Add changelog for v1.17.2 (#21089 )

Co-authored-by: John Olheiser <john+github@jolheiser.com> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Fix sub folder in repository missing add file dropdown (#21069 ) (#21083 )
2025-08-13 22:12:03 +02:00 · 2022-09-06 17:32:20 -04:00 · 2022-09-06 09:42:05 +01:00 · 2022-09-06 07:54:47 +01:00 · 2022-09-06 06:48:57 +08:00 · 2022-09-04 12:17:48 -04:00
3695 changed files with 53601 additions and 107199 deletions
--- a/.air.toml
+++ b/.air.toml
@@ -5,6 +5,6 @@ tmp_dir = ".air"
 cmd = "make backend"
 bin = "gitea"
 include_ext = ["go", "tmpl"]
-exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata", "models/fixtures", "models/migrations/fixtures", "modules/migration/file_format_testdata", "modules/avatar/identicon/testdata"]
-include_dir = ["cmd", "models", "modules", "options", "routers", "services"]
-exclude_regex = ["_test.go$", "_gen.go$"]
+exclude_dir = ["modules/git/tests", "services/gitdiff/testdata", "modules/avatar/testdata"]
+include_dir = ["cmd", "models", "modules", "options", "routers", "services", "templates"]
+exclude_regex = ["_test.go$"]
--- a/.changelog.yml
+++ b/.changelog.yml
@@ -1,3 +1,6 @@
+# config for changelog tool
+# source: https://gitea.com/gitea/changelog
+
 # The full repository name
 repo: go-gitea/gitea

@@ -18,6 +21,10 @@ groups:
    name: SECURITY
    labels:
      - kind/security
+  -
+    name: FEDERATION
+    labels:
+      - theme/federation
  -
    name: FEATURES
    labels:
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,114 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# IntelliJ
-.idea
-# Goland's output filename can not be set manually
-/go_build_*
-
-# MS VSCode
-.vscode
-__debug_bin
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-
-*coverage.out
-coverage.all
-cpu.out
-
-/modules/migration/bindata.go
-/modules/migration/bindata.go.hash
-/modules/options/bindata.go
-/modules/options/bindata.go.hash
-/modules/public/bindata.go
-/modules/public/bindata.go.hash
-/modules/templates/bindata.go
-/modules/templates/bindata.go.hash
-
-*.db
-*.log
-
-/gitea
-/gitea-vet
-/debug
-/integrations.test
-
-/bin
-/dist
-/custom/*
-!/custom/conf
-/custom/conf/*
-!/custom/conf/app.example.ini
-/data
-/indexers
-/log
-/public/img/avatar
-/tests/integration/gitea-integration-*
-/tests/integration/indexers-*
-/tests/e2e/gitea-e2e-*
-/tests/e2e/indexers-*
-/tests/e2e/reports
-/tests/e2e/test-artifacts
-/tests/e2e/test-snapshots
-/tests/*.ini
-/node_modules
-/yarn.lock
-/yarn-error.log
-/npm-debug.log*
-/public/js
-/public/serviceworker.js
-/public/css
-/public/fonts
-/public/img/webpack
-/vendor
-/web_src/fomantic/node_modules
-/web_src/fomantic/build/*
-!/web_src/fomantic/build/semantic.js
-!/web_src/fomantic/build/semantic.css
-!/web_src/fomantic/build/themes
-/web_src/fomantic/build/themes/*
-!/web_src/fomantic/build/themes/default
-/web_src/fomantic/build/themes/default/assets/*
-!/web_src/fomantic/build/themes/default/assets/fonts
-/web_src/fomantic/build/themes/default/assets/fonts/*
-!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
-!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
-/VERSION
-/.air
-/.go-licenses
-
-# Snapcraft
-snap/.snapcraft/
-parts/
-stage/
-prime/
-*.snap
-*.snap-build
-*_source.tar.bz2
-.DS_Store
-
-# Make evidence files
-/.make_evidence
-
-# Manpage
-/man
--- a/.drone.yml
+++ b/.drone.yml
@@ -12,9 +12,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -22,13 +19,13 @@ volumes:

 steps:
  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -37,7 +34,7 @@ steps:
        path: /go

  - name: lint-frontend
-    image: node:18
+    image: node:16
    commands:
      - make lint-frontend
    depends_on: [deps-frontend]
@@ -85,36 +82,37 @@ steps:
        path: /go

  - name: checks-frontend
-    image: node:18
+    image: node:16
    commands:
      - make checks-frontend
    depends_on: [deps-frontend]

  - name: checks-backend
-    image: golang:1.20
+    image: golang:1.18
    commands:
-      - make --always-make checks-backend # ensure the 'go-licenses' make target runs
+      - make checks-backend
    depends_on: [deps-backend]
    volumes:
      - name: deps
        path: /go

  - name: test-frontend
-    image: node:18
+    image: node:16
    commands:
      - make test-frontend
    depends_on: [lint-frontend]

  - name: build-frontend
-    image: node:18
+    image: node:16
    commands:
      - make frontend
-    depends_on: [deps-frontend]
+    depends_on: [test-frontend]

  - name: build-backend-no-gcc
-    image: golang:1.19 # this step is kept as the lowest version of golang that we support
+    image: golang:1.18 # this step is kept as the lowest version of golang that we support
    pull: always
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
    commands:
      - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
@@ -124,8 +122,9 @@ steps:
        path: /go

  - name: build-backend-arm64
-    image: golang:1.20
+    image: golang:1.18
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: arm64
@@ -139,8 +138,9 @@ steps:
        path: /go

  - name: build-backend-windows
-    image: golang:1.20
+    image: golang:1.18
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: windows
      GOARCH: amd64
@@ -153,8 +153,9 @@ steps:
        path: /go

  - name: build-backend-386
-    image: golang:1.20
+    image: golang:1.18
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: 386
@@ -182,9 +183,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -232,10 +230,6 @@ services:
      MINIO_ACCESS_KEY: 123456
      MINIO_SECRET_KEY: 12345678

-  - name: smtpimap
-    image: tabascoterrier/docker-imap-devel:latest
-    pull: always
-
 steps:
  - name: fetch-tags
    image: docker:git
@@ -249,7 +243,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -366,7 +360,7 @@ steps:
        path: /go

  - name: generate-coverage
-    image: golang:1.20
+    image: golang:1.18
    commands:
      - make coverage
    environment:
@@ -412,9 +406,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -445,7 +436,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -507,81 +498,6 @@ steps:
      - name: deps
        path: /go

---
-kind: pipeline
-type: docker
-name: testing-e2e
-
-platform:
-  os: linux
-  arch: amd64
-
-depends_on:
-  - compliance
-
-trigger:
-  event:
-    - pull_request
-  paths:
-    exclude:
-      - docs/**
-
-volumes:
-  - name: deps
-    temp: {}
-
-services:
-  - name: pgsql
-    pull: default
-    image: postgres:10
-    environment:
-      POSTGRES_DB: testgitea-e2e
-      POSTGRES_PASSWORD: postgres
-      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
-
-steps:
-  - name: deps-frontend
-    image: node:18
-    pull: always
-    commands:
-      - make deps-frontend
-
-  - name: build-frontend
-    image: node:18
-    commands:
-      - make frontend
-    depends_on: [deps-frontend]
-
-  - name: deps-backend
-    image: golang:1.18
-    pull: always
-    commands:
-      - make deps-backend
-    volumes:
-      - name: deps
-        path: /go
-
-  # TODO: We should probably build all dependencies into a test image
-  - name: test-e2e
-    image: mcr.microsoft.com/playwright:v1.29.2-focal
-    commands:
-      - curl -sLO https://go.dev/dl/go1.20.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.20.linux-amd64.tar.gz
-      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
-      - apt-get -qq update && apt-get -qqy install build-essential
-      - export TEST_PGSQL_SCHEMA=''
-      - ./build/test-env-prepare.sh
-      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
-    environment:
-      GOPROXY: https://goproxy.io
-      GOSUMDB: sum.golang.org
-      USE_REPO_TEST_DIR: 1
-      TEST_PGSQL_DBNAME: 'testgitea-e2e'
-      DEBIAN_FRONTEND: noninteractive
-    depends_on: [build-frontend, deps-backend]
-    volumes:
-      - name: deps
-        path: /go
-
 ---
 kind: pipeline
 name: update_translations
@@ -612,7 +528,7 @@ steps:
        from_secret: crowdin_key

