Changelog 1.10.3 (#9832 )

fix (#9838 )
Fix download file wrong content-type (#9825 ) (#9835 )
2025-07-21 17:41:16 +02:00 · 2020-01-17 16:18:34 -05:00 · 2020-01-17 23:25:46 +08:00 · 2020-01-17 14:56:25 +01:00 · 2020-01-17 13:38:53 +01:00 · 2020-01-17 08:51:21 +01:00
7831 changed files with 1070164 additions and 397706 deletions
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -0,0 +1,44 @@
+repo: go-gitea/gitea
+groups:
+  -
+    name: BREAKING
+    labels:
+      - kind/breaking
+  -
+    name: FEATURE
+    labels:
+      - kind/feature
+  -
+    name: SECURITY
+    labels:
+      - kind/security
+  -
+    name: BUGFIXES
+    labels:
+      - kind/bug
+  -
+    name: ENHANCEMENT
+    labels:
+      - kind/enhancement
+      - kind/refactor
+      - kind/ui
+  -
+    name: TESTING
+    labels:
+      - kind/testing
+  -
+    name: TRANSLATION
+    labels:
+      - kind/translation
+  -
+    name: BUILD
+    labels:
+      - kind/build
+      - kind/lint
+  -
+    name: DOCS
+    labels:
+      - kind/docs
+  -
+    name: MISC
+    default: true
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,5 +0,0 @@
-*
-!gitea
-!docker
-!public
-!templates
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,194 +1,780 @@
+---
+kind: pipeline
+name: testing
+
+platform:
+  os: linux
+  arch: amd64
+
 workspace:
-  base: /srv/app
+  base: /go
  path: src/code.gitea.io/gitea

-pipeline:
-  clone:
-    image: plugins/git
-    depth: 50
-    tags: true
-
-  build:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata sqlite
-      GOPATH: /srv/app
-    commands:
-      - apk -U add openssh-client
-      - make clean
-      - make generate
-      - make vet
-      - make lint
-      - make stylesheets-check
-      - make misspell-check
-      - make test-vendor
-      - make build
-    when:
-      event: [ push, tag, pull_request ]
-
-  test:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata sqlite
-      GOPATH: /srv/app
-    commands:
-      - apk -U add openssh-client
-      - make test
-    when:
-      event: [ tag, pull_request ]
-
-  test-coverage:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata sqlite
-      GOPATH: /srv/app
-    commands:
-      - apk -U add openssh-client
-      - go get github.com/wadey/gocovmerge
-      - make test-coverage
-    when:
-      event: [ push ]
-      branch: master
-
-  test-sqlite:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata
-      GOPATH: /srv/app
-    commands:
-      - echo "Needs to be fixed" # make test-sqlite
-    when:
-      event: [ push, tag, pull_request ]
-
-  test-mysql:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata
-      GOPATH: /srv/app
-    commands:
-      - make test-mysql
-    when:
-      event: [ push, tag, pull_request ]
-
-  test-pgsql:
-    image: webhippie/golang:edge
-    pull: true
-    environment:
-      TAGS: bindata
-      GOPATH: /srv/app
-    commands:
-      - make test-pgsql
-    when:
-      event: [ push, tag, pull_request ]
-
-  static:
-    image: karalabe/xgo-latest:latest
-    pull: true
-    environment:
-      TAGS: bindata sqlite
-      GOPATH: /srv/app
-    commands:
-      - make release
-    when:
-      event: [ push, tag ]
-
-  # coverage:
-  #   image: plugins/coverage
-  #   server: https://coverage.gitea.io
-  #   when:
-  #     event: [ push ]
-  #     branch: master
-
-  docker:
-    image: plugins/docker
-    pull: true
-    repo: gitea/gitea
-    tags: [ '${DRONE_TAG##v}' ]
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  docker:
-    image: plugins/docker
-    pull: true
-    repo: gitea/gitea
-    tags: [ '${DRONE_BRANCH##release/v}' ]
-    when:
-      event: [ push ]
-      branch: [ release/* ]
-
-  docker:
-    image: plugins/docker
-    pull: true
-    repo: gitea/gitea
-    tags: [ 'latest' ]
-    when:
-      event: [ push ]
-      branch: [ master ]
-
-  release:
-    image: plugins/s3
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/${DRONE_TAG##v}
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  release:
-    image: plugins/s3
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/${DRONE_BRANCH##release/v}
-    when:
-      event: [ push ]
-      branch: [ release/* ]
-
-  release:
-    image: plugins/s3
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/master
-    when:
-      event: [ push ]
-      branch: [ master ]
-
-  github:
-    image: plugins/github-release
-    files:
-      - dist/release/*
-    when:
-      event: [ tag ]
-      branch: [ refs/tags/* ]
-
-  discord:
-    image: appleboy/drone-discord:0.0.4
-    webhook_id: ${WEBHOOK_ID}
-    webhook_token: ${WEBHOOK_TOKEN}
-    when:
-      event: [ push, tag, pull_request ]
-      status: [ changed, failure ]
-
 services:
-  mysql:
+  - name: mysql
+    pull: default
    image: mysql:5.7
    environment:
-      - MYSQL_DATABASE=test
-      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
-    when:
-      event: [ push, tag, pull_request ]
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: test

-  pgsql:
+  - name: mysql8
+    pull: default
+    image: mysql:8.0
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: testgitea
+
+  - name: pgsql
+    pull: default
    image: postgres:9.5
    environment:
-      - POSTGRES_DB=test
+      POSTGRES_DB: test
+
+  - name: mssql
+    pull: default
+    image: microsoft/mssql-server-linux:latest
+    environment:
+      ACCEPT_EULA: Y
+      MSSQL_PID: Standard
+      SA_PASSWORD: MwantsaSecurePassword1
+
+  - name: ldap
+    pull: default
+    image: gitea/test-openldap:latest
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
    when:
-      event: [ push, tag, pull_request ]
+      event:
+        exclude:
+          - pull_request
+
+  - name: pre-build
+    pull: always
+    image: webhippie/nodejs:latest
+    commands:
+      - make css
+      - make js
+
+  - name: build-without-gcc
+    pull: always
+    image: golang:1.11 # this step is kept as the lowest version of golang that we support
+    environment:
+      GO111MODULE: on
+      GOPROXY: off
+    commands:
+      - go build -mod=vendor -o gitea_no_gcc # test if build succeeds without the sqlite tag
+
+  - name: build-linux-386
+    pull: always
+    image: golang:1.13
+    environment:
+      GO111MODULE: on
+      GOPROXY: off
+      GOOS: linux
+      GOARCH: 386
+    commands:
+      - go build -mod=vendor -o gitea_linux_386 # test if compatible with 32 bit
+
+  - name: build
+    pull: always
+    image: golang:1.13
+    commands:
+      - make clean
+      - make generate
+      - make golangci-lint
+      - make revive
+      - make swagger-check
+      - make swagger-validate
+      - make test-vendor
+      - make build
+    environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: unit-test
+    pull: always
+    image: golang:1.13
+    commands:
+      - make unit-test-coverage
+    environment:
+      GOPROXY: off
+      TAGS: bindata sqlite sqlite_unlock_notify
+    depends_on:
+      - build
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: release-test
+    pull: always
+    image: golang:1.13
+    commands:
+      - make test
+    environment:
+      GOPROXY: off
+      TAGS: bindata sqlite sqlite_unlock_notify
+    depends_on:
+      - build
+    when:
+      branch:
+        - "release/*"
+      event:
+        - push
+        - pull_request
+
+  - name: tag-pre-condition
+    pull: always
+    image: alpine/git
+    commands:
+      - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
+    depends_on:
+      - build
+    when:
+      event:
+        - tag
+
+  - name: tag-test
+    pull: always
+    image: golang:1.13
+    commands:
+      - make test
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+    depends_on:
+      - tag-pre-condition
+    when:
+      event:
+        - tag
+
+  - name: test-sqlite
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-sqlite-migration
+      - timeout -s ABRT 20m make test-sqlite
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+    depends_on:
+      - build
+
+  - name: test-mysql
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - make test-mysql-migration
+      - make integration-test-coverage
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: tag-test-mysql
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-mysql-migration
+      - timeout -s ABRT 20m make test-mysql
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+    when:
+      event:
+        - tag
+
+  - name: test-mysql8
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-mysql8-migration
+      - timeout -s ABRT 20m make test-mysql8
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: test-pgsql
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-pgsql-migration
+      - timeout -s ABRT 20m make test-pgsql
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: test-mssql
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - make test-mssql-migration
+      - make test-mssql
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: generate-coverage
+    pull: always
+    image: golang:1.13
+    commands:
+      - make coverage
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+    depends_on:
+      - unit-test
+      - test-mysql
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: coverage
+    pull: always
+    image: robertstettner/drone-codecov
+    settings:
+      files:
+        - coverage.all
+    environment:
+      CODECOV_TOKEN:
+        from_secret: codecov_token
+    depends_on:
+      - generate-coverage
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+---
+kind: pipeline
+name: translations
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  branch:
+    - master
+  event:
+    - push
+
+steps:
+  - name: download
+    pull: always
+    image: jonasfranz/crowdin
+    settings:
+      download: true
+      export_dir: options/locale/
+      ignore_branch: true
+      project_identifier: gitea
+    environment:
+      CROWDIN_KEY:
+        from_secret: crowdin_key
+
+  - name: update
+    pull: default
+    image: alpine:3.10
+    commands:
+      - mv ./options/locale/locale_en-US.ini ./options/
+      - "sed -i -e 's/=\"/=/g' -e 's/\"$$//g' ./options/locale/*.ini"
+      - "sed -i -e 's/\\\\\\\\\"/\"/g' ./options/locale/*.ini"
+      - mv ./options/locale_en-US.ini ./options/locale/
+
+  - name: push
+    pull: always
+    image: appleboy/drone-git-push
+    settings:
+      author_email: "teabot@gitea.io"
+      author_name: GiteaBot
+      commit: true
+      commit_message: "[skip ci] Updated translations via Crowdin"
+      remote: "git@github.com:go-gitea/gitea.git"
+    environment:
+      GIT_PUSH_SSH_KEY:
+        from_secret: git_push_ssh_key
+
+  - name: upload_translations
+    pull: always
+    image: jonasfranz/crowdin
+    settings:
+      files:
+        locale_en-US.ini: options/locale/locale_en-US.ini
+      ignore_branch: true
+      project_identifier: gitea
+    environment:
+      CROWDIN_KEY:
+        from_secret: crowdin_key
+
+---
+kind: pipeline
+name: release-master
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  branch:
+    - master
+    - "release/*"
+  event:
+    - push
+
+depends_on:
+  - testing
+  - translations
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+
+  - name: static
+    pull: always
+    image: techknowlogick/xgo:latest
+    commands:
+      - export PATH=$PATH:$GOPATH/bin
+      - make generate
+      - make release
+    environment:
+      GOPROXY: off
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: gpg-sign
+    pull: always
+    image: plugins/gpgsign:1
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
+    depends_on:
+      - static
+
+  - name: release-branch-release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: "/gitea/${DRONE_BRANCH##release/v}"
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+    when:
+      branch:
+        - "release/*"
+      event:
+        - push
+
+  - name: release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: /gitea/master
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+    when:
+      branch:
+        - master
+      event:
+        - push
+
+---
+kind: pipeline
+name: release-version
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  event:
+    - tag
+
+depends_on:
+  - testing
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+
+  - name: static
+    pull: always
+    image: techknowlogick/xgo:latest
+    commands:
+      - export PATH=$PATH:$GOPATH/bin
+      - make generate
+      - make release
+    environment:
+      GOPROXY: off
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: gpg-sign
+    pull: always
+    image: plugins/gpgsign:1
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
+    depends_on:
+      - static
+
+  - name: release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: "/gitea/${DRONE_TAG##v}"
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+
+  - name: github
+    pull: always
+    image: plugins/github-release:1
+    settings:
+      files:
+        - "dist/release/*"
+    environment:
+      GITHUB_TOKEN:
+        from_secret: github_token
+    depends_on:
+      - gpg-sign
+
+---
+kind: pipeline
+name: docs
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+steps:
+  - name: build-docs
+    pull: always
+    image: webhippie/hugo:latest
+    commands:
+      - cd docs
+      - make trans-copy
+      - make clean
+      - make build
+
+  - name: publish-docs
+    pull: always
+    image: lucap/drone-netlify:latest
+    settings:
+      path: docs/public/
+      site_id: d2260bae-7861-4c02-8646-8f6440b12672
+    environment:
+      NETLIFY_TOKEN:
+        from_secret: netlify_token
+    when:
+      branch:
+        - master
+      event:
+        - push
+
+---
+kind: pipeline
+name: docker-linux-amd64
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+depends_on:
+  - testing
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+  - "refs/pull/**"
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+    when:
+      event:
+        exclude:
+          - pull_request
+
+  - name: dryrun
+    pull: always
+    image: plugins/docker:linux-amd64
+    settings:
+      dry_run: true
+      repo: gitea/gitea
+      tags: linux-amd64
+      build_args:
+        - GOPROXY=off
+    when:
+      event:
+        - pull_request
+
+  - name: publish
+    pull: always
+    image: plugins/docker:linux-amd64
+    settings:
+      auto_tag: true
+      auto_tag_suffix: linux-amd64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    when:
+      event:
+        exclude:
+        - pull_request
+
+
+
+---
+kind: pipeline
+name: docker-linux-arm64
+
+platform:
+  os: linux
+  arch: arm64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+depends_on:
+  - testing
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+  - "refs/pull/**"
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+    when:
+      event:
+        exclude:
+          - pull_request
+
+  - name: dryrun
+    pull: always
+    image: plugins/docker:linux-arm64
+    settings:
+      dry_run: true
+      repo: gitea/gitea
+      tags: linux-arm64
+      build_args:
+        - GOPROXY=off
+    when:
+      event:
+        - pull_request
+
+  - name: publish
+    pull: always
+    image: plugins/docker:linux-arm64
+    settings:
+      auto_tag: true
+      auto_tag_suffix: linux-arm64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    when:
+      event:
+        exclude:
+        - pull_request
+
+---
+kind: pipeline
+name: docker-manifest
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: manifest
+    pull: always
+    image: plugins/manifest
+    settings:
+      auto_tag: true
+      ignore_missing: true
+      spec: docker/manifest.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+
+depends_on:
+  - docker-linux-amd64
+  - docker-linux-arm64
+
+---
+kind: pipeline
+name: notify
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+when:
+  status:
+    - success
+    - failure
+
+depends_on:
+  - testing
+  - translations
+  - release-version
+  - release-master
+  - docker-linux-amd64
+  - docker-linux-arm64
+  - docker-manifest
+  - docs
+
+steps:
+  - name: discord
+    pull: always
+    image: appleboy/drone-discord:1.0.0
+    environment:
+      DISCORD_WEBHOOK_ID:
+        from_secret: discord_webhook_id
+      DISCORD_WEBHOOK_TOKEN:
+        from_secret: discord_webhook_token
--- a/.drone.yml.sig
+++ b/.drone.yml.sig
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,5 +1,4 @@
 # http://editorconfig.org
-
 root = true

 [*]
@@ -15,11 +14,11 @@ indent_size = 8
 indent_style = tab
 indent_size = 4

-[*.{less}]
+[*.less]
 indent_style = space
 indent_size = 4

-[*.{yml}]
+[*.{yml,json}]
 indent_style = space
 indent_size = 2

--- a/.eslintrc
+++ b/.eslintrc
@@ -0,0 +1,27 @@
+root: true
+
+extends:
+  - eslint:recommended
+
+parserOptions:
+  ecmaVersion: 2015
+
+env:
+  browser: true
+  jquery: true
+  es6: true
+
+globals:
+  Clipboard: false
+  CodeMirror: false
+  emojify: false
+  SimpleMDE: false
+  Vue: false
+  Dropzone: false
+  u2fApi: false
+  hljs: false
+
+rules:
+  no-unused-vars: [error, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
+  prefer-const: [2, {destructuring: all}]
+  no-var: [2]
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+open_collective: gitea
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -1,7 +1,9 @@
+<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
+
 <!--
-    1. Please speak English, this is the language all of us can speak and write.
+    1. Please speak English, this is the language all maintainers can speak and write.
    2. Please ask questions or configuration/deploy problems on our Discord 
-       server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io).
+       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
    3. Please take a moment to check that your issue doesn't already exist.
    4. Please give all relevant information below for bug reports, because 
       incomplete details will be handled as an invalid report.
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -0,0 +1,53 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 60
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 14
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - status/blocked 
+  - kind/security 
+  - lgtm/done
+  - reviewed/confirmed
+  - priority/critical
+  - kind/proposal
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you
+  for your contributions.
+
+# Comment to post when closing a stale Issue or Pull Request.
+closeComment: >
+  This issue has been automatically closed because of inactivity.
+  You can re-open it if needed.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 1
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+pulls:
+  daysUntilStale: 60
+  daysUntilClose: 60
+  markComment: >
+    This pull request has been automatically marked as stale because it has not had
+    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
+    for your contributions.
+  closeComment: >
+    This pull request has been automatically closed because of inactivity.
+    You can re-open it if needed.
+
--- a/.gitignore
+++ b/.gitignore
@@ -10,6 +10,9 @@ _test
 # IntelliJ
 .idea

+# MS VSCode
+.vscode
+
 # Architecture specific extensions/prefixes
 *.[568vq]
 [568vq].out
@@ -27,6 +30,7 @@ _testmain.go
 *.prof

 *coverage.out
+coverage.all

 /modules/options/bindata.go
 /modules/public/bindata.go
@@ -36,6 +40,7 @@ _testmain.go
 *.log

 /gitea
+/debug
 /integrations.test

 /bin
@@ -45,4 +50,31 @@ _testmain.go
 /indexers
 /log
 /public/img/avatar
-/integrations/gitea-integration
+/integrations/gitea-integration-mysql
+/integrations/gitea-integration-mysql8
+/integrations/gitea-integration-pgsql
+/integrations/gitea-integration-sqlite
+/integrations/gitea-integration-mssql
+/integrations/indexers-mysql
+/integrations/indexers-mysql8
+/integrations/indexers-pgsql
+/integrations/indexers-sqlite
+/integrations/indexers-mssql
+/integrations/mysql.ini
+/integrations/mysql8.ini
+/integrations/pgsql.ini
+/integrations/mssql.ini
+/node_modules
+/modules/indexer/issues/indexers
+routers/repo/authorized_keys
+/yarn.lock
+
+# Snapcraft
+snap/.snapcraft/
+parts/
+stage/
+prime/
+*.snap
+*.snap-build
+*_source.tar.bz2
+.DS_Store
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,94 @@
+linters:
+  enable:
+    - gosimple
+    - deadcode
+    - typecheck
+    - govet
+    - errcheck
+    - staticcheck
+    - unused
+    - structcheck
+    - varcheck
+    - golint
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - misspell
+    - gocritic
+  enable-all: false
+  disable-all: true
+  fast: false
+
+run:
+  timeout: 3m
+
+linters-settings:
+  gocritic:
+    disabled-checks:
+      - ifElseChain
+      - singleCaseSwitch # Every time this occured in the code, there  was no other way.
+
+issues:
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - unparam
+        - staticcheck
+    - path: models/migrations/v
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+    - linters:
+        - dupl
+      text: "webhook"
+    - linters:
+        - gocritic
+      text: "`ID' should not be capitalized"
+    - path: modules/templates/helper.go
+      linters:
+        - gocritic
+    - linters:
+        - unused
+        - deadcode
+      text: "swagger"
+    - path: contrib/pr/checkout.go
+      linters:
+        - errcheck
+    - path: models/issue.go
+      linters:
+        - errcheck
+    - path: models/migrations/
+      linters:
+        - errcheck
+    - path: modules/log/
+      linters:
+        - errcheck
+    - path: routers/routes/routes.go
+      linters:
+        - dupl
+    - path: routers/repo/view.go
+      linters:
+        - dupl
+    - path: models/migrations/
+      linters:
+        - unused
+    - linters:
+        - staticcheck
+      text: "argument x is overwritten before first use"
+    - path: modules/httplib/httplib.go
+      linters:
+        - staticcheck
+    # Enabling this would require refactoring the methods and how they are called.
+    - path: models/issue_comment_list.go
+      linters:
+        - dupl
+    - linters:
+        - misspell
+      text: '`Unknwon` is a misspelling of `Unknown`'
--- a/.lgtm
+++ b/.lgtm
@@ -1,2 +1,3 @@
-self_approval_off = false
+pattern = "(?)LGTM"
+self_approval_off = true
 ignore_maintainers_file = true
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1 @@
+save-exact=true
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,25 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 1
+warningCode = 1
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+[rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.package-comments]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -0,0 +1,11 @@
+extends: stylelint-config-standard
+
+rules:
+  block-closing-brace-empty-line-before: null
+  color-hex-length: null
+  comment-empty-line-before: null
+  declaration-empty-line-before: null
+  indentation: 4
+  no-descending-specificity: null
+  rule-empty-line-before: null
+  selector-pseudo-element-colon-notation: null
--- a/51
+++ b/51
@@ -0,0 +1,51 @@
+# GNU makefile proxy script for BSD make
+# Written and maintained by Mahmoud Al-Qudsi <mqudsi@neosmart.net>
+# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2018
+# Obtain updates from <https://github.com/neosmart/gmake-proxy>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+JARG =
+GMAKE = "gmake"
+#When gmake is called from another make instance, -w is automatically added
+#which causes extraneous messages about directory changes to be emitted.
+#--no-print-directory silences these messages.
+GARGS = "--no-print-directory"
+
+.if "$(.MAKE.JOBS)" != ""
+JARG = -j$(.MAKE.JOBS)
+.endif
+
+#by default bmake will cd into ./obj first
+.OBJDIR: ./
+
+.PHONY: FRC
+$(.TARGETS): FRC
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.DONE .DEFAULT: .SILENT
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.ERROR: .SILENT
+	if ! which $(GMAKE) > /dev/null; then \
+		echo "GNU Make is required!"; \
+	fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -8,58 +8,135 @@
  - [Discuss your design](#discuss-your-design)
  - [Testing redux](#testing-redux)
  - [Vendoring](#vendoring)
+  - [Translation](#translation)
  - [Code review](#code-review)
  - [Styleguide](#styleguide)
-  - [Sign your work](#sign-your-work)
+  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
  - [Release Cycle](#release-cycle)
  - [Maintainers](#maintainers)
  - [Owners](#owners)
  - [Versions](#versions)
+  - [Releasing Gitea](#releasing-gitea)
  - [Copyright](#copyright)

 ## Introduction

-This document explains how to contribute changes to the Gitea project. It assumes you have followed the [installation instructions](https://docs.gitea.io/en-us/). Sensitive security-related issues should be reported to [security@gitea.io](mailto:security@gitea.io).
+This document explains how to contribute changes to the Gitea project.
+It assumes you have followed the
+[installation instructions](https://docs.gitea.io/en-us/).
+Sensitive security-related issues should be reported to
+[security@gitea.io](mailto:security@gitea.io).
+
+For configuring IDE or code editor to develop Gitea see [IDE and code editor configuration](contrib/ide/)

 ## Bug reports

-Please search the issues on the issue tracker with a variety of keywords to ensure your bug is not already reported.
+Please search the issues on the issue tracker with a variety of keywords
+to ensure your bug is not already reported.

-If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new) and answer the questions so we can understand and reproduce the problematic behavior.
+If unique, [open an issue](https://github.com/go-gitea/gitea/issues/new)
+and answer the questions so we can understand and reproduce the
+problematic behavior.

-To show us that the issue you are having is in Gitea itself, please write clear, concise instructions so we can reproduce the behavior (even if it seems obvious). The more detailed and specific you are, the faster we can fix the issue. Check out [How to Report Bugs Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).
+To show us that the issue you are having is in Gitea itself, please
+write clear, concise instructions so we can reproduce the behavior—
+even if it seems obvious. The more detailed and specific you are,
+the faster we can fix the issue. Check out [How to Report Bugs
+Effectively](http://www.chiark.greenend.org.uk/~sgtatham/bugs.html).

-Please be kind, remember that Gitea comes at no cost to you, and you're getting free help.
+Please be kind, remember that Gitea comes at no cost to you, and you're
+getting free help.

 ## Discuss your design

-The project welcomes submissions but please let everyone know what you're working on if you want to change or add something to the Gitea repositories.
+The project welcomes submissions. If you want to change or add something,
+please let everyone know what you're working on—[file an issue](https://github.com/go-gitea/gitea/issues/new)!
+Significant changes must go through the change proposal process
+before they can be accepted. To create a proposal, file an issue with
+your proposed changes documented, and make sure to note in the title
+of the issue that it is a proposal.

-Before starting to write something new for the Gitea project, please [file an issue](https://github.com/go-gitea/gitea/issues/new). Significant changes must go through the [change proposal process](https://github.com/go-gitea/proposals) before they can be accepted.
-
-This process gives everyone a chance to validate the design, helps prevent duplication of effort, and ensures that the idea fits inside the goals for the project and tools. It also checks that the design is sound before code is written; the code review tool is not the place for high-level discussions.
+This process gives everyone a chance to validate the design, helps
+prevent duplication of effort, and ensures that the idea fits inside
+the goals for the project and tools. It also checks that the design is
+sound before code is written; the code review tool is not the place for
+high-level discussions.

 ## Testing redux

-Before sending code out for review, run all the tests for the whole tree to make sure the changes don't break other usage and keep the compatibility on upgrade. To make sure you are running the test suite exactly like we do, you should install the CLI for [Drone CI](https://github.com/drone/drone), as we are using the server for continous testing, following [these instructions](http://readme.drone.io/usage/getting-started-cli). After that you can simply call `drone exec` within your working directory and it will try to run the test suite locally.
+Before submitting a pull request, run all the tests for the whole tree
+to make sure your changes don't cause regression elsewhere.
+
+Here's how to run the test suite:
+
+- Install the correct version of the drone-cli package.  As of this
+  writing, the correct drone-cli version is
+  [1.1.0](https://docs.drone.io/cli/install/).
+- Ensure you have enough free disk space.  You will need at least
+  15-20 Gb of free disk space to hold all of the containers drone
+  creates (a default AWS or GCE disk size won't work -- see
+  [#6243](https://github.com/go-gitea/gitea/issues/6243)).
+- Change into the base directory of your copy of the gitea repository,
+  and run `drone exec --event pull_request`.
+
+The drone version, command line, and disk requirements do change over
+time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
+[#6243](https://github.com/go-gitea/gitea/issues/6243)); if you
+discover any issues, please feel free to send us a pull request to
+update these instructions.

 ## Vendoring

-We keep a cached copy of dependencies within the `vendor/` directory, managing updates via [govendor](http://github.com/kardianos/govendor).
+We keep a cached copy of dependencies within the `vendor/` directory,
+managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).

-Pull requests should only include `vendor/` updates if they are part of the same change, be it a bugfix or a feature addition.
+Pull requests should only include `vendor/` updates if they are part of
+the same change, be it a bugfix or a feature addition.

-The `vendor/` update needs to be justified as part of the PR description, and must be verified by the reviewers and/or merger to always reference an existing upstream commit.
+The `vendor/` update needs to be justified as part of the PR description,
+and must be verified by the reviewers and/or merger to always reference
+an existing upstream commit.
+
+You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).
+
+## Translation
+
+We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
+The only translation that is maintained in this git repository is
+[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
+and is synced regularly to Crowdin. Once a translation has reached
+A SATISFACTORY PERCENTAGE it will be synced back into this repo and
+included in the next released version.
+
+## Building Gitea
+
+Generally, the go build tools are installed as-needed in the `Makefile`.
+An exception are the tools to build the CSS and images.
+
+- To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
+  with `npm` and then run `npm install` and `make css`.
+- To build Images: ImageMagick, inkscape and zopflipng binaries must be
+  available in your `PATH` to run `make generate-images`.

 ## Code review

-Changes to Gitea must be reviewed before they are accepted, no matter who makes the change even if it is an owner or a maintainer. We use GitHub's pull request workflow to do that and we also use [LGTM](http://lgtm.co) to ensure every PR is reviewed by at least 2 maintainers.
+Changes to Gitea must be reviewed before they are accepted—no matter who
+makes the change, even if they are an owner or a maintainer. We use GitHub's
+pull request workflow to do that. And, we also use [LGTM](http://lgtm.co)
+to ensure every PR is reviewed by at least 2 maintainers.

-Please try to make your pull request easy to review for us. Please read the "[How to get faster PR reviews](https://github.com/kubernetes/community/blob/master/contributors/devel/faster_reviews.md)" guide, it has lots of useful tips for any project you may want to contribute. Some of the key points:
+Please try to make your pull request easy to review for us. And, please read
+the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob/261cb0fd089b64002c91e8eddceebf032462ccd6/contributors/guide/pull-requests.md#best-practices-for-faster-reviews)* guide;
+it has lots of useful tips for any project you may want to contribute.
+Some of the key points:

-* Make small pull requests. The smaller, the faster to review and the more likely it will be merged soon.
-* Don't make changes unrelated to your PR. Maybe there are typos on some comments, maybe refactoring would be welcome on a function... but if that is not related to your PR, please make *another* PR for that.
-* Split big pull requests into multiple small ones. An incremental change will be faster to review than a huge PR.
+* Make small pull requests. The smaller, the faster to review and the
+  more likely it will be merged soon.
+* Don't make changes unrelated to your PR. Maybe there are typos on
+  some comments, maybe refactoring would be welcome on a function... but
+  if that is not related to your PR, please make *another* PR for that.
+* Split big pull requests into multiple small ones. An incremental change
+  will be faster to review than a huge PR.

 ## Styleguide

@@ -80,57 +157,144 @@ import (
 )
 ```

-## Sign your work
+## Developer Certificate of Origin (DCO)

-The sign-off is a simple line at the end of the explanation for the patch. Your signature certifies that you wrote the patch or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: If you can certify [DCO](DCO), then you just add a line to every git commit message:
+We consider the act of contributing to the code by submitting a Pull
+Request as the "Sign off" or agreement to the certifications and terms
+of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
+Additionally you could add a line at the end of your commit message.

 ```
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```

-Please use your real name, we really dislike pseudonyms or anonymous contributions. We are in the open-source world without secrets. If you set your `user.name` and `user.email` git configs, you can sign your commit automatically with `git commit -s`.
+If you set your `user.name` and `user.email` git configs, you can add the
+line to the end of your commit automatically with `git commit -s`.
+
+We assume in good faith that the information you provide is legally binding.

 ## Release Cycle

-We adopted a release schedule to streamline the process of working on, finishing, and issuing releases. The overall goal is to make a major release every two months, which breaks down into one month of general development followed by one month of testing and polishing known as the release freeze. A release is maintained by issuing minor releases to only correct critical problems such as crashes or security issues. All the feature pull requests should be merged in the first month of one release period. 
+We adopted a release schedule to streamline the process of working
+on, finishing, and issuing releases. The overall goal is to make a
+minor release every two months, which breaks down into one month of
+general development followed by one month of testing and polishing
+known as the release freeze. All the feature pull requests should be
+merged in the first month of one release period. And, during the frozen
+period, a corresponding release branch is open for fixes backported from
+master. Release candidates are made during this period for user testing to
+obtain a final version that is maintained in this branch. A release is
+maintained by issuing patch releases to only correct critical problems
+such as crashes or security issues.

-The current release cycle is aligned to start on December 25 to February 24, next is February 25 to April 24, and etc. On this cycle, we also maybe publish the previous release minor version. For example, the current release version is v1.1, but we maybe also publish v1.0.2. When we publish v1.2, then we will stop publish v1.0.3.
+Major release cycles are bimonthly. They always begin on the 25th and end on
+the 24th (i.e., the 25th of December to February 24th).
+
+During a development cycle, we may also publish any necessary minor releases
+for the previous version. For example, if the latest, published release is
+v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
+still possible.

 ## Maintainers

-To make sure every PR is checked, we have [team maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least two maintainers (or owners) before it can get merged. A maintainer should be a contributor of Gitea (or Gogs) and contributed at least 4 accepted PRs. A contributor should apply as a maintainer in the [Discord](https://discord.gg/NsatcWJ) #develop channel. The owners or the team maintainers may invite the contributor. A maintainer should spend some time on code reviews. If a maintainer has no time to do that, they should apply to leave the maintainers team and we will give them the honor of being a member of the [advisors team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if an advisor has time to code review, we will gladly welcome them back to the maintainers team. If a maintainer is inactive for more than 3 months and forgets to leave the maintainers team, the owners may move him or her from the maintainers team to the advisors team.
+To make sure every PR is checked, we have [team
+maintainers](MAINTAINERS). Every PR **MUST** be reviewed by at least
+two maintainers (or owners) before it can get merged. A maintainer
+should be a contributor of Gitea (or Gogs) and contributed at least
+4 accepted PRs. A contributor should apply as a maintainer in the
+[Discord](https://discord.gg/NsatcWJ) #develop channel. The owners
+or the team maintainers may invite the contributor. A maintainer
+should spend some time on code reviews. If a maintainer has no
+time to do that, they should apply to leave the maintainers team
+and we will give them the honor of being a member of the [advisors
+team](https://github.com/orgs/go-gitea/teams/advisors). Of course, if
+an advisor has time to code review, we will gladly welcome them back
+to the maintainers team. If a maintainer is inactive for more than 3
+months and forgets to leave the maintainers team, the owners may move
+him or her from the maintainers team to the advisors team.
+For security reasons, Maintainers should use 2FA for their accounts and
+if possible provide gpg signed commits.
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
+https://help.github.com/articles/signing-commits-with-gpg/

 ## Owners

-Since Gitea is a pure community organization without any company support, to keep the development healthy we will elect three owners every year. All contributors may vote to elect up to three candidates, one of which will be the main owner, and the other two the assistant owners. When the new owners have been elected, the old owners will give up ownership to the newly elected owners. If an owner is unable to do so, the other owners will assist in ceding ownership to the newly elected owners.
+Since Gitea is a pure community organization without any company support,
+to keep the development healthy we will elect three owners every year. All
+contributors may vote to elect up to three candidates, one of which will
+be the main owner, and the other two the assistant owners. When the new
+owners have been elected, the old owners will give up ownership to the
+newly elected owners. If an owner is unable to do so, the other owners
+will assist in ceding ownership to the newly elected owners.
+For security reasons, Owners or any account with write access (like a bot)
+must use 2FA.
+https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/

-After the election, the new owners should proactively agree with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the [Discord](https://discord.gg/NsatcWJ) #general channel. Below are the words to speak:
+After the election, the new owners should proactively agree
+with our [CONTRIBUTING](CONTRIBUTING.md) requirements in the
+[Discord](https://discord.gg/NsatcWJ) #general channel. Below are the
+words to speak:

 ```
-I'm honored to having been elected an owner of Gitea, I agree with [CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea and lead the development of Gitea.
+I'm honored to having been elected an owner of Gitea, I agree with
+[CONTRIBUTING](CONTRIBUTING.md). I will spend part of my time on Gitea
+and lead the development of Gitea.
 ```

-To honor the past owners, here's the history of the owners and the time they served:
+To honor the past owners, here's the history of the owners and the time
+they served:

 * 2016-11-04 ~ 2017-12-31
  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

+* 2018-01-01 ~ 2018-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+
+* 2019-01-01 ~ 2019-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://github.com/techknowlogick) <matti@mdranta.net>
+
 ## Versions

-Gitea has the `master` branch as a tip branch and has version branches such as `v0.9`. `v0.9` is a release branch and we will tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept pull requests on the `v0.9` branch and publish a `v0.9.1` tag, after bringing the bug fix also to the master branch.
+Gitea has the `master` branch as a tip branch and has version branches
+such as `release/v0.9`. `release/v0.9` is a release branch and we will
+tag `v0.9.0` for binary download. If `v0.9.0` has bugs, we will accept
+pull requests on the `release/v0.9` branch and publish a `v0.9.1` tag,
+after bringing the bug fix also to the master branch.

