 }
-
-func runHookProcReceive(c *cli.Context) error {
-	setup("hooks/proc-receive.log", c.Bool("debug"))
-
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
-			return fail(`Rejecting changes as Gitea environment not set.
-If you are pushing over SSH you must push with a key managed by
-Gitea or set your environment appropriately.`, "")
-		}
-		return nil
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if git.CheckGitVersionAtLeast("2.29") != nil {
-		return fail("Internal Server Error", "git not support proc-receive.")
-	}
-
-	reader := bufio.NewReader(os.Stdin)
-	repoUser := os.Getenv(repo_module.EnvRepoUsername)
-	repoName := os.Getenv(repo_module.EnvRepoName)
-	pusherID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
-	pusherName := os.Getenv(repo_module.EnvPusherName)
-
-	// 1. Version and features negotiation.
-	// S: PKT-LINE(version=1\0push-options atomic...) / PKT-LINE(version=1\n)
-	// S: flush-pkt
-	// H: PKT-LINE(version=1\0push-options...)
-	// H: flush-pkt
-
-	rs, err := readPktLine(reader, pktLineTypeData)
-	if err != nil {
-		return err
-	}
-
-	const VersionHead string = "version=1"
-
-	var (
-		hasPushOptions bool
-		response       = []byte(VersionHead)
-		requestOptions []string
-	)
-
-	index := bytes.IndexByte(rs.Data, byte(0))
-	if index >= len(rs.Data) {
-		return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
-	}
-
-	if index < 0 {
-		if len(rs.Data) == 10 && rs.Data[9] == '\n' {
-			index = 9
-		} else {
-			return fail("Internal Server Error", "pkt-line: format error "+fmt.Sprint(rs.Data))
-		}
-	}
-
-	if string(rs.Data[0:index]) != VersionHead {
-		return fail("Internal Server Error", "Received unsupported version: %s", string(rs.Data[0:index]))
-	}
-	requestOptions = strings.Split(string(rs.Data[index+1:]), " ")
-
-	for _, option := range requestOptions {
-		if strings.HasPrefix(option, "push-options") {
-			response = append(response, byte(0))
-			response = append(response, []byte("push-options")...)
-			hasPushOptions = true
-		}
-	}
-	response = append(response, '\n')
-
-	_, err = readPktLine(reader, pktLineTypeFlush)
-	if err != nil {
-		return err
-	}
-
-	err = writeDataPktLine(os.Stdout, response)
-	if err != nil {
-		return err
-	}
-
-	err = writeFlushPktLine(os.Stdout)
-	if err != nil {
-		return err
-	}
-
-	// 2. receive commands from server.
-	// S: PKT-LINE(<old-oid> <new-oid> <ref>)
-	// S: ... ...
-	// S: flush-pkt
-	// # [receive push-options]
-	// S: PKT-LINE(push-option)
-	// S: ... ...
-	// S: flush-pkt
-	hookOptions := private.HookOptions{
-		UserName: pusherName,
-		UserID:   pusherID,
-	}
-	hookOptions.OldCommitIDs = make([]string, 0, hookBatchSize)
-	hookOptions.NewCommitIDs = make([]string, 0, hookBatchSize)
-	hookOptions.RefFullNames = make([]string, 0, hookBatchSize)
-
-	for {
-		// note: pktLineTypeUnknow means pktLineTypeFlush and pktLineTypeData all allowed
-		rs, err = readPktLine(reader, pktLineTypeUnknow)
-		if err != nil {
-			return err
-		}
-
-		if rs.Type == pktLineTypeFlush {
-			break
-		}
-		t := strings.SplitN(string(rs.Data), " ", 3)
-		if len(t) != 3 {
-			continue
-		}
-		hookOptions.OldCommitIDs = append(hookOptions.OldCommitIDs, t[0])
-		hookOptions.NewCommitIDs = append(hookOptions.NewCommitIDs, t[1])
-		hookOptions.RefFullNames = append(hookOptions.RefFullNames, t[2])
-	}
-
-	hookOptions.GitPushOptions = make(map[string]string)
-
-	if hasPushOptions {
-		for {
-			rs, err = readPktLine(reader, pktLineTypeUnknow)
-			if err != nil {
-				return err
-			}
-
-			if rs.Type == pktLineTypeFlush {
-				break
-			}
-
-			kv := strings.SplitN(string(rs.Data), "=", 2)
-			if len(kv) == 2 {
-				hookOptions.GitPushOptions[kv[0]] = kv[1]
-			}
-		}
-	}
-
-	// 3. run hook
-	resp, err := private.HookProcReceive(ctx, repoUser, repoName, hookOptions)
-	if err != nil {
-		return fail("Internal Server Error", "run proc-receive hook failed :%v", err)
-	}
-
-	// 4. response result to service
-	// # a. OK, but has an alternate reference.  The alternate reference name
-	// # and other status can be given in option directives.
-	// H: PKT-LINE(ok <ref>)
-	// H: PKT-LINE(option refname <refname>)
-	// H: PKT-LINE(option old-oid <old-oid>)
-	// H: PKT-LINE(option new-oid <new-oid>)
-	// H: PKT-LINE(option forced-update)
-	// H: ... ...
-	// H: flush-pkt
-	// # b. NO, I reject it.
-	// H: PKT-LINE(ng <ref> <reason>)
-	// # c. Fall through, let 'receive-pack' to execute it.
-	// H: PKT-LINE(ok <ref>)
-	// H: PKT-LINE(option fall-through)
-
-	for _, rs := range resp.Results {
-		if len(rs.Err) > 0 {
-			err = writeDataPktLine(os.Stdout, []byte("ng "+rs.OriginalRef+" "+rs.Err))
-			if err != nil {
-				return err
-			}
-			continue
-		}
-
-		if rs.IsNotMatched {
-			err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
-			if err != nil {
-				return err
-			}
-			err = writeDataPktLine(os.Stdout, []byte("option fall-through"))
-			if err != nil {
-				return err
-			}
-			continue
-		}
-
-		err = writeDataPktLine(os.Stdout, []byte("ok "+rs.OriginalRef))
-		if err != nil {
-			return err
-		}
-		err = writeDataPktLine(os.Stdout, []byte("option refname "+rs.Ref))
-		if err != nil {
-			return err
-		}
-		if rs.OldOID != git.EmptySHA {
-			err = writeDataPktLine(os.Stdout, []byte("option old-oid "+rs.OldOID))
-			if err != nil {
-				return err
-			}
-		}
-		err = writeDataPktLine(os.Stdout, []byte("option new-oid "+rs.NewOID))
-		if err != nil {
-			return err
-		}
-		if rs.IsForcePush {
-			err = writeDataPktLine(os.Stdout, []byte("option forced-update"))
-			if err != nil {
-				return err
-			}
-		}
-	}
-	err = writeFlushPktLine(os.Stdout)
-
-	return err
-}
-
-// git PKT-Line api
-// pktLineType message type of pkt-line
-type pktLineType int64
-
-const (
-	// UnKnow type
-	pktLineTypeUnknow pktLineType = 0
-	// flush-pkt "0000"
-	pktLineTypeFlush pktLineType = iota
-	// data line
-	pktLineTypeData
-)
-
-// gitPktLine pkt-line api
-type gitPktLine struct {
-	Type   pktLineType
-	Length uint64
-	Data   []byte
-}
-
-func readPktLine(in *bufio.Reader, requestType pktLineType) (*gitPktLine, error) {
-	var (
-		err error
-		r   *gitPktLine
-	)
-
-	// read prefix
-	lengthBytes := make([]byte, 4)
-	for i := 0; i < 4; i++ {
-		lengthBytes[i], err = in.ReadByte()
-		if err != nil {
-			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
-		}
-	}
-
-	r = new(gitPktLine)
-	r.Length, err = strconv.ParseUint(string(lengthBytes), 16, 32)
-	if err != nil {
-		return nil, fail("Internal Server Error", "Pkt-Line format is wrong :%v", err)
-	}
-
-	if r.Length == 0 {
-		if requestType == pktLineTypeData {
-			return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
-		}
-		r.Type = pktLineTypeFlush
-		return r, nil
-	}
-
-	if r.Length <= 4 || r.Length > 65520 || requestType == pktLineTypeFlush {
-		return nil, fail("Internal Server Error", "Pkt-Line format is wrong")
-	}
-
-	r.Data = make([]byte, r.Length-4)
-	for i := range r.Data {
-		r.Data[i], err = in.ReadByte()
-		if err != nil {
-			return nil, fail("Internal Server Error", "Pkt-Line: read stdin failed : %v", err)
-		}
-	}
-
-	r.Type = pktLineTypeData
-
-	return r, nil
-}
-
-func writeFlushPktLine(out io.Writer) error {
-	l, err := out.Write([]byte("0000"))
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if l != 4 {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	return nil
-}
-
-func writeDataPktLine(out io.Writer, data []byte) error {
-	hexchar := []byte("0123456789abcdef")
-	hex := func(n uint64) byte {
-		return hexchar[(n)&15]
-	}
-
-	length := uint64(len(data) + 4)
-	tmp := make([]byte, 4)
-	tmp[0] = hex(length >> 12)
-	tmp[1] = hex(length >> 8)
-	tmp[2] = hex(length >> 4)
-	tmp[3] = hex(length)
-
-	lr, err := out.Write(tmp)
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if 4 != lr {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	lr, err = out.Write(data)
-	if err != nil {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-	if int(length-4) != lr {
-		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
-	}
-
-	return nil
-}
--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,41 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"bufio"
-	"bytes"
-	"strings"
-	"testing"
-
-	"github.com/stretchr/testify/assert"
-)
-
-func TestPktLine(t *testing.T) {
-	// test read
-	s := strings.NewReader("0000")
-	r := bufio.NewReader(s)
-	result, err := readPktLine(r, pktLineTypeFlush)
-	assert.NoError(t, err)
-	assert.Equal(t, pktLineTypeFlush, result.Type)
-
-	s = strings.NewReader("0006a\n")
-	r = bufio.NewReader(s)
-	result, err = readPktLine(r, pktLineTypeData)
-	assert.NoError(t, err)
-	assert.Equal(t, pktLineTypeData, result.Type)
-	assert.Equal(t, []byte("a\n"), result.Data)
-
-	// test write
-	w := bytes.NewBuffer([]byte{})
-	err = writeFlushPktLine(w)
-	assert.NoError(t, err)
-	assert.Equal(t, []byte("0000"), w.Bytes())
-
-	w.Reset()
-	err = writeDataPktLine(w, []byte("a\nb"))
-	assert.NoError(t, err)
-	assert.Equal(t, []byte("0007a\nb"), w.Bytes())
-}
--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -10,7 +10,6 @@ import (

 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
-
 	"github.com/urfave/cli"
 )

@@ -18,7 +17,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.LoadFromExisting()
+	setting.NewContext()

 	if err := argsSet(c, "title"); err != nil {
 		return err
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -10,6 +10,7 @@ import (
 	"os"
 	"time"

+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"

 	"github.com/urfave/cli"
@@ -26,7 +27,6 @@ var (
 			subcmdRestart,
 			subcmdFlushQueues,
 			subcmdLogging,
-			subCmdProcesses,
 		},
 	}
 	subcmdShutdown = cli.Command{
@@ -58,8 +58,7 @@ var (
 				Name:  "timeout",
 				Value: 60 * time.Second,
 				Usage: "Timeout for the flushing process",
-			},
-			cli.BoolFlag{
+			}, cli.BoolFlag{
 				Name:  "non-blocking",
 				Usage: "Set to true to not wait for flush to complete before returning",
 			},
@@ -68,38 +67,326 @@ var (
 			},
 		},
 	}
-	subCmdProcesses = cli.Command{
-		Name:   "processes",
-		Usage:  "Display running processes within the current process",
-		Action: runProcesses,
-		Flags: []cli.Flag{
-			cli.BoolFlag{
-				Name: "debug",
-			},
-			cli.BoolFlag{
-				Name:  "flat",
-				Usage: "Show processes as flat table rather than as tree",
-			},
-			cli.BoolFlag{
-				Name:  "no-system",
-				Usage: "Do not show system proceses",
-			},
-			cli.BoolFlag{
-				Name:  "stacktraces",
-				Usage: "Show stacktraces",
-			},
-			cli.BoolFlag{
-				Name:  "json",
-				Usage: "Output as json",
-			},
-			cli.StringFlag{
-				Name:  "cancel",
-				Usage: "Process PID to cancel. (Only available for non-system processes.)",
+	defaultLoggingFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "group, g",
+			Usage: "Group to add logger to - will default to \"default\"",
+		}, cli.StringFlag{
+			Name:  "name, n",
+			Usage: "Name of the new logger - will default to mode",
+		}, cli.StringFlag{
+			Name:  "level, l",
+			Usage: "Logging level for the new logger",
+		}, cli.StringFlag{
+			Name:  "stacktrace-level, L",
+			Usage: "Stacktrace logging level",
+		}, cli.StringFlag{
+			Name:  "flags, F",
+			Usage: "Flags for the logger",
+		}, cli.StringFlag{
+			Name:  "expression, e",
+			Usage: "Matching expression for the logger",
+		}, cli.StringFlag{
+			Name:  "prefix, p",
+			Usage: "Prefix for the logger",
+		}, cli.BoolFlag{
+			Name:  "color",
+			Usage: "Use color in the logs",
+		}, cli.BoolFlag{
+			Name: "debug",
+		},
+	}
+	subcmdLogging = cli.Command{
+		Name:  "logging",
+		Usage: "Adjust logging commands",
+		Subcommands: []cli.Command{
+			{
+				Name:  "pause",
+				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runPauseLogging,
+			}, {
+				Name:  "resume",
+				Usage: "Resume logging",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runResumeLogging,
+			}, {
+				Name:  "release-and-reopen",
+				Usage: "Cause Gitea to release and re-open files used for logging",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					},
+				},
+				Action: runReleaseReopenLogging,
+			}, {
+				Name:      "remove",
+				Usage:     "Remove a logger",
+				ArgsUsage: "[name] Name of logger to remove",
+				Flags: []cli.Flag{
+					cli.BoolFlag{
+						Name: "debug",
+					}, cli.StringFlag{
+						Name:  "group, g",
+						Usage: "Group to add logger to - will default to \"default\"",
+					},
+				},
+				Action: runRemoveLogger,
+			}, {
+				Name:  "add",
+				Usage: "Add a logger",
+				Subcommands: []cli.Command{
+					{
+						Name:  "console",
+						Usage: "Add a console logger",
+						Flags: append(defaultLoggingFlags,
+							cli.BoolFlag{
+								Name:  "stderr",
+								Usage: "Output console logs to stderr - only relevant for console",
+							}),
+						Action: runAddConsoleLogger,
+					}, {
+						Name:  "file",
+						Usage: "Add a file logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "filename, f",
+								Usage: "Filename for the logger - this must be set.",
+							}, cli.BoolTFlag{
+								Name:  "rotate, r",
+								Usage: "Rotate logs",
+							}, cli.Int64Flag{
+								Name:  "max-size, s",
+								Usage: "Maximum size in bytes before rotation",
+							}, cli.BoolTFlag{
+								Name:  "daily, d",
+								Usage: "Rotate logs daily",
+							}, cli.IntFlag{
+								Name:  "max-days, D",
+								Usage: "Maximum number of daily logs to keep",
+							}, cli.BoolTFlag{
+								Name:  "compress, z",
+								Usage: "Compress rotated logs",
+							}, cli.IntFlag{
+								Name:  "compression-level, Z",
+								Usage: "Compression level to use",
+							},
+						}...),
+						Action: runAddFileLogger,
+					}, {
+						Name:  "conn",
+						Usage: "Add a net conn logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.BoolFlag{
+								Name:  "reconnect-on-message, R",
+								Usage: "Reconnect to host for every message",
+							}, cli.BoolFlag{
+								Name:  "reconnect, r",
+								Usage: "Reconnect to host when connection is dropped",
+							}, cli.StringFlag{
+								Name:  "protocol, P",
+								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
+							}, cli.StringFlag{
+								Name:  "address, a",
+								Usage: "Host address and port to connect to (defaults to :7020)",
+							},
+						}...),
+						Action: runAddConnLogger,
+					}, {
+						Name:  "smtp",
+						Usage: "Add an SMTP logger",
+						Flags: append(defaultLoggingFlags, []cli.Flag{
+							cli.StringFlag{
+								Name:  "username, u",
+								Usage: "Mail server username",
+							}, cli.StringFlag{
+								Name:  "password, P",
+								Usage: "Mail server password",
+							}, cli.StringFlag{
+								Name:  "host, H",
+								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
+							}, cli.StringSliceFlag{
+								Name:  "send-to, s",
+								Usage: "Email address(es) to send to",
+							}, cli.StringFlag{
+								Name:  "subject, S",
+								Usage: "Subject header of sent emails",
+							},
+						}...),
+						Action: runAddSMTPLogger,
+					},
+				},
 			},
 		},
 	}
 )