  - name: update
-    image: alpine:3.17
+    image: alpine:3.13
    pull: always
    commands:
      - ./build/update-locales.sh
@@ -628,8 +544,6 @@ steps:
      commit_message: "[skip ci] Updated translations via Crowdin"
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
-      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
-      DRONE_COMMIT_AUTHOR: GiteaBot
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

@@ -664,7 +578,7 @@ trigger:

 steps:
  - name: download
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore
@@ -674,14 +588,12 @@ steps:
    pull: always
    settings:
      author_email: "teabot@gitea.io"
-      author_name: "GiteaBot"
+      author_name: GiteaBot
      branch: main
      commit: true
-      commit_message: "[skip ci] Updated licenses and gitignores"
+      commit_message: "[skip ci] Updated licenses and gitignores "
      remote: "git@github.com:go-gitea/gitea.git"
    environment:
-      DRONE_COMMIT_AUTHOR_EMAIL: "teabot@gitea.io"
-      DRONE_COMMIT_AUTHOR: "GiteaBot"
      GIT_PUSH_SSH_KEY:
        from_secret: git_push_ssh_key

@@ -704,9 +616,6 @@ trigger:
    - "release/*"
  event:
    - push
-  paths:
-    exclude:
-      - docs/**

 depends_on:
  - testing-amd64
@@ -725,13 +634,13 @@ steps:
      - git fetch --tags --force

  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -740,17 +649,15 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
-      DEBIAN_FRONTEND: noninteractive
    volumes:
      - name: deps
        path: /go
@@ -774,16 +681,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_BRANCH##release/v}"
@@ -801,16 +702,10 @@ steps:
  - name: release-main
    image: woodpeckerci/plugin-s3:latest
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: /gitea/main
@@ -858,13 +753,13 @@ steps:
      - git fetch --tags --force

  - name: deps-frontend
-    image: node:18
+    image: node:16
    pull: always
    commands:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.18
    pull: always
    commands:
      - make deps-backend
@@ -873,17 +768,15 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.18.x
    pull: always
    commands:
-      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
-      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get -qqy install nodejs
+      - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
      - export PATH=$PATH:$GOPATH/bin
      - make release
    environment:
      GOPROXY: https://goproxy.io # proxy.golang.org is blocked in China, this proxy is not
      TAGS: bindata sqlite sqlite_unlock_notify
-      DEBIAN_FRONTEND: noninteractive
    depends_on: [fetch-tags]
    volumes:
      - name: deps
@@ -909,16 +802,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_TAG##v}"
@@ -958,14 +845,13 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    include:
-      - docs/**

 steps:
  - name: build-docs
-    image: golang:1.20
+    image: plugins/hugo:latest
+    pull: always
    commands:
+      - apk add --no-cache make bash curl
      - cd docs
      - make trans-copy clean build

@@ -999,10 +885,7 @@ depends_on:

 trigger:
  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
+  - "refs/tags/**"
  event:
    exclude:
    - cron
@@ -1050,68 +933,6 @@ steps:
      event:
        exclude:
        - pull_request
---
-
-kind: pipeline
-type: docker
-name: docker-linux-amd64-release-candidate-version
-
-platform:
-  os: linux
-  arch: amd64
-
-depends_on:
-  - testing-amd64
-  - testing-arm64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  event:
-    exclude:
-    - cron
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git config --global --add safe.directory /drone/src
-      - git fetch --tags --force
-
-  - name: publish
-    image: techknowlogick/drone-docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-amd64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    when:
-      event:
-        exclude:
-        - pull_request
-
-  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-amd64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    when:
-      event:
-        exclude:
-        - pull_request

 ---
 kind: pipeline
@@ -1255,9 +1076,6 @@ depends_on:
 trigger:
  ref:
  - "refs/pull/**"
-  paths:
-    exclude:
-      - docs/**

 steps:
  - name: dryrun
@@ -1291,10 +1109,7 @@ depends_on:

 trigger:
  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
+  - "refs/tags/**"
  event:
    exclude:
    - cron
@@ -1343,68 +1158,6 @@ steps:
        exclude:
        - pull_request

---
-kind: pipeline
-type: docker
-name: docker-linux-arm64-release-candidate-version
-
-platform:
-  os: linux
-  arch: arm64
-
-depends_on:
-  - testing-amd64
-  - testing-arm64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  event:
-    exclude:
-    - cron
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git config --global --add safe.directory /drone/src
-      - git fetch --tags --force
-
-  - name: publish
-    image: techknowlogick/drone-docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-arm64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    when:
-      event:
-        exclude:
-        - pull_request
-
-  - name: publish-rootless
-    image: techknowlogick/drone-docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-arm64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    when:
-      event:
-        exclude:
-        - pull_request
-
 ---
 kind: pipeline
 type: docker
@@ -1574,9 +1327,7 @@ trigger:

 depends_on:
  - docker-linux-amd64-release-version
-  - docker-linux-amd64-release-candidate-version
  - docker-linux-arm64-release-version
-  - docker-linux-arm64-release-candidate-version

 ---
 kind: pipeline
@@ -1658,8 +1409,6 @@ depends_on:
  - docker-linux-arm64-release
  - docker-linux-amd64-release-version
  - docker-linux-arm64-release-version
-  - docker-linux-amd64-release-candidate-version
-  - docker-linux-arm64-release-candidate-version
  - docker-linux-amd64-release-branch
  - docker-linux-arm64-release-branch
  - docker-manifest
--- a/.editorconfig
+++ b/.editorconfig
@@ -26,3 +26,6 @@ indent_style = tab

 [*.svg]
 insert_final_newline = false
+
+[*.md]
+trim_trailing_whitespace = false
--- a/.eslintrc.yaml
+++ b/.eslintrc.yaml
@@ -11,8 +11,12 @@ parserOptions:
 plugins:
  - eslint-plugin-unicorn
  - eslint-plugin-import
+  - eslint-plugin-vue
+  - eslint-plugin-html
  - eslint-plugin-jquery
-  - eslint-plugin-sonarjs
+
+extends:
+  - plugin:vue/recommended

 env:
  es2022: true
@@ -21,20 +25,30 @@ env:
 globals:
  __webpack_public_path__: true