-Since the `master` branch is a tip version, if you wish to use Gitea in production, please download the latest release tag version. All the branches will be protected via GitHub, all the PRs to every branch must be reviewed by two maintainers and must pass the automatic tests.
+Since the `master` branch is a tip version, if you wish to use Gitea
+in production, please download the latest release tag version. All the
+branches will be protected via GitHub, all the PRs to every branch must
+be reviewed by two maintainers and must pass the automatic tests.
+
+## Releasing Gitea
+
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
+* If needed send PR for changelog on branch `master`.
+* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.

 ## Copyright

 Code that you contribute should use the standard copyright header:

 ```
-// Copyright 2017 The Gitea Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```

-Files in the repository contain copyright from the year they are added to the year they are last changed. If the copyright author is changed, just paste the header below the old one.
+Files in the repository contain copyright from the year they are added
+to the year they are last changed. If the copyright author is changed,
+just paste the header below the old one.
--- a/45
+++ b/45
@@ -1,19 +1,44 @@
-FROM alpine:3.5
-MAINTAINER Thomas Boerger <thomas@webhippie.de>
+
+###################################
+#Build stage
+FROM golang:1.13-alpine3.10 AS build-env
+
+ARG GOPROXY
+ENV GOPROXY ${GOPROXY:-direct}
+
+ARG GITEA_VERSION
+ARG TAGS="sqlite sqlite_unlock_notify"
+ENV TAGS "bindata $TAGS"
+
+#Build deps
+RUN apk --no-cache add build-base git
+
+#Setup repo
+COPY . ${GOPATH}/src/code.gitea.io/gitea
+WORKDIR ${GOPATH}/src/code.gitea.io/gitea
+
+#Checkout version if set
+RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
+ && make clean generate build
+
+FROM alpine:3.10
+LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000

 RUN apk --no-cache add \
-    su-exec \
-    ca-certificates \
-    sqlite \
    bash \
+    ca-certificates \
+    curl \
+    gettext \
    git \
    linux-pam \
-    s6 \
-    curl \
    openssh \
+    s6 \
+    sqlite \
+    su-exec \
    tzdata
+
 RUN addgroup \
    -S -g 1000 \
    git && \
@@ -28,12 +53,12 @@ RUN addgroup \

 ENV USER git
 ENV GITEA_CUSTOM /data/gitea
-ENV GODEBUG=netdns=go

 VOLUME ["/data"]

 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY docker /
-COPY gitea /app/gitea/gitea
+COPY docker/root /
+COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
--- a/Dockerfile.aarch64
+++ b/Dockerfile.aarch64
@@ -1,40 +0,0 @@
-FROM multiarch/alpine:aarch64-v3.5
-
-EXPOSE 22 3000
-
-RUN apk --no-cache add \
-    su-exec \
-    ca-certificates \
-    sqlite \
-    bash \
-    git \
-    linux-pam \
-    s6 \
-    curl \
-    openssh \
-    tzdata
-RUN addgroup \
-    -S -g 1000 \
-    git && \
-  adduser \
-    -S -H -D \
-    -h /data/git \
-    -s /bin/bash \
-    -u 1000 \
-    -G git \
-    git && \
-  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
-
-ENV USER git
-ENV GITEA_CUSTOM /data/gitea
-
-COPY docker /
-COPY gitea /app/gitea/gitea
-
-ENV GODEBUG=netdns=go
-
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/bin/s6-svscan", "/etc/s6"]
-
--- a/Dockerfile.rpi
+++ b/Dockerfile.rpi
@@ -1,39 +0,0 @@
-FROM multiarch/alpine:armhf-v3.5
-MAINTAINER Thomas Boerger <thomas@webhippie.de>
-
-EXPOSE 22 3000
-
-RUN apk --no-cache add \
-    su-exec \
-    ca-certificates \
-    sqlite \
-    bash \
-    git \
-    linux-pam \
-    s6 \
-    curl \
-    openssh \
-    tzdata
-RUN addgroup \
-    -S -g 1000 \
-    git && \
-  adduser \
-    -S -H -D \
-    -h /data/git \
-    -s /bin/bash \
-    -u 1000 \
-    -G git \
-    git && \
-  echo "git:$(dd if=/dev/urandom bs=24 count=1 status=none | base64)" | chpasswd
-
-ENV USER git
-ENV GITEA_CUSTOM /data/gitea
-ENV GODEBUG=netdns=go
-
-VOLUME ["/data"]
-
-ENTRYPOINT ["/usr/bin/entrypoint"]
-CMD ["/bin/s6-svscan", "/etc/s6"]
-
-COPY docker /
-COPY gitea /app/gitea/gitea
--- a/18
+++ b/18
@@ -7,6 +7,7 @@ Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
 Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
+Morgan Bazalgette <the@howl.moe> (@thehowl)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@@ -16,3 +17,20 @@ Patrick G <geek1011@outlook.com> (@geek1011)
 Antoine Girard <sapk@sapk.fr> (@sapk)
 Lauris Bukšis-Haberkorns <lauris@nix.lv> (@lafriks)
 Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
+David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
+Peter Žeby <morlinest@gmail.com> (@morlinest)
+Matti Ranta <matti@mdranta.net> (@techknowlogick)
+Jonas Franz <info@jonasfranz.software> (@jonasfranz)
+Alexey Terentyev <axifnx@gmail.com> (@axifive)
+Lanre Adelowo <yo@lanre.wtf> (@adelowo)
+Konrad Langenberg <k@knt.li> (@kolaente)
+He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
+Andrew Thornton <art27@cantab.net> (@zeripath)
+John Olheiser <john.olheiser@gmail.com> (@jolheiser)
+Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
+Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
+silverwind <me@silverwind.io> (@silverwind)
+Gary Kim <gary@garykim.dev> (@gary-kim)
+Guillermo Prandi <gitea.maint@mailfilter.com.ar> (@guillep2k)
+Mura Li <typeless@ctli.io> (@typeless)
+6543 <6543@obermui.de> (@6543)
--- a/433
+++ b/433
@@ -1,13 +1,17 @@
 DIST := dist
 IMPORT := code.gitea.io/gitea
+export GO111MODULE=off

 GO ?= go
 SED_INPLACE := sed -i
+SHASUM ?= shasum -a 256
+
+export PATH := $($(GO) env GOPATH)/bin:$(PATH)

 ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
+	EXECUTABLE ?= gitea.exe
 else
-	EXECUTABLE := gitea
+	EXECUTABLE ?= gitea
 	UNAME_S := $(shell uname -s)
 	ifeq ($(UNAME_S),Darwin)
 		SED_INPLACE := sed -i ''
@@ -15,52 +19,78 @@ else
 endif

 BINDATA := modules/{options,public,templates}/bindata.go
-STYLESHEETS := $(wildcard public/less/index.less public/less/_*.less)
-DOCKER_TAG := gitea/gitea:latest
 GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go")
 GOFMT ?= gofmt -s

-GOFLAGS := -i -v
+GOFLAGS := -v
 EXTRA_GOFLAGS ?=

-LDFLAGS := -X "main.Version=$(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')" -X "main.Tags=$(TAGS)"
-
-PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
-SOURCES ?= $(shell find . -name "*.go" -type f)
-
-TAGS ?=
-
-TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
-
-ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
-else
-	EXECUTABLE := gitea
-endif
+MAKE_VERSION := $(shell make -v | head -n 1)

 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
+	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
 		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
 		VERSION ?= master
 	endif
+	GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
 endif

+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+
+PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell GO111MODULE=on $(GO) list -mod=vendor ./... | grep -v /vendor/)))
+SOURCES ?= $(shell find . -name "*.go" -type f)
+
+TAGS ?=
+
+TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
+
+#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.20.1
+SWAGGER := GO111MODULE=on $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
+SWAGGER_SPEC := templates/swagger/v1_json.tmpl
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_NEWLINE_COMMAND := -e '$$a\'
+
+TEST_MYSQL_HOST ?= mysql:3306
+TEST_MYSQL_DBNAME ?= testgitea
+TEST_MYSQL_USERNAME ?= root
+TEST_MYSQL_PASSWORD ?=
+TEST_MYSQL8_HOST ?= mysql8:3306
+TEST_MYSQL8_DBNAME ?= testgitea
+TEST_MYSQL8_USERNAME ?= root
+TEST_MYSQL8_PASSWORD ?=
+TEST_PGSQL_HOST ?= pgsql:5432
+TEST_PGSQL_DBNAME ?= testgitea
+TEST_PGSQL_USERNAME ?= postgres
+TEST_PGSQL_PASSWORD ?= postgres
+TEST_MSSQL_HOST ?= mssql:1433
+TEST_MSSQL_DBNAME ?= gitea
+TEST_MSSQL_USERNAME ?= sa
+TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1
+
+# $(call strip-suffix,filename)
+strip-suffix = $(firstword $(subst ., ,$(1)))
+
 .PHONY: all
 all: build

+include docker/Makefile
+
 .PHONY: clean
 clean:
 	$(GO) clean -i ./...
-	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA) integrations*.test
-
-required-gofmt-version:
-	@$(GO) version  | grep -q '\(1.7\|1.8\)' || { echo "We require go version 1.7 or 1.8 to format code" >&2 && exit 1; }
+	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA) \
+		integrations*.test \
+		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
+		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini

 .PHONY: fmt
-fmt: required-gofmt-version
+fmt:
 	$(GOFMT) -w $(GOFILES)

 .PHONY: vet
@@ -69,19 +99,28 @@ vet:

 .PHONY: generate
 generate:
-	@hash go-bindata > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/jteeuwen/go-bindata/...; \
-	fi
-	$(GO) generate $(PACKAGES)
+	GO111MODULE=on $(GO) generate -mod=vendor $(PACKAGES)

 .PHONY: generate-swagger
 generate-swagger:
-	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
-	fi
-	swagger generate spec -o ./public/swagger.v1.json
-	$(SED_INPLACE) "s;\".ref\": \"#/definitions/GPGKey\";\"type\": \"object\";g" ./public/swagger.v1.json
-	$(SED_INPLACE) "s;^          \".ref\": \"#/definitions/Repository\";          \"type\": \"object\";g" ./public/swagger.v1.json
+	$(SWAGGER) generate spec -o './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
+
+.PHONY: swagger-check
+swagger-check: generate-swagger
+	@diff=$$(git diff '$(SWAGGER_SPEC)'); \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make generate-swagger' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi;
+
+.PHONY: swagger-validate
+swagger-validate:
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)'
+	$(SWAGGER) validate './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'

 .PHONY: errcheck
 errcheck:
@@ -92,17 +131,21 @@ errcheck:

 .PHONY: lint
 lint:
-	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/golang/lint/golint; \
+	@echo 'make lint is depricated. Use "make revive" if you want to use the old lint tool, or "make golangci-lint" to run a complete code check.'
+
+.PHONY: revive
+revive:
+	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/mgechev/revive; \
 	fi
-	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
+	revive -config .revive.toml -exclude=./vendor/... ./... || exit 1

 .PHONY: misspell-check
 misspell-check:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
-	misspell -error -i unknwon $(GOFILES)
+	misspell -error -i unknwon,destory $(GOFILES)

 .PHONY: misspell
 misspell:
@@ -112,7 +155,7 @@ misspell:
 	misspell -w -i unknwon $(GOFILES)

 .PHONY: fmt-check
-fmt-check: required-gofmt-version
+fmt-check:
 	# get all go files and run go fmt on them
 	@diff=$$($(GOFMT) -d $(GOFILES)); \
 	if [ -n "$$diff" ]; then \
@@ -122,77 +165,183 @@ fmt-check: required-gofmt-version
 	fi;

 .PHONY: test
-test: fmt-check
-	$(GO) test $(PACKAGES)
+test:
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' $(PACKAGES)

-.PHONY: test-coverage
-test-coverage: unit-test-coverage integration-test-coverage
+.PHONY: coverage
+coverage:
 	@hash gocovmerge > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/wadey/gocovmerge; \
 	fi
-	for PKG in $(PACKAGES); do\
-	  touch $$GOPATH/src/$$PKG/coverage.out;\
-	  egrep "$$PKG[^/]*\.go" integration.coverage.out > int.coverage.out;\
-	  gocovmerge $$GOPATH/src/$$PKG/coverage.out int.coverage.out > pkg.coverage.out;\
-	  mv pkg.coverage.out $$GOPATH/src/$$PKG/coverage.out;\
-	  rm int.coverage.out;\
-	done;
+	gocovmerge integration.coverage.out $(shell find . -type f -name "coverage.out") > coverage.all;\

 .PHONY: unit-test-coverage
 unit-test-coverage:
-	for PKG in $(PACKAGES); do $(GO) test -cover -coverprofile $$GOPATH/src/$$PKG/coverage.out $$PKG || exit 1; done;
+	$(GO) test -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+
+.PHONY: vendor
+vendor:
+	GO111MODULE=on $(GO) mod tidy && GO111MODULE=on $(GO) mod vendor

 .PHONY: test-vendor
-test-vendor:
-	@hash govendor > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/kardianos/govendor; \
-	fi
-	govendor list +unused | tee "$(TMPDIR)/wc-gitea-unused"
-	[ $$(cat "$(TMPDIR)/wc-gitea-unused" | wc -l) -eq 0 ] || echo "Warning: /!\\ Some vendor are not used /!\\"
-
-	govendor list +outside | tee "$(TMPDIR)/wc-gitea-outside"
-	[ $$(cat "$(TMPDIR)/wc-gitea-outside" | wc -l) -eq 0 ] || exit 1
-
-	govendor status || exit 1
+test-vendor: vendor
+	@diff=$$(git diff vendor/); \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make vendor' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi;

 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test

+.PHONY: test-sqlite\#%
+test-sqlite\#%: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $*
+
+.PHONY: test-sqlite-migration
+test-sqlite-migration:  migrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
+
+generate-ini-mysql:
+	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
+		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
+		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
+		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
+			integrations/mysql.ini.tmpl > integrations/mysql.ini
+
 .PHONY: test-mysql
-test-mysql: integrations.test
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test
+test-mysql: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
+
+.PHONY: test-mysql\#%
+test-mysql\#%: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $*
+
+.PHONY: test-mysql-migration
+test-mysql-migration: migrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
+
+
+generate-ini-mysql8:
+	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
+		-e 's|{{TEST_MYSQL8_DBNAME}}|${TEST_MYSQL8_DBNAME}|g' \
+		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
+		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
+			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
+
+.PHONY: test-mysql8
+test-mysql8: integrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
+
+.PHONY: test-mysql8\#%
+test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $*
+
+.PHONY: test-mysql8-migration
+test-mysql8-migration: migrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
+
+
+generate-ini-pgsql:
+	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
+		-e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \
+		-e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \
+		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
+			integrations/pgsql.ini.tmpl > integrations/pgsql.ini

 .PHONY: test-pgsql
-test-pgsql: integrations.test
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test
+test-pgsql: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
+
+.PHONY: test-pgsql\#%
+test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $*
+
+.PHONY: test-pgsql-migration
+test-pgsql-migration: migrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
+
+
+generate-ini-mssql:
+	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
+		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
+		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
+		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
+			integrations/mssql.ini.tmpl > integrations/mssql.ini
+
+.PHONY: test-mssql
+test-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
+
+.PHONY: test-mssql\#%
+test-mssql\#%: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $*
+
+.PHONY: test-mssql-migration
+test-mssql-migration: migrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test


 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.bench .
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mysql
-bench-mysql: integrations.test
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test -test.bench .
+bench-mysql: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+
+.PHONY: bench-mssql
+bench-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-pgsql
-bench-pgsql: integrations.test
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test -test.bench .
+bench-pgsql: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .


 .PHONY: integration-test-coverage
-integration-test-coverage: integrations.cover.test
+integration-test-coverage: integrations.cover.test generate-ini-mysql
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

-integrations.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations
+integrations.mysql.test: $(SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test
+
+integrations.mysql8.test: $(SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
+
+integrations.pgsql.test: $(SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
+
+integrations.mssql.test: $(SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test

 integrations.sqlite.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite'
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 integrations.cover.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
+
+.PHONY: migrations.mysql.test
+migrations.mysql.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
+
+.PHONY: migrations.mysql8.test
+migrations.mysql8.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
+
+.PHONY: migrations.pgsql.test
+migrations.pgsql.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
+
+.PHONY: migrations.mssql.test
+migrations.mssql.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
+
+.PHONY: migrations.sqlite.test
+migrations.sqlite.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 .PHONY: check
 check: test
@@ -205,15 +354,10 @@ install: $(wildcard *.go)
 build: $(EXECUTABLE)

 $(EXECUTABLE): $(SOURCES)
-	$(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
-
-.PHONY: docker
-docker:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" webhippie/golang:edge make clean generate build
-	docker build -t $(DOCKER_TAG) .
+	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: release-dirs release-windows release-linux release-darwin release-copy release-check
+release: release-dirs release-windows release-linux release-darwin release-copy release-compress release-check

 .PHONY: release-dirs
 release-dirs:
@@ -222,74 +366,108 @@ release-dirs:
 .PHONY: release-windows
 release-windows:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
 release-linux:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/mips64le,linux/mips,linux/mipsle' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
 release-darwin:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
 release-copy:
-	$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
 release-check:
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;

-.PHONY: javascripts
-javascripts: public/js/index.js
+.PHONY: release-compress
+release-compress:
+	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
+	fi
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;

-.IGNORE: public/js/index.js
-public/js/index.js: $(JAVASCRIPTS)
-	cat $< >| $@
+npm-check:
+	@hash npm > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;
+	@hash npx > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;

-.PHONY: stylesheets-check
-stylesheets-check: stylesheets
-	@diff=$$(git diff public/css/index.css); \
-	if [ -n "$$diff" ]; then \
-		echo "Please run 'make stylesheets' and commit the result:"; \
+.PHONY: npm
+npm: npm-check
+	npm install --no-save
+
+.PHONY: npm-update
+npm-update: npm-check
+	npx updates -cu
+	rm -rf node_modules package-lock.json
+	npm install --package-lock
+
+.PHONY: js
+js: npm
+	npx eslint public/js
+
+.PHONY: css
+css: npm
+	npx stylelint public/less
+	npx lessc --clean-css="--s0 -b" public/less/index.less public/css/index.css
+	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),npx lessc --clean-css="--s0 -b" public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
+	npx postcss --use autoprefixer --no-map --replace public/css/*
+
+	@diff=$$(git diff public/css/*); \
+	if ([ -n "$$CI" ] && [ -n "$$diff" ]); then \
+		echo "Generated files in public/css have changed, please commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi;

-.PHONY: stylesheets
-stylesheets: public/css/index.css
+.PHONY: javascripts
+javascripts:
+	echo "'make javascripts' is deprecated, please use 'make js'"
+	$(MAKE) js

-.IGNORE: public/css/index.css
-public/css/index.css: $(STYLESHEETS)
-	@which lessc > /dev/null; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/kib357/less-go/lessc; \
-	fi
-	lessc -i $< -o $@
+.PHONY: stylesheets-check
+stylesheets-check:
+	echo "'make stylesheets-check' is deprecated, please use 'make css'"
+	$(MAKE) css
+
+.PHONY: generate-stylesheets
+generate-stylesheets:
+	echo "'make generate-stylesheets' is deprecated, please use 'make css'"
+	$(MAKE) css

 .PHONY: swagger-ui
 swagger-ui:
-	rm -Rf public/assets/swagger-ui
-	git clone --depth=10 -b v3.0.7 --single-branch https://github.com/swagger-api/swagger-ui.git $(TMPDIR)/swagger-ui
-	mv $(TMPDIR)/swagger-ui/dist public/assets/swagger-ui
+	rm -Rf public/vendor/assets/swagger-ui
+	git clone --depth=10 -b v3.13.4 --single-branch https://github.com/swagger-api/swagger-ui.git $(TMPDIR)/swagger-ui
+	mv $(TMPDIR)/swagger-ui/dist public/vendor/assets/swagger-ui
 	rm -Rf $(TMPDIR)/swagger-ui
-	$(SED_INPLACE) "s;http://petstore.swagger.io/v2/swagger.json;../../swagger.v1.json;g" public/assets/swagger-ui/index.html
+	$(SED_INPLACE) "s;http://petstore.swagger.io/v2/swagger.json;../../../swagger.v1.json;g" public/vendor/assets/swagger-ui/index.html

 .PHONY: update-translations
 update-translations:
@@ -305,6 +483,8 @@ update-translations:
 generate-images:
 	mkdir -p $(TMPDIR)/images
 	inkscape -f $(PWD)/assets/logo.svg -w 880 -h 880 -e $(PWD)/public/img/gitea-lg.png
+	inkscape -f $(PWD)/assets/logo.svg -w 512 -h 512 -e $(PWD)/public/img/gitea-512.png
+	inkscape -f $(PWD)/assets/logo.svg -w 192 -h 192 -e $(PWD)/public/img/gitea-192.png
 	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer1 -e $(TMPDIR)/images/sm-1.png
 	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer2 -e $(TMPDIR)/images/sm-2.png
 	composite -compose atop $(TMPDIR)/images/sm-2.png $(TMPDIR)/images/sm-1.png $(PWD)/public/img/gitea-sm.png
@@ -316,12 +496,25 @@ generate-images:
 	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer2 -e $(TMPDIR)/images/32-2.png
 	composite -compose atop $(TMPDIR)/images/32-2.png $(TMPDIR)/images/32-1.png $(TMPDIR)/images/32-raw.png
 	inkscape -f $(PWD)/assets/logo.svg -w 16 -h 16 -jC -i layer1 -e $(TMPDIR)/images/16-raw.png
-	zopflipng $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
-	zopflipng $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
-	zopflipng $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
-	zopflipng $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
+	zopflipng -m -y $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
+	zopflipng -m -y $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
+	zopflipng -m -y $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
+	zopflipng -m -y $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
 	rm -f $(TMPDIR)/images/*-*.png
 	convert $(TMPDIR)/images/16.png $(TMPDIR)/images/32.png \
 					$(TMPDIR)/images/64.png $(TMPDIR)/images/128.png \
 					$(PWD)/public/img/favicon.ico
 	rm -rf $(TMPDIR)/images
+	$(foreach file, $(shell find public/img -type f -name '*.png'),zopflipng -m -y $(file) $(file);)
+
+.PHONY: pr
+pr:
+	$(GO) run contrib/pr/checkout.go $(PR)
+
+.PHONY: golangci-lint
+golangci-lint:
+	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		export BINARY="golangci-lint"; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.20.0; \
+	fi
+	golangci-lint run
--- a/README.md
+++ b/README.md
@@ -4,36 +4,60 @@

 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
-[![Join the Matrix chat at https://matrix.to/#/#gitea:matrix.org](https://img.shields.io/badge/matrix-%23gitea%3Amatrix.org-7bc9a4.svg)](https://matrix.to/#/#gitea:matrix.org)
 [![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
-[![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
-[![Release](https://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
-
-| | | |
-|:---:|:---:|:---:|
-|![Dashboard](https://i.imgur.com/3iEQsux.jpg)|![Repository](https://i.imgur.com/glqFnj8.jpg)|![Commits History](https://i.imgur.com/ad1FEpi.jpg)|
-|![Profile](https://i.imgur.com/q81EcGa.jpg)|![Admin Dashboard](https://i.imgur.com/L2CQeN0.jpg)|![Diff](https://i.imgur.com/cNuvMum.jpg)|
-|![Issues](https://i.imgur.com/xCYRqaF.jpg)|![Releases](https://i.imgur.com/ILpRBCe.jpg)|![Organization](https://i.imgur.com/0BHnrcL.jpg)|
+[![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
+[![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

 ## Purpose

-The goal of this project is to make the easiest, fastest, and most painless way of setting up a self-hosted Git service. Using Go, this can be done with an independent binary distribution across **all platforms** which Go supports, including Linux, macOS, and Windows on x86, amd64, ARM and PowerPC architectures. Want to try it before doing anything else? Do it [with the online demo](https://try.gitea.io/)! This project has been [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from [Gogs](https://gogs.io).
+The goal of this project is to make the easiest, fastest, and most
+painless way of setting up a self-hosted Git service.
+Using Go, this can be done with an independent binary distribution across
+**all platforms** which Go supports, including Linux, macOS, and Windows
+on x86, amd64, ARM and PowerPC architectures.
+Want to try it before doing anything else?
+Do it [with the online demo](https://try.gitea.io/)!
+This project has been
+[forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
+[Gogs](https://gogs.io) since 2016.11 but changed a lot.

-## Notes
+## Building

-1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
-2. If you found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
-3. If you're interested in using our APIs, we have experimental support with [documentation](https://godoc.org/code.gitea.io/sdk/gitea).
+From the root of the source tree, run:

-## Docs
+    TAGS="bindata" make generate all

-For more information and instructions about how to install Gitea please look at our [documentation](https://docs.gitea.io/en-us/). If you cannot find some specific information, then head over to our [Discord server](https://discord.gg/NsatcWJ) or [Matrix room](https://matrix.to/#/#gitea:matrix.org) to chat with us or use the [forum](https://discourse.gitea.io/).
+More info: https://docs.gitea.io/en-us/install-from-source/
+
+## Using
+
+    ./gitea web
+
+NOTE: If you're interested in using our APIs, we have experimental
+support with [documentation](https://try.gitea.io/api/swagger).

 ## Contributing

-Fork -> Patch -> Push -> Pull Request
+Expected workflow is: Fork -> Patch -> Push -> Pull Request
+
+NOTES:
+
+1. **YOU MUST READ THE [CONTRIBUTORS GUIDE](CONTRIBUTING.md) BEFORE STARTING TO WORK ON A PULL REQUEST.**
+2. If you have found a vulnerability in the project, please write privately to **security@gitea.io**. Thanks!
+
+## Further information
+
+For more information and instructions about how to install Gitea, please look
+at our [documentation](https://docs.gitea.io/en-us/). If you have questions
+that are not covered by the documentation, you can get in contact with us on
+our [Discord server](https://discord.gg/NsatcWJ),
+or [forum](https://discourse.gitea.io/)!

 ## Authors

@@ -41,6 +65,49 @@ Fork -> Patch -> Push -> Pull Request
 * [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
 * [Translators](options/locale/TRANSLATORS)

+## Backers
+
+Thank you to all our backers! 🙏 [[Become a backer](https://opencollective.com/gitea#backer)]
+
+<a href="https://opencollective.com/gitea#backers" target="_blank"><img src="https://opencollective.com/gitea/backers.svg?width=890"></a>
+
+## Sponsors
+
+Support this project by becoming a sponsor. Your logo will show up here with a link to your website. [[Become a sponsor](https://opencollective.com/gitea#sponsor)]
+
+<a href="https://opencollective.com/gitea/sponsor/0/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/0/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/1/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/1/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/2/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/2/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/3/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/3/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/4/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/4/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/5/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/5/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/6/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/6/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
+<a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
+
+## FAQ
+
+**How do you pronounce Gitea?**
+
+Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.
+
+**Why is this not hosted on a Gitea instance?**
+
+We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
+
 ## License

-This project is licensed under the MIT License. See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file for the full license text.
+This project is licensed under the MIT License.
+See the [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) file
+for the full license text.
+
+## Screenshots
+Looking for an overview of the interface? Check it out!
+
+| | | |
+|:---:|:---:|:---:|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
+|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -3,22 +3,19 @@
 # Gitea - Git with a cup of tea

 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
-[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/gitea)
 [![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
-[![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
-[![Release](https://github-release-version.herokuapp.com/github/go-gitea/gitea/release.svg?style=flat)](https://github.com/go-gitea/gitea/releases/latest)
-
-| | | |
-|:---:|:---:|:---:|
-|![Dashboard](https://i.imgur.com/3iEQsux.jpg)|![Repository](https://i.imgur.com/glqFnj8.jpg)|![Commits History](https://i.imgur.com/ad1FEpi.jpg)|
-|![Profile](https://i.imgur.com/q81EcGa.jpg)|![Admin Dashboard](https://i.imgur.com/L2CQeN0.jpg)|![Diff](https://i.imgur.com/cNuvMum.jpg)|
-|![Issues](https://i.imgur.com/xCYRqaF.jpg)|![Releases](https://i.imgur.com/ILpRBCe.jpg)|![Organization](https://i.imgur.com/0BHnrcL.jpg)|
+[![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)

 ## 目标

-Gitea的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用Go作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了x86，amd64，还包括 ARM 和 PowerPC。
+Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。

 如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！

@@ -30,7 +27,7 @@ Gitea的首要目标是创建一个极易安装，运行非常快速，安装和

 ## 文档

-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/NsatcWJ) 和 QQ群 328432459 来和我们交流。
+关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。

 ## 贡献流程

@@ -45,3 +42,12 @@ Fork -> Patch -> Push -> Pull Request
 ## 授权许可

 本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) 文件中。
+
+## 截图
+
+| | | |
+|:---:|:---:|:---:|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
+|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -6,9 +6,16 @@
 package cmd

 import (
+	"errors"
 	"fmt"
+	"os"
+	"text/tabwriter"

 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/oauth2"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/log"
+	pwd "code.gitea.io/gitea/modules/password"
 	"code.gitea.io/gitea/modules/setting"

 	"github.com/urfave/cli"
@@ -18,12 +25,13 @@ var (
 	// CmdAdmin represents the available admin sub-command.
 	CmdAdmin = cli.Command{
 		Name:  "admin",
-		Usage: "Perform admin operations on command line",
-		Description: `Allow using internal logic of Gitea without hacking into the source code
-to make automatic initialization process more smoothly`,
+		Usage: "Command line interface to perform common administrative operations",
 		Subcommands: []cli.Command{
 			subcmdCreateUser,
 			subcmdChangePassword,
+			subcmdRepoSyncReleases,
+			subcmdRegenerate,
+			subcmdAuth,
 		},
 	}

@@ -34,27 +42,40 @@ to make automatic initialization process more smoothly`,
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "name",
-				Value: "",
+				Usage: "Username. DEPRECATED: use username instead",
+			},
+			cli.StringFlag{
+				Name:  "username",
 				Usage: "Username",
 			},
 			cli.StringFlag{
 				Name:  "password",
-				Value: "",
 				Usage: "User password",
 			},
 			cli.StringFlag{
 				Name:  "email",
-				Value: "",
 				Usage: "User email address",
 			},
 			cli.BoolFlag{
 				Name:  "admin",
 				Usage: "User is an admin",
 			},
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
+			cli.BoolFlag{
+				Name:  "random-password",
+				Usage: "Generate a random password for the user",
+			},
+			cli.BoolFlag{
+				Name:  "must-change-password",
+				Usage: "Force the user to change his/her password after initial login",
+			},
+			cli.IntFlag{
+				Name:  "random-password-length",
+				Usage: "Length of the random password to be generated",
+				Value: 12,
+			},
+			cli.BoolFlag{
+				Name:  "access-token",
+				Usage: "Generate access token for the user",
 			},
 		},
 	}
@@ -76,72 +97,463 @@ to make automatic initialization process more smoothly`,
 			},
 		},
 	}
+
+	subcmdRepoSyncReleases = cli.Command{
+		Name:   "repo-sync-releases",
+		Usage:  "Synchronize repository releases with tags",
+		Action: runRepoSyncReleases,
+	}
+
+	subcmdRegenerate = cli.Command{
+		Name:  "regenerate",
+		Usage: "Regenerate specific files",
+		Subcommands: []cli.Command{
+			microcmdRegenHooks,
+			microcmdRegenKeys,
+		},
+	}
+
+	microcmdRegenHooks = cli.Command{
+		Name:   "hooks",
+		Usage:  "Regenerate git-hooks",
+		Action: runRegenerateHooks,
+	}
+
+	microcmdRegenKeys = cli.Command{
+		Name:   "keys",
+		Usage:  "Regenerate authorized_keys file",
+		Action: runRegenerateKeys,
+	}
+
+	subcmdAuth = cli.Command{
+		Name:  "auth",
+		Usage: "Modify external auth providers",
+		Subcommands: []cli.Command{
+			microcmdAuthAddOauth,
+			microcmdAuthUpdateOauth,
+			cmdAuthAddLdapBindDn,
+			cmdAuthUpdateLdapBindDn,
+			cmdAuthAddLdapSimpleAuth,
+			cmdAuthUpdateLdapSimpleAuth,
+			microcmdAuthList,
+			microcmdAuthDelete,
+		},
+	}
+
+	microcmdAuthList = cli.Command{
+		Name:   "list",
+		Usage:  "List auth sources",
+		Action: runListAuth,
+	}
+
+	idFlag = cli.Int64Flag{
+		Name:  "id",
+		Usage: "ID of authentication source",
+	}
+
+	microcmdAuthDelete = cli.Command{
+		Name:   "delete",