+func runRemoveLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	group := c.String("group")
+	if len(group) == 0 {
+		group = log.DEFAULT
+	}
+	name := c.Args().First()
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	statusCode, msg := private.RemoveLogger(ctx, group, name)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runAddSMTPLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "smtp"
+	if c.IsSet("host") {
+		vals["host"] = c.String("host")
+	} else {
+		vals["host"] = "127.0.0.1:25"
+	}
+
+	if c.IsSet("username") {
+		vals["username"] = c.String("username")
+	}
+	if c.IsSet("password") {
+		vals["password"] = c.String("password")
+	}
+
+	if !c.IsSet("send-to") {
+		return fmt.Errorf("Some recipients must be provided")
+	}
+	vals["sendTos"] = c.StringSlice("send-to")
+
+	if c.IsSet("subject") {
+		vals["subject"] = c.String("subject")
+	} else {
+		vals["subject"] = "Diagnostic message from Gitea"
+	}
+
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConnLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "conn"
+	vals["net"] = "tcp"
+	if c.IsSet("protocol") {
+		switch c.String("protocol") {
+		case "udp":
+			vals["net"] = "udp"
+		case "unix":
+			vals["net"] = "unix"
+		}
+	}
+	if c.IsSet("address") {
+		vals["address"] = c.String("address")
+	} else {
+		vals["address"] = ":7020"
+	}
+	if c.IsSet("reconnect") {
+		vals["reconnect"] = c.Bool("reconnect")
+	}
+	if c.IsSet("reconnect-on-message") {
+		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddFileLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "file"
+	if c.IsSet("filename") {
+		vals["filename"] = c.String("filename")
+	} else {
+		return fmt.Errorf("filename must be set when creating a file logger")
+	}
+	if c.IsSet("rotate") {
+		vals["rotate"] = c.Bool("rotate")
+	}
+	if c.IsSet("max-size") {
+		vals["maxsize"] = c.Int64("max-size")
+	}
+	if c.IsSet("daily") {
+		vals["daily"] = c.Bool("daily")
+	}
+	if c.IsSet("max-days") {
+		vals["maxdays"] = c.Int("max-days")
+	}
+	if c.IsSet("compress") {
+		vals["compress"] = c.Bool("compress")
+	}
+	if c.IsSet("compression-level") {
+		vals["compressionLevel"] = c.Int("compression-level")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func runAddConsoleLogger(c *cli.Context) error {
+	setup("manager", c.Bool("debug"))
+	vals := map[string]interface{}{}
+	mode := "console"
+	if c.IsSet("stderr") && c.Bool("stderr") {
+		vals["stderr"] = c.Bool("stderr")
+	}
+	return commonAddLogger(c, mode, vals)
+}
+
+func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
+	if len(c.String("level")) > 0 {
+		vals["level"] = log.FromString(c.String("level")).String()
+	}
+	if len(c.String("stacktrace-level")) > 0 {
+		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
+	}
+	if len(c.String("expression")) > 0 {
+		vals["expression"] = c.String("expression")
+	}
+	if len(c.String("prefix")) > 0 {
+		vals["prefix"] = c.String("prefix")
+	}
+	if len(c.String("flags")) > 0 {
+		vals["flags"] = log.FlagsFromString(c.String("flags"))
+	}
+	if c.IsSet("color") {
+		vals["colorize"] = c.Bool("color")
+	}
+	group := "default"
+	if c.IsSet("group") {
+		group = c.String("group")
+	}
+	name := mode
+	if c.IsSet("name") {
+		name = c.String("name")
+	}
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
 func runShutdown(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -145,16 +432,47 @@ func runFlushQueues(c *cli.Context) error {
 	return nil
 }

-func runProcesses(c *cli.Context) error {
+func runPauseLogging(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

 	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.Processes(ctx, os.Stdout, c.Bool("flat"), c.Bool("no-system"), c.Bool("stacktraces"), c.Bool("json"), c.String("cancel"))
+	statusCode, msg := private.PauseLogging(ctx)
 	switch statusCode {
 	case http.StatusInternalServerError:
 		return fail("InternalServerError", msg)
 	}

+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runResumeLogging(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ResumeLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
+	return nil
+}
+
+func runReleaseReopenLogging(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	setup("manager", c.Bool("debug"))
+	statusCode, msg := private.ReleaseReopenLogging(ctx)
+	switch statusCode {
+	case http.StatusInternalServerError:
+		return fail("InternalServerError", msg)
+	}
+
+	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -1,383 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"fmt"
-	"net/http"
-	"os"
-
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/private"
-
-	"github.com/urfave/cli"
-)
-
-var (
-	defaultLoggingFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "group, g",
-			Usage: "Group to add logger to - will default to \"default\"",
-		}, cli.StringFlag{
-			Name:  "name, n",
-			Usage: "Name of the new logger - will default to mode",
-		}, cli.StringFlag{
-			Name:  "level, l",
-			Usage: "Logging level for the new logger",
-		}, cli.StringFlag{
-			Name:  "stacktrace-level, L",
-			Usage: "Stacktrace logging level",
-		}, cli.StringFlag{
-			Name:  "flags, F",
-			Usage: "Flags for the logger",
-		}, cli.StringFlag{
-			Name:  "expression, e",
-			Usage: "Matching expression for the logger",
-		}, cli.StringFlag{
-			Name:  "prefix, p",
-			Usage: "Prefix for the logger",
-		}, cli.BoolFlag{
-			Name:  "color",
-			Usage: "Use color in the logs",
-		}, cli.BoolFlag{
-			Name: "debug",
-		},
-	}
-
-	subcmdLogging = cli.Command{
-		Name:  "logging",
-		Usage: "Adjust logging commands",
-		Subcommands: []cli.Command{
-			{
-				Name:  "pause",
-				Usage: "Pause logging (Gitea will buffer logs up to a certain point and will drop them after that point)",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runPauseLogging,
-			}, {
-				Name:  "resume",
-				Usage: "Resume logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runResumeLogging,
-			}, {
-				Name:  "release-and-reopen",
-				Usage: "Cause Gitea to release and re-open files used for logging",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					},
-				},
-				Action: runReleaseReopenLogging,
-			}, {
-				Name:      "remove",
-				Usage:     "Remove a logger",
-				ArgsUsage: "[name] Name of logger to remove",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					}, cli.StringFlag{
-						Name:  "group, g",
-						Usage: "Group to add logger to - will default to \"default\"",
-					},
-				},
-				Action: runRemoveLogger,
-			}, {
-				Name:  "add",
-				Usage: "Add a logger",
-				Subcommands: []cli.Command{
-					{
-						Name:  "console",
-						Usage: "Add a console logger",
-						Flags: append(defaultLoggingFlags,
-							cli.BoolFlag{
-								Name:  "stderr",
-								Usage: "Output console logs to stderr - only relevant for console",
-							}),
-						Action: runAddConsoleLogger,
-					}, {
-						Name:  "file",
-						Usage: "Add a file logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "filename, f",
-								Usage: "Filename for the logger - this must be set.",
-							}, cli.BoolTFlag{
-								Name:  "rotate, r",
-								Usage: "Rotate logs",
-							}, cli.Int64Flag{
-								Name:  "max-size, s",
-								Usage: "Maximum size in bytes before rotation",
-							}, cli.BoolTFlag{
-								Name:  "daily, d",
-								Usage: "Rotate logs daily",
-							}, cli.IntFlag{
-								Name:  "max-days, D",
-								Usage: "Maximum number of daily logs to keep",
-							}, cli.BoolTFlag{
-								Name:  "compress, z",
-								Usage: "Compress rotated logs",
-							}, cli.IntFlag{
-								Name:  "compression-level, Z",
-								Usage: "Compression level to use",
-							},
-						}...),
-						Action: runAddFileLogger,
-					}, {
-						Name:  "conn",
-						Usage: "Add a net conn logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.BoolFlag{
-								Name:  "reconnect-on-message, R",
-								Usage: "Reconnect to host for every message",
-							}, cli.BoolFlag{
-								Name:  "reconnect, r",
-								Usage: "Reconnect to host when connection is dropped",
-							}, cli.StringFlag{
-								Name:  "protocol, P",
-								Usage: "Set protocol to use: tcp, unix, or udp (defaults to tcp)",
-							}, cli.StringFlag{
-								Name:  "address, a",
-								Usage: "Host address and port to connect to (defaults to :7020)",
-							},
-						}...),
-						Action: runAddConnLogger,
-					}, {
-						Name:  "smtp",
-						Usage: "Add an SMTP logger",
-						Flags: append(defaultLoggingFlags, []cli.Flag{
-							cli.StringFlag{
-								Name:  "username, u",
-								Usage: "Mail server username",
-							}, cli.StringFlag{
-								Name:  "password, P",
-								Usage: "Mail server password",
-							}, cli.StringFlag{
-								Name:  "host, H",
-								Usage: "Mail server host (defaults to: 127.0.0.1:25)",
-							}, cli.StringSliceFlag{
-								Name:  "send-to, s",
-								Usage: "Email address(es) to send to",
-							}, cli.StringFlag{
-								Name:  "subject, S",
-								Usage: "Subject header of sent emails",
-							},
-						}...),
-						Action: runAddSMTPLogger,
-					},
-				},
-			},
-		},
-	}
-)
-
-func runRemoveLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	group := c.String("group")
-	if len(group) == 0 {
-		group = log.DEFAULT
-	}
-	name := c.Args().First()
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.RemoveLogger(ctx, group, name)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runAddSMTPLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "smtp"
-	if c.IsSet("host") {
-		vals["host"] = c.String("host")
-	} else {
-		vals["host"] = "127.0.0.1:25"
-	}
-
-	if c.IsSet("username") {
-		vals["username"] = c.String("username")
-	}
-	if c.IsSet("password") {
-		vals["password"] = c.String("password")
-	}
-
-	if !c.IsSet("send-to") {
-		return fmt.Errorf("Some recipients must be provided")
-	}
-	vals["sendTos"] = c.StringSlice("send-to")
-
-	if c.IsSet("subject") {
-		vals["subject"] = c.String("subject")
-	} else {
-		vals["subject"] = "Diagnostic message from Gitea"
-	}
-
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConnLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "conn"
-	vals["net"] = "tcp"
-	if c.IsSet("protocol") {
-		switch c.String("protocol") {
-		case "udp":
-			vals["net"] = "udp"
-		case "unix":
-			vals["net"] = "unix"
-		}
-	}
-	if c.IsSet("address") {
-		vals["address"] = c.String("address")
-	} else {
-		vals["address"] = ":7020"
-	}
-	if c.IsSet("reconnect") {
-		vals["reconnect"] = c.Bool("reconnect")
-	}
-	if c.IsSet("reconnect-on-message") {
-		vals["reconnectOnMsg"] = c.Bool("reconnect-on-message")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddFileLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "file"
-	if c.IsSet("filename") {
-		vals["filename"] = c.String("filename")
-	} else {
-		return fmt.Errorf("filename must be set when creating a file logger")
-	}
-	if c.IsSet("rotate") {
-		vals["rotate"] = c.Bool("rotate")
-	}
-	if c.IsSet("max-size") {
-		vals["maxsize"] = c.Int64("max-size")
-	}
-	if c.IsSet("daily") {
-		vals["daily"] = c.Bool("daily")
-	}
-	if c.IsSet("max-days") {
-		vals["maxdays"] = c.Int("max-days")
-	}
-	if c.IsSet("compress") {
-		vals["compress"] = c.Bool("compress")
-	}
-	if c.IsSet("compression-level") {
-		vals["compressionLevel"] = c.Int("compression-level")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func runAddConsoleLogger(c *cli.Context) error {
-	setup("manager", c.Bool("debug"))
-	vals := map[string]interface{}{}
-	mode := "console"
-	if c.IsSet("stderr") && c.Bool("stderr") {
-		vals["stderr"] = c.Bool("stderr")
-	}
-	return commonAddLogger(c, mode, vals)
-}
-
-func commonAddLogger(c *cli.Context, mode string, vals map[string]interface{}) error {
-	if len(c.String("level")) > 0 {
-		vals["level"] = log.FromString(c.String("level")).String()
-	}
-	if len(c.String("stacktrace-level")) > 0 {
-		vals["stacktraceLevel"] = log.FromString(c.String("stacktrace-level")).String()
-	}
-	if len(c.String("expression")) > 0 {
-		vals["expression"] = c.String("expression")
-	}
-	if len(c.String("prefix")) > 0 {
-		vals["prefix"] = c.String("prefix")
-	}
-	if len(c.String("flags")) > 0 {
-		vals["flags"] = log.FlagsFromString(c.String("flags"))
-	}
-	if c.IsSet("color") {
-		vals["colorize"] = c.Bool("color")
-	}
-	group := "default"
-	if c.IsSet("group") {
-		group = c.String("group")
-	}
-	name := mode
-	if c.IsSet("name") {
-		name = c.String("name")
-	}
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	statusCode, msg := private.AddLogger(ctx, group, name, mode, vals)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runPauseLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.PauseLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runResumeLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ResumeLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
-
-func runReleaseReopenLogging(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	setup("manager", c.Bool("debug"))
-	statusCode, msg := private.ReleaseReopenLogging(ctx)
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -7,7 +7,7 @@ package cmd
 import (
 	"context"

-	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -24,10 +24,7 @@ var CmdMigrate = cli.Command{
 }

 func runMigrate(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -35,9 +32,9 @@ func runMigrate(ctx *cli.Context) error {
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	setting.InitDBConfig()

-	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
+	if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -9,11 +9,8 @@ import (
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/models/db"
-	git_model "code.gitea.io/gitea/models/git"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
-	repo_model "code.gitea.io/gitea/models/repo"
-	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/storage"
@@ -81,38 +78,35 @@ var CmdMigrateStorage = cli.Command{
 }

 func migrateAttachments(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateAttachment(func(attach *repo_model.Attachment) error {
+	return models.IterateAttachment(func(attach *models.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

 func migrateLFS(dstStorage storage.ObjectStorage) error {
-	return git_model.IterateLFS(func(mo *git_model.LFSMetaObject) error {
+	return models.IterateLFS(func(mo *models.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

 func migrateAvatars(dstStorage storage.ObjectStorage) error {
-	return user_model.IterateUser(func(user *user_model.User) error {
+	return models.IterateUser(func(user *models.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoAvatars(dstStorage storage.ObjectStorage) error {
-	return repo_model.IterateRepository(func(repo *repo_model.Repository) error {
+	return models.IterateRepository(func(repo *models.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

 func runMigrateStorage(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(stdCtx); err != nil {
+	if err := initDB(); err != nil {
 		return err
 	}

@@ -120,9 +114,9 @@ func runMigrateStorage(ctx *cli.Context) error {
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
-	log.Info("Configuration file: %s", setting.CustomConf)
+	setting.InitDBConfig()

-	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
+	if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -7,7 +7,6 @@ package cmd
 import (
 	"errors"
 	"net/http"
-	"strings"

 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/private"
@@ -44,10 +43,6 @@ var CmdRestoreRepository = cli.Command{
 			Usage: `Which items will be restored, one or more units should be separated as comma.
 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.`,
 		},
-		cli.BoolFlag{
-			Name:  "validation",
-			Usage: "Sanity check the content of the files before trying to load them",
-		},
 	},
 }