+settings:
+  html/html-extensions: [".tmpl"]
+
 overrides:
-  - files: ["web_src/**/*.js", "docs/**/*.js"]
+  - files: ["web_src/**/*.js", "web_src/**/*.vue", "templates/**/*.tmpl"]
    env:
      browser: true
      node: false
+  - files: ["templates/**/*.tmpl"]
+    rules:
+      no-tabs: [0]
+      indent: [2, tab, {SwitchCase: 1}]
  - files: ["web_src/**/*worker.js"]
    env:
      worker: true
    rules:
-      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
+      no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, status, statusbar, stop, toolbar, top]
  - files: ["build/generate-images.js"]
    rules:
      import/no-unresolved: [0]
      import/no-extraneous-dependencies: [0]
+  - files: ["*.test.js"]
+    env:
+      jest: true
  - files: ["*.config.js"]
    rules:
      import/no-unused-modules: [0]
@@ -43,7 +57,7 @@ rules:
  accessor-pairs: [2]
  array-bracket-newline: [0]
  array-bracket-spacing: [2, never]
-  array-callback-return: [2, {checkForEach: true}]
+  array-callback-return: [0]
  array-element-newline: [0]
  arrow-body-style: [0]
  arrow-parens: [2, always]
@@ -84,7 +98,6 @@ rules:
  id-length: [0]
  id-match: [0]
  implicit-arrow-linebreak: [0]
-  import/consistent-type-specifier-style: [0]
  import/default: [0]
  import/dynamic-import-chunkname: [0]
  import/export: [2]
@@ -104,11 +117,10 @@ rules:
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
-  import/no-empty-named-blocks: [2]
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
-  import/no-mutable-exports: [0]
+  import/no-mutable-exports: [2]
  import/no-named-as-default-member: [0]
  import/no-named-as-default: [2]
  import/no-named-default: [0]
@@ -120,7 +132,7 @@ rules:
  import/no-restricted-paths: [0]
  import/no-self-import: [2]
  import/no-unassigned-import: [0]
-  import/no-unresolved: [2, {commonjs: true, ignore: ["\\?.+$"]}]
+  import/no-unresolved: [2, {commonjs: true}]
  import/no-unused-modules: [2, {unusedExports: true}]
  import/no-useless-path-segments: [2, {commonjs: true}]
  import/no-webpack-loader-syntax: [2]
@@ -149,7 +161,7 @@ rules:
  jquery/no-global-eval: [2]
  jquery/no-grep: [2]
  jquery/no-has: [2]
-  jquery/no-hide: [2]
+  jquery/no-hide: [0]
  jquery/no-html: [0]
  jquery/no-in-array: [2]
  jquery/no-is-array: [2]
@@ -166,13 +178,13 @@ rules:
  jquery/no-proxy: [2]
  jquery/no-ready: [0]
  jquery/no-serialize: [2]
-  jquery/no-show: [2]
+  jquery/no-show: [0]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
-  jquery/no-toggle: [2]
+  jquery/no-toggle: [0]
  jquery/no-trigger: [0]
  jquery/no-trim: [2]
  jquery/no-val: [0]
@@ -184,7 +196,6 @@ rules:
  linebreak-style: [2, unix]
  lines-around-comment: [0]
  lines-between-class-members: [0]
-  logical-assignment-operators: [0]
  max-classes-per-file: [0]
  max-depth: [0]
  max-len: [0]
@@ -201,7 +212,7 @@ rules:
  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
-  no-async-promise-executor: [0]
+  no-async-promise-executor: [2]
  no-await-in-loop: [0]
  no-bitwise: [0]
  no-buffer-constructor: [0]
@@ -211,7 +222,7 @@ rules:
  no-compare-neg-zero: [2]
  no-cond-assign: [2, except-parens]
  no-confusing-arrow: [0]
-  no-console: [1, {allow: [debug, info, warn, error]}]
+  no-console: [1, {allow: [info, warn, error]}]
  no-const-assign: [2]
  no-constant-binary-expression: [2]
  no-constant-condition: [0]
@@ -231,7 +242,6 @@ rules:
  no-empty-character-class: [2]
  no-empty-function: [0]
  no-empty-pattern: [2]
-  no-empty-static-block: [2]
  no-empty: [2, {allowEmptyCatch: true}]
  no-eq-null: [2]
  no-eval: [2]
@@ -246,7 +256,7 @@ rules:
  no-floating-decimal: [0]
  no-func-assign: [2]
  no-global-assign: [2]
-  no-implicit-coercion: [2]
+  no-implicit-coercion: [0]
  no-implicit-globals: [0]
  no-implied-eval: [2]
  no-import-assign: [2]
@@ -257,7 +267,7 @@ rules:
  no-irregular-whitespace: [2]
  no-iterator: [2]
  no-label-var: [2]
-  no-labels: [0] # handled by no-restricted-syntax
+  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
@@ -272,7 +282,6 @@ rules:
  no-negated-condition: [0]
  no-nested-ternary: [0]
  no-new-func: [2]
-  no-new-native-nonconstructor: [2]
  no-new-object: [2]
  no-new-symbol: [2]
  no-new-wrappers: [2]
@@ -289,7 +298,7 @@ rules:
  no-redeclare: [2]
  no-regex-spaces: [2]
  no-restricted-exports: [0]
-  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top, __dirname, __filename]
+  no-restricted-globals: [2, addEventListener, blur, close, closed, confirm, defaultStatus, defaultstatus, error, event, external, find, focus, frameElement, frames, history, innerHeight, innerWidth, isFinite, isNaN, length, location, locationbar, menubar, moveBy, moveTo, name, onblur, onerror, onfocus, onload, onresize, onunload, open, opener, opera, outerHeight, outerWidth, pageXOffset, pageYOffset, parent, print, removeEventListener, resizeBy, resizeTo, screen, screenLeft, screenTop, screenX, screenY, scroll, scrollbars, scrollBy, scrollTo, scrollX, scrollY, self, status, statusbar, stop, toolbar, top]
  no-restricted-imports: [0]
  no-restricted-syntax: [2, WithStatement, ForInStatement, LabeledStatement]
  no-return-assign: [0]
@@ -323,8 +332,8 @@ rules:
  no-unused-labels: [2]
  no-unused-private-class-members: [2]
  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, caughtErrorsIgnorePattern: ^_, destructuredArrayIgnorePattern: ^_, ignoreRestSiblings: false}]
-  no-use-before-define: [2, {functions: false, classes: true, variables: true, allowNamedExports: true}]
-  no-useless-backreference: [2]
+  no-use-before-define: [2, nofunc]
+  no-useless-backreference: [0]
  no-useless-call: [2]
  no-useless-catch: [2]
  no-useless-computed-key: [2]
@@ -337,7 +346,7 @@ rules:
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
-  no-with: [0] # handled by no-restricted-syntax
+  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
@@ -349,13 +358,13 @@ rules:
  padded-blocks: [2, never]
  padding-line-between-statements: [0]
  prefer-arrow-callback: [2, {allowNamedFunctions: true, allowUnboundThis: true}]
-  prefer-const: [2, {destructuring: all, ignoreReadBeforeAssign: true}]
+  prefer-const: [2, {destructuring: all}]
  prefer-destructuring: [0]
  prefer-exponentiation-operator: [2]
  prefer-named-capture-group: [0]
  prefer-numeric-literals: [2]
  prefer-object-has-own: [0]
-  prefer-object-spread: [2]
+  prefer-object-spread: [0]
  prefer-promise-reject-errors: [2, {allowEmptyReject: false}]
  prefer-regex-literals: [2]
  prefer-rest-params: [2]
@@ -372,38 +381,6 @@ rules:
  semi-spacing: [2, {before: false, after: true}]
  semi-style: [2, last]
  semi: [2, always, {omitLastInOneLineBlock: true}]
-  sonarjs/cognitive-complexity: [0]
-  sonarjs/elseif-without-else: [0]
-  sonarjs/max-switch-cases: [0]
-  sonarjs/no-all-duplicated-branches: [2]
-  sonarjs/no-collapsible-if: [0]
-  sonarjs/no-collection-size-mischeck: [2]
-  sonarjs/no-duplicate-string: [0]
-  sonarjs/no-duplicated-branches: [0]
-  sonarjs/no-element-overwrite: [2]
-  sonarjs/no-empty-collection: [2]
-  sonarjs/no-extra-arguments: [2]
-  sonarjs/no-gratuitous-expressions: [2]
-  sonarjs/no-identical-conditions: [2]
-  sonarjs/no-identical-expressions: [2]
-  sonarjs/no-identical-functions: [2, 5]
-  sonarjs/no-ignored-return: [2]
-  sonarjs/no-inverted-boolean-check: [2]
-  sonarjs/no-nested-switch: [0]
-  sonarjs/no-nested-template-literals: [0]
-  sonarjs/no-one-iteration-loop: [2]
-  sonarjs/no-redundant-boolean: [2]
-  sonarjs/no-redundant-jump: [0]
-  sonarjs/no-same-line-conditional: [2]
-  sonarjs/no-small-switch: [0]
-  sonarjs/no-unused-collection: [2]
-  sonarjs/no-use-of-empty-return-value: [2]
-  sonarjs/no-useless-catch: [2]
-  sonarjs/non-existent-operator: [2]
-  sonarjs/prefer-immediate-return: [0]
-  sonarjs/prefer-object-literal: [0]
-  sonarjs/prefer-single-boolean-return: [0]
-  sonarjs/prefer-while: [2]
  sort-imports: [0]
  sort-keys: [0]
  sort-vars: [0]
@@ -447,19 +424,16 @@ rules:
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
-  unicorn/no-negated-condition: [0]
  unicorn/no-nested-ternary: [0]
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
  unicorn/no-null: [0]
-  unicorn/no-object-as-default-parameter: [0]
+  unicorn/no-object-as-default-parameter: [2]
  unicorn/no-process-exit: [0]
  unicorn/no-reduce: [2]
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
-  unicorn/no-typeof-undefined: [2]
-  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
  unicorn/no-unsafe-regex: [0]
@@ -480,16 +454,14 @@ rules:
  unicorn/prefer-array-index-of: [2]
  unicorn/prefer-array-some: [2]
  unicorn/prefer-at: [0]
-  unicorn/prefer-code-point: [0]
+  unicorn/prefer-code-point: [2]
  unicorn/prefer-dataset: [2]
  unicorn/prefer-date-now: [2]
  unicorn/prefer-default-parameters: [0]
  unicorn/prefer-event-key: [2]
-  unicorn/prefer-event-target: [2]
  unicorn/prefer-export-from: [2]
  unicorn/prefer-includes: [2]
  unicorn/prefer-json-parse-buffer: [0]
-  unicorn/prefer-logical-operator-over-ternary: [2]
  unicorn/prefer-math-trunc: [2]
  unicorn/prefer-modern-dom-apis: [0]
  unicorn/prefer-modern-math-apis: [2]
@@ -497,7 +469,7 @@ rules:
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
-  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-node-protocol: [0]
  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
@@ -509,7 +481,6 @@ rules:
  unicorn/prefer-regexp-test: [2]
  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
-  unicorn/prefer-set-size: [2]
  unicorn/prefer-spread: [0]
  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
@@ -525,13 +496,17 @@ rules:
  unicorn/require-number-to-fixed-digits-argument: [2]
  unicorn/require-post-message-target-origin: [0]
  unicorn/string-content: [0]
-  unicorn/switch-case-braces: [0]
  unicorn/template-indent: [2]
  unicorn/text-encoding-identifier-case: [0]
  unicorn/throw-new-error: [2]
  use-isnan: [2]
  valid-typeof: [2, {requireStringLiterals: true}]
  vars-on-top: [0]
+  vue/attributes-order: [0]
+  vue/component-definition-name-casing: [0]
+  vue/html-closing-bracket-spacing: [0]
+  vue/max-attributes-per-line: [0]
+  vue/one-component-per-file: [0]
  wrap-iife: [2, inside]
  wrap-regex: [0]
  yield-star-spacing: [2, after]
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,6 +1,7 @@
 * text=auto eol=lf
 *.tmpl linguist-language=Handlebars
-/assets/*.json linguist-generated
+/.eslintrc linguist-language=YAML
+/.stylelintrc linguist-language=YAML
 /public/vendor/** -text -eol linguist-vendored
 /vendor/** -text -eol linguist-vendored
 /web_src/fomantic/build/** linguist-generated
--- a/.github/pull_request_template.md
+++ b/.github/pull_request_template.md
@@ -1,9 +1,9 @@
-<!-- start tips --> 
+<!--
+
 Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
+
+1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+3. Describe what your pull request does and which issue you're targeting (if any)
+
+-->  
--- a/.gitignore
+++ b/.gitignore
@@ -63,14 +63,21 @@ cpu.out
 /indexers
 /log
 /public/img/avatar
-/tests/integration/gitea-integration-*
-/tests/integration/indexers-*
-/tests/e2e/gitea-e2e-*
-/tests/e2e/indexers-*
-/tests/e2e/reports
-/tests/e2e/test-artifacts
-/tests/e2e/test-snapshots
-/tests/*.ini
+/integrations/gitea-integration-mysql
+/integrations/gitea-integration-mysql8
+/integrations/gitea-integration-pgsql
+/integrations/gitea-integration-sqlite
+/integrations/gitea-integration-mssql
+/integrations/indexers-mysql
+/integrations/indexers-mysql8
+/integrations/indexers-pgsql
+/integrations/indexers-sqlite
+/integrations/indexers-mssql
+/integrations/sqlite.ini
+/integrations/mysql.ini
+/integrations/mysql8.ini
+/integrations/pgsql.ini
+/integrations/mssql.ini
 /node_modules
 /yarn.lock
 /yarn-error.log
@@ -95,7 +102,6 @@ cpu.out
 !/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
 /VERSION
 /.air
-/.go-licenses