+		Usage:  "Delete specific auth source",
+		Action: runDeleteAuth,
+	}
+
+	oauthCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		cli.StringFlag{
+			Name:  "provider",
+			Value: "",
+			Usage: "OAuth2 Provider",
+		},
+		cli.StringFlag{
+			Name:  "key",
+			Value: "",
+			Usage: "Client ID (Key)",
+		},
+		cli.StringFlag{
+			Name:  "secret",
+			Value: "",
+			Usage: "Client Secret",
+		},
+		cli.StringFlag{
+			Name:  "auto-discover-url",
+			Value: "",
+			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
+		},
+		cli.StringFlag{
+			Name:  "use-custom-urls",
+			Value: "false",
+			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
+		},
+		cli.StringFlag{
+			Name:  "custom-auth-url",
+			Value: "",
+			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-token-url",
+			Value: "",
+			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-profile-url",
+			Value: "",
+			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-email-url",
+			Value: "",
+			Usage: "Use a custom Email URL (option for GitHub)",
+		},
+	}
+
+	microcmdAuthUpdateOauth = cli.Command{
+		Name:   "update-oauth",
+		Usage:  "Update existing Oauth authentication source",
+		Action: runUpdateOauth,
+		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
+	}
+
+	microcmdAuthAddOauth = cli.Command{
+		Name:   "add-oauth",
+		Usage:  "Add new Oauth authentication source",
+		Action: runAddOauth,
+		Flags:  oauthCLIFlags,
+	}
 )

 func runChangePassword(c *cli.Context) error {
-	if !c.IsSet("password") {
-		return fmt.Errorf("Password is not specified")
-	} else if !c.IsSet("username") {
-		return fmt.Errorf("Username is not specified")
+	if err := argsSet(c, "username", "password"); err != nil {
+		return err
 	}

-	setting.NewContext()
-	models.LoadConfigs()
-
-	setting.NewXORMLogService(false)
-	if err := models.SetEngine(); err != nil {
-		return fmt.Errorf("models.SetEngine: %v", err)
+	if err := initDB(); err != nil {
+		return err
+	}
+	if !pwd.IsComplexEnough(c.String("password")) {
+		return errors.New("Password does not meet complexity requirements")
 	}
-
 	uname := c.String("username")
 	user, err := models.GetUserByName(uname)
 	if err != nil {
-		return fmt.Errorf("%v", err)
+		return err
 	}
-	user.Passwd = c.String("password")
 	if user.Salt, err = models.GetUserSalt(); err != nil {
-		return fmt.Errorf("%v", err)
+		return err
 	}
-	user.EncodePasswd()
+	user.HashPassword(c.String("password"))
+
 	if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
-		return fmt.Errorf("%v", err)
+		return err
 	}

-	fmt.Printf("User '%s' password has been successfully updated!\n", uname)
+	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
 	return nil
 }

 func runCreateUser(c *cli.Context) error {
-	if !c.IsSet("name") {
-		return fmt.Errorf("Username is not specified")
-	} else if !c.IsSet("password") {
-		return fmt.Errorf("Password is not specified")
-	} else if !c.IsSet("email") {
-		return fmt.Errorf("Email is not specified")
+	if err := argsSet(c, "email"); err != nil {
+		return err
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
+	if c.IsSet("name") && c.IsSet("username") {
+		return errors.New("Cannot set both --name and --username flags")
+	}
+	if !c.IsSet("name") && !c.IsSet("username") {
+		return errors.New("One of --name or --username flags must be set")
 	}

-	setting.NewContext()
-	models.LoadConfigs()
-
-	setting.NewXORMLogService(false)
-	if err := models.SetEngine(); err != nil {
-		return fmt.Errorf("models.SetEngine: %v", err)
+	if c.IsSet("password") && c.IsSet("random-password") {
+		return errors.New("cannot set both -random-password and -password flags")
 	}

-	if err := models.CreateUser(&models.User{
-		Name:     c.String("name"),
-		Email:    c.String("email"),
-		Passwd:   c.String("password"),
-		IsActive: true,
-		IsAdmin:  c.Bool("admin"),
-	}); err != nil {
+	var username string
+	if c.IsSet("username") {
+		username = c.String("username")
+	} else {
+		username = c.String("name")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	var password string
+	if c.IsSet("password") {
+		password = c.String("password")
+	} else if c.IsSet("random-password") {
+		var err error
+		password, err = pwd.Generate(c.Int("random-password-length"))
+		if err != nil {
+			return err
+		}
+		fmt.Printf("generated random password is '%s'\n", password)
+	} else {
+		return errors.New("must set either password or random-password flag")
+	}
+
+	// always default to true
+	var changePassword = true
+
+	// If this is the first user being created.
+	// Take it as the admin and don't force a password update.
+	if n := models.CountUsers(); n == 0 {
+		changePassword = false
+	}
+
+	if c.IsSet("must-change-password") {
+		changePassword = c.Bool("must-change-password")
+	}
+
+	u := &models.User{
+		Name:               username,
+		Email:              c.String("email"),
+		Passwd:             password,
+		IsActive:           true,
+		IsAdmin:            c.Bool("admin"),
+		MustChangePassword: changePassword,
+		Theme:              setting.UI.DefaultTheme,
+	}
+
+	if err := models.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}

-	fmt.Printf("New user '%s' has been successfully created!\n", c.String("name"))
+	if c.Bool("access-token") {
+		t := &models.AccessToken{
+			Name: "gitea-admin",
+			UID:  u.ID,
+		}
+
+		if err := models.NewAccessToken(t); err != nil {
+			return err
+		}
+
+		fmt.Printf("Access token was successfully created... %s\n", t.Token)
+	}
+
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }
+
+func runRepoSyncReleases(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("Synchronizing repository releases (this may take a while)")
+	for page := 1; ; page++ {
+		repos, count, err := models.SearchRepositoryByName(&models.SearchRepoOptions{
+			Page:     page,
+			PageSize: models.RepositoryListDefaultPageSize,
+			Private:  true,
+		})
+		if err != nil {
+			return fmt.Errorf("SearchRepositoryByName: %v", err)
+		}
+		if len(repos) == 0 {
+			break
+		}
+		log.Trace("Processing next %d repos of %d", len(repos), count)
+		for _, repo := range repos {
+			log.Trace("Synchronizing repo %s with path %s", repo.FullName(), repo.RepoPath())
+			gitRepo, err := git.OpenRepository(repo.RepoPath())
+			if err != nil {
+				log.Warn("OpenRepository: %v", err)
+				continue
+			}
+
+			oldnum, err := getReleaseCount(repo.ID)
+			if err != nil {
+				log.Warn(" GetReleaseCountByRepoID: %v", err)
+			}
+			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)
+
+			if err = models.SyncReleasesWithTags(repo, gitRepo); err != nil {
+				log.Warn(" SyncReleasesWithTags: %v", err)
+				gitRepo.Close()
+				continue
+			}
+
+			count, err = getReleaseCount(repo.ID)
+			if err != nil {
+				log.Warn(" GetReleaseCountByRepoID: %v", err)
+				gitRepo.Close()
+				continue
+			}
+
+			log.Trace(" repo %s releases synchronized to tags: from %d to %d",
+				repo.FullName(), oldnum, count)
+			gitRepo.Close()
+		}
+	}
+
+	return nil
+}
+
+func getReleaseCount(id int64) (int64, error) {
+	return models.GetReleaseCountByRepoID(
+		id,
+		models.FindReleasesOptions{
+			IncludeTags: true,
+		},
+	)
+}
+
+func runRegenerateHooks(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+	return models.SyncRepositoryHooks()
+}
+
+func runRegenerateKeys(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+	return models.RewriteAllPublicKeys()
+}
+
+func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
+	var customURLMapping *oauth2.CustomURLMapping
+	if c.IsSet("use-custom-urls") {
+		customURLMapping = &oauth2.CustomURLMapping{
+			TokenURL:   c.String("custom-token-url"),
+			AuthURL:    c.String("custom-auth-url"),
+			ProfileURL: c.String("custom-profile-url"),
+			EmailURL:   c.String("custom-email-url"),
+		}
+	} else {
+		customURLMapping = nil
+	}
+	return &models.OAuth2Config{
+		Provider:                      c.String("provider"),
+		ClientID:                      c.String("key"),
+		ClientSecret:                  c.String("secret"),
+		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
+		CustomURLMapping:              customURLMapping,
+	}
+}
+
+func runAddOauth(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	return models.CreateLoginSource(&models.LoginSource{
+		Type:      models.LoginOAuth2,
+		Name:      c.String("name"),
+		IsActived: true,
+		Cfg:       parseOAuth2Config(c),
+	})
+}
+
+func runUpdateOauth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	oAuth2Config := source.OAuth2()
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("provider") {
+		oAuth2Config.Provider = c.String("provider")
+	}
+
+	if c.IsSet("key") {
+		oAuth2Config.ClientID = c.String("key")
+	}
+
+	if c.IsSet("secret") {
+		oAuth2Config.ClientSecret = c.String("secret")
+	}
+
+	if c.IsSet("auto-discover-url") {
+		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
+	}
+
+	// update custom URL mapping
+	var customURLMapping = &oauth2.CustomURLMapping{}
+
+	if oAuth2Config.CustomURLMapping != nil {
+		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
+		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
+		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
+		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
+	}
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
+		customURLMapping.TokenURL = c.String("custom-token-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
+		customURLMapping.AuthURL = c.String("custom-auth-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
+		customURLMapping.ProfileURL = c.String("custom-profile-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
+		customURLMapping.EmailURL = c.String("custom-email-url")
+	}
+
+	oAuth2Config.CustomURLMapping = customURLMapping
+	source.Cfg = oAuth2Config
+
+	return models.UpdateSource(source)
+}
+
+func runListAuth(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	loginSources, err := models.LoginSources()
+
+	if err != nil {
+		return err
+	}
+
+	// loop through each source and print
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.AlignRight)
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled")
+	for _, source := range loginSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
+	}
+	w.Flush()
+
+	return nil
+}
+
+func runDeleteAuth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	return models.DeleteSource(source)
+}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -0,0 +1,359 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/ldap"
+
+	"github.com/urfave/cli"
+)
+
+type (
+	authService struct {
+		initDB             func() error
+		createLoginSource  func(loginSource *models.LoginSource) error
+		updateLoginSource  func(loginSource *models.LoginSource) error
+		getLoginSourceByID func(id int64) (*models.LoginSource, error)
+	}
+)
+
+var (
+	commonLdapCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "name",
+			Usage: "Authentication name.",
+		},
+		cli.BoolFlag{
+			Name:  "not-active",
+			Usage: "Deactivate the authentication source.",
+		},
+		cli.StringFlag{
+			Name:  "security-protocol",
+			Usage: "Security protocol name.",
+		},
+		cli.BoolFlag{
+			Name:  "skip-tls-verify",
+			Usage: "Disable TLS verification.",
+		},
+		cli.StringFlag{
+			Name:  "host",
+			Usage: "The address where the LDAP server can be reached.",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Usage: "The port to use when connecting to the LDAP server.",
+		},
+		cli.StringFlag{
+			Name:  "user-search-base",
+			Usage: "The LDAP base at which user accounts will be searched for.",
+		},
+		cli.StringFlag{
+			Name:  "user-filter",
+			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
+		},
+		cli.StringFlag{
+			Name:  "admin-filter",
+			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
+		},
+		cli.StringFlag{
+			Name:  "username-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user name.",
+		},
+		cli.StringFlag{
+			Name:  "firstname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
+		},
+		cli.StringFlag{
+			Name:  "surname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
+		},
+		cli.StringFlag{
+			Name:  "email-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
+		},
+		cli.StringFlag{
+			Name:  "public-ssh-key-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
+		},
+	}
+
+	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "bind-dn",
+			Usage: "The DN to bind to the LDAP server with when searching for the user.",
+		},
+		cli.StringFlag{
+			Name:  "bind-password",
+			Usage: "The password for the Bind DN, if any.",
+		},
+		cli.BoolFlag{
+			Name:  "attributes-in-bind",
+			Usage: "Fetch attributes in bind DN context.",
+		},
+		cli.BoolFlag{
+			Name:  "synchronize-users",
+			Usage: "Enable user synchronization.",
+		},
+		cli.UintFlag{
+			Name:  "page-size",
+			Usage: "Search page size.",
+		})
+
+	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "user-dn",
+			Usage: "The user’s DN.",
+		})
+
+	cmdAuthAddLdapBindDn = cli.Command{
+		Name:  "add-ldap",
+		Usage: "Add new LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapBindDn(c)
+		},
+		Flags: ldapBindDnCLIFlags,
+	}
+
+	cmdAuthUpdateLdapBindDn = cli.Command{
+		Name:  "update-ldap",
+		Usage: "Update existing LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapBindDn(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
+	}
+
+	cmdAuthAddLdapSimpleAuth = cli.Command{
+		Name:  "add-ldap-simple",
+		Usage: "Add new LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapSimpleAuth(c)
+		},
+		Flags: ldapSimpleAuthCLIFlags,
+	}
+
+	cmdAuthUpdateLdapSimpleAuth = cli.Command{
+		Name:  "update-ldap-simple",
+		Usage: "Update existing LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapSimpleAuth(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
+	}
+)
+
+// newAuthService creates a service with default functions.
+func newAuthService() *authService {
+	return &authService{
+		initDB:             initDB,
+		createLoginSource:  models.CreateLoginSource,
+		updateLoginSource:  models.UpdateSource,
+		getLoginSourceByID: models.GetLoginSourceByID,
+	}
+}
+
+// parseLoginSource assigns values on loginSource according to command line flags.
+func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
+	if c.IsSet("name") {
+		loginSource.Name = c.String("name")
+	}
+	if c.IsSet("not-active") {
+		loginSource.IsActived = !c.Bool("not-active")
+	}
+	if c.IsSet("synchronize-users") {
+		loginSource.IsSyncEnabled = c.Bool("synchronize-users")
+	}
+}
+
+// parseLdapConfig assigns values on config according to command line flags.
+func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
+	if c.IsSet("name") {
+		config.Source.Name = c.String("name")
+	}
+	if c.IsSet("host") {
+		config.Source.Host = c.String("host")
+	}
+	if c.IsSet("port") {
+		config.Source.Port = c.Int("port")
+	}
+	if c.IsSet("security-protocol") {
+		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
+		if !ok {
+			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
+		}
+		config.Source.SecurityProtocol = p
+	}
+	if c.IsSet("skip-tls-verify") {
+		config.Source.SkipVerify = c.Bool("skip-tls-verify")
+	}
+	if c.IsSet("bind-dn") {
+		config.Source.BindDN = c.String("bind-dn")
+	}
+	if c.IsSet("user-dn") {
+		config.Source.UserDN = c.String("user-dn")
+	}
+	if c.IsSet("bind-password") {
+		config.Source.BindPassword = c.String("bind-password")
+	}
+	if c.IsSet("user-search-base") {
+		config.Source.UserBase = c.String("user-search-base")
+	}
+	if c.IsSet("username-attribute") {
+		config.Source.AttributeUsername = c.String("username-attribute")
+	}
+	if c.IsSet("firstname-attribute") {
+		config.Source.AttributeName = c.String("firstname-attribute")
+	}
+	if c.IsSet("surname-attribute") {
+		config.Source.AttributeSurname = c.String("surname-attribute")
+	}
+	if c.IsSet("email-attribute") {
+		config.Source.AttributeMail = c.String("email-attribute")
+	}
+	if c.IsSet("attributes-in-bind") {
+		config.Source.AttributesInBind = c.Bool("attributes-in-bind")
+	}
+	if c.IsSet("public-ssh-key-attribute") {
+		config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
+	}
+	if c.IsSet("page-size") {
+		config.Source.SearchPageSize = uint32(c.Uint("page-size"))
+	}
+	if c.IsSet("user-filter") {
+		config.Source.Filter = c.String("user-filter")
+	}
+	if c.IsSet("admin-filter") {
+		config.Source.AdminFilter = c.String("admin-filter")
+	}
+	return nil
+}
+
+// findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
+// It returns the value of the security protocol and if it was found.
+func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
+	for i, n := range models.SecurityProtocolNames {
+		if strings.EqualFold(name, n) {
+			return i, true
+		}
+	}
+	return 0, false
+}
+
+// getLoginSource gets the login source by its id defined in the command line flags.
+// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
+func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
+	if err := argsSet(c, "id"); err != nil {
+		return nil, err
+	}
+
+	loginSource, err := a.getLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return nil, err
+	}
+
+	if loginSource.Type != loginType {
+		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
+	}
+
+	return loginSource, nil
+}
+
+// addLdapBindDn adds a new LDAP via Bind DN authentication source.
+func (a *authService) addLdapBindDn(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP via Bind DN authentication source.
+func (a *authService) updateLdapBindDn(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
+
+// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
+func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginDLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP (simple auth) authentication source.
+func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -90,16 +90,16 @@ func pemBlockForKey(priv interface{}) *pem.Block {
 	}
 }

-func runCert(ctx *cli.Context) error {
-	if len(ctx.String("host")) == 0 {
-		log.Fatal("Missing required --host parameter")
+func runCert(c *cli.Context) error {
+	if err := argsSet(c, "host"); err != nil {
+		return err
 	}

 	var priv interface{}
 	var err error
-	switch ctx.String("ecdsa-curve") {
+	switch c.String("ecdsa-curve") {
 	case "":
-		priv, err = rsa.GenerateKey(rand.Reader, ctx.Int("rsa-bits"))
+		priv, err = rsa.GenerateKey(rand.Reader, c.Int("rsa-bits"))
 	case "P224":
 		priv, err = ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
 	case "P256":
@@ -109,23 +109,23 @@ func runCert(ctx *cli.Context) error {
 	case "P521":
 		priv, err = ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
 	default:
-		log.Fatalf("Unrecognized elliptic curve: %q", ctx.String("ecdsa-curve"))
+		log.Fatalf("Unrecognized elliptic curve: %q", c.String("ecdsa-curve"))
 	}
 	if err != nil {
 		log.Fatalf("Failed to generate private key: %v", err)
 	}

 	var notBefore time.Time
-	if len(ctx.String("start-date")) == 0 {
-		notBefore = time.Now()
-	} else {
-		notBefore, err = time.Parse("Jan 2 15:04:05 2006", ctx.String("start-date"))
+	if startDate := c.String("start-date"); startDate != "" {
+		notBefore, err = time.Parse("Jan 2 15:04:05 2006", startDate)
 		if err != nil {
 			log.Fatalf("Failed to parse creation date: %v", err)
 		}
+	} else {
+		notBefore = time.Now()
 	}

-	notAfter := notBefore.Add(ctx.Duration("duration"))
+	notAfter := notBefore.Add(c.Duration("duration"))

 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
@@ -147,7 +147,7 @@ func runCert(ctx *cli.Context) error {
 		BasicConstraintsValid: true,
 	}

-	hosts := strings.Split(ctx.String("host"), ",")
+	hosts := strings.Split(c.String("host"), ",")
 	for _, h := range hosts {
 		if ip := net.ParseIP(h); ip != nil {
 			template.IPAddresses = append(template.IPAddresses, ip)
@@ -156,7 +156,7 @@ func runCert(ctx *cli.Context) error {
 		}
 	}

-	if ctx.Bool("ca") {
+	if c.Bool("ca") {
 		template.IsCA = true
 		template.KeyUsage |= x509.KeyUsageCertSign
 	}
@@ -170,17 +170,28 @@ func runCert(ctx *cli.Context) error {
 	if err != nil {
 		log.Fatalf("Failed to open cert.pem for writing: %v", err)
 	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
+	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	if err != nil {
+		log.Fatalf("Failed to encode certificate: %v", err)
+	}
+	err = certOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write cert: %v", err)
+	}
 	log.Println("Written cert.pem")

 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
+	err = pem.Encode(keyOut, pemBlockForKey(priv))
+	if err != nil {
+		log.Fatalf("Failed to encode key: %v", err)
+	}
+	err = keyOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write key: %v", err)
+	}
 	log.Println("Written key.pem")
-
 	return nil
 }
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -0,0 +1,48 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+// Package cmd provides subcommands to the gitea binary - such as "web" or
+// "admin".
+package cmd
+
+import (
+	"errors"
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+
+	"github.com/urfave/cli"
+)
+
+// argsSet checks that all the required arguments are set. args is a list of
+// arguments that must be set in the passed Context.
+func argsSet(c *cli.Context, args ...string) error {
+	for _, a := range args {
+		if !c.IsSet(a) {
+			return errors.New(a + " is not set")
+		}
+
+		if util.IsEmptyString(a) {
+			return errors.New(a + " is required")
+		}
+	}
+	return nil
+}
+
+func initDB() error {
+	return initDBDisableConsole(false)
+}
+
+func initDBDisableConsole(disableConsole bool) error {
+	setting.NewContext()
+	setting.InitDBConfig()
+
+	setting.NewXORMLogService(disableConsole)
+	if err := models.SetEngine(); err != nil {
+		return fmt.Errorf("models.SetEngine: %v", err)
+	}
+	return nil
+}
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -0,0 +1,49 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdConvert represents the available convert sub-command.
+var CmdConvert = cli.Command{
+	Name:        "convert",
+	Usage:       "Convert the database",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Action:      runConvert,
+}
+
+func runConvert(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()
+
+	if !setting.Database.UseMySQL {
+		fmt.Println("This command can only be used with a MySQL database")
+		return nil
+	}
+
+	if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
+		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+		return err
+	}
+
+	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+
+	return nil
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -17,8 +17,8 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/Unknwon/cae/zip"
-	"github.com/Unknwon/com"
+	"github.com/unknwon/cae/zip"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )

@@ -31,12 +31,12 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
+			Name:  "file, f",
+			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Usage: "Name of the dump file which will be created.",
 		},
 		cli.BoolFlag{
-			Name:  "verbose, v",
+			Name:  "verbose, V",
 			Usage: "Show process details",
 		},
 		cli.StringFlag{
@@ -48,16 +48,16 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "database, d",
 			Usage: "Specify the database SQL syntax",
 		},
+		cli.BoolFlag{
+			Name:  "skip-repository, R",
+			Usage: "Skip the repository dumping",
+		},
 	},
 }

 func runDump(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
 	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise
-	models.LoadConfigs()

 	err := models.SetEngine()
 	if err != nil {
@@ -68,29 +68,43 @@ func runDump(ctx *cli.Context) error {
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
 		log.Fatalf("Path does not exist: %s", tmpDir)
 	}
-	TmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
+	tmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
 	if err != nil {
 		log.Fatalf("Failed to create tmp work directory: %v", err)
 	}
-	log.Printf("Creating tmp work dir: %s", TmpWorkDir)
+	log.Printf("Creating tmp work dir: %s", tmpWorkDir)

 	// work-around #1103
 	if os.Getenv("TMPDIR") == "" {
-		os.Setenv("TMPDIR", TmpWorkDir)
+		os.Setenv("TMPDIR", tmpWorkDir)
 	}

-	reposDump := path.Join(TmpWorkDir, "gitea-repo.zip")
-	dbDump := path.Join(TmpWorkDir, "gitea-db.sql")
+	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")

-	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+	fileName := ctx.String("file")
+	log.Printf("Packing dump files...")
+	z, err := zip.Create(fileName)
+	if err != nil {
+		log.Fatalf("Failed to create %s: %v", fileName, err)
+	}
 	zip.Verbose = ctx.Bool("verbose")
-	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
-		log.Fatalf("Failed to dump local repositories: %v", err)
+
+	if ctx.IsSet("skip-repository") {
+		log.Printf("Skip dumping local repositories")
+	} else {
+		log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+		reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
+		if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+			log.Fatalf("Failed to dump local repositories: %v", err)
+		}
+		if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
+			log.Fatalf("Failed to include gitea-repo.zip: %v", err)
+		}
 	}

 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != models.DbCfg.Type {
-		log.Printf("Dumping database %s => %s...", models.DbCfg.Type, targetDBType)
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+		log.Printf("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Printf("Dumping database...")
 	}
@@ -99,19 +113,17 @@ func runDump(ctx *cli.Context) error {
 		log.Fatalf("Failed to dump database: %v", err)
 	}

-	fileName := fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix())
-	log.Printf("Packing dump files...")
-	z, err := zip.Create(fileName)
-	if err != nil {
-		log.Fatalf("Failed to create %s: %v", fileName, err)
-	}
-
-	if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
-		log.Fatalf("Failed to include gitea-repo.zip: %v", err)
-	}
 	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
 		log.Fatalf("Failed to include gitea-db.sql: %v", err)
 	}
+
+	if len(setting.CustomConf) > 0 {
+		log.Printf("Adding custom configuration file from %s", setting.CustomConf)
+		if err := z.AddFile("app.ini", setting.CustomConf); err != nil {
+			log.Fatalf("Failed to include specified app.ini: %v", err)
+		}
+	}
+
 	customDir, err := os.Stat(setting.CustomPath)
 	if err == nil && customDir.IsDir() {
 		if err := z.AddDir("custom", setting.CustomPath); err != nil {
@@ -126,18 +138,17 @@ func runDump(ctx *cli.Context) error {

 		var sessionAbsPath string
 		if setting.SessionConfig.Provider == "file" {
-			if len(setting.SessionConfig.ProviderConfig) == 0 {
-				setting.SessionConfig.ProviderConfig = "data/sessions"
-			}
-			sessionAbsPath, _ = filepath.Abs(setting.SessionConfig.ProviderConfig)
+			sessionAbsPath = setting.SessionConfig.ProviderConfig
 		}
 		if err := zipAddDirectoryExclude(z, "data", setting.AppDataPath, sessionAbsPath); err != nil {
 			log.Fatalf("Failed to include data directory: %v", err)
 		}
 	}

-	if err := z.AddDir("log", setting.LogRootPath); err != nil {
-		log.Fatalf("Failed to include log: %v", err)
+	if com.IsExist(setting.LogRootPath) {
+		if err := z.AddDir("log", setting.LogRootPath); err != nil {
+			log.Fatalf("Failed to include log: %v", err)
+		}
 	}

 	if err = z.Close(); err != nil {
@@ -149,10 +160,10 @@ func runDump(ctx *cli.Context) error {
 		log.Printf("Can't change file access permissions mask to 0600: %v", err)
 	}

-	log.Printf("Removing tmp work dir: %s", TmpWorkDir)
+	log.Printf("Removing tmp work dir: %s", tmpWorkDir)

-	if err := os.RemoveAll(TmpWorkDir); err != nil {
-		log.Fatalf("Failed to remove %s: %v", TmpWorkDir, err)
+	if err := os.RemoveAll(tmpWorkDir); err != nil {
+		log.Fatalf("Failed to remove %s: %v", tmpWorkDir, err)
 	}
 	log.Printf("Finish dumping in file %s", fileName)

--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -0,0 +1,84 @@
+// Copyright 2016 The Gogs Authors. All rights reserved.
+// Copyright 2016 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/modules/generate"
+
+	"github.com/urfave/cli"
+)
+
+var (
+	// CmdGenerate represents the available generate sub-command.
+	CmdGenerate = cli.Command{
+		Name:  "generate",
+		Usage: "Command line interface for running generators",
+		Subcommands: []cli.Command{
+			subcmdSecret,
+		},
+	}
+
+	subcmdSecret = cli.Command{
+		Name:  "secret",
+		Usage: "Generate a secret token",
+		Subcommands: []cli.Command{
+			microcmdGenerateInternalToken,
+			microcmdGenerateLfsJwtSecret,
+			microcmdGenerateSecretKey,
+		},
+	}
+
+	microcmdGenerateInternalToken = cli.Command{
+		Name:   "INTERNAL_TOKEN",
+		Usage:  "Generate a new INTERNAL_TOKEN",
+		Action: runGenerateInternalToken,
+	}
+
+	microcmdGenerateLfsJwtSecret = cli.Command{
+		Name:    "JWT_SECRET",
+		Aliases: []string{"LFS_JWT_SECRET"},
+		Usage:   "Generate a new JWT_SECRET",
+		Action:  runGenerateLfsJwtSecret,
+	}
+
+	microcmdGenerateSecretKey = cli.Command{
+		Name:   "SECRET_KEY",
+		Usage:  "Generate a new SECRET_KEY",
+		Action: runGenerateSecretKey,
+	}
+)
+
+func runGenerateInternalToken(c *cli.Context) error {
+	internalToken, err := generate.NewInternalToken()
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("%s\n", internalToken)
+	return nil
+}
+
+func runGenerateLfsJwtSecret(c *cli.Context) error {
+	JWTSecretBase64, err := generate.NewJwtSecret()
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("%s\n", JWTSecretBase64)
+	return nil
+}
+
+func runGenerateSecretKey(c *cli.Context) error {
+	secretKey, err := generate.NewSecretKey()
+	if err != nil {
+		return err
+	}
+
+	fmt.Printf("%s\n", secretKey)
+	return nil
+}
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -8,16 +8,14 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"net/http"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"

 	"github.com/urfave/cli"
 )
@@ -28,16 +26,9 @@ var (
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "This should only be called by Git",
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 		Subcommands: []cli.Command{
 			subcmdHookPreReceive,
-			subcmdHookUpadte,
+			subcmdHookUpdate,
 			subcmdHookPostReceive,
 		},
 	}
@@ -48,7 +39,7 @@ var (
 		Description: "This command should only be called by Git",
 		Action:      runHookPreReceive,
 	}
-	subcmdHookUpadte = cli.Command{
+	subcmdHookUpdate = cli.Command{
 		Name:        "update",
 		Usage:       "Delegate update Git hook",
 		Description: "This command should only be called by Git",
@@ -62,31 +53,19 @@ var (
 	}
 )

-func hookSetup(logPath string) {
-	setting.NewContext()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-	models.LoadConfigs()
-}
-
 func runHookPreReceive(c *cli.Context) error {
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/pre-receive.log")
+	setup("hooks/pre-receive.log")

 	// the environment setted on serv command
-	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
-	//username := os.Getenv(models.EnvRepoUsername)
-	//reponame := os.Getenv(models.EnvRepoName)
-	//repoPath := models.RepoPath(username, reponame)
+	username := os.Getenv(models.EnvRepoUsername)
+	reponame := os.Getenv(models.EnvRepoName)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)

 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
@@ -104,37 +83,27 @@ func runHookPreReceive(c *cli.Context) error {
 			continue
 		}

-		//oldCommitID := string(fields[0])
+		oldCommitID := string(fields[0])
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		// FIXME: when we add feature to protected branch to deny force push, then uncomment below
-		/*var isForce bool
-		// detect force push
-		if git.EmptySHA != oldCommitID {
-			output, err := git.NewCommand("rev-list", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
-			if err != nil {
-				fail("Internal error", "Fail to detect force push: %v", err)
-			} else if len(output) > 0 {
-				isForce = true
-			}
-		}*/
-
-		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
-		protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
-		if err != nil {
-			log.GitLogger.Fatal(2, "retrieve protected branches information failed")
-		}
-
-		if protectBranch != nil {
-			if !protectBranch.CanPush {
-				// check and deletion
-				if newCommitID == git.EmptySHA {
-					fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-				} else {
-					fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
-					//fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
-				}
+		// If the ref is a branch, check if it's protected
+		if strings.HasPrefix(refFullName, git.BranchPrefix) {
+			statusCode, msg := private.HookPreReceive(username, reponame, private.HookOptions{
+				OldCommitID:                     oldCommitID,
+				NewCommitID:                     newCommitID,
+				RefFullName:                     refFullName,
+				UserID:                          userID,
+				GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
+				GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
+				GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
+				ProtectedBranchID:               prID,
+			})
+			switch statusCode {
+			case http.StatusInternalServerError:
+				fail("Internal Server Error", msg)
+			case http.StatusForbidden:
+				fail(msg, "")
 			}
 		}
 	}
@@ -147,13 +116,7 @@ func runHookUpdate(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/update.log")
+	setup("hooks/update.log")

 	return nil
 }
@@ -163,13 +126,7 @@ func runHookPostReceive(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/post-receive.log")
+	setup("hooks/post-receive.log")

 	// the environment setted on serv command
 	repoUser := os.Getenv(models.EnvRepoUsername)
@@ -198,17 +155,31 @@ func runHookPostReceive(c *cli.Context) error {
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		if err := private.PushUpdate(models.PushUpdateOptions{
-			RefFullName:  refFullName,
-			OldCommitID:  oldCommitID,
-			NewCommitID:  newCommitID,
-			PusherID:     pusherID,
-			PusherName:   pusherName,
-			RepoUserName: repoUser,
-			RepoName:     repoName,
-		}); err != nil {
-			log.GitLogger.Error(2, "Update: %v", err)
+		res, err := private.HookPostReceive(repoUser, repoName, private.HookOptions{
+			OldCommitID: oldCommitID,
+			NewCommitID: newCommitID,
+			RefFullName: refFullName,
+			UserID:      pusherID,
+			UserName:    pusherName,
+		})
+
+		if res == nil {
+			fail("Internal Server Error", err)
 		}
+
+		if res["message"] == false {
+			continue
+		}
+
+		fmt.Fprintln(os.Stderr, "")