@@ -55,18 +50,14 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.LoadFromExisting()
-	var units []string
-	if s := c.String("units"); s != "" {
-		units = strings.Split(s, ",")
-	}
+	setting.NewContext()
+
 	statusCode, errStr := private.RestoreRepo(
 		ctx,
 		c.String("repo_dir"),
 		c.String("owner_name"),
 		c.String("repo_name"),
-		units,
-		c.Bool("validation"),
+		c.StringSlice("units"),
 	)
 	if statusCode == http.StatusOK {
 		return nil
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -6,7 +6,6 @@
 package cmd

 import (
-	"context"
 	"fmt"
 	"net/http"
 	"net/url"
@@ -17,20 +16,15 @@ import (
 	"strings"
 	"time"

-	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	git_model "code.gitea.io/gitea/models/git"
-	"code.gitea.io/gitea/models/perm"
-	"code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/process"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/services/lfs"

-	"github.com/golang-jwt/jwt/v4"
+	"github.com/golang-jwt/jwt"
+	jsoniter "github.com/json-iterator/go"
 	"github.com/kballard/go-shellquote"
 	"github.com/urfave/cli"
 )
@@ -62,33 +56,18 @@ func setup(logPath string, debug bool) {
 	} else {
 		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.LoadFromExisting()
+	setting.NewContext()
 	if debug {
 		setting.RunMode = "dev"
 	}
-
-	// Check if setting.RepoRootPath exists. It could be the case that it doesn't exist, this can happen when
-	// `[repository]` `ROOT` is a relative path and $GITEA_WORK_DIR isn't passed to the SSH connection.
-	if _, err := os.Stat(setting.RepoRootPath); err != nil {
-		if os.IsNotExist(err) {
-			_ = fail("Incorrect configuration, no repository directory.", "Directory `[repository].ROOT` %q was not found, please check if $GITEA_WORK_DIR is passed to the SSH connection or make `[repository].ROOT` an absolute value.", setting.RepoRootPath)
-		} else {
-			_ = fail("Incorrect configuration, repository directory is inaccessible", "Directory `[repository].ROOT` %q is inaccessible. err: %v", setting.RepoRootPath, err)
-		}
-		return
-	}
-
-	if err := git.InitSimple(context.Background()); err != nil {
-		_ = fail("Failed to init git", "Failed to init git, err: %v", err)
-	}
 }

 var (
-	allowedCommands = map[string]perm.AccessMode{
-		"git-upload-pack":    perm.AccessModeRead,
-		"git-upload-archive": perm.AccessModeRead,
-		"git-receive-pack":   perm.AccessModeWrite,
-		lfsAuthenticateVerb:  perm.AccessModeNone,
+	allowedCommands = map[string]models.AccessMode{
+		"git-upload-pack":    models.AccessModeRead,
+		"git-upload-archive": models.AccessModeRead,
+		"git-receive-pack":   models.AccessModeWrite,
+		lfsAuthenticateVerb:  models.AccessModeNone,
 	}
 	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )
@@ -96,12 +75,12 @@ var (
 func fail(userMessage, logMessage string, args ...interface{}) error {
 	// There appears to be a chance to cause a zombie process and failure to read the Exit status
 	// if nothing is outputted on stdout.
-	_, _ = fmt.Fprintln(os.Stdout, "")
-	_, _ = fmt.Fprintln(os.Stderr, "Gitea:", userMessage)
+	fmt.Fprintln(os.Stdout, "")
+	fmt.Fprintln(os.Stderr, "Gitea:", userMessage)

 	if len(logMessage) > 0 {
-		if !setting.IsProd {
-			_, _ = fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
+		if !setting.IsProd() {
+			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
 	}
 	ctx, cancel := installSignals()
@@ -110,7 +89,7 @@ func fail(userMessage, logMessage string, args ...interface{}) error {
 	if len(logMessage) > 0 {
 		_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
 	}
-	return cli.NewExitError("", 1)
+	return cli.NewExitError(fmt.Sprintf("Gitea: %s", userMessage), 1)
 }

 func runServ(c *cli.Context) error {
@@ -148,9 +127,9 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to check provided key: %v", err)
 		}
 		switch key.Type {
-		case asymkey_model.KeyTypeDeploy:
+		case models.KeyTypeDeploy:
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
-		case asymkey_model.KeyTypePrincipal:
+		case models.KeyTypePrincipal:
 			println("Hi there! You've successfully authenticated with the principal " + key.Content + ", but Gitea does not provide shell access.")
 		default:
 			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
@@ -167,13 +146,6 @@ func runServ(c *cli.Context) error {
 	}

 	if len(words) < 2 {
-		if git.CheckGitVersionAtLeast("2.29") == nil {
-			// for AGit Flow
-			if cmd == "ssh_info" {
-				fmt.Print(`{"type":"gitea","version":1}`)
-				return nil
-			}
-		}
 		return fail("Too few arguments", "Too few arguments in cmd: %s", cmd)
 	}

@@ -209,7 +181,7 @@ func runServ(c *cli.Context) error {
 		return fail("Invalid repo name", "Invalid repo name: %s", reponame)
 	}

-	if c.Bool("enable-pprof") {
+	if setting.EnablePprof || c.Bool("enable-pprof") {
 		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
 			return fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}
@@ -234,9 +206,9 @@ func runServ(c *cli.Context) error {

 	if verb == lfsAuthenticateVerb {
 		if lfsVerb == "upload" {
-			requestedMode = perm.AccessModeWrite
+			requestedMode = models.AccessModeWrite
 		} else if lfsVerb == "download" {
-			requestedMode = perm.AccessModeRead
+			requestedMode = models.AccessModeRead
 		} else {
 			return fail("Unknown LFS verb", "Unknown lfs verb %s", lfsVerb)
 		}
@@ -253,16 +225,27 @@ func runServ(c *cli.Context) error {
 		}
 		return fail("Internal Server Error", "%s", err.Error())
 	}
+	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	os.Setenv(models.EnvRepoName, results.RepoName)
+	os.Setenv(models.EnvRepoUsername, results.OwnerName)
+	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherEmail, results.UserEmail)
+	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
+	os.Setenv(models.EnvRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.EnvPRID, fmt.Sprintf("%d", 0))
+	os.Setenv(models.EnvIsDeployKey, fmt.Sprintf("%t", results.IsDeployKey))
+	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
+	os.Setenv(models.EnvAppURL, setting.AppURL)

-	// LFS token authentication
+	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
 		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
 		claims := lfs.Claims{
-			RegisteredClaims: jwt.RegisteredClaims{
-				ExpiresAt: jwt.NewNumericDate(now.Add(setting.LFS.HTTPAuthExpiry)),
-				NotBefore: jwt.NewNumericDate(now),
+			StandardClaims: jwt.StandardClaims{
+				ExpiresAt: now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
+				NotBefore: now.Unix(),
 			},
 			RepoID: results.RepoID,
 			Op:     lfsVerb,
@@ -276,12 +259,13 @@ func runServ(c *cli.Context) error {
 			return fail("Internal error", "Failed to sign JWT token: %v", err)
 		}

-		tokenAuthentication := &git_model.LFSTokenResponse{
+		tokenAuthentication := &models.LFSTokenResponse{
 			Header: make(map[string]string),
 			Href:   url,
 		}
 		tokenAuthentication.Header["Authorization"] = fmt.Sprintf("Bearer %s", tokenString)

+		json := jsoniter.ConfigCompatibleWithStandardLibrary
 		enc := json.NewEncoder(os.Stdout)
 		err = enc.Encode(tokenAuthentication)
 		if err != nil {
@@ -303,29 +287,10 @@ func runServ(c *cli.Context) error {
 		gitcmd = exec.CommandContext(ctx, verb, repoPath)
 	}

-	process.SetSysProcAttribute(gitcmd)
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
 	gitcmd.Stderr = os.Stderr
-	gitcmd.Env = append(gitcmd.Env, os.Environ()...)
-	gitcmd.Env = append(gitcmd.Env,
-		repo_module.EnvRepoIsWiki+"="+strconv.FormatBool(results.IsWiki),
-		repo_module.EnvRepoName+"="+results.RepoName,
-		repo_module.EnvRepoUsername+"="+results.OwnerName,
-		repo_module.EnvPusherName+"="+results.UserName,
-		repo_module.EnvPusherEmail+"="+results.UserEmail,
-		repo_module.EnvPusherID+"="+strconv.FormatInt(results.UserID, 10),
-		repo_module.EnvRepoID+"="+strconv.FormatInt(results.RepoID, 10),
-		repo_module.EnvPRID+"="+fmt.Sprintf("%d", 0),
-		repo_module.EnvDeployKeyID+"="+fmt.Sprintf("%d", results.DeployKeyID),
-		repo_module.EnvKeyID+"="+fmt.Sprintf("%d", results.KeyID),
-		repo_module.EnvAppURL+"="+setting.AppURL,
-	)
-	// to avoid breaking, here only use the minimal environment variables for the "gitea serv" command.
-	// it could be re-considered whether to use the same git.CommonGitCmdEnvs() as "git" command later.
-	gitcmd.Env = append(gitcmd.Env, git.CommonCmdServEnvs()...)
-
 	if err = gitcmd.Run(); err != nil {
 		return fail("Internal error", "Failed to execute git command: %v", err)
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -9,19 +9,17 @@ import (
 	"fmt"
 	"net"
 	"net/http"
+	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
 	"strings"

-	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
-
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/install"

-	"github.com/felixge/fgprof"
+	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
 	ini "gopkg.in/ini.v1"
 )
@@ -61,9 +59,6 @@ and it takes care of all the other things for you`,
 }

 func runHTTPRedirector() {
-	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: HTTP Redirector", process.SystemProcessType, true)
-	defer finished()
-
 	source := fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.PortToRedirect)
 	dest := strings.TrimSuffix(setting.AppURL, "/")
 	log.Info("Redirecting: %s to %s", source, dest)
@@ -76,7 +71,8 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})

-	err := runHTTP("tcp", source, "HTTP Redirector", handler)
+	var err = runHTTP("tcp", source, "HTTP Redirector", context2.ClearHandler(handler))
+
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@@ -92,7 +88,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 	defer func() {
 		if panicked := recover(); panicked != nil {
-			log.Fatal("PANIC: %v\n%s", panicked, log.Stack(2))
+			log.Fatal("PANIC: %v\n%s", panicked, string(log.Stack(2)))
 		}
 	}()

@@ -128,10 +124,6 @@ func runWeb(ctx *cli.Context) error {
 		}
 		c := install.Routes()
 		err := listen(c, false)
-		if err != nil {
-			log.Critical("Unable to open listener for installer. Is Gitea already running?")
-			graceful.GetManager().DoGracefulShutdown()
-		}
 		select {
 		case <-graceful.GetManager().IsShutdown():
 			<-graceful.GetManager().Done()
@@ -146,25 +138,14 @@ func runWeb(ctx *cli.Context) error {

 	if setting.EnablePprof {
 		go func() {
-			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
-			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
 			log.Info("Starting pprof server on localhost:6060")
 			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
-			finished()
 		}()
 	}

 	log.Info("Global init")
 	// Perform global initialization
-	setting.LoadFromExisting()
-	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())
-
-	// We check that AppDataPath exists here (it should have been created during installation)
-	// We can't check it in `GlobalInitInstalled`, because some integration tests
-	// use cmd -> GlobalInitInstalled, but the AppDataPath doesn't exist during those tests.
-	if _, err := os.Stat(setting.AppDataPath); err != nil {
-		log.Fatal("Can not find APP_DATA_PATH '%s'", setting.AppDataPath)
-	}
+	routers.GlobalInit(graceful.GetManager().HammerContext())

 	// Override the provided port number within the configuration
 	if ctx.IsSet("port") {
@@ -187,7 +168,7 @@ func setPort(port string) error {
 	setting.HTTPPort = port

 	switch setting.Protocol {
-	case setting.HTTPUnix:
+	case setting.UnixSocket:
 	case setting.FCGI:
 	case setting.FCGIUnix:
 	default:
@@ -209,11 +190,9 @@ func setPort(port string) error {

 func listen(m http.Handler, handleRedirector bool) error {
 	listenAddr := setting.HTTPAddr
-	if setting.Protocol != setting.HTTPUnix && setting.Protocol != setting.FCGIUnix {
+	if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
 		listenAddr = net.JoinHostPort(listenAddr, setting.HTTPPort)
 	}
-	_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: Gitea Server", process.SystemProcessType, true)
-	defer finished()
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
 	// This can be useful for users, many users do wrong to their config and get strange behaviors behind a reverse-proxy.
 	// A user may fix the configuration mistake when he sees this log.
@@ -230,36 +209,35 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, "Web", m)
+		err = runHTTP("tcp", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.HTTPS:
-		if setting.EnableAcme {
-			err = runACME(listenAddr, m)
+		if setting.EnableLetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
 			break
-		} else {
-			if handleRedirector {
-				if setting.RedirectOtherPort {
-					go runHTTPRedirector()
-				} else {
-					NoHTTPRedirector()
-				}
-			}
-			err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 		}
+		if handleRedirector {
+			if setting.RedirectOtherPort {
+				go runHTTPRedirector()
+			} else {
+				NoHTTPRedirector()
+			}
+		}
+		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
-	case setting.HTTPUnix:
+		err = runFCGI("tcp", listenAddr, "FCGI Web", context2.ClearHandler(m))
+	case setting.UnixSocket:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, "Web", m)
+		err = runHTTP("unix", listenAddr, "Web", context2.ClearHandler(m))
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, "Web", m)
+		err = runFCGI("unix", listenAddr, "Web", context2.ClearHandler(m))
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -1,136 +0,0 @@
-// Copyright 2020 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/x509"
-	"encoding/pem"
-	"fmt"
-	"net/http"
-	"os"
-	"strconv"
-	"strings"
-
-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/process"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/caddyserver/certmagic"
-)
-
-func getCARoot(path string) (*x509.CertPool, error) {
-	r, err := os.ReadFile(path)
-	if err != nil {
-		return nil, err
-	}
-	block, _ := pem.Decode(r)
-	if block == nil {
-		return nil, fmt.Errorf("no PEM found in the file %s", path)
-	}
-	caRoot, err := x509.ParseCertificate(block.Bytes)
-	if err != nil {
-		return nil, err
-	}
-	certPool := x509.NewCertPool()
-	certPool.AddCert(caRoot)
-	return certPool, nil
-}
-
-func runACME(listenAddr string, m http.Handler) error {
-	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
-	// Due to docker port mapping this can't be checked programmatically
-	// TODO: these are placeholders until we add options for each in settings with appropriate warning
-	enableHTTPChallenge := true
-	enableTLSALPNChallenge := true
-	altHTTPPort := 0
-	altTLSALPNPort := 0
-
-	if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
-		altHTTPPort = p
-	}
-	if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
-		altTLSALPNPort = p
-	}
-
-	magic := certmagic.NewDefault()
-	magic.Storage = &certmagic.FileStorage{Path: setting.AcmeLiveDirectory}
-	// Try to use private CA root if provided, otherwise defaults to system's trust
-	var certPool *x509.CertPool
-	if setting.AcmeCARoot != "" {
-		var err error
-		certPool, err = getCARoot(setting.AcmeCARoot)
-		if err != nil {
-			log.Warn("Failed to parse CA Root certificate, using default CA trust: %v", err)
-		}
-	}
-	myACME := certmagic.NewACMEIssuer(magic, certmagic.ACMEIssuer{
-		CA:                      setting.AcmeURL,
-		TrustedRoots:            certPool,
-		Email:                   setting.AcmeEmail,
-		Agreed:                  setting.AcmeTOS,
-		DisableHTTPChallenge:    !enableHTTPChallenge,
-		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
-		ListenHost:              setting.HTTPAddr,
-		AltTLSALPNPort:          altTLSALPNPort,
-		AltHTTPPort:             altHTTPPort,
-	})
-
-	magic.Issuers = []certmagic.Issuer{myACME}
-
-	// this obtains certificates or renews them if necessary
-	err := magic.ManageSync(graceful.GetManager().HammerContext(), []string{setting.Domain})
-	if err != nil {
-		return err
-	}
-
-	tlsConfig := magic.TLSConfig()
-	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
-
-	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
-		tlsConfig.MinVersion = version
-	}
-	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
-		tlsConfig.MaxVersion = version
-	}
-
-	// Set curve preferences
-	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
-		tlsConfig.CurvePreferences = curves
-	}
-
-	// Set cipher suites
-	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
-		tlsConfig.CipherSuites = ciphers
-	}
-
-	if enableHTTPChallenge {
-		go func() {
-			_, _, finished := process.GetManager().AddTypedContext(graceful.GetManager().HammerContext(), "Web: ACME HTTP challenge server", process.SystemProcessType, true)
-			defer finished()
-
-			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
-			if err != nil {
-				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
-			}
-		}()
-	}
-
-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
-}
-
-func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
-	if r.Method != "GET" && r.Method != "HEAD" {
-		http.Error(w, "Use HTTPS", http.StatusBadRequest)
-		return
-	}
-	// Remove the trailing slash at the end of setting.AppURL, the request
-	// URI always contains a leading slash, which would result in a double
-	// slash
-	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
-	http.Redirect(w, r, target, http.StatusTemporaryRedirect)
-}
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -5,6 +5,7 @@
 package cmd

 import (
+	"crypto/tls"
 	"net"
 	"net/http"
 	"net/http/fcgi"
@@ -19,6 +20,14 @@ func runHTTP(network, listenAddr, name string, m http.Handler) error {
 	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }

+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLS(network, listenAddr, name, certFile, keyFile, m)
+}
+
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
+}
+
 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
 func NoHTTPRedirector() {
 	graceful.GetManager().InformCleanup()
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,192 +0,0 @@
-// Copyright 2021 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"crypto/tls"
-	"net/http"
-	"os"
-	"strings"
-
-	"code.gitea.io/gitea/modules/graceful"
-	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/klauspost/cpuid/v2"
-)
-
-var tlsVersionStringMap = map[string]uint16{
-	"":        tls.VersionTLS12, // Default to tls.VersionTLS12
-	"tlsv1.0": tls.VersionTLS10,
-	"tlsv1.1": tls.VersionTLS11,
-	"tlsv1.2": tls.VersionTLS12,
-	"tlsv1.3": tls.VersionTLS13,
-}
-
-func toTLSVersion(version string) uint16 {
-	tlsVersion, ok := tlsVersionStringMap[strings.TrimSpace(strings.ToLower(version))]
-	if !ok {
-		log.Warn("Unknown tls version: %s", version)
-		return 0
-	}
-	return tlsVersion
-}
-
-var curveStringMap = map[string]tls.CurveID{
-	"x25519": tls.X25519,
-	"p256":   tls.CurveP256,
-	"p384":   tls.CurveP384,
-	"p521":   tls.CurveP521,
-}
-
-func toCurvePreferences(preferences []string) []tls.CurveID {
-	ids := make([]tls.CurveID, 0, len(preferences))
-	for _, pref := range preferences {
-		id, ok := curveStringMap[strings.TrimSpace(strings.ToLower(pref))]
-		if !ok {
-			log.Warn("Unknown curve: %s", pref)
-		}
-		if id != 0 {
-			ids = append(ids, id)
-		}
-	}
-	return ids
-}
-
-var cipherStringMap = map[string]uint16{
-	"rsa_with_rc4_128_sha":                      tls.TLS_RSA_WITH_RC4_128_SHA,
-	"rsa_with_3des_ede_cbc_sha":                 tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
-	"rsa_with_aes_128_cbc_sha":                  tls.TLS_RSA_WITH_AES_128_CBC_SHA,
-	"rsa_with_aes_256_cbc_sha":                  tls.TLS_RSA_WITH_AES_256_CBC_SHA,
-	"rsa_with_aes_128_cbc_sha256":               tls.TLS_RSA_WITH_AES_128_CBC_SHA256,
-	"rsa_with_aes_128_gcm_sha256":               tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
-	"rsa_with_aes_256_gcm_sha384":               tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_ecdsa_with_rc4_128_sha":              tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
-	"ecdhe_ecdsa_with_aes_128_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
-	"ecdhe_ecdsa_with_aes_256_cbc_sha":          tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
-	"ecdhe_rsa_with_rc4_128_sha":                tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA,
-	"ecdhe_rsa_with_3des_ede_cbc_sha":           tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
-	"ecdhe_rsa_with_aes_128_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
-	"ecdhe_rsa_with_aes_256_cbc_sha":            tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
-	"ecdhe_ecdsa_with_aes_128_cbc_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
-	"ecdhe_rsa_with_aes_128_cbc_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
-	"ecdhe_rsa_with_aes_128_gcm_sha256":         tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	"ecdhe_ecdsa_with_aes_128_gcm_sha256":       tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-	"ecdhe_rsa_with_aes_256_gcm_sha384":         tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_ecdsa_with_aes_256_gcm_sha384":       tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-	"ecdhe_rsa_with_chacha20_poly1305_sha256":   tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
-	"ecdhe_ecdsa_with_chacha20_poly1305_sha256": tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
-	"ecdhe_rsa_with_chacha20_poly1305":          tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-	"ecdhe_ecdsa_with_chacha20_poly1305":        tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-	"aes_128_gcm_sha256":                        tls.TLS_AES_128_GCM_SHA256,
-	"aes_256_gcm_sha384":                        tls.TLS_AES_256_GCM_SHA384,
-	"chacha20_poly1305_sha256":                  tls.TLS_CHACHA20_POLY1305_SHA256,
-}
-
-func toTLSCiphers(cipherStrings []string) []uint16 {
-	ciphers := make([]uint16, 0, len(cipherStrings))
-	for _, cipherString := range cipherStrings {
-		cipher, ok := cipherStringMap[strings.TrimSpace(strings.ToLower(cipherString))]
-		if !ok {
-			log.Warn("Unknown cipher: %s", cipherString)
-		}
-		if cipher != 0 {
-			ciphers = append(ciphers, cipher)
-		}
-	}
-
-	return ciphers
-}
-
-// defaultCiphers uses hardware support to check if AES is specifically
-// supported by the CPU.
-//
-// If AES is supported AES ciphers will be preferred over ChaCha based ciphers
-// (This code is directly inspired by the certmagic code.)
-func defaultCiphers() []uint16 {
-	if cpuid.CPU.Supports(cpuid.AESNI) {
-		return defaultCiphersAESfirst
-	}
-	return defaultCiphersChaChaFirst
-}
-
-var (
-	defaultCiphersAES = []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
-		tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
-		tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
-	}
-
-	defaultCiphersChaCha = []uint16{
-		tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,
-		tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
-	}
-
-	defaultCiphersAESfirst    = append(defaultCiphersAES, defaultCiphersChaCha...)
-	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
-)
-
-// runHTTPs listens on the provided network address and then calls
-// Serve to handle requests on incoming TLS connections.
-//
-// Filenames containing a certificate and matching private key for the server must
-// be provided. If the certificate is signed by a certificate authority, the
-// certFile should be the concatenation of the server's certificate followed by the
-// CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
-	tlsConfig := &tls.Config{}
-	if tlsConfig.NextProtos == nil {
-		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
-	}
-
-	if version := toTLSVersion(setting.SSLMinimumVersion); version != 0 {
-		tlsConfig.MinVersion = version
-	}
-	if version := toTLSVersion(setting.SSLMaximumVersion); version != 0 {
-		tlsConfig.MaxVersion = version
-	}
-
-	// Set curve preferences
-	tlsConfig.CurvePreferences = []tls.CurveID{
-		tls.X25519,
-		tls.CurveP256,
-	}
-	if curves := toCurvePreferences(setting.SSLCurvePreferences); len(curves) > 0 {
-		tlsConfig.CurvePreferences = curves
-	}
-
-	// Set cipher suites
-	tlsConfig.CipherSuites = defaultCiphers()
-	if ciphers := toTLSCiphers(setting.SSLCipherSuites); len(ciphers) > 0 {
-		tlsConfig.CipherSuites = ciphers
-	}
-
-	tlsConfig.Certificates = make([]tls.Certificate, 1)
-
-	certPEMBlock, err := os.ReadFile(certFile)
-	if err != nil {
-		log.Error("Failed to load https cert file %s for %s:%s: %v", certFile, network, listenAddr, err)
-		return err
-	}
-
-	keyPEMBlock, err := os.ReadFile(keyFile)
-	if err != nil {
-		log.Error("Failed to load https key file %s for %s:%s: %v", keyFile, network, listenAddr, err)
-		return err
-	}
-
-	tlsConfig.Certificates[0], err = tls.X509KeyPair(certPEMBlock, keyPEMBlock)
-	if err != nil {
-		log.Error("Failed to create certificate from cert file %s and key file %s for %s:%s: %v", certFile, keyFile, network, listenAddr, err)
-		return err
-	}
-
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
-}
-
-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
-}
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -0,0 +1,83 @@
+// Copyright 2020 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"net/http"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/caddyserver/certmagic"
+	context2 "github.com/gorilla/context"
+)
+
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+
+	// If HTTP Challenge enabled, needs to be serving on port 80. For TLSALPN needs 443.
+	// Due to docker port mapping this can't be checked programmatically
+	// TODO: these are placeholders until we add options for each in settings with appropriate warning
+	enableHTTPChallenge := true
+	enableTLSALPNChallenge := true
+	altHTTPPort := 0
+	altTLSALPNPort := 0
+
+	if p, err := strconv.Atoi(setting.PortToRedirect); err == nil {
+		altHTTPPort = p
+	}
+	if p, err := strconv.Atoi(setting.HTTPPort); err == nil {
+		altTLSALPNPort = p
+	}
+
+	magic := certmagic.NewDefault()
+	magic.Storage = &certmagic.FileStorage{Path: directory}
+	myACME := certmagic.NewACMEManager(magic, certmagic.ACMEManager{
+		Email:                   email,
+		Agreed:                  setting.LetsEncryptTOS,
+		DisableHTTPChallenge:    !enableHTTPChallenge,
+		DisableTLSALPNChallenge: !enableTLSALPNChallenge,
+		ListenHost:              setting.HTTPAddr,
+		AltTLSALPNPort:          altTLSALPNPort,
+		AltHTTPPort:             altHTTPPort,
+	})
+
+	magic.Issuers = []certmagic.Issuer{myACME}
+
+	// this obtains certificates or renews them if necessary
+	err := magic.ManageSync([]string{domain})
+	if err != nil {
+		return err
+	}
+
+	tlsConfig := magic.TLSConfig()
+	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
+
+	if enableHTTPChallenge {
+		go func() {
+			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+			var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
+			if err != nil {
+				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+			}
+		}()
+	}
+
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, context2.ClearHandler(m))
+}
+
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimSuffix(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -156,7 +156,6 @@ func runEnvironmentToIni(c *cli.Context) error {
 		destination = setting.CustomConf
 	}
 	if destination != setting.CustomConf || changed {
-		log.Info("Settings saved to: %q", destination)
 		err = cfg.SaveTo(destination)
 		if err != nil {
 			return err
@@ -225,6 +224,7 @@ func DecodeSectionKey(encoded string) (string, string) {
 	if !inKey {
 		if splitter := strings.Index(remaining, "__"); splitter > -1 {
 			section += remaining[:splitter]
+			inKey = true
 			key += remaining[splitter+2:]
 		} else {
 			section += remaining
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -1,8 +1,8 @@
 #!/bin/bash

-#############################################################################
-# This script sets some defaults for gitea to run in a FHS compliant manner #
-#############################################################################
+########################################################################
+# This script some defaults for gitea to run in a FHS compliant manner #
+########################################################################

 # It assumes that you place this script as gitea in /usr/bin
 #
@@ -33,8 +33,10 @@ for i in "$@"; do
 done

 if [ -z "$APP_INI_SET" ]; then
-	CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}")
+	CONF_ARG="-c \"$APP_INI\""
 fi

-# Provide FHS compliant defaults
-GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}"  "$@"
+# Provide FHS compliant defaults to
+GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"
+
+
--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -6,11 +6,11 @@ package main

 import (
 	"fmt"
+	"io/ioutil"
 	"os"
 	"path/filepath"

 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/models/unittest"
 )