 # Snapcraft
 snap/.snapcraft/
--- a/.gitpod.yml
+++ b/.gitpod.yml
@@ -1,44 +0,0 @@
-tasks:
-  - name: Setup
-    init: |
-      cp -r contrib/ide/vscode .vscode
-      make deps
-      make build
-    command: |
-      gp sync-done setup
-      exit 0
-  - name: Run backend
-    command: |
-      gp sync-await setup
-      mkdir -p custom/conf/
-      echo -e "[server]\nROOT_URL=$(gp url 3000)/" > custom/conf/app.ini
-      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
-      export TAGS="sqlite sqlite_unlock_notify"
-      make watch-backend
-  - name: Run frontend
-    command: |
-      gp sync-await setup
-      make watch-frontend
-    openMode: split-right
-  - name: Run docs
-    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
-    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
-    openMode: split-right
-
-vscode:
-  extensions:
-    - editorconfig.editorconfig
-    - dbaeumer.vscode-eslint
-    - golang.go
-    - stylelint.vscode-stylelint
-    - DavidAnson.vscode-markdownlint
-    - johnsoncodehk.volar
-    - ms-azuretools.vscode-docker
-    - zixuanchen.vitest-explorer
-    - alexcvzz.vscode-sqlite
-
-ports:
-  - name: Gitea
-    port: 3000
-  - name: Docs
-    port: 1313
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -1,34 +1,30 @@
 linters:
  enable:
-    - bidichk
-    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - depguard
-    - dupl
-    - errcheck
-    - gocritic
-    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
-    - gofmt
-    - gofumpt
    - gosimple
-    - govet
-    - ineffassign
-    - nakedret
-    - nolintlint
-    - revive
-    - staticcheck
-    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - stylecheck
+    - deadcode
    - typecheck
-    - unconvert
+    - govet
+    - errcheck
+    - staticcheck
    - unused
-    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    # - wastedassign # disabled - https://github.com/golangci/golangci-lint/issues/2649
+    - structcheck
+    - varcheck
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - misspell
+    - gocritic
+    - bidichk
+    - ineffassign
+    - revive
+    - gofumpt
+    - depguard
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: "1.20"
+  go: 1.18
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -36,10 +32,6 @@ run:
    - web_src

 linters-settings:
-  stylecheck:
-    checks: ["all", "-ST1005", "-ST1003"]
-  nakedret:
-    max-func-lines: 0
  gocritic:
    disabled-checks:
      - ifElseChain
@@ -74,21 +66,17 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.20"
+    lang-version: "1.18"
  depguard:
+    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
    # Check the list against standard lib.
    include-go-root: true
    packages-with-error-message:
      - encoding/json: "use gitea's modules/json instead of encoding/json"
      - github.com/unknwon/com: "use gitea's util and replacements"
-      - io/ioutil: "use os or io instead"
-      - golang.org/x/exp: "it's experimental and unreliable."
-      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"