+		if res["create"] == true {
+			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res["branch"])
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		} else {
+			fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		}
+		fmt.Fprintln(os.Stderr, "")
 	}

 	return nil
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -0,0 +1,75 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+
+	"github.com/urfave/cli"
+)
+
+// CmdKeys represents the available keys sub-command
+var CmdKeys = cli.Command{
+	Name:   "keys",
+	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
+	Action: runKeys,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "expected, e",
+			Value: "git",
+			Usage: "Expected user for whom provide key commands",
+		},
+		cli.StringFlag{
+			Name:  "username, u",
+			Value: "",
+			Usage: "Username trying to log in by SSH",
+		},
+		cli.StringFlag{
+			Name:  "type, t",
+			Value: "",
+			Usage: "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
+		},
+		cli.StringFlag{
+			Name:  "content, k",
+			Value: "",
+			Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
+		},
+	},
+}
+
+func runKeys(c *cli.Context) error {
+	if !c.IsSet("username") {
+		return errors.New("No username provided")
+	}
+	// Check username matches the expected username
+	if strings.TrimSpace(c.String("username")) != strings.TrimSpace(c.String("expected")) {
+		return nil
+	}
+
+	content := ""
+
+	if c.IsSet("type") && c.IsSet("content") {
+		content = fmt.Sprintf("%s %s", strings.TrimSpace(c.String("type")), strings.TrimSpace(c.String("content")))
+	}
+
+	if content == "" {
+		return errors.New("No key type and content provided")
+	}
+
+	if err := initDBDisableConsole(true); err != nil {
+		return err
+	}
+
+	publicKey, err := models.SearchPublicKeyByContent(content)
+	if err != nil {
+		return err
+	}
+	fmt.Println(publicKey.AuthorizedString())
+	return nil
+}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -0,0 +1,41 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/migrations"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdMigrate represents the available migrate sub-command.
+var CmdMigrate = cli.Command{
+	Name:        "migrate",
+	Usage:       "Migrate the database",
+	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
+	Action:      runMigrate,
+}
+
+func runMigrate(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	setting.InitDBConfig()
+
+	if err := models.NewEngine(migrations.Migrate); err != nil {
+		log.Fatal("Failed to initialize ORM engine: %v", err)
+		return err
+	}
+
+	return nil
+}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -8,24 +8,26 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
+	"strconv"
 	"strings"
 	"time"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"

-	"github.com/Unknwon/com"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )

 const (
-	accessDenied        = "Repository does not exist or you do not have access"
 	lfsAuthenticateVerb = "git-lfs-authenticate"
 )

@@ -36,28 +38,15 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
+		cli.BoolFlag{
+			Name: "enable-pprof",
 		},
 	},
 }

-func setup(logPath string) error {
+func setup(logPath string) {
+	_ = log.DelLogger("console")
 	setting.NewContext()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-	models.LoadConfigs()
-
-	if setting.UseSQLite3 || setting.UseTiDB {
-		workDir, _ := setting.WorkDir()
-		if err := os.Chdir(workDir); err != nil {
-			log.GitLogger.Fatal(4, "Failed to change directory %s: %v", workDir, err)
-		}
-	}
-
-	setting.NewXORMLogService(true)
-	return models.SetEngine()
 }

 func parseCmd(cmd string) (string, string) {
@@ -84,22 +73,14 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 		if !setting.ProdMode {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
-		log.GitLogger.Fatal(3, logMessage, args...)
-		return
 	}

-	log.GitLogger.Close()
 	os.Exit(1)
 }

 func runServ(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
-	if err := setup("serv.log"); err != nil {
-		fail("System init failed", fmt.Sprintf("setup: %v", err))
-	}
+	// FIXME: This needs to internationalised
+	setup("serv.log")

 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -107,13 +88,29 @@ func runServ(c *cli.Context) error {
 	}

 	if len(c.Args()) < 1 {
-		cli.ShowSubcommandHelp(c)
+		if err := cli.ShowSubcommandHelp(c); err != nil {
+			fmt.Printf("error showing subcommand help: %v\n", err)
+		}
 		return nil
 	}

+	keys := strings.Split(c.Args()[0], "-")
+	if len(keys) != 2 || keys[0] != "key" {
+		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
+	}
+	keyID := com.StrTo(keys[1]).MustInt64()
+
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
-		println("Hi there, You've successfully authenticated, but Gitea does not provide shell access.")
+		key, user, err := private.ServNoCommand(keyID)
+		if err != nil {
+			fail("Internal error", "Failed to check provided key: %v", err)
+		}
+		if key.Type == models.KeyTypeDeploy {
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
+		} else {
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
 	}
@@ -142,36 +139,22 @@ func runServ(c *cli.Context) error {
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

-	isWiki := false
-	unitType := models.UnitTypeCode
-	if strings.HasSuffix(reponame, ".wiki") {
-		isWiki = true
-		unitType = models.UnitTypeWiki
-		reponame = reponame[:len(reponame)-5]
-	}
-
-	os.Setenv(models.EnvRepoUsername, username)
-	if isWiki {
-		os.Setenv(models.EnvRepoIsWiki, "true")
-	} else {
-		os.Setenv(models.EnvRepoIsWiki, "false")
-	}
-	os.Setenv(models.EnvRepoName, reponame)
-
-	repoUser, err := models.GetUserByName(username)
-	if err != nil {
-		if models.IsErrUserNotExist(err) {
-			fail("Repository owner does not exist", "Unregistered owner: %s", username)
+	if setting.EnablePprof || c.Bool("enable-pprof") {
+		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
+			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}
-		fail("Internal error", "Failed to get repository owner (%s): %v", username, err)
-	}

-	repo, err := models.GetRepositoryByName(repoUser.ID, reponame)
-	if err != nil {
-		if models.IsErrRepoNotExist(err) {
-			fail(accessDenied, "Repository does not exist: %s/%s", repoUser.Name, reponame)
+		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		if err != nil {
+			fail("Internal Server Error", "Unable to start CPU profile: %v", err)
 		}
-		fail("Internal error", "Failed to get repository: %v", err)
+		defer func() {
+			stopCPUProfiler()
+			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+			if err != nil {
+				fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
+			}
+		}()
 	}

 	requestedMode, has := allowedCommands[verb]
@@ -189,89 +172,39 @@ func runServ(c *cli.Context) error {
 		}
 	}

-	// Prohibit push to mirror repositories.
-	if requestedMode > models.AccessModeRead && repo.IsMirror {
-		fail("mirror repository is read-only", "")
-	}
-
-	// Allow anonymous clone for public repositories.
-	var (
-		keyID int64
-		user  *models.User
-	)
-	if requestedMode == models.AccessModeWrite || repo.IsPrivate {
-		keys := strings.Split(c.Args()[0], "-")
-		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
-		}
-
-		key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
-		if err != nil {
-			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
-		}
-		keyID = key.ID
-
-		// Check deploy key or user key.
-		if key.Type == models.KeyTypeDeploy {
-			if key.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
-			}
-			// Check if this deploy key belongs to current repository.
-			if !models.HasDeployKey(key.ID, repo.ID) {
-				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
-			}
-
-			// Update deploy key activity.
-			deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID)
-			if err != nil {
-				fail("Internal error", "GetDeployKey: %v", err)
-			}
-
-			deployKey.Updated = time.Now()
-			if err = models.UpdateDeployKey(deployKey); err != nil {
-				fail("Internal error", "UpdateDeployKey: %v", err)
-			}
-		} else {
-			user, err = models.GetUserByKeyID(key.ID)
-			if err != nil {
-				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
-			}
-
-			mode, err := models.AccessLevel(user.ID, repo)
-			if err != nil {
-				fail("Internal error", "Failed to check access: %v", err)
-			} else if mode < requestedMode {
-				clientMessage := accessDenied
-				if mode >= models.AccessModeRead {
-					clientMessage = "You do not have sufficient authorization for this action"
-				}
-				fail(clientMessage,
-					"User %s does not have level %v access to repository %s",
-					user.Name, requestedMode, repoPath)
-			}
-
-			if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
-				fail("You do not have allowed for this action",
-					"User %s does not have allowed access to repository %s 's code",
-					user.Name, repoPath)
-			}
-
-			os.Setenv(models.EnvPusherName, user.Name)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", user.ID))
-		}
+	results, err := private.ServCommand(keyID, username, reponame, requestedMode, verb, lfsVerb)
+	if err != nil {
+		if private.IsErrServCommand(err) {
+			errServCommand := err.(private.ErrServCommand)
+			if errServCommand.StatusCode != http.StatusInternalServerError {
+				fail("Unauthorized", "%s", errServCommand.Error())
+			} else {
+				fail("Internal Server Error", "%s", errServCommand.Error())
+			}
+		}
+		fail("Internal Server Error", "%s", err.Error())
 	}
+	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	os.Setenv(models.EnvRepoName, results.RepoName)
+	os.Setenv(models.EnvRepoUsername, results.OwnerName)
+	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
+	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))

 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
-		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, repoUser.Name, repo.Name)
+		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
-		token := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.MapClaims{
-			"repo": repo.ID,
+		claims := jwt.MapClaims{
+			"repo": results.RepoID,
 			"op":   lfsVerb,
-			"exp":  now.Add(5 * time.Minute).Unix(),
+			"exp":  now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
 			"nbf":  now.Unix(),
-		})
+			"user": results.UserID,
+		}
+		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

 		// Sign and get the complete encoded token as a string using the secret
 		tokenString, err := token.SignedString(setting.LFS.JWTSecretBytes)
@@ -290,7 +223,6 @@ func runServ(c *cli.Context) error {
 		if err != nil {
 			fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
-
 		return nil
 	}

@@ -307,14 +239,6 @@ func runServ(c *cli.Context) error {
 		gitcmd = exec.Command(verb, repoPath)
 	}

-	if isWiki {
-		if err = repo.InitWiki(); err != nil {
-			fail("Internal error", "Failed to init wiki repo: %v", err)
-		}
-	}
-
-	os.Setenv(models.ProtectedBranchRepoID, fmt.Sprintf("%d", repo.ID))
-
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
@@ -324,9 +248,9 @@ func runServ(c *cli.Context) error {
 	}

 	// Update user key activity.
-	if keyID > 0 {
-		if err = private.UpdatePublicKeyUpdated(keyID); err != nil {
-			fail("Internal error", "UpdatePublicKey: %v", err)
+	if results.KeyID > 0 {
+		if err = private.UpdatePublicKeyInRepo(results.KeyID, results.RepoID); err != nil {
+			fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
 		}
 	}

--- a/cmd/web.go
+++ b/cmd/web.go
@@ -19,7 +19,10 @@ import (
 	"code.gitea.io/gitea/routers/routes"

 	context2 "github.com/gorilla/context"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
+	"golang.org/x/crypto/acme/autocert"
+	ini "gopkg.in/ini.v1"
 )

 // CmdWeb represents the available web sub-command.
@@ -35,11 +38,6 @@ and it takes care of all the other things for you`,
 			Value: "3000",
 			Usage: "Temporary port number to prevent conflict",
 		},
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 		cli.StringFlag{
 			Name:  "pid, P",
 			Value: "/var/run/gitea.pid",
@@ -48,11 +46,61 @@ and it takes care of all the other things for you`,
 	},
 }

-func runWeb(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
+func runHTTPRedirector() {
+	source := fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.PortToRedirect)
+	dest := strings.TrimSuffix(setting.AppURL, "/")
+	log.Info("Redirecting: %s to %s", source, dest)

+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		target := dest + r.URL.Path
+		if len(r.URL.RawQuery) > 0 {
+			target += "?" + r.URL.RawQuery
+		}
+		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
+	})
+
+	var err = runHTTP(source, context2.ClearHandler(handler))
+
+	if err != nil {
+		log.Fatal("Failed to start port redirection: %v", err)
+	}
+}
+
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(domain),
+		Cache:      autocert.DirCache(directory),
+		Email:      email,
+	}
+	go func() {
+		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		if err != nil {
+			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+		}
+	}()
+	server := &http.Server{
+		Addr:      listenAddr,
+		Handler:   m,
+		TLSConfig: certManager.TLSConfig(),
+	}
+	return server.ListenAndServeTLS("", "")
+}
+
+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
+
+func runWeb(ctx *cli.Context) error {
 	if ctx.IsSet("pid") {
 		setting.CustomPID = ctx.String("pid")
 	}
@@ -66,13 +114,39 @@ func runWeb(ctx *cli.Context) error {
 	if ctx.IsSet("port") {
 		setting.AppURL = strings.Replace(setting.AppURL, setting.HTTPPort, ctx.String("port"), 1)
 		setting.HTTPPort = ctx.String("port")
+
+		switch setting.Protocol {
+		case setting.UnixSocket:
+		case setting.FCGI:
+		default:
+			// Save LOCAL_ROOT_URL if port changed
+			cfg := ini.Empty()
+			if com.IsFile(setting.CustomConf) {
+				// Keeps custom settings if there is already something.
+				if err := cfg.Append(setting.CustomConf); err != nil {
+					return fmt.Errorf("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+				}
+			}
+
+			defaultLocalURL := string(setting.Protocol) + "://"
+			if setting.HTTPAddr == "0.0.0.0" {
+				defaultLocalURL += "localhost"
+			} else {
+				defaultLocalURL += setting.HTTPAddr
+			}
+			defaultLocalURL += ":" + setting.HTTPPort + "/"
+
+			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
+
+			if err := cfg.SaveTo(setting.CustomConf); err != nil {
+				return fmt.Errorf("Error saving generated JWT Secret to custom config: %v", err)
+			}
+		}
 	}

-	var listenAddr string
-	if setting.Protocol == setting.UnixSocket {
-		listenAddr = fmt.Sprintf("%s", setting.HTTPAddr)
-	} else {
-		listenAddr = fmt.Sprintf("%s:%s", setting.HTTPAddr, setting.HTTPPort)
+	listenAddr := setting.HTTPAddr
+	if setting.Protocol != setting.UnixSocket {
+		listenAddr += ":" + setting.HTTPPort
 	}
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)

@@ -82,6 +156,7 @@ func runWeb(ctx *cli.Context) error {

 	if setting.EnablePprof {
 		go func() {
+			log.Info("Starting pprof server on localhost:6060")
 			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
 		}()
 	}
@@ -91,17 +166,29 @@ func runWeb(ctx *cli.Context) error {
 	case setting.HTTP:
 		err = runHTTP(listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
+		if setting.EnableLetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
+			break
+		}
+		if setting.RedirectOtherPort {
+			go runHTTPRedirector()
+		}
 		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		listener, err := net.Listen("tcp", listenAddr)
+		var listener net.Listener
+		listener, err = net.Listen("tcp", listenAddr)
 		if err != nil {
-			log.Fatal(4, "Failed to bind %s", listenAddr, err)
+			log.Fatal("Failed to bind %s: %v", listenAddr, err)
 		}
-		defer listener.Close()
+		defer func() {
+			if err := listener.Close(); err != nil {
+				log.Fatal("Failed to stop server: %v", err)
+			}
+		}()
 		err = fcgi.Serve(listener, context2.ClearHandler(m))
 	case setting.UnixSocket:
 		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
-			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
+			log.Fatal("Failed to remove unix socket directory %s: %v", listenAddr, err)
 		}
 		var listener *net.UnixListener
 		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
@@ -112,15 +199,15 @@ func runWeb(ctx *cli.Context) error {
 		// FIXME: add proper implementation of signal capture on all protocols
 		// execute this on SIGTERM or SIGINT: listener.Close()
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
-			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
+			log.Fatal("Failed to set permission of unix socket: %v", err)
 		}
 		err = http.Serve(listener, context2.ClearHandler(m))
 	default:
-		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
+		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}

 	if err != nil {
-		log.Fatal(4, "Failed to start server: %v", err)
+		log.Fatal("Failed to start server: %v", err)
 	}

 	return nil
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -34,7 +34,7 @@ func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
 	var err error
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
-		log.Fatal(4, "Failed to load https cert file %s: %v", listenAddr, err)
+		log.Fatal("Failed to load https cert file %s: %v", listenAddr, err)
 	}

 	return gracehttp.Serve(&http.Server{
--- a/conf/app.ini
+++ b/conf/app.ini
@@ -1,543 +0,0 @@
-; App name that shows on every page title
-APP_NAME = Gitea: Git with a cup of tea
-; Change it if you run locally
-RUN_USER = git
-; Either "dev", "prod" or "test", default is "dev"
-RUN_MODE = dev
-
-[repository]
-ROOT =
-SCRIPT_TYPE = bash
-; Default ANSI charset
-ANSI_CHARSET =
-; Force every new repository to be private
-FORCE_PRIVATE = false
-; Global maximum creation limit of repository per user, -1 means no limit
-MAX_CREATION_LIMIT = -1
-; Mirror sync queue length, increase if mirror syncing starts hanging
-MIRROR_QUEUE_LENGTH = 1000
-; Patch test queue length, increase if pull request patch testing starts hanging
-PULL_REQUEST_QUEUE_LENGTH = 1000
-; Preferred Licenses to place at the top of the List
-; Name must match file name in conf/license or custom/conf/license
-PREFERRED_LICENSES = Apache License 2.0,MIT License
-; Disable ability to interact with repositories by HTTP protocol
-DISABLE_HTTP_GIT = false
-
-[repository.editor]
-; List of file extensions that should have line wraps in the CodeMirror editor
-; Separate extensions with a comma. To line wrap files w/o extension, just put a comma
-LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
-; Valid file modes that have a preview API associated with them, such as api/v1/markdown
-; Separate values by commas. Preview tab in edit mode won't show if the file extension doesn't match
-PREVIEWABLE_FILE_MODES = markdown
-
-[repository.local]
-; Path for uploads. Defaults to `tmp/local-repo`
-LOCAL_COPY_PATH = tmp/local-repo
-
-[repository.upload]
-; Whether repository file uploads are enabled. Defaults to `true`
-ENABLED = true
-; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
-TEMP_PATH = data/tmp/uploads
-; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
-ALLOWED_TYPES =
-; Max size of each file in MB. Defaults to 3MB
-FILE_MAX_SIZE = 3
-; Max number of files per upload. Defaults to 5
-MAX_FILES = 5
-
-[ui]
-; Number of repositories that are showed in one explore page
-EXPLORE_PAGING_NUM = 20
-; Number of issues that are showed in one page
-ISSUE_PAGING_NUM = 10
-; Number of maximum commits showed in one activity feed
-FEED_MAX_COMMIT_NUM = 5
-; Value of `theme-color` meta tag, used by Android >= 5.0
-; An invalid color like "none" or "disable" will have the default style
-; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
-THEME_COLOR_META_TAG = `#6cc644`
-; Max size of files to be displayed (defaults is 8MiB)
-MAX_DISPLAY_FILE_SIZE = 8388608
-; Whether show the user email in the Explore Users page
-SHOW_USER_EMAIL = true
-
-[ui.admin]
-; Number of users that are showed in one page
-USER_PAGING_NUM = 50
-; Number of repos that are showed in one page
-REPO_PAGING_NUM = 50
-; Number of notices that are showed in one page
-NOTICE_PAGING_NUM = 25
-; Number of organization that are showed in one page
-ORG_PAGING_NUM = 50
-
-[ui.user]
-; Number of repos that are showed in one page
-REPO_PAGING_NUM = 15
-
-[ui.meta]
-AUTHOR = Gitea - Git with a cup of tea
-DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
-KEYWORDS = go,git,self-hosted,gitea
-
-[markdown]
-; Enable hard line break extension
-ENABLE_HARD_LINE_BREAK = false
-; List of custom URL-Schemes that are allowed as links when rendering Markdown
-; for example git,magnet
-CUSTOM_URL_SCHEMES =
-; List of file extensions that should be rendered/edited as Markdown
-; Separate extensions with a comma. To render files w/o extension as markdown, just put a comma
-FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
-
-[server]
-; Listen protocol. One of 'http', 'https', 'unix' or 'fcgi'.
-PROTOCOL = http
-DOMAIN = localhost
-ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-; Listen address. Either a IPv4/IPv6 address or the path to a unix socket.
-HTTP_ADDR = 0.0.0.0
-HTTP_PORT = 3000
-; Permission for unix socket
-UNIX_SOCKET_PERMISSION = 666
-; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
-; In most cases you do not need to change the default value.
-; Alter it only if your SSH server node is not the same as HTTP node.
-LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
-; Disable SSH feature when not available
-DISABLE_SSH = false
-; Whether use builtin SSH server or not.
-START_SSH_SERVER = false
-; Domain name to be exposed in clone URL
-SSH_DOMAIN = %(DOMAIN)s
-; Network interface builtin SSH server listens on
-SSH_LISTEN_HOST =
-; Port number to be exposed in clone URL
-SSH_PORT = 22
-; Port number builtin SSH server listens on
-SSH_LISTEN_PORT = %(SSH_PORT)s
-; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
-SSH_ROOT_PATH =
-; Directory to create temporary files when test public key using ssh-keygen,
-; default is system temporary directory.
-SSH_KEY_TEST_PATH =
-; Path to ssh-keygen, default is 'ssh-keygen' and let shell find out which one to call.
-SSH_KEYGEN_PATH = ssh-keygen
-; Enable SSH Authorized Key Backup when rewriting all keys, default is true
-SSH_BACKUP_AUTHORIZED_KEYS = true
-; Enable exposure of SSH clone URL to anonymous visitors, default is false
-SSH_EXPOSE_ANONYMOUS = false
-; Indicate whether to check minimum key size with corresponding type
-MINIMUM_KEY_SIZE_CHECK = false
-; Disable CDN even in "prod" mode
-OFFLINE_MODE = false
-DISABLE_ROUTER_LOG = false
-; Generate steps:
-; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
-;
-; Or from a .pfx file exported from the Windows certificate store (do
-; not forget to export the private key):
-; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
-; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
-CERT_FILE = custom/https/cert.pem
-KEY_FILE = custom/https/key.pem
-; Upper level of template and static file path
-; default is the path where Gitea is executed
-STATIC_ROOT_PATH =
-; Default path for App data
-APP_DATA_PATH = data
-; Application level GZIP support
-ENABLE_GZIP = false
-; Landing page for non-logged users, can be "home" or "explore"
-LANDING_PAGE = home
-; Enables git-lfs support. true or false, default is false.
-LFS_START_SERVER = false
-; Where your lfs files put on, default is data/lfs.
-LFS_CONTENT_PATH = data/lfs
-; LFS authentication secret, changed this to yourself.
-LFS_JWT_SECRET   =
-
-; Define allowed algorithms and their minimum key length (use -1 to disable a type)
-[ssh.minimum_key_sizes]
-ED25519 = 256
-ECDSA   = 256
-RSA     = 2048
-DSA     = 1024
-
-[database]
-; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
-DB_TYPE = mysql
-HOST = 127.0.0.1:3306
-NAME = gitea
-USER = root
-PASSWD =
-; For "postgres" only, either "disable", "require" or "verify-full"
-SSL_MODE = disable
-; For "sqlite3" and "tidb", use absolute path when you start as service
-PATH = data/gitea.db
-; For "sqlite3" only. Query timeout
-SQLITE_TIMEOUT = 500
-
-[indexer]
-ISSUE_INDEXER_PATH = indexers/issues.bleve
-UPDATE_BUFFER_LEN = 20
-
-[admin]
-; Disable regular (non-admin) users to create organizations
-DISABLE_REGULAR_ORG_CREATION = false
-
-[security]
-; Whether the installer is disabled
-INSTALL_LOCK = false
-; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
-SECRET_KEY = !#@FDEWREWR&*(
-; Auto-login remember days
-LOGIN_REMEMBER_DAYS = 7
-COOKIE_USERNAME = gitea_awesome
-COOKIE_REMEMBER_NAME = gitea_incredible
-; Reverse proxy authentication header name of user name
-REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
-; Sets the minimum password length for new Users
-MIN_PASSWORD_LENGTH = 6
-; True when users are allowed to import local server paths
-IMPORT_LOCAL_PATHS = false
-
-[openid]
-;
-; OpenID is an open standard and decentralized authentication protocol.
-; Your identity is the address of a webpage you provide, which describes
-; how to prove you are in control of that page.
-;
-; For more info: https://en.wikipedia.org/wiki/OpenID
-;
-; Current implementation supports OpenID-2.0
-;
-; Tested to work providers at the time of writing:
-;  - Any GNUSocial node (your.hostname.tld/username)
-;  - Any SimpleID provider (http://simpleid.koinic.net)
-;  - http://openid.org.cn/
-;  - openid.stackexchange.com
-;  - login.launchpad.net
-;  - <username>.livejournal.com
-;
-; Whether to allow signin in via OpenID
-ENABLE_OPENID_SIGNIN = true
-; Whether to allow registering via OpenID
-; Do not include to rely on DISABLE_REGISTRATION setting
-;ENABLE_OPENID_SIGNUP = true
-; Allowed URI patterns (POSIX regexp).
-; Space separated.
-; Only these would be allowed if non-blank.
-; Example value: trusted.domain.org trusted.domain.net
-WHITELISTED_URIS =
-; Forbidden URI patterns (POSIX regexp).
-; Space sepaated.
-; Only used if WHITELISTED_URIS is blank.
-; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
-BLACKLISTED_URIS =
-
-[service]
-; Time limit to confirm account/email registration
-ACTIVE_CODE_LIVE_MINUTES = 180
-; Time limit to confirm forgot password reset process
-RESET_PASSWD_CODE_LIVE_MINUTES = 180
-; User need to confirm e-mail for registration
-REGISTER_EMAIL_CONFIRM = false
-; Does not allow register and admin create account only
-DISABLE_REGISTRATION = false
-; User must sign in to view anything.
-REQUIRE_SIGNIN_VIEW = false
-; Mail notification
-ENABLE_NOTIFY_MAIL = false
-; More detail: https://github.com/go-gitea/gitea/issues/165
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
-; Enable captcha validation for registration
-ENABLE_CAPTCHA = true
-; Default value for KeepEmailPrivate
-; New user will get the value of this setting copied into their profile
-DEFAULT_KEEP_EMAIL_PRIVATE = false
-; Default value for AllowCreateOrganization
-; New user will have rights set to create organizations depending on this setting
-DEFAULT_ALLOW_CREATE_ORGANIZATION = true
-; Default value for the domain part of the user's email address in the git log
-; if he has set KeepEmailPrivate true. The user's email replaced with a
-; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
-NO_REPLY_ADDRESS = noreply.example.org
-
-[webhook]
-; Hook task queue length, increase if webhook shooting starts hanging
-QUEUE_LENGTH = 1000
-; Deliver timeout in seconds
-DELIVER_TIMEOUT = 5
-; Allow insecure certification
-SKIP_TLS_VERIFY = false
-; Number of history information in each page
-PAGING_NUM = 10
-
-[mailer]
-ENABLED = false
-; Buffer length of channel, keep it as it is if you don't know what it is.
-SEND_BUFFER_LEN = 100
-; Name displayed in mail title
-SUBJECT = %(APP_NAME)s
-; Mail server
-; Gmail: smtp.gmail.com:587
-; QQ: smtp.qq.com:465
-; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
-HOST =
-; Disable HELO operation when hostname are different.
-DISABLE_HELO =
-; Custom hostname for HELO operation, default is from system.
-HELO_HOSTNAME =
-; Do not verify the certificate of the server. Only use this for self-signed certificates
-SKIP_VERIFY =
-; Use client certificate
-USE_CERTIFICATE = false
-CERT_FILE = custom/mailer/cert.pem
-KEY_FILE = custom/mailer/key.pem
-; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
-FROM =
-; Mailer user name and password
-USER =
-PASSWD =
-; Send mails as plain text
-SEND_AS_PLAIN_TEXT = false
-; Enable sendmail (override SMTP)
-USE_SENDMAIL = false
-; Specifiy an alternative sendmail binary
-SENDMAIL_PATH = sendmail
-
-[cache]
-; Either "memory", "redis", or "memcache", default is "memory"
-ADAPTER = memory
-; For "memory" only, GC interval in seconds, default is 60
-INTERVAL = 60
-; For "redis" and "memcache", connection host address
-; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-; memcache: `127.0.0.1:11211`
-HOST =
-
-[session]
-; Either "memory", "file", or "redis", default is "memory"
-PROVIDER = memory
-; Provider config options
-; memory: not have any config yet
-; file: session file path, e.g. `data/sessions`
-; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
-; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-PROVIDER_CONFIG = data/sessions
-; Session cookie name
-COOKIE_NAME = i_like_gitea
-; If you use session in https only, default is false
-COOKIE_SECURE = false
-; Enable set cookie, default is true
-ENABLE_SET_COOKIE = true
-; Session GC time interval in seconds, default is 86400 (1 day)
-GC_INTERVAL_TIME = 86400
-; Session life time in seconds, default is 86400 (1 day)
-SESSION_LIFE_TIME = 86400
-
-[picture]
-AVATAR_UPLOAD_PATH = data/avatars
-; Chinese users can choose "duoshuo"
-; or a custom avatar source, like: http://cn.gravatar.com/avatar/
-GRAVATAR_SOURCE = gravatar
-; This value will be forced to be true in offline mode.
-DISABLE_GRAVATAR = false
-; Federated avatar lookup uses DNS to discover avatar associated
-; with emails, see https://www.libravatar.org
-; This value will be forced to be false in offline mode or Gravatar is disbaled.
-ENABLE_FEDERATED_AVATAR = false
-
-[attachment]
-; Whether attachments are enabled. Defaults to `true`
-ENABLE = true
-; Path for attachments. Defaults to `data/attachments`
-PATH = data/attachments
-; One or more allowed types, e.g. image/jpeg|image/png
-ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
-; Max size of each file. Defaults to 32MB
-MAX_SIZE = 4
-; Max number of files per upload. Defaults to 10
-MAX_FILES = 5
-
-[time]
-; Specifies the format for fully outputed dates. Defaults to RFC1123
-; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
-; For more information about the format see http://golang.org/pkg/time/#pkg-constants
-FORMAT =
-
-[log]
-ROOT_PATH =
-; Either "console", "file", "conn", "smtp" or "database", default is "console"
-; Use comma to separate multiple modes, e.g. "console, file"
-MODE = console
-; Buffer length of channel, keep it as it is if you don't know what it is.
-BUFFER_LEN = 10000
-; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-LEVEL = Trace
-
-; For "console" mode only
-[log.console]
-LEVEL =
-
-; For "file" mode only
-[log.file]
-LEVEL =
-; This enables automated log rotate(switch of following options), default is true
-LOG_ROTATE = true
-; Max line number of single file, default is 1000000
-MAX_LINES = 1000000
-; Max size shift of single file, default is 28 means 1 << 28, 256MB
-MAX_SIZE_SHIFT = 28
-; Segment log daily, default is true
-DAILY_ROTATE = true
-; Expired days of log file(delete after max days), default is 7
-MAX_DAYS = 7
-
-; For "conn" mode only
-[log.conn]
-LEVEL =
-; Reconnect host for every single message, default is false
-RECONNECT_ON_MSG = false
-; Try to reconnect when connection is lost, default is false
-RECONNECT = false
-; Either "tcp", "unix" or "udp", default is "tcp"
-PROTOCOL = tcp
-; Host address
-ADDR =
-
-; For "smtp" mode only
-[log.smtp]
-LEVEL =
-; Name displayed in mail title, default is "Diagnostic message from server"
-SUBJECT = Diagnostic message from server
-; Mail server
-HOST =
-; Mailer user name and password
-USER =
-PASSWD =
-; Receivers, can be one or more, e.g. 1@example.com,2@example.com
-RECEIVERS =
-
-; For "database" mode only
-[log.database]
-LEVEL =
-; Either "mysql" or "postgres"
-DRIVER =
-; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
-CONN =
-
-[cron]
-; Enable running cron tasks periodically.
-ENABLED = true
-; Run cron tasks when Gitea starts.
-RUN_AT_START = false
-
-; Update mirrors
-[cron.update_mirrors]
-SCHEDULE = @every 10m
-
-; Repository health check
-[cron.repo_health_check]
-SCHEDULE = @every 24h
-TIMEOUT = 60s
-; Arguments for command 'git fsck', e.g. "--unreachable --tags"
-; see more on http://git-scm.com/docs/git-fsck/1.7.5
-ARGS =
-
-; Check repository statistics
-[cron.check_repo_stats]
-RUN_AT_START = true
-SCHEDULE = @every 24h
-
-; Clean up old repository archives
-[cron.archive_cleanup]
-RUN_AT_START = true
-SCHEDULE = @every 24h
-; Archives created more than OLDER_THAN ago are subject to deletion
-OLDER_THAN = 24h
-
-; Synchronize external user data (only LDAP user synchronization is supported)
-[cron.sync_external_users]
-; Syncronize external user data when starting server (default false)
-RUN_AT_START = false
-; Interval as a duration between each synchronization (default every 24h)
-SCHEDULE = @every 24h
-; Create new users, update existing user data and disable users that are not in external source anymore (default)
-;   or only create new users if UPDATE_EXISTING is set to false
-UPDATE_EXISTING = true
-
-[git]
-; Disables highlight of added and removed changes
-DISABLE_DIFF_HIGHLIGHT = false
-; Max number of lines allowed of a single file in diff view
-MAX_GIT_DIFF_LINES = 1000
-; Max number of characters of a line allowed in diff view
-MAX_GIT_DIFF_LINE_CHARACTERS = 5000
-; Max number of files shown in diff view
-MAX_GIT_DIFF_FILES = 100
-; Arguments for command 'git gc', e.g. "--aggressive --auto"
-; see more on http://git-scm.com/docs/git-gc/1.7.5
-GC_ARGS =
-
-; Operation timeout in seconds
-[git.timeout]
-MIGRATE = 600
-MIRROR = 300
-CLONE = 300
-PULL = 300
-GC = 60
-
-[mirror]
-; Default interval as a duration between each check
-DEFAULT_INTERVAL = 8h
-; Min interval as a duration must be > 1m
-MIN_INTERVAL = 10m
-
-[api]
-; Max number of items will response in a page
-MAX_RESPONSE_ITEMS = 50
-
-[i18n]
-LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
-NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,日本語,Español,Português do Brasil,Polski,български,Italiano,Suomalainen,Türkçe,čeština,Српски,Svenska,한국어