 // To generate derivative fixtures, execute the following from Gitea's repository base dir:
@@ -31,13 +31,11 @@ var (
 func main() {
 	pathToGiteaRoot := "."
 	fixturesDir = filepath.Join(pathToGiteaRoot, "models", "fixtures")
-	if err := unittest.CreateTestEngine(unittest.FixturesOptions{
-		Dir: fixturesDir,
-	}); err != nil {
+	if err := models.CreateTestEngine(fixturesDir); err != nil {
 		fmt.Printf("CreateTestEngine: %+v", err)
 		os.Exit(1)
 	}
-	if err := unittest.PrepareTestDatabase(); err != nil {
+	if err := models.PrepareTestDatabase(); err != nil {
 		fmt.Printf("PrepareTestDatabase: %+v\n", err)
 		os.Exit(1)
 	}
@@ -66,7 +64,7 @@ func generate(name string) error {
 				return err
 			}
 			path := filepath.Join(fixturesDir, name+".yml")
-			if err := os.WriteFile(path, []byte(data), 0o644); err != nil {
+			if err := ioutil.WriteFile(path, []byte(data), 0644); err != nil {
 				return fmt.Errorf("%s: %+v", path, err)
 			}
 			fmt.Printf("%s created.\n", path)
--- a/contrib/gitea-monitoring-mixin/.gitignore
+++ b/contrib/gitea-monitoring-mixin/.gitignore
@@ -1,2 +0,0 @@
-dashboards_out
-vendor
--- a/contrib/gitea-monitoring-mixin/Makefile
+++ b/contrib/gitea-monitoring-mixin/Makefile
@@ -1,31 +0,0 @@
-JSONNET_FMT := jsonnetfmt -n 2 --max-blank-lines 1 --string-style s --comment-style s
-
-.PHONY: all
-all: build dashboards_out
-
-vendor: jsonnetfile.json
-	jb install
-
-.PHONY: build
-build: vendor
-
-.PHONY: fmt
-fmt:
-	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
-		xargs -n 1 -- $(JSONNET_FMT) -i
-
-.PHONY: lint
-lint: build
-	find . -name 'vendor' -prune -o -name '*.libsonnet' -print -o -name '*.jsonnet' -print | \
-		while read f; do \
-			$(JSONNET_FMT) "$$f" | diff -u "$$f" -; \
-		done
-	mixtool lint mixin.libsonnet
-
-dashboards_out: mixin.libsonnet config.libsonnet $(wildcard dashboards/*)
-	@mkdir -p dashboards_out
-	jsonnet -J vendor -m dashboards_out lib/dashboards.jsonnet
-
-.PHONY: clean
-clean:
-	rm -rf dashboards_out
--- a/contrib/gitea-monitoring-mixin/README.md
+++ b/contrib/gitea-monitoring-mixin/README.md
@@ -1,33 +0,0 @@
-# Gitea Mixin
-
-Gitea Mixin is a set of configurable Grafana dashboards based on the metrics exported by the Gitea built-in metrics endpoint.
-
-## Generate config files
-
-You can manually generate dashboards, but first you should install some tools:
-
-```bash
-go install github.com/jsonnet-bundler/jsonnet-bundler/cmd/jb@latest
-go install github.com/google/go-jsonnet/cmd/jsonnet@latest
-# or in brew: brew install go-jsonnet
-```
-
-For linting and formatting, you would also need `mixtool` and `jsonnetfmt` installed. If you
-have a working Go development environment, it's easiest to run the following:
-
-```bash
-go install github.com/monitoring-mixins/mixtool/cmd/mixtool@latest
-go install github.com/google/go-jsonnet/cmd/jsonnetfmt@latest
-```
-
-The files in `dashboards_out` need to be imported
-into your Grafana server.  The exact details will be depending on your environment.
-
-Edit `config.libsonnet` if required and then build JSON dashboard files for Grafana:
-
-```bash
-make
-```
-
-For more advanced uses of mixins, see
-https://github.com/monitoring-mixins/docs.
--- a/contrib/gitea-monitoring-mixin/config.libsonnet
+++ b/contrib/gitea-monitoring-mixin/config.libsonnet
@@ -1,99 +0,0 @@
-{
-  _config+:: {
-    local c = self,
-    dashboardNamePrefix: 'Gitea',
-    dashboardTags: ['gitea'],
-    dashboardPeriod: 'now-1h',
-    dashboardTimezone: 'default',
-    dashboardRefresh: '1m',
-
-    // please see https://docs.gitea.io/en-us/config-cheat-sheet/#metrics-metrics
-    // Show issue by repository metrics with format gitea_issues_by_repository{repository="org/repo"} 5.
-    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_REPOSITORY set to true.
-    showIssuesByRepository: true,
-    // Show graphs for issue by label metrics with format gitea_issues_by_label{label="bug"} 2.
-    // Requires Gitea 1.16.0 with ENABLED_ISSUE_BY_LABEL set to true.
-    showIssuesByLabel: true,
-
-    // Requires Gitea 1.16.0.
-    showIssuesOpenClose: true,
-
-    // add or remove metrics from dashboard
-    giteaStatMetrics:
-      [
-        {
-          name: 'gitea_organizations',
-          description: 'Organizations',
-        },
-        {
-          name: 'gitea_teams',
-          description: 'Teams',
-        },
-        {
-          name: 'gitea_users',
-          description: 'Users',
-        },
-        {
-          name: 'gitea_repositories',
-          description: 'Repositories',
-        },
-        {
-          name: 'gitea_milestones',
-          description: 'Milestones',
-        },
-        {
-          name: 'gitea_stars',
-          description: 'Stars',
-        },
-        {
-          name: 'gitea_releases',
-          description: 'Releases',
-        },
-      ]
-      +
-      if c.showIssuesOpenClose then
-        [
-          {
-            name: 'gitea_issues_open',
-            description: 'Issues opened',
-          },
-          {
-            name: 'gitea_issues_closed',
-            description: 'Issues closed',
-          },
-        ] else
-        [
-          {
-            name: 'gitea_issues',
-            description: 'Issues',
-          },
-        ],
-    //set this for using label colors on graphs
-    issueLabels: [
-      {
-        label: 'bug',
-        color: '#ee0701',
-      },
-      {
-        label: 'duplicate',
-        color: '#cccccc',
-      },
-      {
-        label: 'invalid',
-        color: '#e6e6e6',
-      },
-      {
-        label: 'enhancement',
-        color: '#84b6eb',
-      },
-      {
-        label: 'help wanted',
-        color: '#128a0c',
-      },
-      {
-        label: 'question',
-        color: '#cc317c',
-      },
-    ],
-  },
-}
--- a/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/dashboards.libsonnet
@@ -1 +0,0 @@
-(import 'overview.libsonnet')
--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -1,461 +0,0 @@
-local grafana = import 'github.com/grafana/grafonnet-lib/grafonnet/grafana.libsonnet';
-local prometheus = grafana.prometheus;
-
-local addIssueLabelsOverrides(labels) =
-  {
-    fieldConfig+: {
-      overrides+: [
-        {
-          matcher: {
-            id: 'byRegexp',
-            options: label.label,
-          },
-          properties: [
-            {
-              id: 'color',
-              value: {
-                fixedColor: label.color,
-                mode: 'fixed',
-              },
-            },
-          ],
-        }
-        for label in labels
-      ],
-    },
-  };
-
-{
-
-  grafanaDashboards+:: {
-
-    local giteaSelector = 'job="$job", instance="$instance"',
-    local giteaStatsPanel =
-      grafana.statPanel.new(
-        'Gitea stats',
-        datasource='$datasource',
-        reducerFunction='lastNotNull',
-        graphMode='none',
-        colorMode='value',
-      )
-      .addTargets(
-        [
-          prometheus.target(expr='%s{%s}' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=10)
-          for metric in $._config.giteaStatMetrics
-        ]
-      )
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              fixedColor: 'blue',
-              mode: 'fixed',
-            },
-          },
-        },
-      },
-
-    local giteaUptimePanel =
-      grafana.statPanel.new(
-        'Uptime',
-        datasource='$datasource',
-        reducerFunction='last',
-        graphMode='area',
-        colorMode='value',
-      )
-      .addTarget(prometheus.target(expr='time()-process_start_time_seconds{%s}' % giteaSelector, intervalFactor=1))
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              fixedColor: 'blue',
-              mode: 'fixed',
-            },
-            unit: 's',
-          },
-        },
-      },
-
-    local giteaMemoryPanel =
-      grafana.graphPanel.new(
-        'Memory usage',
-        datasource='$datasource'
-      )
-      .addTarget(prometheus.target(expr='process_resident_memory_bytes{%s}' % giteaSelector, intervalFactor=2))
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              fillOpacity: 15,
-            },
-            color: {
-              fixedColor: 'green',
-              mode: 'fixed',
-            },
-            unit: 'decbytes',
-          },
-        },
-      },
-
-    local giteaCpuPanel =
-      grafana.graphPanel.new(
-        'CPU usage',
-        datasource='$datasource'
-      )
-      .addTarget(prometheus.target(expr='rate(process_cpu_seconds_total{%s}[$__rate_interval])*100' % giteaSelector, intervalFactor=2))
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              gradientMode: 'scheme',
-              fillOpacity: 15,
-              axisSoftMin: 0,
-              axisSoftMax: 0,
-            },
-            color: {
-              mode: 'continuous-GrYlRd',  // from green to red (100%)
-            },
-            unit: 'percent',
-          },
-          overrides: [
-            {
-              matcher: {
-                id: 'byRegexp',
-                options: '.+',
-              },
-              properties: [
-                {
-                  id: 'max',
-                  value: 100,
-                },
-                {
-                  id: 'min',
-                  value: 0,
-                },
-              ],
-            },
-          ],
-        },
-      },
-
-    local giteaFileDescriptorsPanel =
-      grafana.graphPanel.new(
-        'File descriptors usage',
-        datasource='$datasource',
-      )
-      .addTarget(prometheus.target(expr='process_open_fds{%s}' % giteaSelector, intervalFactor=2))
-      .addTarget(prometheus.target(expr='process_max_fds{%s}' % giteaSelector, intervalFactor=2))
-      .addSeriesOverride(
-        {
-          alias: '/process_max_fds.+/',
-          color: '#F2495C',  // red
-          dashes: true,
-          fill: 0,
-        },
-      )
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            displayMode: 'hidden',
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            custom+: {
-              lineInterpolation: 'smooth',
-              gradientMode: 'scheme',
-              fillOpacity: 0,
-            },
-            color: {
-              fixedColor: 'green',
-              mode: 'fixed',
-            },
-            unit: '',
-          },
-          overrides: [
-            {
-              matcher: {
-                id: 'byFrameRefID',
-                options: 'B',
-              },
-              properties: [
-                {
-                  id: 'custom.lineStyle',
-                  value: {
-                    fill: 'dash',
-                    dash: [
-                      10,
-                      10,
-                    ],
-                  },
-                },
-                {
-                  id: 'color',
-                  value: {
-                    mode: 'fixed',
-                    fixedColor: 'red',
-                  },
-                },
-              ],
-            },
-          ],
-        },
-      },
-
-    local giteaChangesPanelPrototype =
-      grafana.graphPanel.new(
-        '',
-        datasource='$datasource',
-        interval='$agg_interval',
-        maxDataPoints=10000,
-      )
-      + {
-        type: 'timeseries',
-        options+: {
-          tooltip: {
-            mode: 'multi',
-          },
-          legend+: {
-            calcs+: [
-              'sum',
-            ],
-          },
-        },
-        fieldConfig+: {
-          defaults+: {
-            noValue: '0',
-            custom+: {
-              drawStyle: 'bars',
-              barAlignment: -1,
-              fillOpacity: 50,
-              gradientMode: 'hue',
-              pointSize: 1,
-              lineWidth: 0,
-              stacking: {
-                group: 'A',
-                mode: 'normal',
-              },
-            },
-          },
-        },
-      },
-
-    local giteaChangesPanelAll =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='changes(process_start_time_seconds{%s}[$__interval]) > 0' % [giteaSelector], legendFormat='Restarts', intervalFactor=1))
-      .addTargets(
-        [
-          prometheus.target(expr='floor(delta(%s{%s}[$__interval])) > 0' % [metric.name, giteaSelector], legendFormat=metric.description, intervalFactor=1)
-          for metric in $._config.giteaStatMetrics
-        ]
-      ) + { id: 200 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesPanelTotal =
-      grafana.statPanel.new(
-        'Changes',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + {
-        targets+: [
-          {
-            panelId: giteaChangesPanelAll.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    local giteaChangesByRepositories =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_repository{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ repository }}', intervalFactor=1))
-      + { id: 210 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesByRepositoriesTotal =
-      grafana.statPanel.new(
-        'Issues by repository',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + {
-        id: 211,
-        targets+: [
-          {
-            panelId: giteaChangesByRepositories.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    local giteaChangesByLabel =
-      giteaChangesPanelPrototype
-      .addTarget(prometheus.target(expr='floor(increase(gitea_issues_by_label{%s}[$__interval])) > 0' % [giteaSelector], legendFormat='{{ label }}', intervalFactor=1))
-      + addIssueLabelsOverrides($._config.issueLabels)
-      + { id: 220 },  // some unique number, beyond the maximum number of panels in the dashboard,
-
-    local giteaChangesByLabelTotal =
-      grafana.statPanel.new(
-        'Issues by labels',
-        datasource='-- Dashboard --',
-        reducerFunction='sum',
-        graphMode='none',
-        textMode='value_and_name',
-        colorMode='value',
-      )
-      + addIssueLabelsOverrides($._config.issueLabels)
-      + {
-        id: 221,
-        targets+: [
-          {
-            panelId: giteaChangesByLabel.id,
-            refId: 'A',
-          },
-        ],
-      }
-      + {
-        fieldConfig+: {
-          defaults+: {
-            color: {
-              mode: 'palette-classic',
-            },
-          },
-        },
-      },
-
-    'gitea-overview.json':
-      grafana.dashboard.new(
-        '%s Overview' % $._config.dashboardNamePrefix,
-        time_from='%s' % $._config.dashboardPeriod,
-        editable=false,
-        tags=($._config.dashboardTags),
-        timezone='%s' % $._config.dashboardTimezone,
-        refresh='%s' % $._config.dashboardRefresh,
-        graphTooltip='shared_crosshair',
-        uid='gitea-overview'
-      )
-      .addTemplate(
-        {
-          current: {
-            text: 'Prometheus',
-            value: 'Prometheus',
-          },
-          hide: 0,
-          label: 'Data Source',
-          name: 'datasource',
-          options: [],
-          query: 'prometheus',
-          refresh: 1,
-          regex: '',
-          type: 'datasource',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: null,
-          name: 'job',
-          options: [],
-          query: 'label_values(gitea_organizations, job)',
-          refresh: 1,
-          regex: '',
-          type: 'query',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: null,
-          name: 'instance',
-          options: [],
-          query: 'label_values(gitea_organizations{job="$job"}, instance)',
-          refresh: 1,
-          regex: '',
-          type: 'query',
-        },
-      )
-      .addTemplate(
-        {
-          hide: 0,
-          label: 'aggregation interval',
-          name: 'agg_interval',
-          auto_min: '1m',
-          auto: true,
-          query: '1m,10m,1h,1d,7d',
-          type: 'interval',
-        },
-      )
-      .addPanel(grafana.row.new(title='General'), gridPos={ x: 0, y: 0, w: 0, h: 0 },)
-      .addPanel(giteaStatsPanel, gridPos={ x: 0, y: 0, w: 16, h: 4 })
-      .addPanel(giteaUptimePanel, gridPos={ x: 16, y: 0, w: 8, h: 4 })
-      .addPanel(giteaMemoryPanel, gridPos={ x: 0, y: 4, w: 8, h: 6 })
-      .addPanel(giteaCpuPanel, gridPos={ x: 8, y: 4, w: 8, h: 6 })
-      .addPanel(giteaFileDescriptorsPanel, gridPos={ x: 16, y: 4, w: 8, h: 6 })
-      .addPanel(grafana.row.new(title='Changes', collapse=false), gridPos={ x: 0, y: 10, w: 24, h: 8 })
-      .addPanel(giteaChangesPanelTotal, gridPos={ x: 0, y: 12, w: 6, h: 8 })
-      +  // use patching instead of .addPanel() to keep static ids
-      {
-        panels+: std.flattenArrays([
-          [
-            giteaChangesPanelAll { gridPos: { x: 6, y: 12, w: 18, h: 8 } },
-          ],
-          if $._config.showIssuesByRepository then
-            [
-              giteaChangesByRepositoriesTotal { gridPos: { x: 0, y: 20, w: 6, h: 8 } },
-              giteaChangesByRepositories { gridPos: { x: 6, y: 20, w: 18, h: 8 } },
-            ] else [],
-          if $._config.showIssuesByLabel then
-            [
-              giteaChangesByLabelTotal { gridPos: { x: 0, y: 28, w: 6, h: 8 } },
-              giteaChangesByLabel { gridPos: { x: 6, y: 28, w: 18, h: 8 } },
-            ] else [],
-        ]),
-      },
-  },
-}
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.json
@@ -1,15 +0,0 @@
-{
-    "version": 1,
-    "dependencies": [
-      {
-        "source": {
-          "git": {
-            "remote": "https://github.com/grafana/grafonnet-lib.git",
-            "subdir": "grafonnet"
-          }
-        },
-        "version": "master"
-      }
-    ],
-    "legacyImports": false
-  }
--- a/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
+++ b/contrib/gitea-monitoring-mixin/jsonnetfile.lock.json
@@ -1,16 +0,0 @@
-{
-  "version": 1,
-  "dependencies": [
-    {
-      "source": {
-        "git": {
-          "remote": "https://github.com/grafana/grafonnet-lib.git",
-          "subdir": "grafonnet"
-        }
-      },
-      "version": "3626fc4dc2326931c530861ac5bebe39444f6cbf",
-      "sum": "gF8foHByYcB25jcUOBqP6jxk0OPifQMjPvKY0HaCk6w="
-    }
-  ],
-  "legacyImports": false
-}
--- a/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/alerts.jsonnet
@@ -1 +0,0 @@
-std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)
--- a/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/dashboards.jsonnet
@@ -1,6 +0,0 @@
-local dashboards = (import '../mixin.libsonnet').grafanaDashboards;
-
-{
-  [name]: dashboards[name]
-  for name in std.objectFields(dashboards)
-}
--- a/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
+++ b/contrib/gitea-monitoring-mixin/lib/rules.jsonnet
@@ -1 +0,0 @@
-std.manifestYamlDoc((import '../mixin.libsonnet').prometheusRules)
--- a/contrib/gitea-monitoring-mixin/mixin.libsonnet
+++ b/contrib/gitea-monitoring-mixin/mixin.libsonnet
@@ -1,2 +0,0 @@
-(import 'dashboards/dashboards.libsonnet') +
-(import 'config.libsonnet')
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -7,10 +7,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "",
+      "port": 2345,
+      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
-        "GITEA_WORK_DIR": "${workspaceRoot}",
-      },
+      "env": {},
      "args": ["web"],
      "showLog": true
    },
@@ -20,10 +20,10 @@
      "request": "launch",
      "mode": "debug",
      "buildFlags": "-tags='sqlite sqlite_unlock_notify'",
+      "port": 2345,
+      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
-      "env": {
-        "GITEA_WORK_DIR": "${workspaceRoot}",
-      },
+      "env": {},
      "args": ["web"],
      "showLog": true
    }
--- a/contrib/init/openwrt/gitea
+++ b/contrib/init/openwrt/gitea
@@ -1,35 +0,0 @@
-#!/bin/sh /etc/rc.common
-
-USE_PROCD=1
-
-# PROCD_DEBUG=1
-
-START=90
-STOP=10
-
-PROG=/opt/gitea/gitea
-GITEA_WORK_DIR=/opt/gitea
-CONF_FILE=$GITEA_WORK_DIR/app.ini
-
-start_service(){
-    procd_open_instance gitea
-    procd_set_param env GITEA_WORK_DIR=$GITEA_WORK_DIR
-    procd_set_param env HOME=$GITEA_WORK_DIR
-    procd_set_param command $PROG web -c $CONF_FILE
-    procd_set_param file $CONF_FILE
-    procd_set_param user git
-    procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5} # respawn automatically if something died, be careful if you have an alternative process supervisor
-    procd_close_instance
-}
-
-start(){
-    service_start $PROG
-}
-
-stop(){
-    service_stop $PROG
-}
-
-reload(){
-    service_reload $PROG
-}
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -12,6 +12,7 @@ import (
 	"context"
 	"flag"
 	"fmt"
+	"io/ioutil"
 	"log"
 	"net/http"
 	"net/url"
@@ -24,12 +25,10 @@ import (
 	"strconv"
 	"time"