 issues:
-  max-issues-per-linter: 0
-  max-same-issues: 0
  exclude-rules:
    # Exclude some linters from running on tests files.
    - path: _test\.go
@@ -149,6 +137,9 @@ issues:
    - path: models/issue_comment_list.go
      linters:
        - dupl
+    - linters:
+        - misspell
+      text: '`Unknwon` is a misspelling of `Unknown`'
    - path: models/update.go
      linters:
        - unused
@@ -171,7 +162,3 @@ issues:
    - path: models/user/openid.go
      linters:
        - golint
-    - path: models/user/badge.go
-      linters:
-        - revive
-      text: "exported: type name will be used as user.UserBadge by other packages, and that stutters; consider calling this Badge"
--- a/.markdownlint.yaml
+++ b/.markdownlint.yaml
@@ -1,18 +0,0 @@
-commands-show-output: false
-fenced-code-language: false
-first-line-h1: false
-header-increment: false
-line-length: {code_blocks: false, tables: false, stern: true, line_length: -1}
-no-alt-text: false
-no-bare-urls: false
-no-blanks-blockquote: false
-no-duplicate-header: {allow_different_nesting: true}
-no-emphasis-as-header: false
-no-empty-links: false
-no-hard-tabs: {code_blocks: false}
-no-inline-html: false
-no-space-in-code: false
-no-space-in-emphasis: false
-no-trailing-punctuation: false
-no-trailing-spaces: {br_spaces: 0}
-single-h1: false
--- a/.spectral.yaml
+++ b/.spectral.yaml
@@ -1,12 +0,0 @@
-extends: [[spectral:oas, all]]
-
-rules:
-  info-contact: off
-  oas2-api-host: off
-  oas2-parameter-description: off
-  oas2-schema: off
-  oas2-valid-schema-example: off
-  openapi-tags: off
-  operation-description: off
-  operation-singular-tag: off
-  operation-tag-defined: off
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -0,0 +1,32 @@
+extends: stylelint-config-standard
+
+overrides:
+  - files: ["**/*.less"]
+    customSyntax: postcss-less
+
+rules:
+  alpha-value-notation: null
+  at-rule-empty-line-before: null
+  block-closing-brace-empty-line-before: null
+  color-function-notation: null
+  color-hex-length: null
+  comment-empty-line-before: null
+  declaration-block-no-redundant-longhand-properties: null
+  declaration-block-single-line-max-declarations: null
+  declaration-empty-line-before: null
+  function-no-unknown: null
+  hue-degree-notation: null
+  indentation: 2
+  max-line-length: null
+  no-descending-specificity: null
+  no-invalid-position-at-import-rule: null
+  number-leading-zero: never
+  number-max-precision: null
+  property-no-vendor-prefix: null
+  rule-empty-line-before: null
+  selector-class-pattern: null
+  selector-id-pattern: null
+  selector-pseudo-element-colon-notation: double
+  shorthand-property-no-redundant-values: true
+  string-quotes: null
+  value-no-vendor-prefix: null
--- a/.stylelintrc.yaml
+++ b/.stylelintrc.yaml
@@ -1,133 +0,0 @@
-plugins:
-  - stylelint-declaration-strict-value
-
-overrides:
-  - files: ["**/*.less"]
-    customSyntax: postcss-less
-  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
-    rules:
-      scale-unlimited/declaration-strict-value: null
-
-rules:
-  alpha-value-notation: null
-  annotation-no-unknown: true
-  at-rule-allowed-list: null
-  at-rule-disallowed-list: null
-  at-rule-empty-line-before: null
-  at-rule-no-unknown: true
-  at-rule-no-vendor-prefix: true
-  at-rule-property-required-list: null
-  block-no-empty: true
-  color-function-notation: null
-  color-hex-alpha: null
-  color-hex-length: null
-  color-named: null
-  color-no-hex: null
-  color-no-invalid-hex: true
-  comment-empty-line-before: null
-  comment-no-empty: true
-  comment-pattern: null
-  comment-whitespace-inside: null
-  comment-word-disallowed-list: null
-  custom-media-pattern: null
-  custom-property-empty-line-before: null
-  custom-property-no-missing-var-function: true
-  custom-property-pattern: null
-  declaration-block-no-duplicate-custom-properties: true
-  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
-  declaration-block-no-redundant-longhand-properties: null
-  declaration-block-no-shorthand-property-overrides: null
-  declaration-block-single-line-max-declarations: null
-  declaration-empty-line-before: null
-  declaration-no-important: null
-  declaration-property-max-values: null
-  declaration-property-unit-allowed-list: null
-  declaration-property-unit-disallowed-list: null
-  declaration-property-value-allowed-list: null
-  declaration-property-value-disallowed-list: null
-  declaration-property-value-no-unknown: true
-  font-family-name-quotes: always-where-recommended
-  font-family-no-duplicate-names: true
-  font-family-no-missing-generic-family-keyword: true
-  font-weight-notation: null
-  function-allowed-list: null
-  function-calc-no-unspaced-operator: true
-  function-disallowed-list: null
-  function-linear-gradient-no-nonstandard-direction: true
-  function-name-case: lower
-  function-no-unknown: null
-  function-url-no-scheme-relative: null
-  function-url-quotes: always
-  function-url-scheme-allowed-list: null
-  function-url-scheme-disallowed-list: null
-  hue-degree-notation: null
-  import-notation: string
-  keyframe-block-no-duplicate-selectors: true
-  keyframe-declaration-no-important: true
-  keyframe-selector-notation: null
-  keyframes-name-pattern: null
-  length-zero-no-unit: true
-  max-nesting-depth: null
-  media-feature-name-allowed-list: null
-  media-feature-name-disallowed-list: null
-  media-feature-name-no-unknown: true
-  media-feature-name-no-vendor-prefix: true
-  media-feature-name-unit-allowed-list: null
-  media-feature-name-value-allowed-list: null
-  media-feature-range-notation: null
-  named-grid-areas-no-invalid: true
-  no-descending-specificity: null
-  no-duplicate-at-import-rules: true
-  no-duplicate-selectors: true
-  no-empty-source: true
-  no-invalid-double-slash-comments: true
-  no-invalid-position-at-import-rule: null
-  no-irregular-whitespace: true
-  no-unknown-animations: null
-  number-max-precision: null
-  property-allowed-list: null
-  property-disallowed-list: null
-  property-no-unknown: true
-  property-no-vendor-prefix: null
-  rule-empty-line-before: null
-  rule-selector-property-disallowed-list: null
-  scale-unlimited/declaration-strict-value: [color, {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor)$/}]
-  selector-attribute-name-disallowed-list: null
-  selector-attribute-operator-allowed-list: null
-  selector-attribute-operator-disallowed-list: null
-  selector-attribute-quotes: always
-  selector-class-pattern: null
-  selector-combinator-allowed-list: null
-  selector-combinator-disallowed-list: null
-  selector-disallowed-list: null
-  selector-id-pattern: null
-  selector-max-attribute: null
-  selector-max-class: null
-  selector-max-combinators: null
-  selector-max-compound-selectors: null
-  selector-max-id: null
-  selector-max-pseudo-class: null
-  selector-max-specificity: null
-  selector-max-type: null
-  selector-max-universal: null
-  selector-nested-pattern: null
-  selector-no-qualifying-type: null
-  selector-no-vendor-prefix: true
-  selector-not-notation: null
-  selector-pseudo-class-allowed-list: null
-  selector-pseudo-class-disallowed-list: null
-  selector-pseudo-class-no-unknown: true
-  selector-pseudo-element-allowed-list: null
-  selector-pseudo-element-colon-notation: double
-  selector-pseudo-element-disallowed-list: null
-  selector-pseudo-element-no-unknown: true
-  selector-type-case: lower
-  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
-  shorthand-property-no-redundant-values: true
-  string-no-newline: true
-  time-min-milliseconds: null