-
-; Used for datetimepicker
-[i18n.datelang]
-en-US = en
-zh-CN = zh
-zh-HK = zh-TW
-zh-TW = zh-TW
-de-DE = de
-fr-FR = fr
-nl-NL = nl
-lv-LV = lv
-ru-RU = ru
-ja-JP = ja
-es-ES = es
-pt-BR = pt-BR
-pl-PL = pl
-bg-BG = bg
-it-IT = it
-fi-FI = fi
-tr-TR = tr
-cs-CZ = cs-CZ
-sr-SP = sr
-sv-SE = sv
-ko-KR = ko
-
-; Extension mapping to highlight class
-; e.g. .toml=ini
-[highlight.mapping]
-
-[other]
-SHOW_FOOTER_BRANDING = false
-; Show version information about Gitea and Go in the footer
-SHOW_FOOTER_VERSION = true
-; Show time of template execution in the footer
-SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+########################################################################
+# This script some defaults for gitea to run in a FHS compliant manner #
+########################################################################
+
+# It assumes that you place this script as gitea in /usr/bin
+#
+# And place the original in /usr/lib/gitea with working files in /var/lib/gitea
+# and main configuration in /etc/gitea/app.ini
+GITEA="/usr/lib/gitea/gitea"
+WORK_DIR="/var/lib/gitea"
+APP_INI="/etc/gitea/app.ini"
+
+APP_INI_SET=""
+for i in "$@"; do
+	case "$i" in
+	"-c")
+		APP_INI_SET=1
+		;;
+	"-c="*)
+		APP_INI_SET=1
+		;;
+	"--config")
+		APP_INI_SET=1
+		;;
+	"--config="*)
+		APP_INI_SET=1
+		;;
+	*)
+	;;
+	esac
+done
+
+if [ -z "$APP_INI_SET" ]; then
+	CONF_ARG="-c \"$APP_INI\""
+fi
+
+# Provide FHS compliant defaults to
+GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"
+
+
--- a/contrib/ide/README.md
+++ b/contrib/ide/README.md
@@ -0,0 +1,12 @@
+# IDE and code editor configuration
+
+## Table of Contents
+- [IDE and code editor configuration](#ide-and-code-editor-configuration)
+  - [Microsoft Visual Studio Code](#microsoft-visual-studio-code)
+
+## Microsoft Visual Studio Code
+Download Microsoft Visual Studio Code at https://code.visualstudio.com/ and follow instructions at https://code.visualstudio.com/docs/languages/go to setup Go extension for it.
+
+Create new directory `.vscode` in Gitea root folder and copy contents of folder [contrib/ide/vscode](vscode/) to it. You can now use `Ctrl`+`Shift`+`B` to build gitea executable and `F5` to run it in debug mode.
+
+Supported on Debian, Ubuntu, Red Hat, Fedora, SUSE Linux, MacOS and Microsoft Windows.
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -0,0 +1,31 @@
+{
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "name": "Launch",
+      "type": "go",
+      "request": "launch",
+      "mode": "debug",
+      "buildFlags": "",
+      "port": 2345,
+      "host": "127.0.0.1",
+      "program": "${workspaceRoot}/main.go",
+      "env": {},
+      "args": ["web"],
+      "showLog": true
+    },
+    {
+      "name": "Launch (with SQLite3)",
+      "type": "go",
+      "request": "launch",
+      "mode": "debug",
+      "buildFlags": "-tags=\"sqlite sqlite_unlock_notify\"",
+      "port": 2345,
+      "host": "127.0.0.1",
+      "program": "${workspaceRoot}/main.go",
+      "env": {},
+      "args": ["web"],
+      "showLog": true
+    }
+  ]
+}
--- a/contrib/ide/vscode/tasks.json
+++ b/contrib/ide/vscode/tasks.json
@@ -0,0 +1,51 @@
+{
+  "version": "2.0.0",
+  "tasks": [
+    {
+      "taskName": "Build",
+      "type": "shell",
+      "command": "go",
+      "group": "build",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "focus": false,
+        "panel": "shared"
+      },
+      "args": ["build"],
+      "linux": {
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
+      },
+      "osx": {
+        "args": [ "-o", "gitea", "${workspaceRoot}/main.go" ]
+      },
+      "windows": {
+        "args": [ "-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+      },
+      "problemMatcher": ["$go"]
+    },
+    {
+      "taskName": "Build (with SQLite3)",
+      "type": "shell",
+      "command": "go",
+      "group": "build",
+      "presentation": {
+        "echo": true,
+        "reveal": "always",
+        "focus": false,
+        "panel": "shared"
+      },
+      "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\""],
+      "linux": {
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
+      },
+      "osx": {
+        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
+      },
+      "windows": {
+        "args": ["-o", "gitea.exe", "\"${workspaceRoot}\\main.go\""]
+      },
+      "problemMatcher": ["$go"]
+    }
+  ]
+}
--- a/contrib/init/centos/gitea
+++ b/contrib/init/centos/gitea
@@ -24,8 +24,8 @@
 # Default values

 NAME=gitea
-GITEA_HOME=/home/git/gitea
-GITEA_PATH=${GITEA_HOME}/$NAME
+GITEA_HOME=/var/lib/${NAME}
+GITEA_PATH=/usr/local/bin/${NAME}
 GITEA_USER=git
 SERVICENAME="Gitea - Git with a cup of tea"
 LOCKFILE=/var/lock/subsys/gitea
@@ -49,11 +49,11 @@ DAEMON_OPTS="--check $NAME"
 start() {
  cd ${GITEA_HOME}
  echo -n "Starting ${SERVICENAME}: "
-  daemon $DAEMON_OPTS "${GITEA_PATH} web > ${LOGFILE} 2>&1 &"
+  daemon $DAEMON_OPTS "${GITEA_PATH} web -c /etc/${NAME}/app.ini > ${LOGFILE} 2>&1 &"
  RETVAL=$?
  echo
  [ $RETVAL = 0 ] && touch ${LOCKFILE}
-        
+
  return $RETVAL
 }

@@ -63,7 +63,7 @@ stop() {
        killproc ${NAME}
        RETVAL=$?
        echo
-        [ $RETVAL = 0 ] && rm -f ${LOCKFILE} 
+        [ $RETVAL = 0 ] && rm -f ${LOCKFILE}
 }

 case "$1" in
--- a/contrib/init/debian/gitea
+++ b/contrib/init/debian/gitea
@@ -14,17 +14,20 @@
 # Do NOT "set -e"

 # PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC="Git with a cup of tea"
+PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/bin
+DESC="Gitea - Git with a cup of tea"
 NAME=gitea
 SERVICEVERBOSE=yes
 PIDFILE=/var/run/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
-WORKINGDIR=/home/git/gitea
-DAEMON=$WORKINGDIR/$NAME
-DAEMON_ARGS="web"
+WORKINGDIR=/var/lib/$NAME
+DAEMON=/usr/local/bin/$NAME
+DAEMON_ARGS="web -c /etc/$NAME/app.ini"
 USER=git
-USERBIND="setcap cap_net_bind_service=+ep"
+USERBIND=""
+# If you want to bind Gitea to a port below 1024 uncomment
+# the line below
+#USERBIND="setcap cap_net_bind_service=+ep"
 STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/1/KILL/5}"

 # Read configuration variable file if it is present
@@ -36,7 +39,7 @@ STOP_SCHEDULE="${STOP_SCHEDULE:-QUIT/5/TERM/1/KILL/5}"
 do_start()
 {
    $USERBIND $DAEMON
-    sh -c "USER=$USER start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \\
+    sh -c "USER=$USER HOME=/home/$USER GITEA_WORK_DIR=$WORKINGDIR start-stop-daemon --start --quiet --pidfile $PIDFILE --make-pidfile \\
        --background --chdir $WORKINGDIR --chuid $USER \\
        --exec $DAEMON -- $DAEMON_ARGS"
 }
--- a/contrib/init/freebsd/gitea
+++ b/contrib/init/freebsd/gitea
@@ -19,9 +19,9 @@ load_rc_config $name

 : ${gitea_user:="git"}
 : ${gitea_enable:="NO"}
-: ${gitea_directory:="/home/git"}
+: ${gitea_directory:="/var/lib/gitea"}

-command="${gitea_directory}/gitea web"
+command="/usr/local/bin/gitea web -c /etc/gitea/app.ini"
 procname="$(echo $command |cut -d' ' -f1)"

 pidfile="${gitea_directory}/${name}.pid"
@@ -33,6 +33,7 @@ gitea_start() {
 	cd ${gitea_directory}
 	export USER=${gitea_user}
 	export HOME=/usr/home/${gitea_user}
+	export GITEA_WORK_DIR=${gitea_directory}
 	/usr/sbin/daemon -f -u ${gitea_user} -p ${pidfile} $command
 }

--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@@ -1,11 +1,11 @@
 #!/sbin/openrc-run

-DIR=/home/git/gitea
+DIR=/var/lib/gitea
 USER=git

 start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
-command="${DIR}/gitea"
-command_args="web"
+command="/usr/local/bin/gitea"
+command_args="web -c /etc/gitea/app.ini"
 command_background=yes
 pidfile=/var/run/gitea.pid

--- a/contrib/init/openbsd/gitea
+++ b/contrib/init/openbsd/gitea
@@ -2,11 +2,11 @@
 #
 # $OpenBSD$

-daemon="/home/git/gitea/gitea"
+daemon="/usr/local/bin/gitea"
 daemon_user="git"
-daemon_flags="web"
+daemon_flags="web -c /etc/gitea/app.ini"

-gitea_directory="/home/git/gitea"
+gitea_directory="/var/lib/gitea"

 rc_bg=YES

--- a/contrib/init/sunos/gitea.xml
+++ b/contrib/init/sunos/gitea.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0"?>
+<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
+<service_bundle type="manifest" name="export">
+	<service name="gitea" type="service" version="1">
+		<create_default_instance enabled="false"/>
+
+		<dependency name="network" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/milestone/network:default"/>
+		</dependency>
+
+		<dependency name="filesystem" grouping="require_all" restart_on="refresh" type="service">
+			<service_fmri value="svc:/system/filesystem/local"/>
+		</dependency>
+
+		<exec_method
+		    type="method"
+		    name="start"
+		    exec="/opt/local/bin/gitea web"
+		    timeout_seconds="60">
+		  <method_context>
+		    <method_credential user="git" group="git" />
+		    <method_environment>
+		      <envvar name='GITEA_WORK_DIR' value='/opt/local/share/gitea'/>
+		      <envvar name='GITEA_CUSTOM' value='/opt/local/etc/gitea'/>
+		      <envvar name='HOME' value='/var/db/gitea'/>
+		      <envvar name='PATH' value='/opt/local/bin:${PATH}'/>
+		      <envvar name='USER' value='git'/>
+		    </method_environment>
+		  </method_context>
+		</exec_method>
+		<exec_method type="method" name="stop"	exec=":kill" timeout_seconds="60"/>
+
+		<property_group name="application" type="application"></property_group>
+		<property_group name="startd" type="framework">
+		  <propval name="duration" type="astring" value="child"/>
+		  <propval name="ignore_error" type="astring" value="core,signal"/>
+		</property_group>
+
+		<template>
+			<common_name>
+			  <loctext xml:lang="C">A painless, self-hosted Git service</loctext>
+			</common_name>
+		</template>
+
+	</service>
+</service_bundle>
--- a/contrib/init/suse/gitea
+++ b/contrib/init/suse/gitea
@@ -18,10 +18,10 @@
 # Default values

 NAME=gitea
-GITEA_HOME=/home/git/gitea
-GITEA_PATH=${GITEA_HOME}/$NAME
+GITEA_HOME=/var/lib/$NAME
+GITEA_PATH=/usr/local/bin/$NAME
 GITEA_USER=git
-SERVICENAME="Git - with a cup of tea"
+SERVICENAME="Gitea - Git with a cup of tea"
 LOCKFILE=/var/lock/subsys/gitea
 LOGPATH=${GITEA_HOME}/log
 LOGFILE=${LOGPATH}/error.log
@@ -58,7 +58,7 @@ case "$1" in
 			# return skipped as service is already running
 			(exit 5)
 		else
-			su - ${GITEA_USER} -c "USER=${GITEA_USER} ${GITEA_PATH} web 2>&1 >>${LOGFILE} &"
+			su - ${GITEA_USER} -c "USER=${GITEA_USER} GITEA_WORK_DIR=${GITEA_HOME} ${GITEA_PATH} web -c /etc/${NAME}/app.ini 2>&1 >>${LOGFILE} &"
 		fi

 		# Remember status and be verbose
--- a/contrib/k8s/gitea.yml
+++ b/contrib/k8s/gitea.yml
@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  replicas: 1
+  template:
+    metadata:
+      name: gitea
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:latest
+        imagePullPolicy: Always
+        volumeMounts:
+          - mountPath: "/var/lib/gitea"
+            name: "root"
+          - mountPath: "/data"
+            name: "data"
+        ports:
+          - containerPort: 22
+            name: ssh
+            protocol: TCP
+          - containerPort: 3000
+            name: http
+            protocol: TCP
+      restartPolicy: Always
+      volumes:
+        # Set up a data directory for gitea
+        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
+        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
+      - name: "root"
+        hostPath:
+          # directory location on host
+          path: "/var/lib/gitea"
+          # this field is optional
+          type: Directory
+      - name: "data"
+        hostPath:
+          path: "/data/gitea"
+          type: Directory
+  selector:
+    matchLabels:
+      app: gitea
+---
+# Using cluster mode
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-web
+  namespace: gitea
+  labels:
+    app: gitea-web
+spec:
+  ports:
+  - port: 80
+    targetPort: 3000
+    name: http
+  selector:
+    app: gitea
+---
+# Using node-port mode
+# This mainly open a specific TCP port for SSH usage on each host,
+# so you can use a proxy layer to handle it(e.g. slb, nginx)
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+  labels:
+    app: gitea-ssh
+spec:
+  ports:
+  - port: 22
+    targetPort: 22
+    nodePort: 30022
+    name: ssh
+  selector:
+    app: gitea
+  type: NodePort
+---
+# Ingress is always suitable for HTTP usage,
+# we suggest using an proxy layer such as slb to send traffic to different ports.
+# Usually 80/443 for web and 22 directly for SSH.
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  rules:
+  - host: your-gitea-host.com
+    http:
+      paths:
+      - backend:
+          serviceName: gitea-web
+          servicePort: 80
--- a/contrib/migrate/gogs_migrate.sh
+++ b/contrib/migrate/gogs_migrate.sh
@@ -1,206 +0,0 @@
-#!/bin/bash
-
-gitea_version=1.0.1
-tested_gogs_version="0.9.114.1227"
-gogs_binary=gogs
-gitea_binary=gitea
-download_gitea=true
-gitea_path=
-
-function usage() { 
-  echo "Optional parameters: [-b Gitea binary] [-i Gitea install dir] [-o gogs binary] [-h help]";
-  exit 1; 
-}
-
-while getopts ":b::i:o:h:" opt; do
-  case $opt in
-    b)
-        gitea_binary=${OPTARG}
-        download_gitea=false
-      ;;
-    i)
-        gitea_path=${OPTARG}
-      ;;
-    o)
-        gogs_binary=${OPTARG}
-      ;;
-    h)
-       usage
-      ;;
-    \?)
-      echo -e "Invalid option: -$OPTARG" 
-      exit 1
-      ;;
-    :)
-      usage
-      exit 1
-      ;;
-  esac
-done
-
-function exitOnError() {
-  if [ "$?" != "0" ]; then
-      echo -e $1
-      exit 1
-  fi
-}
-
-function checkBinary() {
-  if [ ! -f $1 ]; then
-   echo "Unable to find $1"
-   exit 1
-  fi
-}
-
-function continueYN(){
-  while true; do
-    echo -e "$1 Yes or No"
-    read yn
-    case $yn in
-        [Yy]* ) break;;
-        [Nn]* ) exit 1;;
-        * )     echo "Please answer yes or no.";;
-    esac
-  done
-}
-
-########## Binary checks
-if pidof "$gogs_binary" >/dev/null; then
- echo "Please stop gogs before migrating to Gitea"
- exit 1
-fi
-
-checkBinary "$gogs_binary"
-
-if [ ! -x "$gogs_binary" ]; then
- echo "Please make sure that you are running this script as the gogs user"
- exit 1
-fi
-
-########## Version check
-gogs_version=$(./$gogs_binary --version)
-original_IFS=$IFS
-IFS="." && current_version=(${gogs_version#"Gogs version "}) && minimal_version=($tested_gogs_version)
-IFS=$original_IFS
-
-count=0
-for i in "${current_version[@]}" 
-do
-  if [ $i -gt ${minimal_version[$count]} ]; then
-   echo -e "!!!--WARNING--!!!\nYour $gogs_version is newer than the tested Gogs version $tested_gogs_version\nUse this script on your own risk\n!!!--WARNING--!!!"
-   break
-  fi
-  let count+=1
-done
-
-########## Disclaimer
-continueYN "This migration script creates a backup before it starts with the actual migration
-If something goes wrong you could always resotre this backup.
-The backups are stored into your gogs folder in gogs-dump-[timestamp].zip file
-
-Migrating from gogs to gitea, are you sure?"
-
-########## gogs dump
-echo "Creating a backup of gogs, this could take a while..."
-./"$gogs_binary" dump
-exitOnError "Failed to create a gogs dump"
-
-########## Create Gitea folder
-if [ -z "$gitea_path" ]; then
-  echo "Where do you want to install Gitea?"
-  read gitea_path 
-fi
-
-if [ ! -d "$gitea_path" ]; then
-  mkdir -p "$gitea_path"
-  exitOnError
-fi
-
-if [ "$(ls -A $gitea_path)" ]; then
-  continueYN "!!!--WARNING--!!!\nDirectory $gitea_path is not empty, do you want to continue?"
-fi
-
-
-########## Download Gitea
-if [ $download_gitea == true ]; then
-
-  ########## Detect os
-  case "$OSTYPE" in
-    darwin*)    platform="darwin-10.6";; 
-    linux*)     platform="linux" ;;
-    freebsd*)   platform="bsd" ;;
-    netbsd*)    platform="bsd" ;;
-    openbsd*)   platform="bsd" ;;
-    *)          echo "Unsupported os: $OSTYPE\n Please download/compile your own binary and run this script with the -b option" exit 1;;
-  esac
-
-  arch=""
-  bits=""
-  if [[ "$platform" == "linux" ]] || [[ "$platform" == "bsd" ]]; then
-    arch="$(uname -m | sed -e 's/arm\(.*\)/arm-\1/' -e s/aarch64.*/arm64/)"
-  fi
-
-  if [[ "$platform" == "bsd" ]] && [[ "$arch" != "arm"* ]]; then
-    echo "Currently Gitea only supports arm prebuilt binarys on bsd"
-    exit 1
-  fi
-
-  if [[ "$arch" != "arm"* ]] &&  [[ "$arch" != "mips"* ]]; then
-    arch=""
-    case "$(getconf LONG_BIT)" in
-      64*)  bits="amd64";; 
-      32*)  bits="386" ;;
-    esac
-  fi
-
-  ########## Wget Gitea
-  echo "Downloading Gitea"
-  file="gitea-$gitea_version-$platform-$arch$bits"
-  url="https://dl.gitea.io/gitea/$gitea_version/$file"
-  wget "$url" -P "$gitea_path"
-  exitOnError "Failed to download $url"
-
-  wget "$url.sha256" -P "$gitea_path"
-  exitOnError "Failed to Gitea checksum $url.sha256"
-
-  echo "Comparing checksums"
-  gogs_dir=$(pwd)
-  cd "$gitea_path"
-
-  sha256sum -c "$file.sha256"
-  exitOnError "Downloaded Gitea checksums do not match"
-
-  rm "$file.sha256"
-  mv "$file" gitea
-  cd "$gogs_dir"
-
-else
-  checkBinary "$gitea_binary"
-  if [ "$gitea_binary" != "$gitea_path/gitea" ];then
-    cp "$gitea_binary" "$gitea_path/gitea"
-  fi
-fi
-
-########## Copy gogs data to Gitea folder
-echo "Copying gogs data to Gitea, this could take a while..."
-cp -R custom "$gitea_path"
-cp -R data "$gitea_path"
-#cp -R conf "$gitea_path"
-
-########## Moving & deleting old files
-#mv $gitea_path/conf $gitea_path/options
-cd "$gitea_path"
-mv "custom/conf/app.ini" "custom/conf/gogs_app.ini"
-url="https://raw.githubusercontent.com/go-gitea/gitea/v$gitea_version/conf/app.ini"
-wget "$url" -P "custom/conf/"
-exitOnError "Unable to download Gitea app.ini"
-rm -f conf/README.md
-
-echo -e "Migration is almost complete, you only need to merge custom/conf/gogs_app.ini into custom/conf/app.ini"
-continueYN "Do you want to start Gitea?"
-
-########## Starting Gitea
-echo "Starting Gitea"
-chmod +x gitea
-./gitea web
-exitOnError "Failed to start Gitea"
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -0,0 +1,264 @@
+package main
+
+/*
+Checkout a PR and load the tests data into sqlite database
+*/
+
+import (
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"os/user"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/external"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/routers"
+	"code.gitea.io/gitea/routers/routes"
+
+	"github.com/go-xorm/xorm"
+	context2 "github.com/gorilla/context"
+	"github.com/unknwon/com"
+	"gopkg.in/src-d/go-git.v4"
+	"gopkg.in/src-d/go-git.v4/config"
+	"gopkg.in/src-d/go-git.v4/plumbing"
+	"gopkg.in/testfixtures.v2"
+)
+
+var codeFilePath = "contrib/pr/checkout.go"
+
+func runPR() {
+	log.Printf("[PR] Starting gitea ...\n")
+	curDir, err := os.Getwd()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.SetCustomPathAndConf("", "", "")
+	setting.NewContext()
+
+	setting.RepoRootPath, err = ioutil.TempDir(os.TempDir(), "repos")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppDataPath, err = ioutil.TempDir(os.TempDir(), "appdata")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppWorkPath = curDir
+	setting.StaticRootPath = curDir
+	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
+	if err != nil {
+		log.Fatalf("url.Parse: %v\n", err)
+	}
+
+	setting.AppURL = "http://localhost:8080/"
+	setting.HTTPPort = "8080"
+	setting.SSH.Domain = "localhost"
+	setting.SSH.Port = 3000
+	setting.InstallLock = true
+	setting.SecretKey = "9pCviYTWSb"
+	setting.InternalToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8"
+	curUser, err := user.Current()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.RunUser = curUser.Username
+
+	log.Printf("[PR] Loading fixtures data ...\n")
+	setting.CheckLFSVersion()
+	//models.LoadConfigs()
+	/*
+		setting.Database.Type = "sqlite3"
+		setting.Database.Path = ":memory:"
+		setting.Database.Timeout = 500
+	*/
+	db := setting.Cfg.Section("database")
+	db.NewKey("DB_TYPE", "sqlite3")
+	db.NewKey("PATH", ":memory:")
+
+	routers.NewServices()
+	setting.Database.LogSQL = true
+	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+
+	var helper testfixtures.Helper = &testfixtures.SQLite{}
+	models.NewEngine(func(_ *xorm.Engine) error {
+		return nil
+	})
+	models.HasEngine = true
+	//x.ShowSQL(true)
+	err = models.InitFixtures(
+		helper,
+		path.Join(curDir, "models/fixtures/"),
+	)
+	if err != nil {
+		fmt.Printf("Error initializing test database: %v\n", err)
+		os.Exit(1)
+	}
+	models.LoadFixtures()
+	os.RemoveAll(setting.RepoRootPath)
+	os.RemoveAll(models.LocalCopyPath())
+	com.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+
+	log.Printf("[PR] Setting up router\n")
+	//routers.GlobalInit()
+	external.RegisterParsers()
+	markup.Init()
+	m := routes.NewMacaron()
+	routes.RegisterRoutes(m)
+
+	log.Printf("[PR] Ready for testing !\n")
+	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
+	/*
+		log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+
+		if setting.LFS.StartServer {
+			log.Info("LFS server enabled")
+		}
+
+		if setting.EnablePprof {
+			go func() {
+				log.Info("Starting pprof server on localhost:6060")
+				log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			}()
+		}
+	*/
+
+	//Start the server
+	http.ListenAndServe(":8080", context2.ClearHandler(m))
+
+	log.Printf("[PR] Cleaning up ...\n")
+	/*
+		if err = os.RemoveAll(setting.Indexer.IssuePath); err != nil {
+			fmt.Printf("os.RemoveAll: %v\n", err)
+			os.Exit(1)
+		}
+		if err = os.RemoveAll(setting.Indexer.RepoPath); err != nil {
+			fmt.Printf("Unable to remove repo indexer: %v\n", err)
+			os.Exit(1)
+		}
+	*/
+	if err = os.RemoveAll(setting.RepoRootPath); err != nil {
+		log.Fatalf("os.RemoveAll: %v\n", err)
+	}
+	if err = os.RemoveAll(setting.AppDataPath); err != nil {
+		log.Fatalf("os.RemoveAll: %v\n", err)
+	}
+}
+
+func main() {
+	var runPRFlag = flag.Bool("run", false, "Run the PR code")
+	flag.Parse()
+	if *runPRFlag {
+		runPR()
+		return
+	}
+
+	// To force checkout (e.g. Windows complains about unclean work tree) set env variable FORCE=true
+	force, err := strconv.ParseBool(os.Getenv("FORCE"))
+	if err != nil {
+		force = false
+	}
+
+	//Otherwise checkout PR
+	if len(os.Args) != 2 {
+		log.Fatal("Need only one arg: the PR number")
+	}
+	pr := os.Args[1]
+
+	codeFilePath = filepath.FromSlash(codeFilePath) //Convert to running OS
+
+	//Copy this file if it will not exist in the PR branch
+	dat, err := ioutil.ReadFile(codeFilePath)
+	if err != nil {
+		log.Fatalf("Failed to cache this code file : %v", err)
+	}
+
+	repo, err := git.PlainOpen(".")
+	if err != nil {
+		log.Fatalf("Failed to open the repo : %v", err)
+	}
+
+	//Find remote upstream
+	remotes, err := repo.Remotes()
+	if err != nil {
+		log.Fatalf("Failed to list remotes of repo : %v", err)
+	}
+	remoteUpstream := "origin" //Default
+	for _, r := range remotes {
+		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea" || r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
+			remoteUpstream = r.Config().Name
+			break
+		}
+	}
+
+	branch := fmt.Sprintf("pr-%s-%d", pr, time.Now().Unix())
+	branchRef := plumbing.NewBranchReferenceName(branch)
+
+	log.Printf("Fetching PR #%s in %s\n", pr, branch)
+	if runtime.GOOS == "windows" {
+		//Use git cli command for windows
+		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
+	} else {
+		ref := fmt.Sprintf("refs/pull/%s/head:%s", pr, branchRef)
+		err = repo.Fetch(&git.FetchOptions{
+			RemoteName: remoteUpstream,
+			RefSpecs: []config.RefSpec{
+				config.RefSpec(ref),
+			},
+		})
+		if err != nil {
+			log.Fatalf("Failed to fetch %s from %s : %v", ref, remoteUpstream, err)
+		}
+	}
+
+	tree, err := repo.Worktree()
+	if err != nil {
+		log.Fatalf("Failed to parse git tree : %v", err)
+	}
+	log.Printf("Checkout PR #%s in %s\n", pr, branch)
+	err = tree.Checkout(&git.CheckoutOptions{
+		Branch: branchRef,
+		Force:  force,
+	})
+	if err != nil {
+		log.Fatalf("Failed to checkout %s : %v", branch, err)
+	}
+
+	//Copy this file if not exist
+	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+		err = ioutil.WriteFile(codeFilePath, dat, 0644)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+	}
+	time.Sleep(5 * time.Second)
+	//Start with integration test
+	runCmd("go", "run", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
+}
+func runCmd(cmd ...string) {
+	log.Printf("Executing : %s ...\n", cmd)
+	c := exec.Command(cmd[0], cmd[1:]...)
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+	if err := c.Start(); err != nil {
+		log.Panicln(err)
+	}
+	if err := c.Wait(); err != nil {
+		log.Panicln(err)
+	}
+}
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -2,10 +2,11 @@
 Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
-#After=mysqld.service
-#After=postgresql.service
-#After=memcached.service
-#After=redis.service
+#Requires=mysql.service
+#Requires=mariadb.service
+#Requires=postgresql.service
+#Requires=memcached.service
+#Requires=redis.service

 [Service]
 # Modify these two values and uncomment them if you have
@@ -14,13 +15,22 @@ After=network.target
 ###
 #LimitMEMLOCK=infinity
 #LimitNOFILE=65535
+RestartSec=2s
 Type=simple
 User=git
 Group=git
-WorkingDirectory=/home/git/gitea
-ExecStart=/home/git/gitea/gitea web
+WorkingDirectory=/var/lib/gitea/
+# If using unix socket: Tells Systemd to create /run/gitea folder to home gitea.sock
+# Manual cration would vanish after reboot.
+#RuntimeDirectory=gitea
+ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
 Restart=always
-Environment=USER=git HOME=/home/git
+Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
+# If you want to bind Gitea to a port below 1024 uncomment
+# the two values below
+###
+#CapabilityBoundingSet=CAP_NET_BIND_SERVICE
+#AmbientCapabilities=CAP_NET_BIND_SERVICE

 [Install]
 WantedBy=multi-user.target
--- a/contrib/windows/install-as-service.bat
+++ b/contrib/windows/install-as-service.bat
@@ -1,25 +0,0 @@
-@ECHO off
-
-:: This script relies on nssm.exe to work.
-:: Please, download it and make it available on the system path,
-:: or copy it to the gogs path.
-:: https://nssm.cc/download
-:: This script itself should run in the gogs path, too.
-:: In case of startup failure, please read carefully the log file.
-:: Make sure Gitea work running manually with "gitea web" before running
-:: this script.
-:: And, please, read carefully the installation docs first:
-:: https://gogs.io/docs/installation
-:: To unistall the service, run "nssm remove gogs" and restart Windows.
-
-:: Set the folder where you extracted Gitea. Omit the last slash.
-SET gogspath=C:\gogs
-
-nssm install gogs "%gogspath%\gogs.exe"
-nssm set gogs AppParameters "web"
-nssm set gogs Description "A painless self-hosted Git service."
-nssm set gogs DisplayName "Gitea - Git with a cup of tea"
-nssm set gogs Start SERVICE_DELAYED_AUTO_START
-nssm set gogs AppStdout "%gogspath%\gogs.log"
-nssm start gogs
-pause
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -0,0 +1,830 @@
+
+; This file lists the default values used by Gitea
+; Copy required sections to your own app.ini (default is custom/conf/app.ini)
+; and modify as needed.
+
+; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.
+
+; App name that shows in every page title
+APP_NAME = Gitea: Git with a cup of tea
+; Change it if you run locally
+RUN_USER = git
+; Either "dev", "prod" or "test", default is "dev"
+RUN_MODE = dev
+
+[repository]
+ROOT =
+SCRIPT_TYPE = bash
+; Default ANSI charset
+ANSI_CHARSET =
+; Force every new repository to be private
+FORCE_PRIVATE = false
+; Default privacy setting when creating a new repository, allowed values: last, private, public. Default is last which means the last setting used.
+DEFAULT_PRIVATE = last
+; Global limit of repositories per user, applied at creation time. -1 means no limit
+MAX_CREATION_LIMIT = -1
+; Mirror sync queue length, increase if mirror syncing starts hanging
+MIRROR_QUEUE_LENGTH = 1000
+; Patch test queue length, increase if pull request patch testing starts hanging
+PULL_REQUEST_QUEUE_LENGTH = 1000
+; Preferred Licenses to place at the top of the List
+; The name here must match the filename in conf/license or custom/conf/license
+PREFERRED_LICENSES = Apache License 2.0,MIT License
+; Disable the ability to interact with repositories using the HTTP protocol
+DISABLE_HTTP_GIT = false
+; Value for Access-Control-Allow-Origin header, default is not to present
+; WARNING: This maybe harmful to you website if you do not give it a right value.
+ACCESS_CONTROL_ALLOW_ORIGIN =
+; Force ssh:// clone url instead of scp-style uri when default SSH port is used
+USE_COMPAT_SSH_URI = false
+; Close issues as long as a commit on any branch marks it as fixed
+DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
+
+[repository.editor]
+; List of file extensions for which lines should be wrapped in the CodeMirror editor
+; Separate extensions with a comma. To line wrap files without an extension, just put a comma
+LINE_WRAP_EXTENSIONS = .txt,.md,.markdown,.mdown,.mkd,
+; Valid file modes that have a preview API associated with them, such as api/v1/markdown
+; Separate the values by commas. The preview tab in edit mode won't be displayed if the file extension doesn't match
+PREVIEWABLE_FILE_MODES = markdown
+
+[repository.local]
+; Path for local repository copy. Defaults to `tmp/local-repo`
+LOCAL_COPY_PATH = tmp/local-repo
+; Path for local wiki copy. Defaults to `tmp/local-wiki`
+LOCAL_WIKI_PATH = tmp/local-wiki
+
+[repository.upload]
+; Whether repository file uploads are enabled. Defaults to `true`
+ENABLED = true
+; Path for uploads. Defaults to `data/tmp/uploads` (tmp gets deleted on gitea restart)
+TEMP_PATH = data/tmp/uploads
+; One or more allowed types, e.g. image/jpeg|image/png. Nothing means any file type
+ALLOWED_TYPES =
+; Max size of each file in megabytes. Defaults to 3MB
+FILE_MAX_SIZE = 3
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+
+[repository.pull-request]
+; List of prefixes used in Pull Request title to mark them as Work In Progress
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+
+[repository.issue]
+; List of reasons why a Pull Request or Issue can be locked
+LOCK_REASONS=Too heated,Off-topic,Resolved,Spam
+
+[cors]
+; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+; enable cors headers (disabled by default)
+ENABLED=false
+; scheme of allowed requests
+SCHEME=http
+; list of requesting domains that are allowed
+ALLOW_DOMAIN=*
+; allow subdomains of headers listed above to request
+ALLOW_SUBDOMAIN=false
+; list of methods allowed to request
+METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+; max time to cache response
+MAX_AGE=10m
+; allow request with credentials
+ALLOW_CREDENTIALS=false
+
+[ui]
+; Number of repositories that are displayed on one explore page
+EXPLORE_PAGING_NUM = 20
+; Number of issues that are displayed on one page
+ISSUE_PAGING_NUM = 10
+; Number of maximum commits displayed in one activity feed
+FEED_MAX_COMMIT_NUM = 5
+; Number of maximum commits displayed in commit graph.
+GRAPH_MAX_COMMIT_NUM = 100
+; Number of line of codes shown for a code comment
+CODE_COMMENT_LINES = 4
+; Value of `theme-color` meta tag, used by Android >= 5.0
+; An invalid color like "none" or "disable" will have the default style
+; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+THEME_COLOR_META_TAG = `#6cc644`
+; Max size of files to be displayed (default is 8MiB)
+MAX_DISPLAY_FILE_SIZE = 8388608
+; Whether the email of the user should be shown in the Explore Users page
+SHOW_USER_EMAIL = true
+; Set the default theme for the Gitea install
+DEFAULT_THEME = gitea
+; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
+THEMES = gitea,arc-green
+; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+DEFAULT_SHOW_FULL_NAME = false
+; Whether to search within description at repository search on explore page.
+SEARCH_REPO_DESCRIPTION = true
+
+[ui.admin]
+; Number of users that are displayed on one page
+USER_PAGING_NUM = 50
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 50
+; Number of notices that are displayed on one page
+NOTICE_PAGING_NUM = 25
+; Number of organizations that are displayed on one page
+ORG_PAGING_NUM = 50
+
+[ui.user]
+; Number of repos that are displayed on one page
+REPO_PAGING_NUM = 15
+
+[ui.meta]
+AUTHOR = Gitea - Git with a cup of tea
+DESCRIPTION = Gitea (Git with a cup of tea) is a painless self-hosted Git service written in Go
+KEYWORDS = go,git,self-hosted,gitea
+
+[markdown]
+; Enable hard line break extension
+ENABLE_HARD_LINE_BREAK = false
+; List of custom URL-Schemes that are allowed as links when rendering Markdown
+; for example git,magnet
+CUSTOM_URL_SCHEMES =
+; List of file extensions that should be rendered/edited as Markdown
+; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
+FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
+
+[server]
+; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'.
+PROTOCOL = http
+DOMAIN = localhost
+ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
+HTTP_ADDR = 0.0.0.0
+HTTP_PORT = 3000
+; If REDIRECT_OTHER_PORT is true, and PROTOCOL is set to https an http server
+; will be started on PORT_TO_REDIRECT and it will redirect plain, non-secure http requests to the main
+; ROOT_URL.  Defaults are false for REDIRECT_OTHER_PORT and 80 for
+; PORT_TO_REDIRECT.
+REDIRECT_OTHER_PORT = false
+PORT_TO_REDIRECT = 80
+; Permission for unix socket
+UNIX_SOCKET_PERMISSION = 666
+; Local (DMZ) URL for Gitea workers (such as SSH update) accessing web service.
+; In most cases you do not need to change the default value.
+; Alter it only if your SSH server node is not the same as HTTP node.
+; Do not set this variable if PROTOCOL is set to 'unix'.
+LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
+; Disable SSH feature when not available
+DISABLE_SSH = false
+; Whether to use the builtin SSH server or not.
+START_SSH_SERVER = false
+; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+BUILTIN_SSH_SERVER_USER =
+; Domain name to be exposed in clone URL
+SSH_DOMAIN = %(DOMAIN)s
+; The network interface the builtin SSH server should listen on
+SSH_LISTEN_HOST =
+; Port number to be exposed in clone URL
+SSH_PORT = 22
+; The port number the builtin SSH server should listen on
+SSH_LISTEN_PORT = %(SSH_PORT)s
+; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
+SSH_ROOT_PATH =
+; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_KEYS_FILE = true
+; For the built-in SSH server, choose the ciphers to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