-	"code.gitea.io/gitea/models/db"
-	"code.gitea.io/gitea/models/unittest"
+	"code.gitea.io/gitea/models"
 	gitea_git "code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
-	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
@@ -37,6 +36,7 @@ import (
 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
 	"github.com/go-git/go-git/v5/plumbing"
+	context2 "github.com/gorilla/context"
 	"xorm.io/xorm"
 )

@@ -49,13 +49,13 @@ func runPR() {
 		log.Fatal(err)
 	}
 	setting.SetCustomPathAndConf("", "", "")
-	setting.LoadAllowEmpty()
+	setting.NewContext()

-	setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
+	setting.RepoRootPath, err = ioutil.TempDir(os.TempDir(), "repos")
 	if err != nil {
 		log.Fatalf("TempDir: %v\n", err)
 	}
-	setting.AppDataPath, err = os.MkdirTemp(os.TempDir(), "appdata")
+	setting.AppDataPath, err = ioutil.TempDir(os.TempDir(), "appdata")
 	if err != nil {
 		log.Fatalf("TempDir: %v\n", err)
 	}
@@ -87,35 +87,33 @@ func runPR() {
 		setting.Database.Path = ":memory:"
 		setting.Database.Timeout = 500
 	*/
-	dbCfg := setting.Cfg.Section("database")
-	dbCfg.NewKey("DB_TYPE", "sqlite3")
-	dbCfg.NewKey("PATH", ":memory:")
+	db := setting.Cfg.Section("database")
+	db.NewKey("DB_TYPE", "sqlite3")
+	db.NewKey("PATH", ":memory:")

-	routers.InitGitServices()
+	routers.NewServices()
 	setting.Database.LogSQL = true
-	// x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")

-	db.InitEngineWithMigration(context.Background(), func(_ *xorm.Engine) error {
+	models.NewEngine(context.Background(), func(_ *xorm.Engine) error {
 		return nil
 	})
-	db.HasEngine = true
-	// x.ShowSQL(true)
-	err = unittest.InitFixtures(
-		unittest.FixturesOptions{
-			Dir: path.Join(curDir, "models/fixtures/"),
-		},
+	models.HasEngine = true
+	//x.ShowSQL(true)
+	err = models.InitFixtures(
+		path.Join(curDir, "models/fixtures/"),
 	)
 	if err != nil {
 		fmt.Printf("Error initializing test database: %v\n", err)
 		os.Exit(1)
 	}
-	unittest.LoadFixtures()
+	models.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
-	util.RemoveAll(repo_module.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+	util.RemoveAll(models.LocalCopyPath())
+	util.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)

 	log.Printf("[PR] Setting up router\n")
-	// routers.GlobalInit()
+	//routers.GlobalInit()
 	external.RegisterRenderers()
 	markup.Init()
 	c := routers.NormalRoutes()
@@ -137,8 +135,8 @@ func runPR() {
 		}
 	*/

-	// Start the server
-	http.ListenAndServe(":8080", c)
+	//Start the server
+	http.ListenAndServe(":8080", context2.ClearHandler(c))

 	log.Printf("[PR] Cleaning up ...\n")
 	/*
@@ -160,7 +158,7 @@ func runPR() {
 }

 func main() {
-	runPRFlag := flag.Bool("run", false, "Run the PR code")
+	var runPRFlag = flag.Bool("run", false, "Run the PR code")
 	flag.Parse()
 	if *runPRFlag {
 		runPR()
@@ -173,16 +171,16 @@ func main() {
 		force = false
 	}

-	// Otherwise checkout PR
+	//Otherwise checkout PR
 	if len(os.Args) != 2 {
 		log.Fatal("Need only one arg: the PR number")
 	}
 	pr := os.Args[1]

-	codeFilePath = filepath.FromSlash(codeFilePath) // Convert to running OS
+	codeFilePath = filepath.FromSlash(codeFilePath) //Convert to running OS

-	// Copy this file if it will not exist in the PR branch
-	dat, err := os.ReadFile(codeFilePath)
+	//Copy this file if it will not exist in the PR branch
+	dat, err := ioutil.ReadFile(codeFilePath)
 	if err != nil {
 		log.Fatalf("Failed to cache this code file : %v", err)
 	}
@@ -192,16 +190,16 @@ func main() {
 		log.Fatalf("Failed to open the repo : %v", err)
 	}

-	// Find remote upstream
+	//Find remote upstream
 	remotes, err := repo.Remotes()
 	if err != nil {
 		log.Fatalf("Failed to list remotes of repo : %v", err)
 	}
-	remoteUpstream := "origin" // Default
+	remoteUpstream := "origin" //Default
 	for _, r := range remotes {
 		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea.git" ||
 			r.Config().URLs[0] == "https://github.com/go-gitea/gitea" ||
-			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { // fetch at index 0
+			r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
 			remoteUpstream = r.Config().Name
 			break
 		}
@@ -212,10 +210,10 @@ func main() {

 	log.Printf("Fetching PR #%s in %s\n", pr, branch)
 	if runtime.GOOS == "windows" {
-		// Use git cli command for windows
+		//Use git cli command for windows
 		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
 	} else {
-		ref := fmt.Sprintf("%s%s/head:%s", gitea_git.PullPrefix, pr, branchRef)
+		ref := fmt.Sprintf("refs/pull/%s/head:%s", pr, branchRef)
 		err = repo.Fetch(&git.FetchOptions{
 			RemoteName: remoteUpstream,
 			RefSpecs: []config.RefSpec{
@@ -240,23 +238,22 @@ func main() {
 		log.Fatalf("Failed to checkout %s : %v", branch, err)
 	}

-	// Copy this file if not exist
+	//Copy this file if not exist
 	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
-		err = os.MkdirAll(filepath.Dir(codeFilePath), 0o755)
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
-		err = os.WriteFile(codeFilePath, dat, 0o644)
+		err = ioutil.WriteFile(codeFilePath, dat, 0644)
 		if err != nil {
 			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
 		}
 	}
-	// Force build of js, css, bin, ...
+	//Force build of js, css, bin, ...
 	runCmd("make", "build")
-	// Start with integration test
+	//Start with integration test
 	runCmd("go", "run", "-mod", "vendor", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
 }
-
 func runCmd(cmd ...string) {
 	log.Printf("Executing : %s ...\n", cmd)
 	c := exec.Command(cmd[0], cmd[1:]...)
--- a/contrib/update_dependencies.sh
+++ b/contrib/update_dependencies.sh
@@ -4,5 +4,5 @@ grep 'git' go.mod | grep '\.com' | grep -v indirect | grep -v replace | cut -f 2
  go get -u "$line"
  make vendor
  git add .
-  git commit -m "update $line"
+  git commit -S -m "update $line"
 done
--- a/contrib/upgrade.sh
+++ b/contrib/upgrade.sh
@@ -1,126 +0,0 @@
-#!/usr/bin/env bash
-# This is an update script for gitea installed via the binary distribution
-# from dl.gitea.io on linux as systemd service. It performs a backup and updates
-# Gitea in place.
-# NOTE: This adds the GPG Signing Key of the Gitea maintainers to the keyring.
-# Depends on: bash, curl, xz, sha256sum. optionally jq, gpg
-#   See section below for available environment vars.
-#   When no version is specified, updates to the latest release.
-# Examples:
-#   upgrade.sh 1.15.10
-#   giteahome=/opt/gitea giteaconf=$giteahome/app.ini upgrade.sh
-
-# apply variables from environment
-: "${giteabin:="/usr/local/bin/gitea"}"
-: "${giteahome:="/var/lib/gitea"}"
-: "${giteaconf:="/etc/gitea/app.ini"}"
-: "${giteauser:="git"}"
-: "${sudocmd:="sudo"}"
-: "${arch:="linux-amd64"}"
-: "${service_start:="$sudocmd systemctl start gitea"}"
-: "${service_stop:="$sudocmd systemctl stop gitea"}"
-: "${service_status:="$sudocmd systemctl status gitea"}"
-: "${backupopts:=""}" # see `gitea dump --help` for available options
-
-function giteacmd {
-  if [[ $sudocmd = "su" ]]; then
-    # `-c` only accept one string as argument.
-    "$sudocmd" - "$giteauser" -c "$(printf "%q " "$giteabin" "--config" "$giteaconf" "--work-path" "$giteahome" "$@")"
-  else
-    "$sudocmd" --user "$giteauser" "$giteabin" --config "$giteaconf" --work-path "$giteahome" "$@"
-  fi
-}
-
-function require {
-  for exe in "$@"; do
-    command -v "$exe" &>/dev/null || (echo "missing dependency '$exe'"; exit 1)
-  done
-}
-
-# parse command line arguments
-while true; do
-  case "$1" in
-    -v | --version ) giteaversion="$2"; shift 2 ;;
-    -y | --yes ) no_confirm="yes"; shift ;;
-    --ignore-gpg) ignore_gpg="yes"; shift ;;
-    "" | -- ) shift; break ;;
-    * ) echo "Usage:  [<environment vars>] upgrade.sh [-v <version>] [-y] [--ignore-gpg]"; exit 1;; 
-  esac
-done
-
-# exit once any command fails. this means that each step should be idempotent!
-set -euo pipefail
-
-if [[ -f /etc/os-release ]]; then
-  os_release=$(cat /etc/os-release)
-
-  if [[ "$os_release" =~ "OpenWrt" ]]; then
-    sudocmd="su"
-    service_start="/etc/init.d/gitea start"
-    service_stop="/etc/init.d/gitea stop"
-    service_status="/etc/init.d/gitea status"
-  else
-    require systemctl
-  fi
-fi
-
-require curl xz sha256sum "$sudocmd"
-
-# select version to install
-if [[ -z "${giteaversion:-}" ]]; then
-  require jq
-  giteaversion=$(curl --connect-timeout 10 -sL https://dl.gitea.io/gitea/version.json | jq -r .latest.version)
-  echo "Latest available version is $giteaversion"
-fi
-
-# confirm update
-echo "Checking currently installed version..."
-current=$(giteacmd --version | cut -d ' ' -f 3)
-[[ "$current" == "$giteaversion" ]] && echo "$current is already installed, stopping." && exit 1
-if [[ -z "${no_confirm:-}"  ]]; then
-  echo "Make sure to read the changelog first: https://github.com/go-gitea/gitea/blob/main/CHANGELOG.md"
-  echo "Are you ready to update Gitea from ${current} to ${giteaversion}? (y/N)"
-  read -r confirm
-  [[ "$confirm" == "y" ]] || [[ "$confirm" == "Y" ]] || exit 1
-fi
-
-echo "Upgrading gitea from $current to $giteaversion ..."
-
-pushd "$(pwd)" &>/dev/null
-cd "$giteahome" # needed for gitea dump later
-
-# download new binary
-binname="gitea-${giteaversion}-${arch}"
-binurl="https://dl.gitea.io/gitea/${giteaversion}/${binname}.xz"
-echo "Downloading $binurl..."
-curl --connect-timeout 10 --silent --show-error --fail --location -O "$binurl{,.sha256,.asc}"
-
-# validate checksum & gpg signature
-sha256sum -c "${binname}.xz.sha256"
-if [[ -z "${ignore_gpg:-}" ]]; then
-  require gpg
-  gpg --keyserver keys.openpgp.org --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
-  gpg --verify "${binname}.xz.asc" "${binname}.xz" || { echo 'Signature does not match'; exit 1; }
-fi
-rm "${binname}".xz.{sha256,asc}
-
-# unpack binary + make executable
-xz --decompress --force "${binname}.xz"
-chown "$giteauser" "$binname"
-chmod +x "$binname"
-
-# stop gitea, create backup, replace binary, restart gitea
-echo "Flushing gitea queues at $(date)"
-giteacmd manager flush-queues
-echo "Stopping gitea at $(date)"
-$service_stop
-echo "Creating backup in $giteahome"
-giteacmd dump $backupopts
-echo "Updating binary at $giteabin"
-cp -f "$giteabin" "$giteabin.bak" && mv -f "$binname" "$giteabin"
-$service_start
-$service_status
-
-echo "Upgrade to $giteaversion successful!"
-
-popd
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -51,17 +51,7 @@ RUN_MODE = ; prod
 ;REDIRECT_OTHER_PORT = false
 ;PORT_TO_REDIRECT = 80
 ;;
-;; Minimum and maximum supported TLS versions
-;SSL_MIN_VERSION=TLSv1.2
-;SSL_MAX_VERSION=
-;;
-;; SSL Curve Preferences
-;SSL_CURVE_PREFERENCES=X25519,P256
-;;
-;; SSL Cipher Suites
-;SSL_CIPHER_SUITES=; Will default to "ecdhe_ecdsa_with_aes_256_gcm_sha384,ecdhe_rsa_with_aes_256_gcm_sha384,ecdhe_ecdsa_with_aes_128_gcm_sha256,ecdhe_rsa_with_aes_128_gcm_sha256,ecdhe_ecdsa_with_chacha20_poly1305,ecdhe_rsa_with_chacha20_poly1305" if aes is supported by hardware, otherwise chacha will be first.
-;;
-;; Timeout for any write to the connection. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to the connection. (Set to 0 to disable all timeouts.)
 ;PER_WRITE_TIMEOUT = 30s
 ;;
 ;; Timeout per Kb written to connections.
@@ -82,15 +72,12 @@ RUN_MODE = ; prod
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
-;; Username to use for the builtin SSH server.
-;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
+;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+;BUILTIN_SSH_SERVER_USER =
 ;;
 ;; Domain name to be exposed in clone URL
 ;SSH_DOMAIN = %(DOMAIN)s
 ;;
-;; SSH username displayed in clone URLs.
-;SSH_USER = %(BUILTIN_SSH_SERVER_USER)s
-;;
 ;; The network interface the builtin SSH server should listen on
 ;SSH_LISTEN_HOST =
 ;;
@@ -113,15 +100,15 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the ciphers to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_CIPHERS = chacha20-poly1305@openssh.com, aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, aes256-gcm@openssh.com
+;SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
 ;;
 ;; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, diffie-hellman-group14-sha256, diffie-hellman-group14-sha1
+;SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
 ;;
 ;; For the built-in SSH server, choose the MACs to support for SSH connections,
 ;; for system SSH this setting has no effect
-;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1
+;SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
@@ -163,7 +150,7 @@ RUN_MODE = ; prod
 ;; Enable exposure of SSH clone URL to anonymous visitors, default is false
 ;SSH_EXPOSE_ANONYMOUS = false
 ;;
-;; Timeout for any write to ssh connections. (Set to -1 to disable all timeouts.)
+;; Timeout for any write to ssh connections. (Set to 0 to disable all timeouts.)
 ;; Will default to the PER_WRITE_TIMEOUT.
 ;SSH_PER_WRITE_TIMEOUT = 30s
 ;;
@@ -178,36 +165,6 @@ RUN_MODE = ; prod
 ;OFFLINE_MODE = false
 ;DISABLE_ROUTER_LOG = false
 ;;
-;; TLS Settings: Either ACME or manual
-;; (Other common TLS configuration are found before)
-;ENABLE_ACME = false
-;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; ACME automatic TLS settings
-;;
-;; ACME directory URL (e.g. LetsEncrypt's staging/testing URL: https://acme-staging-v02.api.letsencrypt.org/directory)
-;; Leave empty to default to LetsEncrypt's (production) URL
-;ACME_URL =
-;;
-;; Explicitly accept the ACME's TOS. The specific TOS cannot be retrieved at the moment.
-;ACME_ACCEPTTOS = false
-;;
-;; If the ACME CA is not in your system's CA trust chain, it can be manually added here
-;ACME_CA_ROOT =
-;;
-;; Email used for the ACME registration service
-;; Can be left blank to initialize at first run and use the cached value
-;ACME_EMAIL =
-;;
-;; ACME live directory (not to be confused with ACME directory URL: ACME_URL)
-;; (Refer to caddy's ACME manager https://github.com/caddyserver/certmagic)
-;ACME_DIRECTORY = https
-;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;;  Manual TLS settings: (Only applicable if ENABLE_ACME=false)
-;;
 ;; Generate steps:
 ;; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
 ;;
@@ -237,13 +194,15 @@ RUN_MODE = ; prod
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
 ;PPROF_DATA_PATH = data/tmp/pprof
 ;;
-;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
+;; Landing page, can be "home", "explore", "organizations" or "login"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
 ;LANDING_PAGE = home
 ;;
 ;; Enables git-lfs support. true or false, default is false.
 ;LFS_START_SERVER = false
 ;;
+;; Where your lfs files reside, default is data/lfs.
+;LFS_CONTENT_PATH = data/lfs
 ;;
 ;; LFS authentication secret, change this yourself
 LFS_JWT_SECRET =
@@ -398,7 +357,6 @@ INTERNAL_TOKEN=
 ;; By modifying the Gitea database, users can gain Gitea administrator privileges.
 ;; It also enables them to access other resources available to the user on the operating system that is running the Gitea instance and perform arbitrary actions in the name of the Gitea OS user.
 ;; WARNING: This maybe harmful to you website or your operating system.
-;; WARNING: Setting this to true does not change existing hooks in git repos; adjust it before if necessary.
 ;DISABLE_GIT_HOOKS = true
 ;;
 ;; Set to true to disable webhooks feature.
@@ -420,27 +378,6 @@ INTERNAL_TOKEN=
 ;;
 ;; Validate against https://haveibeenpwned.com/Passwords to see if a password has been exposed
 ;PASSWORD_CHECK_PWN = false
-;;
-;; Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations.
-;; This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.
-;SUCCESSFUL_TOKENS_CACHE_SIZE = 20
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-[camo]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; At the moment we only support images
-;;
-;; if the camo is enabled
-;ENABLED = false
-;; url to a camo image proxy, it **is required** if camo is enabled.
-;SERVER_URL =
-;; HMAC to encode urls with, it **is required** if camo is enabled.
-;HMAC_KEY =
-;; Set to true to use camo for https too lese only non https urls are proxyed
-;ALLWAYS = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -451,7 +388,7 @@ INTERNAL_TOKEN=
 ;; Enables OAuth2 provider
 ENABLE = true
 ;;
-;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512, EdDSA
+;; Algorithm used to sign OAuth2 tokens. Valid values: HS256, HS384, HS512, RS256, RS384, RS512, ES256, ES384, ES512
 ;JWT_SIGNING_ALGORITHM = RS256
 ;;
 ;; Private key file path used to sign OAuth2 tokens. The path is relative to APP_DATA_PATH.
@@ -484,10 +421,9 @@ ENABLE = true
 ;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
 ;; Two Factor authentication with security keys
 ;; https://developers.yubico.com/U2F/App_ID.html
-;;
-;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
 APP_ID = ; e.g. http://localhost:3000/
-
+;; Comma separated list of trusted facets
+TRUSTED_FACETS = ; e.g. http://localhost:3000/