-  unit-allowed-list: null
-  unit-disallowed-list: null
-  unit-no-unknown: true
-  value-keyword-case: null
-  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,402 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.18.5](https://github.com/go-gitea/gitea/releases/tag/v1.18.5) - 2023-02-21
-
-* ENHANCEMENTS
-  * Hide 2FA status from other members in organization members list (#22999) (#23023)
-* BUGFIXES
-  * Add force_merge to merge request and fix checking mergable (#23010) (#23032)
-  * Use `--message=%s` for git commit message (#23028) (#23029)
-  * Render access log template as text instead of HTML (#23013) (#23025)
-  * Fix the Manually Merged form (#23015) (#23017)
-  * Use beforeCommit instead of baseCommit (#22949) (#22996)
-  * Display attachments of review comment when comment content is blank (#23035) (#23046)
-  * Return empty url for submodule tree entries (#23043) (#23048)
-
-## [1.18.4](https://github.com/go-gitea/gitea/releases/tag/1.18.4) - 2023-02-20
-
-* SECURITY
-  * Provide the ability to set password hash algorithm parameters (#22942) (#22943)
-  * Add command to bulk set must-change-password (#22823) (#22928)
-* ENHANCEMENTS
-  * Use import of OCI structs (#22765) (#22805)
-  * Fix color of tertiary button on dark theme (#22739) (#22744)
-  * Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
-* BUGFIXES
-  * Notify on container image create (#22806) (#22965)
-  * Fix blame view missing lines (#22826) (#22929)
-  * Fix incorrect role labels for migrated issues and comments (#22914) (#22923)
-  * Fix PR file tree folders no longer collapsing (#22864) (#22872)
-  * Escape filename when assemble URL (#22850) (#22871)
-  * Fix isAllowed of escapeStreamer (#22814) (#22837)
-  * Load issue before accessing index in merge message (#22822) (#22830)
-  * Improve trace logging for pulls and processes (#22633) (#22812)
-  * Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794)
-  * Add default user visibility to cli command "admin user create" (#22750) (#22760)
-  * Escape path for the file list (#22741) (#22757)
-  * Fix bugs with WebAuthn preventing sign in and registration. (#22651) (#22721)
-  * Add missing close bracket in imagediff (#22710) (#22712)
-  * Move code comments to a standalone file and fix the bug when adding a reply to an outdated review appears to not post(#20821) (#22707)
-  * Fix line spacing for plaintext previews (#22699) (#22701)
-  * Fix wrong hint when deleting a branch successfully from pull request UI (#22673) (#22698)
-  * Fix README TOC links (#22577) (#22677)
-  * Fix missing message in git hook when pull requests disabled on fork (#22625) (#22658)
-  * Improve checkIfPRContentChanged (#22611) (#22644)
-  * Prevent duplicate labels when importing more than 99 (#22591) (#22598)
-  * Don't return duplicated users who can create org repo (#22560) (#22562)
-* BUILD
-  * Upgrade golangcilint to v1.51.0 (#22764)
-* MISC
-  * Use proxy for pull mirror (#22771) (#22772)
-  * Use `--index-url` in PyPi description (#22620) (#22636)
-
-## [1.18.3](https://github.com/go-gitea/gitea/releases/tag/v1.18.3) - 2023-01-23
-
-* SECURITY
-  * Prevent multiple `To` recipients (#22566) (#22569)
-* BUGFIXES
-  * Truncate commit summary on repo files table. (#22551) (#22552)
-  * Mute all links in issue timeline (#22534)
-
-## [1.18.2](https://github.com/go-gitea/gitea/releases/tag/v1.18.2) - 2023-01-19
-
-* BUGFIXES
-  * Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
-  * Fix invalid issue branch reference if not specified in template (#22513) (#22520)
-  * Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
-  * Reliable selection of admin user (#22509) (#22511)
-  * Set disable_gravatar/enable_federated_avatar when offline mode is true (#22479) (#22496)
-* BUILD
-  * cgo cross-compile for freebsd (#22397) (#22519)
-
-## [1.18.1](https://github.com/go-gitea/gitea/releases/tag/v1.18.1) - 2023-01-17
-
-* API
-  * Add `sync_on_commit` option for push mirrors api (#22271) (#22292)
-* BUGFIXES
-  * Update `github.com/zeripath/zapx/v15` (#22485)
-  * Fix pull request API field `closed_at` always being `null` (#22482) (#22483)
-  * Fix container blob mount (#22226) (#22476)
-  * Fix error when calculating repository size (#22392) (#22474)
-  * Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
-  * Fix environments for KaTeX and error reporting (#22453) (#22473)
-  * Remove the netgo tag for Windows build (#22467) (#22468)
-  * Fix migration from GitBucket (#22477) (#22465)
-  * Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
-  * Fix PR status layout on mobile (#21547) (#22441)
-  * Fix wechatwork webhook sends empty content in PR review (#21762) (#22440)
-  * Remove duplicate "Actions" label in mobile view (#21974) (#22439)
-  * Fix leaving organization bug on user settings -> orgs (#21983) (#22438)
-  * Fixed colour transparency regex matching in project board sorting (#22092) (#22437)
-  * Correctly handle select on multiple channels in Queues (#22146) (#22428)
-  * Prepend refs/heads/ to issue template refs (#20461) (#22427)
-  * Restore function to "Show more" buttons (#22399) (#22426)
-  * Continue GCing other repos on error in one repo (#22422) (#22425)
-  * Allow HOST has no port (#22280) (#22409)
-  * Fix omit avatar_url in discord payload when empty (#22393) (#22394)
-  * Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
-  * Don't lookup mail server when using sendmail (#22300) (#22383)
-  * Fix gravatar disable bug (#22337)
-  * Fix update settings table on install (#22326) (#22327)
-  * Fix sitemap (#22272) (#22320)
-  * Fix code search title translation (#22285) (#22316)
-  * Fix due date rendering the wrong date in issue (#22302) (#22306)
-  * Fix get system setting bug when enabled redis cache (#22298)
-  * Fix bug of DisableGravatar default value (#22297)
-  * Fix key signature error page (#22229) (#22230)
-* TESTING
-  * Remove test session cache to reduce possible concurrent problem (#22199) (#22429)
-* MISC
-  * Restore previous official review when an official review is deleted (#22449) (#22460)
-  * Log STDERR of external renderer when it fails (#22442) (#22444)
-
-## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/v1.18.0) - 2022-12-29
-
-* SECURITY
-  * Remove ReverseProxy authentication from the API (#22219) (#22251)
-  * Support Go Vulnerability Management (#21139)
-  * Forbid HTML string tooltips (#20935)
-* BREAKING
-  * Rework mailer settings (#18982)
-  * Remove U2F support (#20141)
-  * Refactor `i18n` to `locale` (#20153)
-  * Enable contenthash in filename for dynamic assets (#20813)
-* FEATURES
-  * Add color previews in markdown (#21474)
-  * Allow package version sorting (#21453)
-  * Add support for Chocolatey/NuGet v2 API (#21393)
-  * Add API endpoint to get changed files of a PR (#21177)
-  * Add filetree on left of diff view (#21012)
-  * Support Issue forms and PR forms (#20987)
-  * Add support for Vagrant packages (#20930)
-  * Add support for `npm unpublish` (#20688)
-  * Add badge capabilities to users (#20607)
-  * Add issue filter for Author (#20578)
-  * Add KaTeX rendering to Markdown. (#20571)
-  * Add support for Pub packages (#20560)
-  * Support localized README (#20508)
-  * Add support mCaptcha as captcha provider (#20458)
-  * Add team member invite by email (#20307)
-  * Added email notification option to receive all own messages (#20179)
-  * Switch Unicode Escaping to a VSCode-like system (#19990)
-  * Add user/organization code search (#19977)
-  * Only show relevant repositories on explore page (#19361)