+; For the built-in SSH server, choose the key exchange algorithms to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_KEY_EXCHANGES = diffie-hellman-group1-sha1, diffie-hellman-group14-sha1, ecdh-sha2-nistp256, ecdh-sha2-nistp384, ecdh-sha2-nistp521, curve25519-sha256@libssh.org
+; For the built-in SSH server, choose the MACs to support for SSH connections,
+; for system SSH this setting has no effect
+SSH_SERVER_MACS = hmac-sha2-256-etm@openssh.com, hmac-sha2-256, hmac-sha1, hmac-sha1-96
+; Directory to create temporary files in when testing public keys using ssh-keygen,
+; default is the system temporary directory.
+SSH_KEY_TEST_PATH =
+; Path to ssh-keygen, default is 'ssh-keygen' which means the shell is responsible for finding out which one to call.
+SSH_KEYGEN_PATH = ssh-keygen
+; Enable SSH Authorized Key Backup when rewriting all keys, default is true
+SSH_BACKUP_AUTHORIZED_KEYS = true
+; Enable exposure of SSH clone URL to anonymous visitors, default is false
+SSH_EXPOSE_ANONYMOUS = false
+; Indicate whether to check minimum key size with corresponding type
+MINIMUM_KEY_SIZE_CHECK = false
+; Disable CDN even in "prod" mode
+OFFLINE_MODE = false
+DISABLE_ROUTER_LOG = false
+; Generate steps:
+; $ ./gitea cert -ca=true -duration=8760h0m0s -host=myhost.example.com
+;
+; Or from a .pfx file exported from the Windows certificate store (do
+; not forget to export the private key):
+; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
+; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
+CERT_FILE = custom/https/cert.pem
+KEY_FILE = custom/https/key.pem
+; Root directory containing templates and static files.
+; default is the path where Gitea is executed
+STATIC_ROOT_PATH =
+; Default path for App data
+APP_DATA_PATH = data
+; Application level GZIP support
+ENABLE_GZIP = false
+; Application profiling (memory and cpu)
+; For "web" command it listens on localhost:6060
+; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
+ENABLE_PPROF = false
+; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+PPROF_DATA_PATH = data/tmp/pprof
+; Landing page, can be "home", "explore", or "organizations"
+LANDING_PAGE = home
+; Enables git-lfs support. true or false, default is false.
+LFS_START_SERVER = false
+; Where your lfs files reside, default is data/lfs.
+LFS_CONTENT_PATH = data/lfs
+; LFS authentication secret, change this yourself
+LFS_JWT_SECRET =
+; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
+LFS_HTTP_AUTH_EXPIRY = 20m
+
+; Define allowed algorithms and their minimum key length (use -1 to disable a type)
+[ssh.minimum_key_sizes]
+ED25519 = 256
+ECDSA = 256
+RSA = 2048
+DSA = 1024
+
+[database]
+; Either "mysql", "postgres", "mssql" or "sqlite3", it's your choice
+DB_TYPE = mysql
+HOST = 127.0.0.1:3306
+NAME = gitea
+USER = root
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
+SSL_MODE = disable
+; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
+; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+CHARSET = utf8
+; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
+PATH = data/gitea.db
+; For "sqlite3" only. Query timeout
+SQLITE_TIMEOUT = 500
+; For iterate buffer, default is 50
+ITERATE_BUFFER_SIZE = 50
+; Show the database generated SQL
+LOG_SQL = true
+; Maximum number of DB Connect retries
+DB_RETRIES = 10
+; Backoff time per DB retry (time.Duration)
+DB_RETRY_BACKOFF = 3s
+; Max idle database connections on connnection pool, default is 2
+MAX_IDLE_CONNS = 2
+; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
+CONN_MAX_LIFETIME = 3s
+; Database maximum number of open connections, default is 0 meaning no maximum
+MAX_OPEN_CONNS = 0
+
+[indexer]
+; Issue indexer type, currently support: bleve or db, default is bleve
+ISSUE_INDEXER_TYPE = bleve
+; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
+ISSUE_INDEXER_PATH = indexers/issues.bleve
+; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
+ISSUE_INDEXER_QUEUE_TYPE = levelqueue
+; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
+; default is indexers/issues.queue
+ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
+; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+; Batch queue number, default is 20
+ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
+
+; repo indexer by default disabled, since it uses a lot of disk space
+REPO_INDEXER_ENABLED = false
+REPO_INDEXER_PATH = indexers/repos.bleve
+UPDATE_BUFFER_LEN = 20
+MAX_FILE_SIZE = 1048576
+; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
+; in the index; default is empty
+REPO_INDEXER_INCLUDE =
+; A comma separated list of glob patterns to exclude from the index; ; default is empty
+REPO_INDEXER_EXCLUDE =
+
+[admin]
+; Disallow regular (non-admin) users from creating organizations.
+DISABLE_REGULAR_ORG_CREATION = false
+; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+DEFAULT_EMAIL_NOTIFICATIONS = enabled
+
+[security]
+; Whether the installer is disabled
+INSTALL_LOCK = false
+; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
+SECRET_KEY = !#@FDEWREWR&*(
+; How long to remember that a user is logged in before requiring relogin (in days)
+LOGIN_REMEMBER_DAYS = 7
+COOKIE_USERNAME = gitea_awesome
+COOKIE_REMEMBER_NAME = gitea_incredible
+; Reverse proxy authentication header name of user name
+REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
+; The minimum password length for new Users
+MIN_PASSWORD_LENGTH = 6
+; Set to true to allow users to import local server paths
+IMPORT_LOCAL_PATHS = false
+; Set to true to prevent all users (including admin) from creating custom git hooks
+DISABLE_GIT_HOOKS = false
+;Comma separated list of character classes required to pass minimum complexity.
+;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
+;Use "off" to disable checking.
+PASSWORD_COMPLEXITY = lower,upper,digit,spec
+; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
+PASSWORD_HASH_ALGO = pbkdf2
+; Set false to allow JavaScript to read CSRF cookie
+CSRF_COOKIE_HTTP_ONLY = true
+
+[openid]
+;
+; OpenID is an open, standard and decentralized authentication protocol.
+; Your identity is the address of a webpage you provide, which describes
+; how to prove you are in control of that page.
+;
+; For more info: https://en.wikipedia.org/wiki/OpenID
+;
+; Current implementation supports OpenID-2.0
+;
+; Tested to work providers at the time of writing:
+;  - Any GNUSocial node (your.hostname.tld/username)
+;  - Any SimpleID provider (http://simpleid.koinic.net)
+;  - http://openid.org.cn/
+;  - openid.stackexchange.com
+;  - login.launchpad.net
+;  - <username>.livejournal.com
+;
+; Whether to allow signin in via OpenID
+ENABLE_OPENID_SIGNIN = true
+; Whether to allow registering via OpenID
+; Do not include to rely on rhw DISABLE_REGISTRATION setting
+;ENABLE_OPENID_SIGNUP = true
+; Allowed URI patterns (POSIX regexp).
+; Space separated.
+; Only these would be allowed if non-blank.
+; Example value: trusted.domain.org trusted.domain.net
+WHITELISTED_URIS =
+; Forbidden URI patterns (POSIX regexp).
+; Space separated.
+; Only used if WHITELISTED_URIS is blank.
+; Example value: loadaverage.org/badguy stackexchange.com/.*spammer
+BLACKLISTED_URIS =
+
+[service]
+; Time limit to confirm account/email registration
+ACTIVE_CODE_LIVE_MINUTES = 180
+; Time limit to perform the reset of a forgotten password
+RESET_PASSWD_CODE_LIVE_MINUTES = 180
+; Whether a new user needs to confirm their email when registering.
+REGISTER_EMAIL_CONFIRM = false
+; List of domain names that are allowed to be used to register on a Gitea instance
+; gitea.io,example.com
+EMAIL_DOMAIN_WHITELIST=
+; Disallow registration, only allow admins to create accounts.
+DISABLE_REGISTRATION = false
+; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
+ALLOW_ONLY_EXTERNAL_REGISTRATION = false
+; User must sign in to view anything.
+REQUIRE_SIGNIN_VIEW = false
+; Mail notification
+ENABLE_NOTIFY_MAIL = false
+; More detail: https://github.com/gogits/gogs/issues/165
+ENABLE_REVERSE_PROXY_AUTHENTICATION = false
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+ENABLE_REVERSE_PROXY_EMAIL = false
+; Enable captcha validation for registration
+ENABLE_CAPTCHA = false
+; Type of captcha you want to use. Options: image, recaptcha
+CAPTCHA_TYPE = image
+; Enable recaptcha to use Google's recaptcha service
+; Go to https://www.google.com/recaptcha/admin to sign up for a key
+RECAPTCHA_SECRET  =
+RECAPTCHA_SITEKEY =
+; Change this to use recaptcha.net or other recaptcha service
+RECAPTCHA_URL = https://www.google.com/recaptcha/
+; Default value for KeepEmailPrivate
+; Each new user will get the value of this setting copied into their profile
+DEFAULT_KEEP_EMAIL_PRIVATE = false
+; Default value for AllowCreateOrganization
+; Every new user will have rights set to create organizations depending on this setting
+DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+; Either "public", "limited" or "private", default is "public"
+; Limited is for signed user only
+; Private is only for member of the organization
+; Public is for everyone
+DEFAULT_ORG_VISIBILITY = public
+; Default value for DefaultOrgMemberVisible
+; True will make the membership of the users visible when added to the organisation
+DEFAULT_ORG_MEMBER_VISIBLE = false
+; Default value for EnableDependencies
+; Repositories will use dependencies by default depending on this setting
+DEFAULT_ENABLE_DEPENDENCIES = true
+; Enable heatmap on users profiles.
+ENABLE_USER_HEATMAP = true
+; Enable Timetracking
+ENABLE_TIMETRACKING = true
+; Default value for EnableTimetracking
+; Repositories will use timetracking by default depending on this setting
+DEFAULT_ENABLE_TIMETRACKING = true
+; Default value for AllowOnlyContributorsToTrackTime
+; Only users with write permissions can track time if this is true
+DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
+; Default value for the domain part of the user's email address in the git log
+; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
+; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
+NO_REPLY_ADDRESS = noreply.example.org
+; Show Registration button
+SHOW_REGISTRATION_BUTTON = true
+; Default value for AutoWatchNewRepos
+; When adding a repo to a team or creating a new repo all team members will watch the
+; repo automatically if enabled
+AUTO_WATCH_NEW_REPOS = true
+
+[webhook]
+; Hook task queue length, increase if webhook shooting starts hanging
+QUEUE_LENGTH = 1000
+; Deliver timeout in seconds
+DELIVER_TIMEOUT = 5
+; Allow insecure certification
+SKIP_TLS_VERIFY = false
+; Number of history information in each page
+PAGING_NUM = 10
+
+[mailer]
+ENABLED = false
+; Buffer length of channel, keep it as it is if you don't know what it is.
+SEND_BUFFER_LEN = 100
+; Prefix displayed before subject in mail
+SUBJECT_PREFIX =
+; Mail server
+; Gmail: smtp.gmail.com:587
+; QQ: smtp.qq.com:465
+; Note, if the port ends with "465", SMTPS will be used. Using STARTTLS on port 587 is recommended per RFC 6409. If the server supports STARTTLS it will always be used.
+HOST =
+; Disable HELO operation when hostnames are different.
+DISABLE_HELO =
+; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
+HELO_HOSTNAME =
+; Do not verify the certificate of the server. Only use this for self-signed certificates
+SKIP_VERIFY =
+; Use client certificate
+USE_CERTIFICATE = false
+CERT_FILE = custom/mailer/cert.pem
+KEY_FILE = custom/mailer/key.pem
+; Should SMTP connection use TLS
+IS_TLS_ENABLED = false
+; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
+FROM =
+; Mailer user name and password
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Send mails as plain text
+SEND_AS_PLAIN_TEXT = false
+; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+MAILER_TYPE = smtp
+; Specify an alternative sendmail binary
+SENDMAIL_PATH = sendmail
+; Specify any extra sendmail arguments
+SENDMAIL_ARGS =
+
+[cache]
+; Either "memory", "redis", or "memcache", default is "memory"
+ADAPTER = memory
+; For "memory" only, GC interval in seconds, default is 60
+INTERVAL = 60
+; For "redis" and "memcache", connection host address
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; memcache: `127.0.0.1:11211`
+HOST =
+; Time to keep items in cache if not used, default is 16 hours.
+; Setting it to 0 disables caching
+ITEM_TTL = 16h
+
+[session]
+; Either "memory", "file", or "redis", default is "memory"
+PROVIDER = memory
+; Provider config options
+; memory: doesn't have any config yet
+; file: session file path, e.g. `data/sessions`
+; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
+; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
+PROVIDER_CONFIG = data/sessions
+; Session cookie name
+COOKIE_NAME = i_like_gitea
+; If you use session in https only, default is false
+COOKIE_SECURE = false
+; Enable set cookie, default is true
+ENABLE_SET_COOKIE = true
+; Session GC time interval in seconds, default is 86400 (1 day)
+GC_INTERVAL_TIME = 86400
+; Session life time in seconds, default is 86400 (1 day)
+SESSION_LIFE_TIME = 86400
+
+[picture]
+AVATAR_UPLOAD_PATH = data/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
+; How Gitea deals with missing repository avatars
+; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
+REPOSITORY_AVATAR_FALLBACK = none
+REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
+; Max Width and Height of uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_WIDTH = 4096
+AVATAR_MAX_HEIGHT = 3072
+; Maximum alloved file size for uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_FILE_SIZE = 1048576
+; Chinese users can choose "duoshuo"
+; or a custom avatar source, like: http://cn.gravatar.com/avatar/
+GRAVATAR_SOURCE = gravatar
+; This value will always be true in offline mode.
+DISABLE_GRAVATAR = false
+; Federated avatar lookup uses DNS to discover avatar associated
+; with emails, see https://www.libravatar.org
+; This value will always be false in offline mode or when Gravatar is disabled.
+ENABLE_FEDERATED_AVATAR = false
+
+[attachment]
+; Whether attachments are enabled. Defaults to `true`
+ENABLED = true
+; Path for attachments. Defaults to `data/attachments`
+PATH = data/attachments
+; One or more allowed types, e.g. image/jpeg|image/png
+ALLOWED_TYPES = image/jpeg|image/png|application/zip|application/gzip
+; Max size of each file. Defaults to 4MB
+MAX_SIZE = 4
+; Max number of files per upload. Defaults to 5
+MAX_FILES = 5
+
+[time]
+; Specifies the format for fully outputted dates. Defaults to RFC1123
+; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
+; For more information about the format see http://golang.org/pkg/time/#pkg-constants
+FORMAT =
+; Location the UI time display i.e. Asia/Shanghai
+; Empty means server's location setting
+DEFAULT_UI_LOCATION =
+
+[log]
+ROOT_PATH =
+; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; Use comma to separate multiple modes, e.g. "console, file"
+MODE = console
+; Buffer length of the channel, keep it as it is if you don't know what it is.
+BUFFER_LEN = 10000
+REDIRECT_MACARON_LOG = false
+MACARON = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
+ROUTER_LOG_LEVEL = Info
+ROUTER = console
+ENABLE_ACCESS_LOG = false
+ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+ACCESS = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+LEVEL = Info
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+STACKTRACE_LEVEL = None
+
+; Generic log modes
+[log.x]
+FLAGS = stdflags
+EXPRESSION =
+PREFIX =
+COLORIZE = false
+
+; For "console" mode only
+[log.console]
+LEVEL =
+STDERR = false
+
+; For "file" mode only
+[log.file]
+LEVEL =
+; Set the file_name for the logger. If this is a relative path this
+; will be relative to ROOT_PATH
+FILE_NAME =
+; This enables automated log rotate(switch of following options), default is true
+LOG_ROTATE = true
+; Max number of lines in a single file, default is 1000000
+MAX_LINES = 1000000
+; Max size shift of a single file, default is 28 means 1 << 28, 256MB
+MAX_SIZE_SHIFT = 28
+; Segment log daily, default is true
+DAILY_ROTATE = true
+; delete the log file after n days, default is 7
+MAX_DAYS = 7
+; compress logs with gzip
+COMPRESS = true
+; compression level see godoc for compress/gzip
+COMPRESSION_LEVEL = -1
+
+; For "conn" mode only
+[log.conn]
+LEVEL =
+; Reconnect host for every single message, default is false
+RECONNECT_ON_MSG = false
+; Try to reconnect when connection is lost, default is false
+RECONNECT = false
+; Either "tcp", "unix" or "udp", default is "tcp"
+PROTOCOL = tcp
+; Host address
+ADDR =
+
+; For "smtp" mode only
+[log.smtp]
+LEVEL =
+; Name displayed in mail title, default is "Diagnostic message from server"
+SUBJECT = Diagnostic message from server
+; Mail server
+HOST =
+; Mailer user name and password
+USER =
+; Use PASSWD = `your password` for quoting if you use special characters in the password.
+PASSWD =
+; Receivers, can be one or more, e.g. 1@example.com,2@example.com
+RECEIVERS =
+
+[cron]
+; Enable running cron tasks periodically.
+ENABLED = true
+; Run cron tasks when Gitea starts.
+RUN_AT_START = false
+
+; Update mirrors
+[cron.update_mirrors]
+SCHEDULE = @every 10m
+
+; Repository health check
+[cron.repo_health_check]
+SCHEDULE = @every 24h
+TIMEOUT = 60s
+; Arguments for command 'git fsck', e.g. "--unreachable --tags"
+; see more on http://git-scm.com/docs/git-fsck
+ARGS =
+
+; Check repository statistics
+[cron.check_repo_stats]
+RUN_AT_START = true
+SCHEDULE = @every 24h
+
+; Clean up old repository archives
+[cron.archive_cleanup]
+; Whether to enable the job
+ENABLED = true
+; Whether to always run at least once at start up time (if ENABLED)
+RUN_AT_START = true
+; Time interval for job to run
+SCHEDULE = @every 24h
+; Archives created more than OLDER_THAN ago are subject to deletion
+OLDER_THAN = 24h
+
+; Synchronize external user data (only LDAP user synchronization is supported)
+[cron.sync_external_users]
+; Synchronize external user data when starting server (default false)
+RUN_AT_START = false
+; Interval as a duration between each synchronization (default every 24h)
+SCHEDULE = @every 24h
+; Create new users, update existing user data and disable users that are not in external source anymore (default)
+;   or only create new users if UPDATE_EXISTING is set to false
+UPDATE_EXISTING = true
+
+; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
+[cron.update_migration_post_id]
+; Interval as a duration between each synchronization. (default every 24h)
+SCHEDULE = @every 24h
+
+[git]
+; The path of git executable. If empty, Gitea searches through the PATH environment.
+PATH =
+; Disables highlight of added and removed changes
+DISABLE_DIFF_HIGHLIGHT = false
+; Max number of lines allowed in a single file in diff view
+MAX_GIT_DIFF_LINES = 1000
+; Max number of allowed characters in a line in diff view
+MAX_GIT_DIFF_LINE_CHARACTERS = 5000
+; Max number of files shown in diff view
+MAX_GIT_DIFF_FILES = 100
+; Arguments for command 'git gc', e.g. "--aggressive --auto"
+; see more on http://git-scm.com/docs/git-gc/
+GC_ARGS =
+; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+EnableAutoGitWireProtocol = true
+
+; Operation timeout in seconds
+[git.timeout]
+DEFAULT = 360
+MIGRATE = 600
+MIRROR = 300
+CLONE = 300
+PULL = 300
+GC = 60
+
+[mirror]
+; Default interval as a duration between each check
+DEFAULT_INTERVAL = 8h
+; Min interval as a duration must be > 1m
+MIN_INTERVAL = 10m
+
+[api]
+; Enables Swagger. True or false; default is true.
+ENABLE_SWAGGER = true
+; Max number of items in a page
+MAX_RESPONSE_ITEMS = 50
+; Default paging number of api
+DEFAULT_PAGING_NUM = 30
+; Default and maximum number of items per page for git trees api
+DEFAULT_GIT_TREES_PER_PAGE = 1000
+; Default size of a blob returned by the blobs API (default is 10MiB)
+DEFAULT_MAX_BLOB_SIZE = 10485760
+
+[oauth2]
+; Enables OAuth2 provider
+ENABLE = true
+; Lifetime of an OAuth2 access token in seconds
+ACCESS_TOKEN_EXPIRATION_TIME=3600
+; Lifetime of an OAuth2 access token in hours
+REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
+; OAuth2 authentication secret for access and refresh tokens, change this to a unique string.
+JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
+
+[i18n]
+LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
+NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,Українська,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어
+
+; Used for datetimepicker
+[i18n.datelang]
+en-US = en
+zh-CN = zh
+zh-HK = zh-HK
+zh-TW = zh-TW
+de-DE = de
+fr-FR = fr
+nl-NL = nl
+lv-LV = lv
+ru-RU = ru
+uk-UA = uk
+ja-JP = ja
+es-ES = es
+pt-BR = pt-BR
+pl-PL = pl
+bg-BG = bg
+it-IT = it
+fi-FI = fi
+tr-TR = tr
+cs-CZ = cs-CZ
+sr-SP = sr
+sv-SE = sv
+ko-KR = ko
+
+[U2F]
+; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
+; Two Factor authentication with security keys
+; https://developers.yubico.com/U2F/App_ID.html
+;APP_ID = http://localhost:3000/
+; Comma seperated list of trusted facets
+;TRUSTED_FACETS = http://localhost:3000/
+
+; Extension mapping to highlight class
+; e.g. .toml=ini
+[highlight.mapping]
+
+[other]
+SHOW_FOOTER_BRANDING = false
+; Show version information about Gitea and Go in the footer
+SHOW_FOOTER_VERSION = true
+; Show template execution time in the footer
+SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
+
+[markup.asciidoc]
+ENABLED = false
+; List of file extensions that should be rendered by an external command
+FILE_EXTENSIONS = .adoc,.asciidoc
+; External command to render all matching extensions
+RENDER_COMMAND = "asciidoc --out-file=- -"
+; Don't pass the file on STDIN, pass the filename as argument instead.
+IS_INPUT_FILE = false
+
+[metrics]
+; Enables metrics endpoint. True or false; default is false.
+ENABLED = false
+; If you want to add authorization, specify a token here
+TOKEN =
+
+[task]
+; Task queue type, could be `channel` or `redis`.
+QUEUE_TYPE = channel
+; Task queue length, available only when `QUEUE_TYPE` is `channel`.
+QUEUE_LENGTH = 1000
+; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
+; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -0,0 +1,14 @@
+#Makefile related to docker
+
+DOCKER_IMAGE ?= gitea/gitea
+DOCKER_TAG ?= latest
+DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)
+
+.PHONY: docker
+docker:
+	docker build --disable-content-trust=false -t $(DOCKER_REF) .
+# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .
+
+.PHONY: docker-build
+docker-build:
+	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" webhippie/golang:edge make clean generate build
--- a/docker/etc/profile.d/gitea.sh
+++ b/docker/etc/profile.d/gitea.sh
@@ -1,2 +0,0 @@
-#!/bin/bash
-export GITEA_CUSTOM=/data/gitea
--- a/docker/etc/s6/gitea/run
+++ b/docker/etc/s6/gitea/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /app/gitea > /dev/null
-    exec su-exec git /app/gitea/gitea web
-popd
--- a/docker/etc/s6/gitea/setup
+++ b/docker/etc/s6/gitea/setup
@@ -1,19 +0,0 @@
-#!/bin/bash
-
-if [ ! -d /data/git/.ssh ]; then
-    mkdir -p /data/git/.ssh
-    chmod 700 /data/git/.ssh
-fi
-
-if [ ! -f /data/git/.ssh/environment ]; then
-    echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
-    chmod 600 /data/git/.ssh/environment
-fi
-
-if [ ! -f /data/gitea/conf/app.ini ]; then
-    mkdir -p /data/gitea/conf
-    cp /etc/templates/app.ini /data/gitea/conf/app.ini
-fi
-
-chown -R git:git /data/gitea /app/gitea /data/git
-chmod 0755 /data/gitea /app/gitea /data/git
--- a/docker/etc/s6/openssh/run
+++ b/docker/etc/s6/openssh/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /usr/sbin/sshd -D
-popd
--- a/docker/etc/s6/openssh/setup
+++ b/docker/etc/s6/openssh/setup
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-if [ ! -d /data/ssh ]; then
-    mkdir -p /data/ssh
-fi
-
-if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
-    echo "Generating /data/ssh/ssh_host_ed25519_key..."
-    ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_rsa_key..."
-    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_dsa_key..."
-    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
-    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
-fi
-
-chown root:root /data/ssh/*
-chmod 0700 /data/ssh
-chmod 0600 /data/ssh/*
--- a/docker/etc/s6/syslogd/finish
+++ b/docker/etc/s6/syslogd/finish
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
--- a/docker/etc/s6/syslogd/run
+++ b/docker/etc/s6/syslogd/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /sbin/syslogd -nS -O-
-popd
--- a/docker/etc/s6/syslogd/setup
+++ b/docker/etc/s6/syslogd/setup
@@ -1 +0,0 @@
-#!/bin/bash
--- a/docker/etc/templates/app.ini
+++ b/docker/etc/templates/app.ini
@@ -1,24 +0,0 @@
-[repository]
-ROOT = /data/git/repositories
-
-[repository.upload]
-TEMP_PATH = /data/gitea/uploads
-
-[server]
-APP_DATA_PATH = /data/gitea
-
-[database]
-DB_TYPE = sqlite3
-PATH = /data/gitea/gitea.db
-
-[session]
-PROVIDER_CONFIG = /data/gitea/sessions
-
-[picture]
-AVATAR_UPLOAD_PATH = /data/gitea/avatars
-
-[attachment]
-PATH = /data/gitea/attachments
-
-[log]
-ROOT_PATH = /data/gitea/log
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -0,0 +1,19 @@
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux
+      variant: v8
--- a/docker/root/etc/nsswitch.conf
+++ b/docker/root/etc/nsswitch.conf
--- a/docker/root/etc/s6/.s6-svscan/finish
+++ b/docker/root/etc/s6/.s6-svscan/finish
--- a/docker/root/etc/s6/gitea/finish
+++ b/docker/root/etc/s6/gitea/finish
--- a/docker/root/etc/s6/gitea/run
+++ b/docker/root/etc/s6/gitea/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /app/gitea > /dev/null
+    exec su-exec $USER /app/gitea/gitea web
+popd
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
@@ -0,0 +1,54 @@
+#!/bin/bash
+
+if [ ! -d /data/git/.ssh ]; then
+    mkdir -p /data/git/.ssh
+    chmod 700 /data/git/.ssh
+fi
+
+if [ ! -f /data/git/.ssh/environment ]; then
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment
+    chmod 600 /data/git/.ssh/environment
+
+elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then
+    sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment
+fi
+
+if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+    mkdir -p ${GITEA_CUSTOM}/conf
+
+    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+    # INSTALL_LOCK is empty
+    if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+        INSTALL_LOCK=true
+    fi
+
+    # Substitude the environment variables in the template
+    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    RUN_MODE=${RUN_MODE:-"dev"} \
+    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+    HTTP_PORT=${HTTP_PORT:-"3000"} \
+    ROOT_URL=${ROOT_URL:-""} \
+    DISABLE_SSH=${DISABLE_SSH:-"false"} \
+    SSH_PORT=${SSH_PORT:-"22"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+    LFS_START_SERVER=${LFS_START_SERVER:-"false"} \
+    DB_TYPE=${DB_TYPE:-"sqlite3"} \
+    DB_HOST=${DB_HOST:-"localhost:3306"} \
+    DB_NAME=${DB_NAME:-"gitea"} \
+    DB_USER=${DB_USER:-"root"} \
+    DB_PASSWD=${DB_PASSWD:-""} \
+    INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+    SECRET_KEY=${SECRET_KEY:-""} \
+    envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
+    chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
+fi
+
+# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
+if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
+if ! [[ $(ls -ld /app/gitea  | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea;  fi
+if ! [[ $(ls -ld /data/git   | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git;   fi
+chmod 0755 /data/gitea /app/gitea /data/git
--- a/docker/root/etc/s6/openssh/finish
+++ b/docker/root/etc/s6/openssh/finish
--- a/docker/root/etc/s6/openssh/run
+++ b/docker/root/etc/s6/openssh/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /root > /dev/null
+    exec su-exec root /usr/sbin/sshd -D -e 2>&1
+popd
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+if [ ! -d /data/ssh ]; then
+    mkdir -p /data/ssh
+fi
+
+if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
+    echo "Generating /data/ssh/ssh_host_ed25519_key..."
+    ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_rsa_key..."
+    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
+    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
+fi
+
+if [ -d /etc/ssh ]; then
+    SSH_PORT=${SSH_PORT:-"22"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+    envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
+
+    chmod 0644 /etc/ssh/sshd_config
+fi
+
+chown root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -0,0 +1,54 @@
+APP_NAME = $APP_NAME
+RUN_MODE = $RUN_MODE
+
+[repository]
+ROOT = /data/git/repositories
+
+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
+[repository.upload]
+TEMP_PATH = /data/gitea/uploads
+
+[server]
+APP_DATA_PATH = /data/gitea
+SSH_DOMAIN       = $SSH_DOMAIN
+HTTP_PORT        = $HTTP_PORT
+ROOT_URL         = $ROOT_URL
+DISABLE_SSH      = $DISABLE_SSH
+SSH_PORT         = $SSH_PORT
+SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
+LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = /data/git/lfs
+
+[database]
+PATH = /data/gitea/gitea.db
+DB_TYPE = $DB_TYPE
+HOST    = $DB_HOST
+NAME    = $DB_NAME
+USER    = $DB_USER
+PASSWD  = $DB_PASSWD
+
+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
+[session]
+PROVIDER_CONFIG = /data/gitea/sessions
+
+[picture]
+AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars
+
+[attachment]
+PATH = /data/gitea/attachments
+
+[log]
+ROOT_PATH = /data/gitea/log
+
+[security]
+INSTALL_LOCK = $INSTALL_LOCK
+SECRET_KEY   = $SECRET_KEY
+
+[service]
+DISABLE_REGISTRATION = $DISABLE_REGISTRATION
+REQUIRE_SIGNIN_VIEW  = $REQUIRE_SIGNIN_VIEW
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -1,4 +1,4 @@
-Port 22
+Port ${SSH_LISTEN_PORT}
 Protocol 2

 AddressFamily any
@@ -25,8 +25,9 @@ ChallengeResponseAuthentication no
 PasswordAuthentication no
 PermitEmptyPasswords no

-AllowUsers git
+AllowUsers ${USER}

 Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
-UsePrivilegeSeparation no
+
+AcceptEnv GIT_PROTOCOL
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -0,0 +1,35 @@
+#!/bin/sh
+
+if [ "${USER}" != "git" ]; then
+    # rename user
+    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
+fi
+
+if [ -z "${USER_GID}" ]; then
+  USER_GID="`id -g ${USER}`"
+fi
+
+if [ -z "${USER_UID}" ]; then
+  USER_UID="`id -u ${USER}`"
+fi
+
+## Change GID for USER?
+if [ -n "${USER_GID}" ] && [ "${USER_GID}" != "`id -g ${USER}`" ]; then
+    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*/${USER}:\1:${USER_GID}/" /etc/group
+    sed -i -e "s/^${USER}:\([^:]*\):\([0-9]*\):[0-9]*/${USER}:\1:\2:${USER_GID}/" /etc/passwd
+fi
+
+## Change UID for USER?
+if [ -n "${USER_UID}" ] && [ "${USER_UID}" != "`id -u ${USER}`" ]; then
+    sed -i -e "s/^${USER}:\([^:]*\):[0-9]*:\([0-9]*\)/${USER}:\1:${USER_UID}:\2/" /etc/passwd
+fi
+
+for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
+    mkdir -p ${FOLDER}
+done
+
+if [ $# -gt 0 ]; then
+    exec "$@"
+else
+    exec /bin/s6-svscan /etc/s6
+fi
--- a/docker/usr/bin/entrypoint
+++ b/docker/usr/bin/entrypoint
@@ -1,11 +0,0 @@
-#!/bin/sh
-
-for FOLDER in /data/gitea/conf /data/gitea/log /data/git /data/ssh; do
-    mkdir -p ${FOLDER}
-done
-
-if [ $# -gt 0 ]; then
-    exec "$@"
-else
-    exec /bin/s6-svscan /etc/s6
-fi
--- a/docs/.editorconfig
+++ b/docs/.editorconfig
@@ -0,0 +1,34 @@
+# http://editorconfig.org
+
+root = true
+
+[*]
+charset = utf-8
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.go]
+indent_style = tab
+indent_size = 8
+
+[*.{tmpl,html}]
+indent_style = tab
+indent_size = 4
+
+[*.{less}]
+indent_style = space
+indent_size = 4
+
+[*.{yml}]
+indent_style = space
+indent_size = 2
+
+[*.js]
+indent_style = space
+indent_size = 4
+
+[Makefile]
+indent_style = tab
+
+[*.md]
+trim_trailing_whitespace = false
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -0,0 +1,3 @@
+public/
+templates/swagger/v1_json.tmpl
+themes/
--- a/vendor/github.com/coreos/etcd/LICENSE
+++ b/vendor/github.com/coreos/etcd/LICENSE
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -0,0 +1,30 @@
+THEME := themes/gitea
+PUBLIC := public
+ARCHIVE := https://dl.gitea.io/theme/master.tar.gz
+
+.PHONY: all
+all: build
+
+.PHONY: clean
+clean:
+	rm -rf $(PUBLIC) $(THEME)
+
+.PHONY: trans-copy
+trans-copy:
+	@bash scripts/trans-copy
+
+.PHONY: server
+server: $(THEME)
+	hugo server
+
+.PHONY: build
+build: $(THEME)
+	hugo --cleanDestinationDir
+
+.PHONY: update
+update: $(THEME)
+
+$(THEME): $(THEME)/theme.toml
+$(THEME)/theme.toml:
+	mkdir -p $$(dirname $@)
+	curl -s $(ARCHIVE) | tar xz -C $$(dirname $@)
--- a/docs/README.md
+++ b/docs/README.md
@@ -0,0 +1,51 @@
+# Gitea: Docs
+
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
+[![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
+
+## Hosting
+
+These pages are hosted using [netlifycms](https://www.netlifycms.org/) and get
+automatically updated on every push to the `master` branch.
+
+## Install
+
+These pages use the [Hugo](https://gohugo.io/) static site generator.
+If you are planning to contribute you'll want to download and install Hugo on
+your local machine.
+
+The installation of Hugo is out of the scope of this document, so please take
+the [official install instructions](https://gohugo.io/overview/installing/) to
+get Hugo up and running.
+
+## Development
+
+To generate the website and serve it on [localhost:1313](http://localhost:1313)
+just execute this command and stop it with `Ctrl+C`:
+
+```
+make server
+```
+
+When you are done with your changes just create a pull request, after merging
+the pull request the website will be updated automatically.
+
+## Contributing
+
+Fork -> Patch -> Push -> Pull Request
+
+## Authors
+
+* [Maintainers](https://github.com/orgs/go-gitea/people)
+* [Contributors](https://github.com/go-gitea/docs/graphs/contributors)
+
+## License
+
+This project is under the Apache-2.0 License. See the [LICENSE](LICENSE) file
+for the full license text.
+
+## Copyright
+
+```
+Copyright (c) 2016 The Gitea Authors <https://gitea.io>
+```
--- a/docs/README_ZH.md
+++ b/docs/README_ZH.md
@@ -0,0 +1,42 @@
+# Gitea: 文档
+
+[![Build Status](http://drone.gitea.io/api/badges/go-gitea/docs/status.svg)](http://drone.gitea.io/go-gitea/docs)
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
+
+## 关于托管方式
+
+本页面托管在我们 Docker 容器内的基础设施上， 它会在每次推送到 `master` 分支的时候自动更新，如果你想自己管理这个页面，你可以从我们的 Docker 镜像 [gitea/docs](https://hub.docker.com/r/gitea/docs/) 中获取它。
+
+## 安装 Hugo
+