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -504,35 +440,26 @@ APP_ID = ; e.g. http://localhost:3000/
 ;; Use comma to separate multiple modes, e.g. "console, file"
 MODE = console
 ;;
-;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical" or "None", default is "Info"
+;; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
 LEVEL = Info
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Router Logger
 ;;
 ;; Switch off the router log
-;DISABLE_ROUTER_LOG=false
+;DISABLE_ROUTER_LOG= ; false
 ;;
 ;; Set the log "modes" for the router log (if file is set the log file will default to router.log)
 ROUTER = console
 ;;
-;; The router will log different things at different levels.
+;; The level at which the router logs
+;ROUTER_LOG_LEVEL = Info
 ;;
-;; * started messages will be logged at TRACE level
-;; * polling/completed routers will be logged at INFO
-;; * slow routers will be logged at WARN
-;; * failed routers will be logged at WARN
-;;
-;; The routing level will default to that of the system but individual router level can be set in
-;; [log.<mode>.router] LEVEL
-;;
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; Access Logger (Creates log in NCSA common log format)
 ;;
 ;ENABLE_ACCESS_LOG = false
-;;
 ;; Set the log "modes" for the access log (if file is set the log file will default to access.log)
 ;ACCESS = file
 ;;
@@ -617,10 +544,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
 ;; The path of git executable. If empty, Gitea searches through the PATH environment.
-;PATH =
-;;
-;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)/home
+PATH =
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -654,8 +578,6 @@ ROUTER = console
 ;LARGE_OBJECT_THRESHOLD = 1048576
 ;; Set to true to forcibly set core.protectNTFS=false
 ;DISABLE_CORE_PROTECT_NTFS=false
-;; Disable the usage of using partial clones for git.
-;DISABLE_PARTIAL_CLONE = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -732,9 +654,6 @@ ROUTER = console
 ;; Default value for AllowCreateOrganization
 ;; Every new user will have rights set to create organizations depending on this setting
 ;DEFAULT_ALLOW_CREATE_ORGANIZATION = true
-;; Default value for IsRestricted
-;; Every new user will have restricted permissions depending on this setting
-;DEFAULT_USER_IS_RESTRICTED = false
 ;;
 ;; Either "public", "limited" or "private", default is "public"
 ;; Limited is for users visible only to signed users
@@ -816,8 +735,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
-;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
+;; Root path for storing all repository data. It must be an absolute path. By default, it is stored in a sub-directory of `APP_DATA_PATH`.
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -844,18 +762,18 @@ ROUTER = console
 ;; Global limit of repositories per user, applied at creation time. -1 means no limit
 ;MAX_CREATION_LIMIT = -1
 ;;
-;; Mirror sync queue length, increase if mirror syncing starts hanging (DEPRECATED: please use [queue.mirror] LENGTH instead)
+;; Mirror sync queue length, increase if mirror syncing starts hanging
 ;MIRROR_QUEUE_LENGTH = 1000
 ;;
-;; Patch test queue length, increase if pull request patch testing starts hanging (DEPRECATED: please use [queue.pr_patch_checker] LENGTH instead)
+;; Patch test queue length, increase if pull request patch testing starts hanging
 ;PULL_REQUEST_QUEUE_LENGTH = 1000
 ;;
 ;; Preferred Licenses to place at the top of the List
-;; The name here must match the filename in options/license or custom/options/license
+;; The name here must match the filename in conf/license or custom/conf/license
 ;PREFERRED_LICENSES = Apache License 2.0,MIT License
 ;;
 ;; Disable the ability to interact with repositories using the HTTP protocol
-;DISABLE_HTTP_GIT = false
+;;DISABLE_HTTP_GIT = false
 ;;
 ;; Value for Access-Control-Allow-Origin header, default is not to present
 ;; WARNING: This may be harmful to your website if you do not give it a right value.
@@ -877,6 +795,9 @@ ROUTER = console
 ;; Prefix archive files by placing them in a directory named after the repository
 ;PREFIX_ARCHIVE_FILES = true
 ;;
+;; Disable the creation of new mirrors. Pre-existing mirrors remain valid.
+;DISABLE_MIRRORS = false
+;;
 ;; Disable migrating feature.
 ;DISABLE_MIGRATIONS = false
 ;;
@@ -884,7 +805,7 @@ ROUTER = console
 ;DISABLE_STARS = false
 ;;
 ;; The default branch name of new repositories
-;DEFAULT_BRANCH = main
+;DEFAULT_BRANCH = master
 ;;
 ;; Allow adoption of unadopted repositories
 ;ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES = false
@@ -912,7 +833,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Path for local repository copy. Defaults to `tmp/local-repo` (content gets deleted on gitea restart)
+;; Path for local repository copy. Defaults to `tmp/local-repo`
 ;LOCAL_COPY_PATH = tmp/local-repo

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -924,7 +845,7 @@ ROUTER = console
 ;; Whether repository file uploads are enabled. Defaults to `true`
 ;ENABLED = true
 ;;
-;; Path for uploads. Defaults to `data/tmp/uploads` (content gets deleted on gitea restart)
+;; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
 ;TEMP_PATH = data/tmp/uploads
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
@@ -942,7 +863,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; List of prefixes used in Pull Request title to mark them as Work In Progress (matched in a case-insensitive manner)
+;; List of prefixes used in Pull Request title to mark them as Work In Progress
 ;WORK_IN_PROGRESS_PREFIXES = WIP:,[WIP]
 ;;
 ;; List of keywords used in Pull Request comments to automatically close a related issue
@@ -951,9 +872,6 @@ ROUTER = console
 ;; List of keywords used in Pull Request comments to automatically reopen a related issue
 ;REOPEN_KEYWORDS = reopen,reopens,reopened
 ;;
-;; Set default merge style for repository creating, valid options: merge, rebase, rebase-merge, squash
-;DEFAULT_MERGE_STYLE = merge
-;;
 ;; In the default merge message for squash commits include at most this many commits
 ;DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT = 50
 ;;
@@ -968,9 +886,6 @@ ROUTER = console
 ;;
 ;; In default merge messages only include approvers who are official
 ;DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY = true
-;;
-;; Add co-authored-by and co-committed-by trailers if committer does not match author
-;ADD_CO_COMMITTER_TRAILERS = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -987,7 +902,6 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
 ;ALLOWED_TYPES =
-;DEFAULT_PAGING_NUM = 10

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1078,9 +992,6 @@ ROUTER = console
 ;;
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
-;;
-;; set X-FRAME-OPTIONS header
-;X_FRAME_OPTIONS = SAMEORIGIN

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1118,10 +1029,10 @@ ROUTER = console
 ;SHOW_USER_EMAIL = true
 ;;
 ;; Set the default theme for the Gitea install
-;DEFAULT_THEME = auto
+;DEFAULT_THEME = gitea
 ;;
 ;; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
-;THEMES = auto,gitea,arc-green
+;THEMES = gitea,arc-green
 ;;
 ;; All available reactions users can choose on issues/prs and comments.
 ;; Values can be emoji alias (:smile:) or a unicode emoji.
@@ -1140,7 +1051,7 @@ ROUTER = console
 ;SEARCH_REPO_DESCRIPTION = true
 ;;
 ;; Whether to enable a Service Worker to cache frontend assets
-;USE_SERVICE_WORKER = false
+;USE_SERVICE_WORKER = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1185,7 +1096,7 @@ ROUTER = console
 ;;
 ;; Control how often the notification endpoint is polled to update the notification
 ;; The timeout will increase to MAX_TIMEOUT in TIMEOUT_STEPs if the notification count is unchanged
-;; Set MIN_TIMEOUT to -1 to turn off
+;; Set MIN_TIMEOUT to 0 to turn off
 ;MIN_TIMEOUT = 10s
 ;MAX_TIMEOUT = 60s
 ;TIMEOUT_STEP = 10s
@@ -1245,7 +1156,7 @@ ROUTER = console
 ;; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 ;ED25519 = 256
 ;ECDSA = 256
-;RSA = 2047 ; we allow 2047 here because an otherwise valid 2048 bit RSA key can be reported as having 2047 bit length
+;RSA = 2048
 ;DSA = -1 ; set to 1024 to switch on

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1270,7 +1181,7 @@ ROUTER = console
 ;ISSUE_INDEXER_NAME = gitea_issues
 ;;
 ;; Timeout the indexer if it takes longer than this to start.
-;; Set to -1 to disable timeout.
+;; Set to zero to disable timeout.
 ;STARTUP_TIMEOUT = 30s
 ;;
 ;; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue (deprecated - use [queue.issue_indexer])
@@ -1481,8 +1392,8 @@ ROUTER = console
 ;; Built-in: loopback (for localhost), private (for LAN/intranet), external (for public hosts on internet), * (for all hosts)
 ;; CIDR list: 1.2.3.0/8, 2001:db8::/32
 ;; Wildcard hosts: *.mydomain.com, 192.168.100.*
-;; Since 1.15.7. Default to * for 1.15.x, external for 1.16 and later
-;ALLOWED_HOST_LIST = external
+;; Default to * for 1.15.x, external for 1.16 and later
+;ALLOWED_HOST_LIST = *
 ;;
 ;; Allow insecure certification
 ;SKIP_TLS_VERIFY = false
@@ -1538,9 +1449,6 @@ ROUTER = console
 ;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 ;FROM =
 ;;
-;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
-;ENVELOPE_FROM =
-;;
 ;; Mailer user name and password
 ;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
 ;USER =
@@ -1558,14 +1466,10 @@ ROUTER = console
 ;SENDMAIL_PATH = sendmail
 ;;
 ;; Specify any extra sendmail arguments
-;; WARNING: if your sendmail program interprets options you should set this to "--" or terminate these args with "--"
 ;SENDMAIL_ARGS =
 ;;
 ;; Timeout for Sendmail
 ;SENDMAIL_TIMEOUT = 5m
-;;
-;; convert \r\n to \n for Sendmail
-;SENDMAIL_CONVERT_CRLF = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1589,7 +1493,7 @@ ROUTER = console
 ;HOST =
 ;;
 ;; Time to keep items in cache if not used, default is 16 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 16h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1603,7 +1507,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Time to keep items in cache if not used, default is 8760 hours.
-;; Setting it to -1 disables caching
+;; Setting it to 0 disables caching
 ;ITEM_TTL = 8760h
 ;;
 ;; Only enable the cache when repository's commits count great than
@@ -1615,8 +1519,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; Either "memory", "file", "redis", "db", "mysql", "couchbase", "memcache" or "postgres"
-;; Default is "memory". "db" will reuse the configuration in [database]
+;; Either "memory", "file", or "redis", default is "memory"
 ;PROVIDER = memory
 ;;
 ;; Provider config options
@@ -1660,10 +1563,6 @@ ROUTER = console
 ;AVATAR_MAX_WIDTH = 4096
 ;AVATAR_MAX_HEIGHT = 3072
 ;;
-;; The multiplication factor for rendered avatar images.
-;; Larger values result in finer rendering on HiDPI devices.
-;AVATAR_RENDERED_SIZE_FACTOR = 3
-;;
 ;; Maximum allowed file size for uploaded avatars.
 ;; This is to limit the amount of RAM used when resizing the image.
 ;AVATAR_MAX_FILE_SIZE = 1048576
@@ -1690,7 +1589,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .docx,.gif,.gz,.jpeg,.jpg,.log,.pdf,.png,.pptx,.txt,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -1778,10 +1677,10 @@ ROUTER = console
 ;ENABLED = true
 ;; Whether to always run at least once at start up time (if ENABLED)
 ;RUN_AT_START = true
-;; Whether to emit notice on successful execution too
-;NOTICE_ON_SUCCESS = false
+;; Notice if not success
+;NO_SUCCESS_NOTICE = false
 ;; Time interval for job to run
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h
 ;; Archives created more than OLDER_THAN ago are subject to deletion
 ;OLDER_THAN = 24h

@@ -1798,13 +1697,7 @@ ROUTER = console
 ;; Run Update mirrors task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
-;; Limit the number of mirrors added to the queue to this number
-;; (negative values mean no limit, 0 will result in no result in no mirrors being queued effectively disabling pull mirror updating.)
-;PULL_LIMIT=50
-;; Limit the number of mirrors added to the queue to this number
-;; (negative values mean no limit, 0 will result in no mirrors being queued effectively disabling push mirror updating)
-;PUSH_LIMIT=50
+;NO_SUCCESS_NOTICE = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1813,13 +1706,13 @@ ROUTER = console
 ;[cron.repo_health_check]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h
 ;; Enable running Repository health check task periodically.
 ;ENABLED = true
 ;; Run Repository health check task when Gitea starts.
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;TIMEOUT = 60s
 ;; Arguments for command 'git fsck', e.g. "--unreachable --tags"
 ;; see more on http://git-scm.com/docs/git-fsck
@@ -1837,8 +1730,8 @@ ROUTER = console
 ;; Run check repository statistics task when Gitea starts.
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
-;SCHEDULE = @midnight
+;NO_SUCCESS_NOTICE = false
+;SCHEDULE = @every 24h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1850,9 +1743,9 @@ ROUTER = console
 ;; Update migrated repositories' issues and comments' posterid when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization. (default every 24h)
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1865,9 +1758,9 @@ ROUTER = console
 ;; Synchronize external user data when starting server (default false)
 ;RUN_AT_START = false
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h
 ;; Create new users, update existing user data and disable users that are not in external source anymore (default)
 ;;   or only create new users if UPDATE_EXISTING is set to false
 ;UPDATE_EXISTING = true
@@ -1883,9 +1776,9 @@ ROUTER = console
 ;; Clean-up deleted branches when starting server (default true)
 ;RUN_AT_START = true
 ;; Notice if not success
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;; Interval as a duration between each synchronization (default every 24h)
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h
 ;; deleted branches than OLDER_THAN ago are subject to deletion
 ;OLDER_THAN = 24h