-  * User keypairs and HTTP signatures for ActivityPub federation using go-ap (#19133)
-  * Add sitemap support (#18407)
-  * Allow creation of OAuth2 applications for orgs (#18084)
-  * Add system setting table with cache and also add cache supports for user setting (#18058)
-  * Add pages to view watched repos and subscribed issues/PRs (#17156)
-  * Support Proxy protocol (#12527)
-  * Implement sync push mirror on commit (#19411)
-* API
-  * Allow empty assignees on pull request edit (#22150) (#22214)
-  * Make external issue tracker regexp configurable via API (#21338)
-  * Add name field for org api (#21270)
-  * Show teams with no members if user is admin (#21204)
-  * Add latest commit's SHA to content response (#20398)
-  * Add allow_rebase_update, default_delete_branch_after_merge to repository api response (#20079)
-  * Add new endpoints for push mirrors management (#19841)
-* ENHANCEMENTS
-  * Add setting to disable the git apply step in test patch (#22130) (#22170)
-  * Multiple improvements for comment edit diff (#21990) (#22007)
-  * Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)
-  * Fix flex layout for repo list icons (#21896) (#21920)
-  * Fix vertical align of committer avatar rendered by email address (#21884) (#21918)
-  * Fix setting HTTP headers after write (#21833) (#21877)
-  * Color and Style enhancements (#21784, #21799) (#21868)
-  * Ignore line anchor links with leading zeroes (#21728) (#21776)
-  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
-  * Use CSS color-scheme instead of invert (#21616) (#21623)
-  * Respect user's locale when rendering the date range in the repo activity page (#21410)
-  * Change `commits-table` column width (#21564)
-  * Refactor git command arguments and make all arguments to be safe to be used (#21535)
-  * CSS color enhancements (#21534)
-  * Add link to user profile in markdown mention only if user exists (#21533, #21554)
-  * Add option to skip index dirs (#21501)
-  * Diff file tree tweaks (#21446)
-  * Localize all timestamps (#21440)
-  * Add `code` highlighting in issue titles (#21432)
-  * Use Name instead of DisplayName in LFS Lock (#21415)
-  * Consolidate more CSS colors into variables (#21402)
-  * Redirect to new repository owner (#21398)
-  * Use ISO date format instead of hard-coded English date format for date range in repo activity page (#21396)
-  * Use weighted algorithm for string matching when finding files in repo (#21370)
-  * Show private data in feeds (#21369)
-  * Refactor parseTreeEntries, speed up tree list (#21368)
-  * Add GET and DELETE endpoints for Docker blob uploads (#21367)
-  * Add nicer error handling on template compile errors (#21350)
-  * Add `stat` to `ToCommit` function for speed (#21337)
-  * Support instance-wide OAuth2 applications (#21335)
-  * Record OAuth client type at registration (#21316)
-  * Add new CSS variables --color-accent and --color-small-accent (#21305)
-  * Improve error descriptions for unauthorized_client (#21292)
-  * Case-insensitive "find files in repo" (#21269)
-  * Consolidate more CSS rules, fix inline code on arc-green (#21260)
-  * Log real ip of requests from ssh (#21216)
-  * Save files in local storage as group readable (#21198)
-  * Enable fluid page layout on medium size viewports (#21178)
-  * File header tweaks (#21175)
-  * Added missing headers on user packages page (#21172)
-  * Display image digest for container packages (#21170)
-  * Skip dirty check for team forms (#21154)
-  * Keep path when creating a new branch (#21153)
-  * Remove fomantic image module (#21145)
-  * Make labels clickable in the comments section. (#21137)
-  * Sort branches and tags by date descending (#21136)
-  * Better repo API unit checks (#21130)
-  * Improve commit status icons (#21124)
-  * Limit length of repo description and repo url input fields (#21119)
-  * Show .editorconfig errors in frontend (#21088)
-  * Allow poster to choose reviewers (#21084)
-  * Remove black labels and CSS cleanup (#21003)
-  * Make e-mail sanity check more precise (#20991)
-  * Use native inputs in whitespace dropdown (#20980)
-  * Enhance package date display (#20928)
-  * Display total blob size of a package version (#20927)
-  * Show language name on hover (#20923)
-  * Show instructions for all generic package files (#20917)
-  * Refactor AssertExistsAndLoadBean to use generics (#20797)
-  * Move the official website link at the footer of gitea (#20777)
-  * Add support for full name in reverse proxy auth (#20776)
-  * Remove useless JS operation for relative time tooltips (#20756)
-  * Replace some icons with SVG (#20741)
-  * Change commit status icons to SVG (#20736)
-  * Improve single repo action for issue and pull requests (#20730)
-  * Allow multiple files in generic packages (#20661)
-  * Add option to create new issue from /issues page (#20650)
-  * Background color of private list-items updated (#20630)
-  * Added search input field to issue filter (#20623)
-  * Increase default item listing size `ISSUE_PAGING_NUM` to 20 (#20547)
-  * Modify milestone search keywords to be case insensitive again (#20513)
-  * Show hint to link package to repo when viewing empty repo package list (#20504)
-  * Add Tar ZSTD support (#20493)
-  * Make code review checkboxes clickable (#20481)
-  * Add "X-Gitea-Object-Type" header for GET `/raw/` & `/media/` API (#20438)
-  * Display project in issue list (#20434)
-  * Prepend commit message to template content when opening a new PR (#20429)
-  * Replace fomantic popup module with tippy.js (#20428)
-  * Allow to specify colors for text in markup (#20363)
-  * Allow access to the Public Organization Member lists with minimal permissions (#20330)
-  * Use default values when provided values are empty (#20318)
-  * Vertical align navbar avatar at middle (#20302)
-  * Delete cancel button in repo creation page (#21381)
-  * Include login_name in adminCreateUser response (#20283)
-  * fix: icon margin in user/settings/repos (#20281)
-  * Remove blue text on migrate page (#20273)
-  * Modify milestone search keywords to be case insensitive (#20266)
-  * Move some files into models' sub packages (#20262)
-  * Add tooltip to repo icons in explore page (#20241)
-  * Remove deprecated licenses (#20222)
-  * Webhook for Wiki changes (#20219)
-  * Share HTML template renderers and create a watcher framework (#20218)
-  * Allow enable LDAP source and disable user sync via CLI (#20206)
-  * Adds a checkbox to select all issues/PRs (#20177)
-  * Refactor `i18n` to `locale` (#20153)
-  * Disable status checks in template if none found (#20088)
-  * Allow manager logging to set SQL (#20064)
-  * Add order by for assignee no sort issue (#20053)
-  * Take a stab at porting existing components to Vue3 (#20044)
-  * Add doctor command to write commit-graphs (#20007)
-  * Add support for authentication based on reverse proxy email (#19949)
-  * Enable spellcheck for EasyMDE, use contenteditable mode (#19776)
-  * Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
-  * Rework mailer settings (#18982)
-  * Add option to purge users (#18064)
-  * Add author search input (#21246)
-  * Make rss/atom identifier globally unique (#21550)
-* BUGFIXES
-  * Auth interface return error when verify failure (#22119) (#22259)
-  * Use complete SHA to create and query commit status (#22244) (#22257)
-  * Update bleve and zapx to fix unaligned atomic (#22031) (#22218)
-  * Prevent panic in doctor command when running default checks (#21791) (#21807)
-  * Load GitRepo in API before deleting issue (#21720) (#21796)
-  * Ignore line anchor links with leading zeroes (#21728) (#21776)