+本页面使用了 [Hugo](https://github.com/spf13/hugo) 静态页面生成工具，如果您有维护它的意愿，则需要在本地计算机上下载并安装 Hugo。Hugo 的安装教程不在本文档的讲述范围之内，详情请参见 [官方文档](https://gohugo.io/overview/installing/)。
+
+## 如何部署
+
+在 [localhost:1313](http://localhost:1313) 处构建和运行网站的命令如下，如果需要停止可以使用组合键 `Ctrl+C`:
+
+```
+make server
+```
+
+完成更改后，只需创建一个 Pull Request (PR)，该 PR 一经合并网站将自动更新。
+
+## 如何贡献您的代码
+
+Fork -> Patch -> Push -> Pull Request
+
+## 关于我们
+
+* [维护者信息](https://github.com/orgs/go-gitea/people)
+* [代码贡献者信息](https://github.com/go-gitea/docs/graphs/contributors)
+
+## 许可证
+
+此项目采用 Apache-2.0 许可协议，请参见 [协议文件](LICENSE) 获取更多信息。
+
+## 版权声明
+
+```
+Copyright (c) 2016 The Gitea Authors <https://gitea.io>
+```
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -0,0 +1,281 @@
+baseurl: https://docs.gitea.io/
+languageCode: en-us
+title: Docs
+theme: gitea
+
+defaultContentLanguage: en-us
+defaultContentLanguageInSubdir: true
+enableMissingTranslationPlaceholders: true
+enableEmoji: true
+
+permalinks:
+  post: /:year/:month/:title/
+  doc: /:slug/
+  page: /:slug/
+  default: /:slug/
+
+params:
+  description: Git with a cup of tea
+  author: The Gitea Authors
+  website: https://docs.gitea.io
+  version: 1.9.3
+
+menu:
+  page:
+    - name: Website
+      url: https://gitea.io/en-us/
+      weight: 10
+      pre: home
+    - name: Docs
+      url: /en-us/
+      weight: 20
+      pre: question
+      post: active
+    - name: API
+      url: https://try.gitea.io/api/swagger
+      weight: 45
+      pre: plug
+    - name: Blog
+      url: https://blog.gitea.io/
+      weight: 30
+      pre: rss
+    - name: Code
+      url: https://code.gitea.io/
+      weight: 40
+      pre: code
+    - name: Downloads
+      url: https://dl.gitea.io/
+      weight: 50
+      pre: download
+    - name: GitHub
+      url: https://github.com/go-gitea/
+      weight: 60
+      pre: github
+    - name: Discord Chat
+      url: https://discord.gg/NsatcWJ
+      weight: 70
+      pre: comment
+    - name: Forum
+      url: https://discourse.gitea.io/
+      weight: 80
+      pre: group
+
+languages:
+  en-us:
+    weight: 0
+    languageName: English
+
+  zh-cn:
+    weight: 1
+    languageName: 中文(简体)
+    menu:
+      page:
+        - name: 网站
+          url: https://gitea.io/zh-cn/
+          weight: 10
+          pre: home
+        - name: 文档
+          url: /zh-cn/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: 博客
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: 导入
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: 下载
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/NsatcWJ
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  zh-tw:
+    weight: 2
+    languageName: 中文(繁體)
+    menu:
+      page:
+        - name: 網站
+          url: https://gitea.io/zh-tw/
+          weight: 10
+          pre: home
+        - name: 文件
+          url: /zh-tw/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: 部落格
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: 程式碼
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: 下载
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/NsatcWJ
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  pt-br:
+    weight: 3
+    languageName: Português Brasileiro
+    menu:
+      page:
+        - name: Página inicial
+          url: https://gitea.io/pt-br/
+          weight: 10
+          pre: home
+        - name: Documentação
+          url: /pt-br/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Código-fonte
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Downloads
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Chat no Discord
+          url: https://discord.gg/NsatcWJ
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  nl-nl:
+    weight: 4
+    languageName: Nederlands
+    menu:
+      page:
+        - name: Website
+          url: https://gitea.io/nl-nl/
+          weight: 10
+          pre: home
+        - name: Docs
+          url: /nl-nl/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Code
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Downloads
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/NsatcWJ
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  fr-fr:
+    weight: 5
+    languageName: Français
+    menu:
+      page:
+        - name: Site
+          url: https://gitea.io/en-us/
+          weight: 10
+          pre: home
+          post: active
+        - name: Documentation
+          url: /fr-fr/
+          weight: 20
+          pre: question
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Code
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Téléchargement
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/NsatcWJ
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
--- a/docs/content/doc/advanced.en-us.md
+++ b/docs/content/doc/advanced.en-us.md
@@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "Advanced"
+slug: "advanced"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "Advanced"
+    weight: 40
+    identifier: "advanced"
+---
--- a/docs/content/doc/advanced.fr-fr.md
+++ b/docs/content/doc/advanced.fr-fr.md
@@ -0,0 +1,13 @@
+---
+date: "2017-08-23T09:00:00+02:00"
+title: "Avancé"
+slug: "advanced"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "Avancé"
+    weight: 40
+    identifier: "advanced"
+---
--- a/docs/content/doc/advanced.zh-cn.md
+++ b/docs/content/doc/advanced.zh-cn.md
@@ -0,0 +1,13 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "进阶"
+slug: "advanced"
+weight: 30
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "进阶"
+    weight: 40
+    identifier: "advanced"
+---
--- a/docs/content/doc/advanced/api-usage.en-us.md
+++ b/docs/content/doc/advanced/api-usage.en-us.md
@@ -0,0 +1,101 @@
+---
+date: "2018-06-24:00:00+02:00"
+title: "API Usage"
+slug: "api-usage"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "API Usage"
+    weight: 40
+    identifier: "api-usage"
+---
+
+# Gitea API Usage
+
+## Enabling/configuring API access
+
+By default, `ENABLE_SWAGGER` is true, and
+`MAX_RESPONSE_ITEMS` is set to 50.  See [Config Cheat
+Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) for more
+information.
+
+## Authentication via the API
+
+Gitea supports these methods of API authentication:
+
+- HTTP basic authentication
+- `token=...` parameter in URL query string
+- `access_token=...` parameter in URL query string
+- `Authorization: token ...` header in HTTP headers
+
+All of these methods accept the same API key token type.  You can
+better understand this by looking at the code -- as of this writing,
+Gitea parses queries and headers to find the token in
+[modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).
+
+You can create an API key token via your Gitea installation's web interface:
+`Settings | Applications | Generate New Token`.
+
+### OAuth2
+
+Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-us/oauth2-provider) are accepted by these methods:
+
+- `Authorization bearer ...` header in HTTP headers
+- `token=...` parameter in URL query string
+- `access_token=...` parameter in URL query string
+
+### More on the `Authorization:` header
+
+For historical reasons, Gitea needs the word `token` included before
+the API key token in an authorization header, like this:
+
+```
+Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
+```
+
+In a `curl` command, for instance, this would look like:
+
+```
+curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+    -H "accept: application/json" \
+    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
+    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
+```
+
+As mentioned above, the token used is the same one you would use in
+the `token=` string in a GET request.
+
+## API Guide:
+
+API Reference guide is auto-generated by swagger and available on: 
+    `https://gitea.your.host/api/swagger`
+    or on 
+    [gitea demo instance](https://try.gitea.io/api/swagger)
+
+
+## Listing your issued tokens via the API
+
+As mentioned in
+[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346),
+`/users/:name/tokens` is special and requires you to authenticate
+using BasicAuth, as follows:
+
+### Using basic authentication:
+
+```
+$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
+```
+
+As of v1.8.0 of Gitea, if using basic authentication with the API and your user has two factor authentication enabled, you'll need to send an additional header that contains the one time password (6 digit rotating token). An example of the header is `X-Gitea-OTP: 123456` where `123456` is where you'd place the code from your authenticator. Here is how the request would look like in curl:
+
+```
+$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+```
+
+## Sudo
+
+The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.
--- a/docs/content/doc/advanced/api-usage.zh-cn.md
+++ b/docs/content/doc/advanced/api-usage.zh-cn.md
@@ -0,0 +1,71 @@
+---
+date: "2018-06-24:00:00+02:00"
+title: "API 使用指南"
+slug: "api-usage"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "API 使用指南"
+    weight: 40
+    identifier: "api-usage"
+---
+
+# Gitea API 使用指南
+
+## 开启/配置 API 访问
+
+通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
+Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) 中获取更多配置相关信息。
+
+## 通过 API 认证
+
+Gitea 支持以下几种 API 认证方式：
+
+- HTTP basic authentication 方式
+- 通过指定 `token=...` URL 查询参数方式
+- 通过指定 `access_token=...` URL 查询参数方式
+- 通过指定 `Authorization: token ...` HTTP header 方式
+
+以上提及的认证方法接受相同的 apiKey token 类型，您可以在编码时通过查阅代码更好地理解这一点。
+Gitea 调用解析查询参数以及头部信息来获取 token 的代码可以在 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47) 中找到。
+
+您可以通过您的 gitea web 界面来创建 apiKey token：
+`Settings | Applications | Generate New Token`.
+
+### 关于 `Authorization:` header
+
+由于一些历史原因，Gitea 需要在 header 的 apiKey token 里引入前缀 `token`，类似于如下形式：
+
+```
+Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
+```
+
+以 `curl` 命令为例，它会以如下形式携带在请求中：
+
+```
+curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+    -H "accept: application/json" \
+    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
+    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
+```
+
+正如上例所示，您也可以在 GET 请求中使用同一个 token 并以 `token=` 的查询参数形式携带 token 来进行认证。
+
+## 通过 API 列出您发布的令牌
+
+`/users/:name/tokens` 是一个特殊的接口，需要您使用 basic authentication 进行认证，具体原因在 issue 中
+[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346) 有所提及，使用方法如下所示：
+
+### 使用 Basic authentication 认证：
+
+```
+$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
+```
+
+## 使用 Sudo 方式请求 API
+
+此 API 允许管理员借用其他用户身份进行 API 请求。只需在请求中指定查询参数 `sudo=` 或是指定 header 中的 `Sudo:` 为需要使用的用户 username 即可。
--- a/docs/content/doc/advanced/ci-cd.en-us.md
+++ b/docs/content/doc/advanced/ci-cd.en-us.md
@@ -0,0 +1,34 @@
+---
+date: "2019-08-27:00:00+02:00"
+title: "CI/CD Usage"
+slug: "ci-cd"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "CI/CD Usage"
+    weight: 40
+    identifier: "ci-cd"
+---
+
+# Gitea and CI/CD
+
+**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
+
+## Listing
+
+CI/CD solutions that have integration with Gitea. Following list is not complete,
+the purpose is to give a starting point to integrate a CI/CD process with your Gitea instance.
+
+ - [Drone](https://drone.io) with [Gitea documentation](https://docs.drone.io/installation/providers/gitea/)
+ - [Jenkins](https://jenkins.io/) with [Gitea plugin](https://plugins.jenkins.io/gitea)
+ - [Agola](https://agola.io)
+ - [Buildkite](https://buildkite.com) with [Gitea connector](https://github.com/techknowlogick/gitea-buildkite-connector)
+ - [AppVeyor](https://www.appveyor.com) with [built-in Gitea support](https://www.appveyor.com/blog/2019/09/05/gitea-receives-first-class-support-in-appveyor/)
+ - [Buildbot](https://www.buildbot.net/) with [Gitea plugin](https://github.com/lab132/buildbot-gitea)
+ 
+
+Others CI/CD solutions that partially can be integrated with Gitea:
+ - [Concourse](https://www.concourse-ci.org), see more information at [Concourse community forum](https://discuss.concourse-ci.org/t/concourse-ci-and-gitea-oauth/1475)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -0,0 +1,545 @@
+---
+date: "2016-12-26T16:00:00+02:00"
+title: "Config Cheat Sheet"
+slug: "config-cheat-sheet"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Config Cheat Sheet"
+    weight: 20
+    identifier: "config-cheat-sheet"
+---
+
+# Configuration Cheat Sheet
+
+This is a cheat sheet for the Gitea configuration file. It contains most of the settings
+that can be configured as well as their default values.
+
+Any changes to the Gitea configuration file should be made in `custom/conf/app.ini`
+or any corresponding location. When installing from a distribution, this will
+typically be found at `/etc/gitea/conf/app.ini`.
+
+The defaults provided here are best-effort (not built automatically). They are
+accurately recorded in [app.ini.sample](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)
+(s/master/\<tag|release\>). Any string in the format `%(X)s` is a feature powered
+by [ini](https://github.com/go-ini/ini/#recursive-values), for reading values recursively.
+
+Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
+
+**Note:** A full restart is required for Gitea configuration changes to take effect.
+
+## Overall (`DEFAULT`)
+
+- `APP_NAME`: **Gitea: Git with a cup of tea**: Application name, used in the page title.
+- `RUN_USER`: **git**: The user Gitea will run as. This should be a dedicated system
+   (non-user) account. Setting this incorrectly will cause Gitea to not start.
+- `RUN_MODE`: **dev**: For performance and other purposes, change this to `prod` when
+   deployed to a production environment. The installation process will set this to `prod`
+   automatically. \[prod, dev, test\]
+
+## Repository (`repository`)
+
+- `ROOT`: **~/gitea-repositories/**: Root path for storing all repository data. It must be
+   an absolute path.
+- `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
+   but some users report that only `sh` is available.
+- `ANSI_CHARSET`: **\<empty\>**: The default charset for an unrecognized charset.
+- `FORCE_PRIVATE`: **false**: Force every new repository to be private.
+- `DEFAULT_PRIVATE`: **last**: Default private when creating a new repository.
+   \[last, private, public\]
+- `MAX_CREATION_LIMIT`: **-1**: Global maximum creation limit of repositories per user,
+   `-1` means no limit.
+- `PULL_REQUEST_QUEUE_LENGTH`: **1000**: Length of pull request patch test queue, make it
+   as large as possible. Use caution when editing this value.
+- `MIRROR_QUEUE_LENGTH`: **1000**: Patch test queue length, increase if pull request patch
+   testing starts hanging.
+- `PREFERRED_LICENSES`: **Apache License 2.0,MIT License**: Preferred Licenses to place at
+   the top of the list. Name must match file name in conf/license or custom/conf/license.
+- `DISABLE_HTTP_GIT`: **false**: Disable the ability to interact with repositories over the
+   HTTP protocol.
+- `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when
+   default SSH port is used.
+- `ACCESS_CONTROL_ALLOW_ORIGIN`: **\<empty\>**: Value for Access-Control-Allow-Origin header,
+   default is not to present. **WARNING**: This maybe harmful to you website if you do not
+   give it a right value.
+- `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
+
+### Repository - Pull Request (`repository.pull-request`)
+
+- `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
+ title to mark them as Work In Progress
+
+### Repository - Issue (`repository.issue`)
+
+- `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked
+
+## CORS (`cors`)
+
+- `ENABLED`: **false**: enable cors headers (disabled by default)
+- `SCHEME`: **http**: scheme of allowed requests
+- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
+- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
+- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
+- `MAX_AGE`: **10m**: max time to cache response
+- `ALLOW_CREDENTIALS`: **false**: allow request with credentials
+
+## UI (`ui`)
+
+- `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
+- `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
+- `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
+- `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
+- `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
+- `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes
+  regardless of the value of `DEFAULT_THEME`.
+- `DEFAULT_SHOW_FULL_NAME`: false: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+- `SEARCH_REPO_DESCRIPTION`: true: Whether to search within description at repository search on explore page.
+
+### UI - Admin (`ui.admin`)
+
+- `USER_PAGING_NUM`: **50**: Number of users that are shown in one page.
+- `REPO_PAGING_NUM`: **50**: Number of repos that are shown in one page.
+- `NOTICE_PAGING_NUM`: **25**: Number of notices that are shown in one page.
+- `ORG_PAGING_NUM`: **50**: Number of organizations that are shown in one page.
+
+## Markdown (`markdown`)
+
+- `ENABLE_HARD_LINE_BREAK`: **false**: Enable Markdown's hard line break extension.
+
+## Server (`server`)
+
+- `PROTOCOL`: **http**: \[http, https, fcgi, unix\]
+- `DOMAIN`: **localhost**: Domain name of this server.
+- `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
+   Overwrite the automatically generated public URL.
+   This is useful if the internal and the external URL don't match (e.g. in Docker).
+- `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
+   - If `PROTOCOL` is set to `unix`, this should be the name of the Unix socket file to use.
+- `HTTP_PORT`: **3000**: HTTP listen port.
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
+- `UNIX_SOCKET_PERMISSION`: **666**: Permissions for the Unix socket.
+- `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
+   (DMZ) URL for Gitea workers (such as SSH update) accessing web service. In
+   most cases you do not need to change the default value. Alter it only if
+   your SSH server node is not the same as HTTP node. Do not set this variable
+   if `PROTOCOL` is set to `unix`.
+- `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
+- `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
+- `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
+- `SSH_PORT`: **22**: SSH port displayed in clone URL.
+- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
+- `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
+- `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
+- `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
+- `CERT_FILE`: **custom/https/cert.pem**: Cert file path used for HTTPS.
+- `KEY_FILE`: **custom/https/key.pem**: Key file path used for HTTPS.
+- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
+- `ENABLE_GZIP`: **false**: Enables application-level GZIP support.
+- `LANDING_PAGE`: **home**: Landing page for unauthenticated users  \[home, explore\].
+- `LFS_START_SERVER`: **false**: Enables git-lfs support.
+- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
+- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
+- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
+- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
+- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
+   By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
+
+## Database (`database`)
+
+- `DB_TYPE`: **mysql**: The database type in use \[mysql, postgres, mssql, sqlite3\].
+- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
+- `NAME`: **gitea**: Database name.
+- `USER`: **root**: Database username.
+- `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
+- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
+- `CHARSET`: **utf8**: For MySQL only, either "utf8" or "utf8mb4", default is "utf8". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+- `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
+- `LOG_SQL`: **true**: Log the executed SQL.
+- `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
+- `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occured.
+- `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
+- `MAX_IDLE_CONNS` **2**: Max idle database connections on connnection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
+- `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
+  
+Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
+relation to port exhaustion.
+
+## Indexer (`indexer`)
+
+- `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently support: bleve or db, if it's db, below issue indexer item will be invalid.
+- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search.
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number.
+
+- `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
+- `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
+- `REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
+- `REPO_INDEXER_EXCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE`.
+- `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request.
+- `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
+
+## Admin (`admin`)
+- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+
+## Security (`security`)
+
+- `INSTALL_LOCK`: **false**: Disallow access to the install page.
+- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This should be changed.
+- `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days.
+- `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username.
+- `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
+   information.
+- `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy
+   authentication.
+- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
+   authentication provided email.
+- `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
+   git hooks.
+- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
+- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
+- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\].
+- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
+- `PASSWORD_COMPLEXITY`: **lower,upper,digit,spec**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, the default values will be used. Possible values are: 
+    - lower - use one or more lower latin characters
+    - upper - use one or more upper latin characters
+    - digit - use one or more digits
+    - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
+    - off - do not check password complexity
+
+## OpenID (`openid`)
+
+- `ENABLE_OPENID_SIGNIN`: **false**: Allow authentication in via OpenID.
+- `ENABLE_OPENID_SIGNUP`: **! DISABLE\_REGISTRATION**: Allow registering via OpenID.
+- `WHITELISTED_URIS`: **\<empty\>**: If non-empty, list of POSIX regex patterns matching
+   OpenID URI's to permit.
+- `BLACKLISTED_URIS`: **\<empty\>**: If non-empty, list of POSIX regex patterns matching
+   OpenID URI's to block.
+
+## Service (`service`)
+
+- `ACTIVE_CODE_LIVE_MINUTES`: **180**: Time limit (min) to confirm account/email registration.
+- `RESET_PASSWD_CODE_LIVE_MINUTES`: **180**: Time limit (min) to confirm forgot password reset
+   process.
+- `REGISTER_EMAIL_CONFIRM`: **false**: Enable this to ask for mail confirmation of registration.
+   Requires `Mailer` to be enabled.
+- `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create
+   accounts for users.
+- `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD`: **false**: Enable this to force externally created
+   accounts (via GitHub, OpenID Connect, etc) to create a password. Warning: enabling this will
+   decrease security, so you should only enable it if you know what you're doing.
+- `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
+- `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
+   something happens, like creating issues. Requires `Mailer` to be enabled.
+- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
+- `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
+   for reverse authentication.
+- `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
+   provided email rather than a generated email.
+- `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
+- `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha\]
+- `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
+- `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
+- `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
+- `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
+- `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
+- `EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
+  on this instance.
+- `SHOW_REGISTRATION_BUTTON`: **! DISABLE\_REGISTRATION**: Show Registration Button
+- `AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
+- `DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".
+- `DEFAULT_ORG_MEMBER_VISIBLE`: **false** True will make the membership of the users visible when added to the organisation.
+
+## Webhook (`webhook`)
+
+- `QUEUE_LENGTH`: **1000**: Hook task queue length. Use caution when editing this value.
+- `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
+- `SKIP_TLS_VERIFY`: **false**: Allow insecure certification.
+- `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page.
+
+## Mailer (`mailer`)
+
+- `ENABLED`: **false**: Enable to use a mail service.
+- `DISABLE_HELO`: **\<empty\>**: Disable HELO operation.
+- `HELO_HOSTNAME`: **\<empty\>**: Custom hostname for HELO operation.
+- `HOST`: **\<empty\>**: SMTP mail host address and port (example: smtp.gitea.io:587).
+- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or
+   the "Name" \<email@example.com\> format.
+- `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
+- `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
+- `SKIP_VERIFY`: **\<empty\>**: Do not verify the self-signed certificates.
+   - **Note:** Gitea only supports SMTP with STARTTLS.
+- `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
+- `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
+   - **smtp** Use SMTP to send mail
+   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
+   This is common on linux systems.
+   - **dummy** Send email messages to the log as a testing phase.
+   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
+     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
+- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
+   command or full path).
+- ``IS_TLS_ENABLED`` :  **false** : Decide if SMTP connections should use TLS.
+
+## Cache (`cache`)
+
+- `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, or `memcache`.
+- `INTERVAL`: **60**: Garbage Collection interval (sec), for memory cache only.
+- `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`.
+   - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
+- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
+
+## Session (`session`)
+
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, nodb, postgres\].
+- `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for others, the connection string.
+- `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
+- `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
+- `GC_INTERVAL_TIME`: **86400**: GC interval in seconds.
+
+## Picture (`picture`)
+
+- `GRAVATAR_SOURCE`: **gravatar**: Can be `gravatar`, `duoshuo` or anything like
+   `http://cn.gravatar.com/avatar/`.
+- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
+- `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
+   [http://www.libravatar.org](http://www.libravatar.org)).
+- `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
+- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: Path to store repository avatar image files.
+- `REPOSITORY_AVATAR_FALLBACK`: **none**: How Gitea deals with missing repository avatars
+  - none = no avatar will be displayed
+  - random = random avatar will be generated
+  - image = default image will be used (which is set in `REPOSITORY_AVATAR_DEFAULT_IMAGE`)
+- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
+- `AVATAR_MAX_WIDTH`: **4096**: Maximum avatar image width in pixels.
+- `AVATAR_MAX_HEIGHT`: **3072**: Maximum avatar image height in pixels.
+- `AVATAR_MAX_FILE_SIZE`: **1048576** (1Mb): Maximum avatar image file size in bytes.
+
+## Attachment (`attachment`)
+
+- `ENABLED`: **true**: Enable this to allow uploading attachments.
+- `PATH`: **data/attachments**: Path to store attachments.
+- `ALLOWED_TYPES`: **see app.ini.sample**: Allowed MIME types, e.g. `image/jpeg|image/png`.
+   Use `*/*` for all types.
+- `MAX_SIZE`: **4**: Maximum size (MB).
+- `MAX_FILES`: **5**: Maximum number of attachments that can be uploaded at once.
+
+## Log (`log`)
+
+- `ROOT_PATH`: **\<empty\>**: Root path for log files.
+- `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
+- `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to its own logger or the default logger.
+- `MACARON`: **file**: Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.macaron\]`. By default the file mode will log to `$ROOT_PATH/macaron.log`. (If you set this to `,` it will log to default gitea logger.)
+- `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
+- `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default gitea logger.)
+NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
+- `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
+- `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
+- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
+  - The following variables are available:
+  - `Ctx`: the `macaron.Context` of the request.
+  - `Identity`: the SignedUserName or `"-"` if not logged in.
+  - `Start`: the start time of the request.
+  - `ResponseWriter`: the responseWriter from the request.
+  - You must be very careful to ensure that this template does not throw errors or panics as this template runs outside of the panic/recovery script.
+- `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
+
+### Log subsections (`log.name`, `log.name.*`)
+
+- `LEVEL`: **log.LEVEL**: Sets the log-level of this sublogger. Defaults to the `LEVEL` set in the global `[log]` section.
+- `STACKTRACE_LEVEL`: **log.STACKTRACE_LEVEL**: Sets the log level at which to log stack traces.
+- `MODE`: **name**: Sets the mode of this sublogger - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
+- `EXPRESSION`: **""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
+- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/base.go` for more information.
+- `PREFIX`: **""**: An additional prefix for every log line in this logger. Defaults to empty.
+- `COLORIZE`: **false**: Colorize the log lines by default
+
+### Console log mode (`log.console`, `log.console.*`, or `MODE=console`)
+
+- For the console logger `COLORIZE` will default to `true` if not on windows or the terminal is determined to be able to color.
+- `STDERR`: **false**: Use Stderr instead of Stdout.
+
+### File log mode (`log.file`, `log.file.*` or `MODE=file`)
+
+- `FILE_NAME`: Set the file name for this logger. Defaults as described above. If relative will be relative to the `ROOT_PATH`
+- `LOG_ROTATE`: **true**: Rotate the log files.
+- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+- `DAILY_ROTATE`: **true**: Rotate logs daily.
+- `MAX_DAYS`: **7**: Delete the log file after n days
+- `COMPRESS`: **true**: Compress old log files by default with gzip
+- `COMPRESSION_LEVEL`: **-1**: Compression level
+
+### Conn log mode (`log.conn`, `log.conn.*` or `MODE=conn`)
+
+- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+- `RECONNECT`: **false**: Try to reconnect when connection is lost.
+- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+- `ADDR`: **:7020**: Sets the address to connect to.
+
+### SMTP log mode (`log.smtp`, `log.smtp.*` or `MODE=smtp`)
+
+- `USER`: User email address to send from.
+- `PASSWD`: Password for the smtp server.
+- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+- `RECEIVERS`: Email addresses to send to.
+- `SUBJECT`: **Diagnostic message from Gitea**
+
+## Cron (`cron`)
+
+- `ENABLED`: **true**: Run cron tasks periodically.
+- `RUN_AT_START`: **false**: Run cron tasks at application start-up.
+
+### Cron - Cleanup old repository archives (`cron.archive_cleanup`)
+
+- `ENABLED`: **true**: Enable service.
+- `RUN_AT_START`: **true**: Run tasks at start up time (if ENABLED).
+- `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
+- `OLDER_THAN`: **24h**: Archives created more than `OLDER_THAN` ago are subject to deletion, e.g. `12h`.
+
+### Cron - Update Mirrors (`cron.update_mirrors`)
+
+- `SCHEDULE`: **@every 10m**: Cron syntax for scheduling update mirrors, e.g. `@every 3h`.
+
+### Cron - Repository Health Check (`cron.repo_health_check`)
+
+- `SCHEDULE`: **every 24h**: Cron syntax for scheduling repository health check.
+- `TIMEOUT`: **60s**: Time duration syntax for health check execution timeout.
+- `ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`. See more on http://git-scm.com/docs/git-fsck
+
+### Cron - Repository Statistics Check (`cron.check_repo_stats`)
+
+- `RUN_AT_START`: **true**: Run repository statistics check at start time.
+- `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository statistics check.
+
+### Cron - Update Migration Poster ID (`cron.update_migration_post_id`)
+
+- `SCHEDULE`: **@every 24h** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
+
+## Git (`git`)
+
+- `PATH`: **""**: The path of git executable. If empty, Gitea searches through the PATH environment.
+- `MAX_GIT_DIFF_LINES`: **100**: Max number of lines allowed of a single file in diff view.
+- `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
+- `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
+- `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+
+## Git - Timeout settings (`git.timeout`)
+- `DEFAUlT`: **360**: Git operations default timeout seconds.
+- `MIGRATE`: **600**: Migrate external repositories timeout seconds.
+- `MIRROR`: **300**: Mirror external repositories timeout seconds.
+- `CLONE`: **300**: Git clone from internal repositories timeout seconds.
+- `PULL`: **300**: Git pull from internal repositories timeout seconds.
+- `GC`: **60**: Git repository GC timeout seconds.
+
+## Metrics (`metrics`)
+
+- `ENABLED`: **false**: Enables /metrics endpoint for prometheus.
+- `TOKEN`: **\<empty\>**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file`.
+
+## API (`api`)
+
+- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
+- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
+- `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.
+
+## OAuth2 (`oauth2`)
+
+- `ENABLE`: **true**: Enables OAuth2 provider.
+- `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
+- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
+- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
+- `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.
+
+## i18n (`i18n`)
+
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR**: List of locales shown in language selector
+- `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,français,Nederlands,latviešu,русский,日本語,español,português do Brasil,polski,български,italiano,suomi,Türkçe,čeština,српски,svenska,한국어**: Visible names corresponding to the locales
+
+### i18n - Datepicker Language (`i18n.datelang`)
+Maps locales to the languages used by the datepicker plugin
+
+- `en-US`: **en**
+- `zh-CN`: **zh**
+- `zh-HK`: **zh-HK**
+- `zh-TW`: **zh-TW**
+- `de-DE`: **de**
+- `fr-FR`: **fr**
+- `nl-NL`: **nl**
+- `lv-LV`: **lv**
+- `ru-RU`: **ru**
+- `ja-JP`: **ja**
+- `es-ES`: **es**
+- `pt-BR`: **pt-BR**
+- `pl-PL`: **pl**
+- `bg-BG`: **bg**
+- `it-IT`: **it**
+- `fi-FI`: **fi**
+- `tr-TR`: **tr**
+- `cs-CZ`: **cs-CZ**
+- `sr-SP`: **sr**
+- `sv-SE`: **sv**
+- `ko-KR`: **ko**
+
+## U2F (`U2F`)
+- `APP_ID`: **`ROOT_URL`**: Declares the facet of the application. Requires HTTPS.
+- `TRUSTED_FACETS`: List of additional facets which are trusted. This is not support by all browsers.
+
+## Markup (`markup`)
+
+Gitea can support Markup using external tools. The example below will add a markup named `asciidoc`.
+
+```ini
+[markup.asciidoc]
+ENABLED = false
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoc --out-file=- -"
+IS_INPUT_FILE = false
+```
+
+- ENABLED: **false** Enable markup support.
+- FILE\_EXTENSIONS: **\<empty\>** List of file extensions that should be rendered by an external
+   command. Multiple extentions needs a comma as splitter.
+- RENDER\_COMMAND: External command to render all matching extensions.
+- IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.
+
+Two special environment variables are passed to the render command:
+- `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
+- `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
+
+## Time (`time`)
+
+- `FORMAT`: Time format to diplay on UI. i.e. RFC1123 or 2006-01-02 15:04:05
+- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Shanghai/Asia
+
+## Task (`task`)
+
+- `QUEUE_TYPE`: **channel**: Task queue type, could be `channel` or `redis`.
+- `QUEUE_LENGTH`: **1000**: Task queue length, available only when `QUEUE_TYPE` is `channel`.
+- `QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Task queue connection string, available only when `QUEUE_TYPE` is `redis`. If there redis needs a password, use `addrs=127.0.0.1:6379 password=123 db=0`.
+
+## Other (`other`)
+
+- `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
+- `SHOW_FOOTER_VERSION`: **true**: Show Gitea version information in the footer.
+- `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -0,0 +1,261 @@
+---
+date: "2016-12-26T16:00:00+02:00"
+title: "配置说明"
+slug: "config-cheat-sheet"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "配置说明"
+    weight: 20
+    identifier: "config-cheat-sheet"
+---
+
+# 配置说明
+
+这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。所有默认值可以通过 [app.ini.sample](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample) 查看到。如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
+
+## Overall (`DEFAULT`)
+
+- `APP_NAME`: 应用名称，改成你希望的名字。
+- `RUN_USER`: 运行Gitea的用户，推荐使用 `git`；如果在你自己的个人电脑使用改成你自己的用户名。如果设置不正确，Gitea可能崩溃。
+- `RUN_MODE`: 从性能考虑，如果在产品级的服务上改成 `prod`。如果您使用安装向导安装的那么会自动设置为 `prod`。
+
+## Repository (`repository`)
+
+- `ROOT`: 存放git工程的根目录。这里必须填绝对路径，默认值是 `~/<username>/gitea-repositories`。
+- `SCRIPT_TYPE`: 服务器支持的Shell类型，通常是 `bash`，但有些服务器也有可能是 `sh`。
+- `ANSI_CHARSET`: 默认字符编码。
+- `FORCE_PRIVATE`: 强制所有git工程必须私有。
+- `DEFAULT_PRIVATE`: 默认创建的git工程为私有。 可以是`last`, `private` 或 `public`。默认值是 `last`表示用户最后创建的Repo的选择。
+- `MAX_CREATION_LIMIT`: 全局最大每个用户创建的git工程数目， `-1` 表示没限制。
+- `PULL_REQUEST_QUEUE_LENGTH`: 小心：合并请求测试队列的长度，尽量放大。
+
+## UI (`ui`)
+
+- `EXPLORE_PAGING_NUM`: 探索页面每页显示的仓库数量。
+- `ISSUE_PAGING_NUM`: 工单页面每页显示的工单数量。
+- `FEED_MAX_COMMIT_NUM`: 活动流页面显示的最大提交树木。
+
+### UI - Admin (`ui.admin`)
+
+- `USER_PAGING_NUM`: 用户管理页面每页显示的用户数量。
+- `REPO_PAGING_NUM`: 仓库管理页面每页显示的仓库数量。
+- `NOTICE_PAGING_NUM`: 系统提示页面每页显示的提示数量。
+- `ORG_PAGING_NUM`: 组织管理页面每页显示的组织数量。
+
+## Markdown (`markdown`)
+
+- `ENABLE_HARD_LINE_BREAK`: 是否启用硬换行扩展。
+
+## Server (`server`)
+
+- `PROTOCOL`: 可选 `http` 或 `https`。
+- `DOMAIN`: 服务器域名。
+- `ROOT_URL`: Gitea服务器的对外 URL。
+- `HTTP_ADDR`: HTTP 监听地址。
+- `HTTP_PORT`: HTTP 监听端口。
+- `DISABLE_SSH`: 是否禁用SSH。
+- `START_SSH_SERVER`: 是否启用内部SSH服务器。
+- `SSH_PORT`: SSH端口，默认为 `22`。
+- `OFFLINE_MODE`: 针对静态和头像文件禁用 CDN。
+- `DISABLE_ROUTER_LOG`: 关闭日志中的路由日志。
+- `CERT_FILE`: 启用HTTPS的证书文件。
+- `KEY_FILE`: 启用HTTPS的密钥文件。
+- `STATIC_ROOT_PATH`: 存放模板和静态文件的根目录，默认是 Gitea 的根目录。
+- `ENABLE_GZIP`: 启用应用级别的 GZIP 压缩。
+- `LANDING_PAGE`: 未登录用户的默认页面，可选 `home` 或 `explore`。
+- `LFS_START_SERVER`: 是否启用 git-lfs 支持. 可以为 `true` 或 `false`， 默认是 `false`。
+- `LFS_CONTENT_PATH`: 存放 lfs 命令上传的文件的地方，默认是 `data/lfs`。
+- `LFS_JWT_SECRET`: LFS 认证密钥，改成自己的。
+
+## Database (`database`)
+
+- `DB_TYPE`: 数据库类型，可选 `mysql`, `postgres`, `mssql`, `tidb` 或 `sqlite3`。
+- `HOST`: 数据库服务器地址和端口。
+- `NAME`: 数据库名称。
+- `USER`: 数据库用户名。
+- `PASSWD`: 数据库用户密码。
+- `SSL_MODE`: MySQL 或 PostgreSQL数据库是否启用SSL模式。
+- `CHARSET`: **utf8**: 仅当数据库为 MySQL 时有效, 可以为 "utf8" 或 "utf8mb4"。注意：如果使用 "utf8mb4"，你的 MySQL InnoDB 版本必须在 5.6 以上。
+- `PATH`: Tidb 或者 SQLite3 数据文件存放路径。
+- `LOG_SQL`: **true**: 显示生成的SQL，默认为真。
+- `MAX_IDLE_CONNS` **0**: 最大空闲数据库连接
+- `CONN_MAX_LIFETIME` **3s**: 数据库连接最大存活时间
+
+## Indexer (`indexer`)
+
+- `ISSUE_INDEXER_TYPE`: **bleve**: 工单索引类型，当前支持 `bleve` 或 `db`，当为 `db` 时其它工单索引项可不用设置。
+- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: 工单索引文件存放路径，当索引类型为 `bleve` 时有效。
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: 工单索引队列类型，当前支持 `channel`， `levelqueue` 或 `redis`。
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `levelqueue` 时，保存索引队列的磁盘路径。
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `redis` 时，保存Redis队列的连接字符串。
+- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: 队列处理中批量提交数量。
+
+- `REPO_INDEXER_ENABLED`: **false**: 是否启用代码搜索（启用后会占用比较大的磁盘空间）。
+- `REPO_INDEXER_PATH`: **indexers/repos.bleve**: 用于代码搜索的索引文件路径。
+- `UPDATE_BUFFER_LEN`: **20**: 代码索引请求的缓冲区长度。
+- `MAX_FILE_SIZE`: **1048576**: 进行解析的源代码文件的最大长度，小于该值时才会索引。
+
+## Security (`security`)
+
+- `INSTALL_LOCK`: 是否允许运行安装向导，(跟管理员账号有关，十分重要)。
+- `SECRET_KEY`: 全局服务器安全密钥 **最好改成你自己的** (当你运行安装向导的时候会被设置为一个随机值)。
+- `LOGIN_REMEMBER_DAYS`: Cookie 保存时间，单位天。
+- `COOKIE_USERNAME`: 保存用户名的 cookie 名称。
+- `COOKIE_REMEMBER_NAME`: 保存自动登录信息的 cookie 名称。
+- `REVERSE_PROXY_AUTHENTICATION_USER`: 反向代理认证的 HTTP 头名称。
+
+## Service (`service`)
+
+- `ACTIVE_CODE_LIVE_MINUTES`: 登陆验证码失效时间，单位分钟。
+- `RESET_PASSWD_CODE_LIVE_MINUTES`: 重置密码失效时间，单位分钟。
+- `REGISTER_EMAIL_CONFIRM`: 启用注册邮件激活，前提是 `Mailer` 已经启用。
+- `DISABLE_REGISTRATION`: 禁用注册，启用后只能用管理员添加用户。
+- `SHOW_REGISTRATION_BUTTON`: 是否显示注册按钮。
+- `REQUIRE_SIGNIN_VIEW`: 是否所有页面都必须登录后才可访问。
+- `ENABLE_CACHE_AVATAR`: 是否缓存来自 Gravatar 的头像。
+- `ENABLE_NOTIFY_MAIL`: 是否发送工单创建等提醒邮件，需要 `Mailer` 被激活。
+- `ENABLE_REVERSE_PROXY_AUTHENTICATION`: 允许反向代理认证，更多细节见：https://github.com/gogits/gogs/issues/165
+- `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: 允许通过反向认证做自动注册。
+- `ENABLE_CAPTCHA`: 注册时使用图片验证码。
+
+## Webhook (`webhook`)
+
+- `QUEUE_LENGTH`: 说明: Hook 任务队列长度。
+- `DELIVER_TIMEOUT`: 请求webhooks的超时时间，单位秒。
+- `SKIP_TLS_VERIFY`: 是否允许不安全的证书。
+- `PAGING_NUM`: 每页显示的Webhook 历史数量。
+
+## Mailer (`mailer`)
+
+- `ENABLED`: 是否启用邮件服务。
+- `DISABLE_HELO`: 禁用 HELO 命令。
+- `HELO_HOSTNAME`: 自定义主机名来回应 HELO 命令。
+- `HOST`: SMTP 主机地址和端口 (例如：smtp.gitea.io:587)。
+- `FROM`: 邮件发送地址，RFC 5322. 这里可以填一个邮件地址或者 "Name" \<email@example.com\> 格式。
+- `USER`: 用户名(通常就是邮件地址)。
+- `PASSWD`: 密码。
+- `SKIP_VERIFY`: 忽略证书验证。
+
+说明：实际上 Gitea 仅仅支持基于 STARTTLS 的 SMTP。
+
+## Cache (`cache`)
+
+- `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
+- `INTERVAL`: **60**: 只对内存缓存有效，GC间隔，单位秒。
+- `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
+    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+    - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 0 则禁用缓存。
+
+## Session (`session`)
+
+- `PROVIDER`: Session 内容存储方式，可选 `memory`, `file`, `redis` 或 `mysql`。
+- `PROVIDER_CONFIG`: 如果是文件，那么这里填根目录；其他的要填主机地址和端口。
+- `COOKIE_SECURE`: 强制使用 HTTPS 作为session访问。
+- `GC_INTERVAL_TIME`: Session失效时间。
+
+## Picture (`picture`)
+
+- `GRAVATAR_SOURCE`: 头像来源，可以是 `gravatar`, `duoshuo` 或者类似 `http://cn.gravatar.com/avatar/` 的来源
+- `DISABLE_GRAVATAR`: 开启则只使用内部头像。
+- `ENABLE_FEDERATED_AVATAR`: 启用头像联盟支持 (参见 http://www.libravatar.org)
+
+## Attachment (`attachment`)
+
+- `ENABLED`: 是否允许用户上传附件。
+- `PATH`: 附件存储路径
+- `ALLOWED_TYPES`: 允许上传的附件类型。比如：`image/jpeg|image/png`，用 `*/*` 表示允许任何类型。
+- `MAX_SIZE`: 附件最大限制，单位 MB，比如： `4`。
+- `MAX_FILES`: 一次最多上传的附件数量，比如： `5`。
+
+## Log (`log`)
+
+- `ROOT_PATH`: 日志文件根目录。
+- `MODE`: 日志记录模式，默认是为 `console`。如果要写到多个通道，用逗号分隔
+- `LEVEL`: 日志级别，默认为`Trace`。
+
+## Cron (`cron`)
+
+- `ENABLED`: 是否在后台运行定期任务。
+- `RUN_AT_START`: 是否启动时自动运行。
+
+### Cron - Update Mirrors (`cron.update_mirrors`)
+
+- `SCHEDULE`: 自动同步镜像仓库的Cron语法，比如：`@every 1h`。
+
+### Cron - Repository Health Check (`cron.repo_health_check`)
+
+- `SCHEDULE`: 仓库健康监测的Cron语法，比如：`@every 24h`。
+- `TIMEOUT`: 仓库健康监测的超时时间，比如：`60s`.
+- `ARGS`: 执行 `git fsck` 命令的参数，比如：`--unreachable --tags`。
+
+### Cron - Repository Statistics Check (`cron.check_repo_stats`)
+
+- `RUN_AT_START`: 是否启动时自动运行仓库统计。
+- `SCHEDULE`: 仓库统计时的Cron 语法，比如：`@every 24h`.
+
+### Cron - Update Migration Poster ID (`cron.update_migration_post_id`)
+
+- `SCHEDULE`: **@every 24h** : 每次同步的间隔时间。此任务总是在启动时自动进行。
+
+## Git (`git`)
+
+- `MAX_GIT_DIFF_LINES`: 比较视图中，一个文件最多显示行数。
+- `MAX_GIT_DIFF_LINE_CHARACTERS`: 比较视图中一行最大字符数。
+- `MAX_GIT_DIFF_FILES`: 比较视图中的最大现实文件数目。
+- `GC_ARGS`: 执行 `git gc` 命令的参数, 比如： `--aggressive --auto`。
+
+## Git - 超时设置 (`git.timeout`)
+
+- `DEFAUlT`: **360**: Git操作默认超时时间，单位秒
+- `MIGRATE`: **600**: 迁移外部仓库时的超时时间，单位秒
+- `MIRROR`: **300**: 镜像外部仓库的超时时间，单位秒
+- `CLONE`: **300**: 内部仓库间克隆的超时时间，单位秒
+- `PULL`: **300**: 内部仓库间拉取的超时时间，单位秒
+- `GC`: **60**: git仓库GC的超时时间，单位秒
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: 是否根据 Git Wire Protocol协议支持情况自动切换版本，当 git 版本在 2.18 及以上时会自动切换到版本2。为 `false` 则不切换。
+
+## API (`api`)
+
+- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
+- `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
+- `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: BLOBS API默认最大大小.
+
+## Markup (`markup`)
+
+外部渲染工具支持，你可以用你熟悉的文档渲染工具. 比如一下将新增一个名字为 `asciidoc` 的渲染工具which is followed `markup.` ini section. And there are some config items below.
+
+```ini
+[markup.asciidoc]
+ENABLED = false
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoc --out-file=- -"
+IS_INPUT_FILE = false
+```
+
+- ENABLED: 是否启用，默认为false。
+- FILE_EXTENSIONS: 关联的文档的扩展名，多个扩展名用都好分隔。
+- RENDER_COMMAND: 工具的命令行命令及参数。
+- IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
+
+## Time (`time`)
+
+- `FORMAT`: 显示在界面上的时间格式。比如： RFC1123 或者 2006-01-02 15:04:05
+- `DEFAULT_UI_LOCATION`: 默认显示在界面上的时区，默认为本地时区。比如： Asia/Shanghai
+
+## Task (`task`)
+
+- `QUEUE_TYPE`: **channel**: 任务队列类型，可以为 `channel` 或 `redis`。
+- `QUEUE_LENGTH`: **1000**: 任务队列长度，当 `QUEUE_TYPE` 为 `channel` 时有效。
+- `QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 任务队列连接字符串，当 `QUEUE_TYPE` 为 `redis` 时有效。如果redis有密码，则可以 `addrs=127.0.0.1:6379 password=123 db=0`。
+
+## Other (`other`)
+
+- `SHOW_FOOTER_BRANDING`: 为真则在页面底部显示Gitea的字样。
+- `SHOW_FOOTER_VERSION`: 为真则在页面底部显示Gitea的版本。
--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@@ -0,0 +1,161 @@
+---
+date: "2017-04-15T14:56:00+02:00"
+title: "Customizing Gitea"
+slug: "customizing-gitea"
+weight: 9
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Customizing Gitea"
+    weight: 9
+    identifier: "customizing-gitea"
+---
+
+# Customizing Gitea
+
+Customizing Gitea is typically done using the `CustomPath` folder - by default this is
+the `custom` folder from the running directory, but may be different if your build has
+set this differently. This is the central place to override configuration settings,
+templates, etc. You can check the `CustomPath` using `gitea help`. You can override
+the `CustomPath` by setting either the `GITEA_CUSTOM` environment variable or by
+using the `--custom-path` option on the `gitea` binary. (The option will override the
+environment variable.)
+
+If Gitea is deployed from binary, all default paths will be relative to the Gitea
+binary. If installed from a distribution, these paths will likely be modified to
+the Linux Filesystem Standard. Gitea will attempt to create required folders, including
+`custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
+
+Application settings can be found in file `CustomConf` which is by default,
+`CustomPath/conf/app.ini` but may be different if your build has set this differently.
+Again `gitea help` will allow you review this variable and you can override it using the
+`--config` option on the `gitea` binary.
+
+- [Quick Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [Complete List](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)
+
+If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
+environment variable; this can be used to override the default path to something else.
+`GITEA_CUSTOM` might, for example, be set by an init script.
+
+- [List of Environment Variables](https://docs.gitea.io/en-us/specific-variables/)
+
+**Note:** Gitea must perform a full restart to see configuration changes.
+
+## Customizing /robots.txt
+
+To make Gitea serve a custom `/robots.txt` (default: empty 404), create a file called
+`robots.txt` in the `custom` folder (or `CustomPath`) with
+[expected contents](http://www.robotstxt.org/).
+
+## Serving custom public files
+
+To make Gitea serve custom public files (like pages and images), use the folder
+`custom/public/` as the webroot. Symbolic links will be followed.
+
+For example, a file `image.png` stored in `custom/public/`, can be accessed with
+the url `http://gitea.domain.tld/image.png`.
+
+## Changing the default avatar
+
+Place the png image at the following path: `custom/public/img/avatar_default.png`
+
+## Customizing Gitea pages
+
+The `custom/templates` folder allows changing every single page of Gitea. Templates
+to override can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source. Override by
+making a copy of the file under `custom/templates` using a full path structure
+matching source.
+
+Any statement contained inside `{{` and `}}` are Gitea's template syntax and
+shouldn't be touched without fully understanding these components.
+
+### Adding links and tabs
+
+If all you want is to add extra links to the top navigation bar, or extra tabs to the repository view, you can put them in `extra_links.tmpl` and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
+
+For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
+just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in `custom/templates/custom/extra_links.tmpl`.
+
+To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
+`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+
+You can add new tabs in the same way, putting them in `extra_tabs.tmpl`.
+The exact HTML needed to match the style of other tabs is in the file
+`templates/repo/header.tmpl`
+([source in GitHub](https://github.com/go-gitea/gitea/blob/master/templates/repo/header.tmpl))
+
+### Other additions to the page
+
+Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful templates you can put in your `custom/templates/custom/` directory:
+
+- `header.tmpl`, just before the end of the `<head>` tag where you can add custom CSS files for instance.
+- `body_outer_pre.tmpl`, right after the start of `<body>`.
+- `body_inner_pre.tmpl`, before the top navigation bar, but already inside the main container `<div class="full height">`.
+- `body_inner_post.tmpl`, before the end of the main container.
+- `body_outer_post.tmpl`, before the bottom `<footer>` element.
+- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.
+
+## Customizing Gitea mails
+
+The `custom/templates/mail` folder allows changing the body of every mail of Gitea.
+Templates to override can be found in the
+[`templates/mail`](https://github.com/go-gitea/gitea/tree/master/templates/mail)
+directory of Gitea source.
+Override by making a copy of the file under `custom/templates/mail` using a
+full path structure matching source.
+
+Any statement contained inside `{{` and `}}` are Gitea's template
+syntax and shouldn't be touched without fully understanding these components.
+
+
+
+## Adding Analytics to Gitea
+
+Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `custom/templates/custom/header.tmpl` file.
+
+## Customizing gitignores, labels, licenses, locales, and readmes.
+
+Place custom files in corresponding sub-folder under `custom/options`.
+
+**NOTE:** The files should not have a file extension, e.g. `Labels` rather than `Labels.txt`
+
+### gitignores
+
+To add custom .gitignore, add a file with existing [.gitignore rules](https://git-scm.com/docs/gitignore) in it to `custom/options/gitignore`
+
+### Labels
+
+To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/master/options/label/Default) to `custom/options/label`  
+`#hex-color label name ; label description`
+
+### Licenses
+
+To add a custom license, add a file with the license text to `custom/options/license`
+
+### Locales
+
+Locales are managed via our [crowdin](https://crowdin.com/project/gitea).  
+You can override a locale by placing an altered locale file in `custom/options/locale`.  
+Gitea's default locale files can be found in  the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.  
+  
+To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
+
+```
+[i18n]
+LANGS = en-US,foo-BAR
+NAMES = English,FooBar
+```
+
+Locales may change between versions, so keeping track of your customized locales is highly encouraged.
+
+### Readmes
+
+To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `custom/options/readme`
+
+## Customizing the look of Gitea
+
+As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.  
+As of version 1.8.0 Gitea also has per-user themes. The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` (defaults to `gitea` and `arc-green`, light and dark respectively)
--- a/docs/content/doc/advanced/customizing-gitea.zh-cn.md
+++ b/docs/content/doc/advanced/customizing-gitea.zh-cn.md
@@ -0,0 +1,88 @@
+---
+date: "2017-04-15T14:56:00+02:00"
+title: "自定义 Gitea 配置"
+slug: "customizing-gitea"
+weight: 9
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "自定义 Gitea 配置"
+    weight: 9
+    identifier: "customizing-gitea"
+---
+
+# 自定义 Gitea 配置
+
+Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板等默认配置。
+
+如果从二进制部署 Gitea ，则所有默认路径都将相对于该 gitea 二进制文件；如果从发行版安装，则可能会将这些路径修改为Linux文件系统标准。Gitea
+将会自动创建包括 `custom/` 在内的必要应用目录，应用本身的配置存放在
+`custom/conf/app.ini` 当中。在发行版中可能会以 `/etc/gitea/` 的形式为 `custom` 设置一个符号链接，查看配置详情请移步：
+
+- [快速备忘单](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [完整配置清单](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)
+
+如果您在 binary 同目录下无法找到 `custom` 文件夹，请检查您的 `GITEA_CUSTOM`
+环境变量配置， 因为它可能被配置到了其他地方（可能被一些启动脚本设置指定了目录）。
+
+- [环境变量清单](https://docs.gitea.io/en-us/specific-variables/)
+
+**注：** 必须完全重启 Gitea 以使配置生效。
+
+## 使用自定义 /robots.txt
+
+将 [想要展示的内容](http://www.robotstxt.org/) 存放在 `custom` 目录中的
+`robots.txt` 文件来让 Gitea 使用自定义的`/robots.txt` （默认：空 404）。
+
+## 使用自定义的公共文件
+
+将自定义的公共文件（比如页面和图片）作为 webroot 放在 `custom/public/` 中来让 Gitea 提供这些自定义内容（符号链接将被追踪）。
+
+举例说明：`image.png` 存放在 `custom/public/`中，那么它可以通过链接 http://gitea.domain.tld/image.png 访问。
+
+## 修改默认头像
+
+替换以下目录中的 png 图片： `custom/public/img/avatar\_default.png`
+
+## 自定义 Gitea 页面
+
+您可以改变 Gitea `custom/templates` 的每个单页面。您可以在 Gitea 源码的 `templates` 目录中找到用于覆盖的模板文件，应用将根据
+`custom/templates` 目录下的路径结构进行匹配和覆盖。
+
+包含在 `{{` 和 `}}` 中的任何语句都是 Gitea 的模板语法，如果您不完全理解这些组件，不建议您对它们进行修改。
+
+### 添加链接和页签
+
+如果您只是想添加额外的链接到顶部导航栏或额外的选项卡到存储库视图，您可以将它们放在您 `custom/templates/custom/` 目录下的 `extra_links.tmpl` 和 `extra_tabs.tmpl` 文件中。
+
+举例说明：假设您需要在网站放置一个静态的“关于”页面，您只需将该页面放在您的
+"custom/public/"目录下（比如 `custom/public/impressum.html`）并且将它与 `custom/templates/custom/extra_links.tmpl` 链接起来即可。
+
+这个链接应当使用一个名为“item”的 class 来匹配当前样式，您可以使用 `{{AppSubUrl}}` 来获取 base URL:
+`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+
+同理，您可以将页签添加到 `extra_tabs.tmpl` 中，使用同样的方式来添加页签。它的具体样式需要与
+`templates/repo/header.tmpl` 中已有的其他选项卡的样式匹配
+([source in GitHub](https://github.com/go-gitea/gitea/blob/master/templates/repo/header.tmpl))
+
+### 页面的其他新增内容
+
+除了 `extra_links.tmpl` 和 `extra_tabs.tmpl`，您可以在您的 `custom/templates/custom/` 目录中存放一些其他有用的模板，例如：
+
+- `header.tmpl`，在 `<head>` 标记结束之前的模板，例如添加自定义CSS文件
+- `body_outer_pre.tmpl`，在 `<body>` 标记开始处的模板
+- `body_inner_pre.tmpl`，在顶部导航栏之前，但在主 container 内部的模板，例如添加一个 `<div class="full height">`
+- `body_inner_post.tmpl`，在主 container 结束处的模板
+- `body_outer_post.tmpl`，在底部 `<footer>` 元素之前.
+- `footer.tmpl`，在 `<body>` 标签结束处的模板，可以在这里填写一些附加的 Javascript 脚本。
+
+## 自定义 gitignores，labels， licenses， locales 以及 readmes
+
+将自定义文件放在 `custom/options` 下相应子的文件夹中即可
+
+## 更改 Gitea 外观
+
+Gitea 目前由两种内置主题，分别为默认 `gitea` 主题和深色主题 `arc-green`，您可以通过修改
+`app.ini` [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。
--- a/docs/content/doc/advanced/external-renderers.en-us.md
+++ b/docs/content/doc/advanced/external-renderers.en-us.md
@@ -0,0 +1,71 @@
+---
+date: "2018-11-23:00:00+02:00"
+title: "External renderers"
+slug: "external-renderers"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "External renderers"
+    weight: 40
+    identifier: "external-renderers"
+---
+
+# Custom files rendering configuration
+
+Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries, 
+it is just a matter of:
+
+* installing external binaries
+* add some configuration to your `app.ini` file
+* restart your Gitea instance
+
+## Installing external binaries
+
+In order to get file rendering through external binaries, their associated packages must be installed. 
+If you're using a Docker image, your `Dockerfile` should contain something along this lines:
+
+```
+FROM gitea/gitea:{{< version >}}
+[...]
+
+COPY custom/app.ini /data/gitea/conf/app.ini
+[...]
+
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng python-dev py-pip python3-dev py3-pip py3-zmq
+# install any other package you need for your external renderers
+
+RUN pip3 install --upgrade pip
+RUN pip3 install -U setuptools
+RUN pip3 install jupyter matplotlib docutils 
+# add above any other python package you may need to install
+```
+
+## `app.ini` file configuration
+
+add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
+
+```
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor --out-file=- -"
+; Input is not a standard input but a file
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdout --to html --template basic "
+IS_INPUT_FILE = true
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = rst2html.py
+IS_INPUT_FILE = false
+```
+
+Once your configuration changes have been made, restart Gitea to have changes take effect.
--- a/docs/content/doc/advanced/hacking-on-gitea.en-us.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.en-us.md
@@ -0,0 +1,289 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "Hacking on Gitea"
+slug: "hacking-on-gitea"
+weight: 10
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Hacking on Gitea"
+    weight: 10
+    identifier: "hacking-on-gitea"
+---
+
+# Hacking on Gitea
+
+## Installing go and setting the GOPATH
+
+You should [install go](https://golang.org/doc/install) and set up your go
+environment correctly. In particular, it is recommended to set the `$GOPATH`
+environment variable and to add the go bin directory or directories
+`${GOPATH//://bin:}/bin` to the `$PATH`. See the Go wiki entry for
+[GOPATH](https://github.com/golang/go/wiki/GOPATH).
+
+You will also need make.
+<a href='{{< relref "doc/advanced/make.en-us.md" >}}'>(See here how to get Make)</a>
+
+**Note**: When executing make tasks that require external tools, like
+`make misspell-check`, Gitea will automatically download and build these as
+necessary. To be able to use these you must have the `"$GOPATH"/bin` directory
+on the executable path. If you don't add the go bin directory to the
+executable path you will have to manage this yourself.
+
+**Note 2**: Go version 1.11 or higher is required; however, it is important
+to note that our continuous integration will check that the formatting of the
+source code is not changed by `gofmt` using `make fmt-check`. Unfortunately,
+the results of `gofmt` can differ by the version of `go`. It is therefore
+recommended to install the version of go that our continuous integration is
+running. At the time of writing this is Go version 1.12; however, this can be
+checked by looking at the
+[master `.drone.yml`](https://github.com/go-gitea/gitea/blob/master/.drone.yml)
+(At the time of writing
+[line 67](https://github.com/go-gitea/gitea/blob/8917d66571a95f3da232a0c27bc1300210d10fde/.drone.yml#L67)
+is the relevant line - but this may change.)
+
+## Downloading and cloning the Gitea source code
+
+Go is quite opinionated about where it expects its source code, and simply
+cloning the Gitea repository to an arbitrary path is likely to lead to
+problems - the fixing of which is out of scope for this document. Further, some
+internal packages are referenced using their respective GitHub URL and at
+present we use `vendor/` directories.
+
+The recommended method of obtaining the source code is by using the `go get` command:
+
+```bash
+go get -d code.gitea.io/gitea
+cd "$GOPATH/src/code.gitea.io/gitea"
+```
+
+This will clone the Gitea source code to: `"$GOPATH/src/code.gitea.io/gitea"`, or if `$GOPATH`
+is not set `"$HOME/go/src/code.gitea.io/gitea"`.
+
+## Forking Gitea
+
+As stated above, you cannot clone Gitea to an arbitrary path. Download the master Gitea source
+code as above. Then, fork the [Gitea repository](https://github.com/go-gitea/gitea) on GitHub,
+and either switch the git remote origin for your fork or add your fork as another remote:
+
+```bash
+# Rename original Gitea origin to upstream
+cd "$GOPATH/src/code.gitea.io/gitea"
+git remote rename origin upstream
+git remote add origin "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+or:
+
+```bash
+# Add new remote for our fork
+cd "$GOPATH/src/code.gitea.io/gitea"
+git remote add "$FORK_NAME" "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+To be able to create pull requests, the forked repository should be added as a remote
+to the Gitea sources. Otherwise, changes can't be pushed.
+
+## Building Gitea (Basic)
+
+Take a look at our
+<a href='{{< relref "doc/installation/from-source.en-us.md" >}}'>instructions</a>
+for <a href='{{< relref "doc/installation/from-source.en-us.md" >}}'>building
+from source</a>.
+
+The simplest recommended way to build from source is:
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make generate build
+```
+
+However, there are a number of additional make tasks you should be aware of.
+These are documented below but you can look at our
+[`Makefile`](https://github.com/go-gitea/gitea/blob/master/Makefile) for more,
+and look at our
+[`.drone.yml`](https://github.com/go-gitea/gitea/blob/master/.drone.yml) to see
+how our continuous integration works.
+
+### Formatting, code analysis and spell check
+
+Our continous integration will reject PRs that are not properly formatted, fail
+code analysis or spell check.
+
+You should format your code with `go fmt` using:
+
+```bash
+make fmt
+```
+
+and can test whether your changes would match the results with:
+
+```bash
+make fmt-check # which runs make fmt internally
+```
+
+**Note**: The results of `go fmt` are dependent on the version of `go` present.
+You should run the same version of go that is on the continuous integration
+server as mentioned above. `make fmt-check` will only check if your `go` would
+format differently - this may be different from the CI server version.
+
+You should run revive, vet and spell-check on the code with:
+
+```bash
+make revive vet misspell-check
+```
+
+### Updating CSS
+
+To generate the CSS, you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our CSS. Do **not** edit the files in `public/css` directly, as they are generated from `lessc` from the files in `public/less`.
+
+Edit files in `public/less`, run the linter, regenerate the CSS and commit all changed files:
+
+```bash
+make css
+```
+
+### Updating JS
+
+To run the JavaScript linter you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. Edit files in `public/js` and run the linter:
+
+```bash
+make js
+```
+
+### Updating the API
+
+When creating new API routes or modifying existing API routes, you **MUST**
+update and/or create [Swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
+documentation for these using [go-swagger](https://goswagger.io/) comments.
+The structure of these comments is described in the [specification](https://goswagger.io/use/spec.html#annotation-syntax).
+If you want more information about the Swagger structure, you can look at the
+[Swagger 2.0 Documentation](https://swagger.io/docs/specification/2-0/basic-structure/)
+or compare with a previous PR adding a new API endpoint, e.g. [PR #5483](https://github.com/go-gitea/gitea/pull/5843/files#diff-2e0a7b644cf31e1c8ef7d76b444fe3aaR20)
+
+You should be careful not to break the API for downstream users which depend
+on a stable API. In general, this means additions are acceptable, but deletions
+or fundamental changes to the API will be rejected.
+
+Once you have created or changed an API endpoint, please regenerate the Swagger
+documentation using:
+
+```bash
+make generate-swagger
+```
+
+You should validate your generated Swagger file and spell-check it with:
+
+```bash
+make swagger-validate misspell-check
+```
+
+You should commit the changed swagger JSON file. The continous integration
+server will check that this has been done using:
+
+```bash
+make swagger-check
+```
+
+**Note**: Please note you should use the Swagger 2.0 documentation, not the
+OpenAPI 3 documentation.
+
+### Creating new configuration options
+
+When creating new configuration options, it is not enough to add them to the
+`modules/setting` files. You should add information to `custom/conf/app.ini`
+and to the
+<a href='{{< relref "doc/advanced/config-cheat-sheet.en-us.md" >}}'>configuration cheat sheet</a>
+found in `docs/content/doc/advanced/config-cheat-sheet.en-us.md`
+
+### Changing the logo
+
+When changing the Gitea logo SVG, you will need to run and commit the results
+of:
+
+```bash
+make generate-images
+```
+
+This will create the necessary Gitea favicon and others.
+
+### Database Migrations
+
+If you make breaking changes to any of the database persisted structs in the
+`models/` directory, you will need to make a new migration. These can be found
+in `models/migrations/`. You can ensure that your migrations work for the main
+database types using:
+
+```bash
+make test-sqlite-migration # with sqlite switched for the appropriate database
+```
+
+## Testing
+
+There are two types of test run by Gitea: Unit tests and Integration Tests.
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make test # Runs the unit tests
+```
+
+Unit tests will not and cannot completely test Gitea alone. Therefore, we
+have written integration tests; however, these are database dependent.
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make generate build test-sqlite
+```
+
+will run the integration tests in an sqlite environment. Other database tests
+are available but may need adjustment to the local environment.
+
+Look at
+[`integrations/README.md`](https://github.com/go-gitea/gitea/blob/master/integrations/README.md)
+for more information and how to run a single test.
+
+Our continuous integration will test the code passes its unit tests and that
+all supported databases will pass integration test in a Docker environment.
+Migration from several recent versions of Gitea will also be tested.
+
+Please submit your PR with additional tests and integration tests as
+appropriate.
+
+## Documentation for the website
+
+Documentation for the website is found in `docs/`. If you change this you
+can test your changes to ensure that they pass continuous integration using:
+
+```bash
+cd "$GOPATH/src/code.gitea.io/gitea/docs"
+make trans-copy clean build
+```
+
+You will require a copy of [Hugo](https://gohugo.io/) to run this task. Please
+note: this may generate a number of untracked git objects, which will need to
+be cleaned up.
+
+## Visual Studio Code
+
+A `launch.json` and `tasks.json` are provided within `contrib/ide/vscode` for
+Visual Studio Code. Look at
+[`contrib/ide/README.md`](https://github.com/go-gitea/gitea/blob/master/contrib/ide/README.md)
+for more information.
+
+## Submitting PRs
+
+Once you're happy with your changes, push them up and open a pull request. It
+is recommended that you allow Gitea Managers and Owners to modify your PR
+branches as we will need to update it to master before merging and/or may be
+able to help fix issues directly.
+
+Any PR requires two approvals from the Gitea maintainers and needs to pass the
+continous integration. Take a look at our
+[`CONTRIBUTING.md`](https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md)
+document.
+
+If you need more help pop on to [Discord](https://discord.gg/gitea) #Develop
+and chat there.
+
+That's it! You are ready to hack on Gitea.
--- a/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
@@ -0,0 +1,43 @@
+---
+date: "2016-12-01T16:00:00+02:00"
+title: "加入 Gitea 开源"
+slug: "hacking-on-gitea"
+weight: 10
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "加入 Gitea 开源"
+    weight: 10
+    identifier: "hacking-on-gitea"
+---
+
+# Hacking on Gitea
+
+首先你需要一些运行环境，这和 [从源代码安装]({{< relref "from-source.zh-cn.md" >}}) 相同，如果你还没有设置好，可以先阅读那个章节。
+
+如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea 使用 Govendor
+来管理依赖，因此所有依赖项都被工具自动 copy 在 vendor 子目录下。用下面的命令来下载源码：
+
+```
+go get -d code.gitea.io/gitea
+```
+
+然后你可以在 Github 上 fork [Gitea 项目](https://github.com/go-gitea/gitea)，之后可以通过下面的命令进入源码目录：
+
+```
+cd $GOPATH/src/code.gitea.io/gitea
+```
+
+要创建 pull requests 你还需要在源码中新增一个 remote 指向你 Fork 的地址，直接推送到 origin 的话会告诉你没有写权限：
+
+```
+git remote rename origin upstream
+git remote add origin git@github.com:<USERNAME>/gitea.git
+git fetch --all --prune
+```
+
+然后你就可以开始开发了。你可以看一下 `Makefile` 的内容。`make test` 可以运行测试程序， `make build` 将生成一个 `gitea` 可运行文件在根目录。如果你的提交比较复杂，尽量多写一些单元测试代码。
+
+好了，到这里你已经设置好了所有的开发 Gitea 所需的环境。欢迎成为 Gitea 的 Contributor。
--- a/Show More
+++ b/Show More