@@ -1901,7 +1794,7 @@ ROUTER = console
 ;; Whether to always run at start up time (if ENABLED)
 ;RUN_AT_START = false
 ;; Time interval for job to run
-;SCHEDULE = @midnight
+;SCHEDULE = @every 24h
 ;; OlderThan or PerWebhook. How the records are removed, either by age (i.e. how long ago hook_task record was delivered) or by the number to keep per webhook (i.e. keep most recent x deliveries per webhook).
 ;CLEANUP_TYPE = OlderThan
 ;; If CLEANUP_TYPE is set to OlderThan, then any delivered hook_task records older than this expression will be deleted.
@@ -1909,24 +1802,6 @@ ROUTER = console
 ;; If CLEANUP_TYPE is set to PerWebhook, this is number of hook_task records to keep for a webhook (i.e. keep the most recent x deliveries).
 ;NUMBER_TO_KEEP = 10

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Cleanup expired packages
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.cleanup_packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Whether to enable the job
-;ENABLED = true
-;; Whether to always run at least once at start up time (if ENABLED)
-;RUN_AT_START = true
-;; Whether to emit notice on successful execution too
-;NOTICE_ON_SUCCESS = false
-;; Time interval for job to run
-;SCHEDULE = @midnight
-;; Unreferenced blobs created more than OLDER_THAN ago are subject to deletion
-;OLDER_THAN = 24h
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1944,7 +1819,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually
 ;OLDER_THAN = 168h

@@ -1957,7 +1832,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @annually;

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1969,7 +1844,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h
 ;TIMEOUT = 60s
 ;; Arguments for command 'git gc'
@@ -1985,7 +1860,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1997,7 +1872,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2009,7 +1884,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = f;alse
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2021,7 +1896,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2033,7 +1908,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
+;NO_SUCCESS_NOTICE = f;alse
 ;SCHEDULE = @every 72h

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2045,32 +1920,6 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;ENABLED = false
 ;RUN_AT_START = false
-;NOTICE_ON_SUCCESS = false
-;SCHEDULE = @every 168h
-;OLDER_THAN = 8760h
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Check for new Gitea versions
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.update_checker]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;RUN_AT_START = false
-;ENABLE_SUCCESS_NOTICE = false
-;SCHEDULE = @every 168h
-;HTTP_ENDPOINT = https://dl.gitea.io/gitea/version.json
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Delete all old system notices from database
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.delete_old_system_notices]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;RUN_AT_START = false
 ;NO_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h
@@ -2094,12 +1943,6 @@ ROUTER = console
 ;[mirror]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the mirror functionality. Set to **false** to disable all mirrors. Pre-existing mirrors remain valid but won't be updated; may be converted to regular repo.
-;ENABLED = true
-;; Disable the creation of **new** pull mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
-;DISABLE_NEW_PULL = false
-;; Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid. Will be ignored if `mirror.ENABLED` is `false`.
-;DISABLE_NEW_PUSH = false
 ;; Default interval as a duration between each check
 ;DEFAULT_INTERVAL = 8h
 ;; Min interval as a duration must be > 1m
@@ -2126,9 +1969,8 @@ ROUTER = console
 ;[i18n]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
-;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
+;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,Português de Portugal,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2149,15 +1991,6 @@ ROUTER = console
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true

-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[markup]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Set the maximum number of characters in a mermaid source. (Set to -1 to disable limits)
-;MERMAID_MAX_SOURCE_CHARACTERS = 5000
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[markup.sanitizer.1]
@@ -2184,11 +2017,6 @@ ROUTER = console
 ;RENDER_COMMAND = "asciidoc --out-file=- -"
 ;; Don't pass the file on STDIN, pass the filename as argument instead.
 ;IS_INPUT_FILE = false
-;; How the content will be rendered.
-;; * sanitized: Sanitize the content and render it inside current page, default to only allow a few HTML tags and attributes. Customized sanitizer rules can be defined in [markup.sanitizer.*] .
-;; * no-sanitizer: Disable the sanitizer and render the content inside current page. It's **insecure** and may lead to XSS attack if the content contains malicious code.
-;; * iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.
-;RENDER_CONTENT_MODE=sanitized

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2199,10 +2027,6 @@ ROUTER = console
 ;ENABLED = false
 ;; If you want to add authorization, specify a token here
 ;TOKEN =
-;; Enable issue by label metrics; default is false
-;ENABLED_ISSUE_BY_LABEL = false
-;; Enable issue by repository metrics; default is false
-;ENABLED_ISSUE_BY_REPOSITORY = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2237,36 +2061,12 @@ ROUTER = console
 ;ALLOWED_DOMAINS =
 ;;
 ;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
-;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
+;; When ALLOWED_DOMAINS is not blank, this option will be ignored.
 ;BLOCKED_DOMAINS =
 ;;
 ;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
 ;ALLOW_LOCALNETWORKS = false

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[federation]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable/Disable federation capabilities
-;ENABLED = false
-;;
-;; Enable/Disable user statistics for nodeinfo if federation is enabled
-;SHARE_USER_STATISTICS = true
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable/Disable package registry capabilities
-;ENABLED = true
-;;
-;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
-;CHUNKED_UPLOAD_PATH = tmp/package-upload
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; default storage for attachments, lfs and avatars
@@ -2293,19 +2093,6 @@ ROUTER = console
 ;;
 ;[lfs]
 ;STORAGE_TYPE = local
-;;
-;; Where your lfs files reside, default is data/lfs.
-;PATH = data/lfs
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for packages, will override storage setting
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[storage.packages]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; storage type
-;STORAGE_TYPE = local

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2330,11 +2117,3 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
-
-;[proxy]
-;; Enable the proxy, all requests to external via HTTP will be affected
-;PROXY_ENABLED = false
-;; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy/no_proxy
-;PROXY_URL =
-;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
-;PROXY_HOSTS =
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@@ -1,4 +1,4 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}dev{{/if}}-rootless
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
@@ -8,12 +8,12 @@ tags:
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}dev{{/if}}-linux-amd64-rootless
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}dev{{/if}}-linux-arm64-rootless
    platform:
      architecture: arm64
      os: linux
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -1,4 +1,4 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}dev{{/if}}
 {{#if build.tags}}
 tags:
 {{#each build.tags}}
@@ -8,13 +8,13 @@ tags:
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{else}}dev-{{/if}}linux-amd64
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{else}}dev-{{/if}}linux-arm64
    platform:
      architecture: arm64
      os: linux
-      variant: v8
+      variant: v8
--- a/docker/root/etc/s6/gitea/run
+++ b/docker/root/etc/s6/gitea/run
@@ -2,5 +2,5 @@
 [[ -f ./setup ]] && source ./setup

 pushd /app/gitea >/dev/null
-exec su-exec $USER /usr/local/bin/gitea web
+exec su-exec $USER /app/gitea/gitea web
 popd
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -49,8 +49,6 @@ if [ -d /etc/ssh ]; then
    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
-    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
-    SSH_LOG_LEVEL=${SSH_LOG_LEVEL:-"INFO"} \
    envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config

    chmod 0644 /etc/ssh/sshd_config
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -20,6 +20,7 @@ DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = /data/git/lfs

 [database]
 PATH = /data/gitea/gitea.db
@@ -58,6 +59,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
-
-[lfs]
-PATH = /data/git/lfs
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -8,7 +8,7 @@ ListenAddress ::
 ${SSH_MAX_STARTUPS}
 ${SSH_MAX_SESSIONS}

-LogLevel ${SSH_LOG_LEVEL}
+LogLevel INFO

 HostKey /data/ssh/ssh_host_ed25519_key
 ${SSH_ED25519_CERT}
@@ -41,5 +41,3 @@ Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server

 AcceptEnv GIT_PROTOCOL
-
-${SSH_INCLUDE_FILE}
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -1,11 +1,5 @@
 #!/bin/sh

-# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
-if [ ! -x /bin/sh ]; then
-  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
-  exit 1;
-fi
-
 if [ "${USER}" != "git" ]; then
    # rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
--- a/docker/root/usr/local/bin/gitea
+++ b/docker/root/usr/local/bin/gitea
@@ -1,15 +0,0 @@
-#!/bin/bash
-
-###############################################################
-# This script sets defaults for gitea to run in the container #
-###############################################################
-
-# It assumes that you place this script as gitea in /usr/local/bin
-#
-# And place the original in /usr/lib/gitea with working files in /data/gitea
-GITEA="/app/gitea/gitea"
-WORK_DIR="/app/gitea"
-CUSTOM_PATH="/data/gitea"
-
-# Provide docker defaults
-GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" GITEA_CUSTOM="${GITEA_CUSTOM:-$CUSTOM_PATH}" exec -a "$0" "$GITEA" $CONF_ARG "$@"
--- a/docker/rootless/etc/templates/app.ini
+++ b/docker/rootless/etc/templates/app.ini
@@ -23,6 +23,7 @@ SSH_PORT         = $SSH_PORT
 SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 BUILTIN_SSH_SERVER_USER = $RUN_USER
 LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = $GITEA_WORK_DIR/git/lfs

 [database]
 PATH = $GITEA_WORK_DIR/data/gitea.db
@@ -54,6 +55,3 @@ REVERSE_PROXY_TRUSTED_PROXIES = *
 [service]
 DISABLE_REGISTRATION = $DISABLE_REGISTRATION
 REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
-
-[lfs]
-PATH = $GITEA_WORK_DIR/git/lfs
--- a/docker/rootless/usr/local/bin/docker-entrypoint.sh
+++ b/docker/rootless/usr/local/bin/docker-entrypoint.sh
@@ -1,11 +1,5 @@
 #!/bin/sh

-# Protect against buggy runc in docker <20.10.6 causing problems in with Alpine >= 3.14
-if [ ! -x /bin/sh ]; then
-  echo "Executable test for /bin/sh failed. Your Docker version is too old to run Alpine 3.14+ and Gitea. You must upgrade Docker.";
-  exit 1;
-fi
-
 if [ -x /usr/local/bin/docker-setup.sh ]; then
    /usr/local/bin/docker-setup.sh || { echo 'docker setup failed' ; exit 1; }
 fi
--- a/docker/rootless/usr/local/bin/gitea
+++ b/docker/rootless/usr/local/bin/gitea
@@ -1,40 +0,0 @@
-#!/bin/bash
-
-###############################################################
-# This script sets defaults for gitea to run in the container #
-###############################################################
-
-# It assumes that you place this script as gitea in /usr/local/bin
-#
-# And place the original in /usr/lib/gitea with working files in /data/gitea
-GITEA="/app/gitea/gitea"
-WORK_DIR="/var/lib/gitea"
-APP_INI="/etc/gitea/app.ini"
-
-APP_INI_SET=""
-for i in "$@"; do
-	case "$i" in
-	"-c")
-		APP_INI_SET=1
-		;;
-	"-c="*)
-		APP_INI_SET=1
-		;;
-	"--config")
-		APP_INI_SET=1
-		;;
-	"--config="*)
-		APP_INI_SET=1
-		;;
-	*)
-	;;
-	esac
-done
-
-if [ -z "$APP_INI_SET" ]; then
-	CONF_ARG=("-c" "${GITEA_APP_INI:-$APP_INI}")
-fi
-
-
-# Provide docker defaults
-GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" exec -a "$0" "$GITEA" "${CONF_ARG[@]}" "$@"
--- a/docs/assets/js/search.js
+++ b/docs/assets/js/search.js
@@ -15,7 +15,7 @@ const fuseOptions = {
  shouldSort: true,
  includeMatches: true,
  matchAllTokens: true,
-  threshold: 0, // for parsing diacritics
+  threshold: 0.0, // for parsing diacritics
  tokenize: true,
  location: 0,
  distance: 100,
@@ -52,7 +52,7 @@ function doSearch() {
    executeSearch(searchQuery);
  } else {
    const para = document.createElement('P');
-    para.textContent = 'Please enter a word or phrase above';
+    para.innerText = 'Please enter a word or phrase above';
    document.getElementById('search-results').appendChild(para);
  }
 }
@@ -60,17 +60,17 @@ function doSearch() {
 function getJSON(url, fn) {
  const request = new XMLHttpRequest();
  request.open('GET', url, true);
-  request.addEventListener('load', () => {
+  request.onload = function () {
    if (request.status >= 200 && request.status < 400) {
      const data = JSON.parse(request.responseText);
      fn(data);
    } else {
      console.error(`Target reached on ${url} with error ${request.status}`);
    }
-  });
-  request.addEventListener('error', () => {
+  };
+  request.onerror = function () {
    console.error(`Connection error ${request.status}`);
-  });
+  };
  request.send();
 }

@@ -84,20 +84,20 @@ function executeSearch(searchQuery) {
      populateResults(result);
    } else {
      const para = document.createElement('P');
-      para.textContent = 'No matches found';
+      para.innerText = 'No matches found';
      document.getElementById('search-results').appendChild(para);
    }
  });
 }

 function populateResults(result) {
-  for (const [key, value] of result.entries()) {
+  result.forEach((value, key) => {
    const content = value.item.contents;
    let snippet = '';
    const snippetHighlights = [];
    if (fuseOptions.tokenize) {
      snippetHighlights.push(searchQuery);
-      for (const mvalue of value.matches) {
+      value.matches.forEach((mvalue) => {
        if (mvalue.key === 'tags' || mvalue.key === 'categories') {
          snippetHighlights.push(mvalue.value);
        } else if (mvalue.key === 'contents') {
@@ -111,7 +111,7 @@ function populateResults(result) {
            snippetHighlights.push(mvalue.value.substring(mvalue.indices[0][0], mvalue.indices[0][1] - mvalue.indices[0][0] + 1));
          }
        }
-      }
+      });
    }

    if (snippet.length < 1) {
@@ -130,10 +130,10 @@ function populateResults(result) {
    });
    document.getElementById('search-results').appendChild(htmlToElement(output));

-    for (const snipvalue of snippetHighlights) {
+    snippetHighlights.forEach((snipvalue) => {
      new Mark(document.getElementById(`summary-${key}`)).mark(snipvalue);
-    }
-  }
+    });
+  });
 }

 function render(templateString, data) {
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -18,10 +18,10 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.16.8
-  minGoVersion: 1.18
-  goVersion: 1.18
-  minNodeVersion: 14
+  version: 1.14.6
+  minGoVersion: 1.16
+  goVersion: 1.16
+  minNodeVersion: 12.17

 outputs:
  home:
--- a/docs/content/doc/advanced/adding-legal-pages.en-us.md
+++ b/docs/content/doc/advanced/adding-legal-pages.en-us.md
@@ -20,12 +20,12 @@ Some jurisdictions (such as EU), requires certain legal pages (e.g. Privacy Poli
 Gitea source code ships with sample pages, available in `contrib/legal` directory. Copy them to `custom/public/`. For example, to add Privacy Policy:

 ```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
+wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/master/contrib/legal/privacy.html.sample
 ```

 Now you need to edit the page to meet your requirements. In particular you must change the email addresses, web addresses and references to "Your Gitea Instance" to match your situation.

-You absolutely must not place a general ToS or privacy statement that implies that the Gitea project is responsible for your server.
+You absolutely must not place a general ToS or privacy statement that implies that the gitea project is responsible for your server.

 ## Make it Visible

--- a/Show More
+++ b/Show More
				`@@ -1 +0,0 @@`
				`std.manifestYamlDoc((import '../mixin.libsonnet').prometheusAlerts)`