-  * Set last login when activating account (#21731) (#21755)
-  * Fix UI language switching bug (#21597) (#21749)
-  * Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
-  * Allow local package identifiers for PyPI packages (#21690) (#21727)
-  * Deal with markdown template without metadata (#21639) (#21654)
-  * Fix opaque background on mermaid diagrams (#21642) (#21652)
-  * Fix repository adoption on Windows (#21646) (#21650)
-  * Sync git hooks when config file path changed (#21619) (#21626)
-  * Fix 500 on PR files API (#21602) (#21607)
-  * Fix `Timestamp.IsZero` (#21593) (#21603)
-  * Fix viewing user subscriptions (#21482)
-  * Fix mermaid-related bugs (#21431)
-  * Fix branch dropdown shifting on page load (#21428)
-  * Fix default theme-auto selector when nologin (#21346)
-  * Fix and improve incorrect error messages (#21342)
-  * Fix formatted link for PR review notifications to matrix (#21319)
-  * Center-aligning content of WebAuthN page (#21127)
-  * Remove follow from commits by file (#20765)
-  * Fix commit status popup (#20737)
-  * Fix init mail render logic (#20704)
-  * Use correct page size for link header pagination (#20546)
-  * Preserve unix socket file (#20499)
-  * Use tippy.js for context popup (#20393)
-  * Add missing parameter for error in log message (#20144)
-  * Do not allow organisation owners add themselves as collaborator (#20043)
-  * Rework file highlight rendering and fix yaml copy-paste (#19967)
-  * Improve code diff highlight, fix incorrect rendered diff result (#19958)
-* TESTING
-  * Improve OAuth integration tests (#21390)
-  * Add playwright tests (#20123)
-* BUILD
-  * Switch to building with go1.19 (#20695)
-  * Update JS dependencies, adjust eslint (#20659)
-  * Add more linters to improve code readability (#19989)
-
-## [1.17.4](https://github.com/go-gitea/gitea/releases/tag/v1.17.4) - 2022-12-21
-
-* SECURITY
-  * Do not allow Ghost access to limited visible user/org (#21849) (#21875)
-  * Fix package access for admins and inactive users (#21580) (#21592)
-* ENHANCEMENTS
-  * Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)
-  * Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
-  * Fix setting HTTP headers after write (#21833) (#21874)
-  * Ignore line anchor links with leading zeroes (#21728) (#21777)
-  * Enable Monaco automaticLayout (#21516)
-* BUGFIXES
-  * Do not list active repositories as unadopted (#22034) (#22167)
-  * Correctly handle moved files in apply patch (#22118) (#22136)
-  * Fix condition for is_internal (#22095) (#22131)
-  * Fix permission check on issue/pull lock (#22114)
-  * Fix sorting admin user list by last login (#22081) (#22106)
-  * Workaround for container registry push/pull errors (#21862) (#22069)
-  * Fix issue/PR numbers (#22037) (#22045)
-  * Handle empty author names (#21902) (#22028)
-  * Fix ListBranches to handle empty case (#21921) (#22025)
-  * Fix enabling partial clones on 1.17 (#21809)
-  * Prevent panic in doctor command when running default checks (#21791) (#21808)
-  * Upgrade golang.org/x/crypto (#21792) (#21794)
-  * Init git module before database migration (#21764) (#21766)
-  * Set last login when activating account (#21731) (#21754)
-  * Add HEAD fix to gitea doctor (#21352) (#21751)
-  * Fix UI language switching bug (#21597) (#21748)
-  * Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21729)
-  * Allow local package identifiers for PyPI packages (#21690) (#21726)
-  * Fix repository adoption on Windows (#21646) (#21651)
-  * Sync git hooks when config file path changed (#21619) (#21625)
-  * Added check for disabled Packages (#21540) (#21614)
-  * Fix `Timestamp.IsZero` (#21593) (#21604)
-  * Fix issues count bug (#21600)
-  * Support binary deploy in npm packages (#21589)
-  * Update milestone counters when issue is deleted (#21459) (#21586)
-  * SessionUser protection against nil pointer dereference (#21581)
-  * Case-insensitive NuGet symbol file GUID (#21409) (#21575)
-  * Suppress `ExternalLoginUserNotExist` error (#21504) (#21572)
-  * Prevent Authorization header for presigned LFS urls (#21531) (#21569)
-  * Update binding to fix bugs (#21560)
-  * Fix generating compare link (#21519) (#21530)
-  * Ignore error when retrieving changed PR review files (#21487) (#21524)
-  * Fix incorrect notification commit url (#21479) (#21483)
-  * Display total commit count in hook message (#21400) (#21481)
-  * Enforce grouped NuGet search results (#21442) (#21480)
-  * Return 404 when user is not found on avatar (#21476) (#21477)
-  * Normalize NuGet package version on upload (#22186) (#22201)
-* MISC
-  * Check for zero time instant in TimeStamp.IsZero() (#22171) (#22173)
-  * Fix warn in database structs sync (#22111)
-  * Allow for resolution of NPM registry paths that match upstream (#21568) (#21723)
-
-## [1.17.3](https://github.com/go-gitea/gitea/releases/tag/v1.17.3) - 2022-10-15
-
-* SECURITY
-  * Sanitize and Escape refs in git backend (#21464) (#21463)
-  * Bump `golang.org/x/text` (#21412) (#21413)
-  * Update bluemonday (#21281) (#21287)
-* ENHANCEMENTS
-  * Fix empty container layer history and UI (#21251) (#21278)
-  * Use en-US as fallback when using other default language (#21200) (#21256)
-  * Make the vscode clone link respect transport protocol (#20557) (#21128)
-* BUGFIXES
-  * Do DB update after merge in hammer context (#21401) (#21416)
-  * Add Num{Issues,Pulls} stats checks (#21404) (#21414)
-  * Stop logging CheckPath returns error: context canceled (#21064) (#21405)
-  * Parse OAuth Authorization header when request omits client secret (#21351) (#21374)
-  * Ignore port for loopback redirect URIs (#21293) (#21373)
-  * Set SemverCompatible to false for Conan packages (#21275) (#21366)
-  * Tag list should include draft releases with existing tags (#21263) (#21365)
-  * Fix linked account translation (#21331) (#21334)
-  * Make NuGet service index publicly accessible (#21242) (#21277)
-  * Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)
-  * Use absolute links in feeds (#21229) (#21265)
-  * Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
-  * Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)
-  * Treat git object mode 40755 as directory (#21195) (#21218)
-  * Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
-  * Fix limited user cannot view himself's profile (#21212)
-  * Fix template bug of admin monitor (#21209)
-  * Fix reaction of issues (#21185) (#21196)
-  * Fix CSV diff for added/deleted files (#21189) (#21193)
-  * Fix pagination limit parameter problem (#21111)
-* TESTING
-  * Fix missing m.Run() in TestMain (#21341)
-* BUILD
-  * Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)
-
 ## [1.17.2](https://github.com/go-gitea/gitea/releases/tag/v1.17.2) - 2022-09-06

 * SECURITY
@@ -505,7 +109,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Change initial TrustModel to committer (#18335)
  * Update HTTP status codes (#18063)
  * Upgrade Alpine from 3.13 to 3.15 (#18050)
-  * Restrict email address validation (#17688)
+  * Restrict email address validation (#17688) 
  * Refactor Router Logger (#17308)
 * SECURITY
  * Use git.HOME_PATH for Git HOME directory (#20114) (#20293)
@@ -791,31 +395,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Prevent showing webauthn error for every time visiting `/user/settings/security` (#18385)
  * Use correct translation key for errors (#18342)

-## [1.16.9](https://github.com/go-gitea/gitea/releases/tag/v1.16.9) - 2022-07-12
-
-* SECURITY
-  * Add write check for creating Commit status (#20332) (#20334)
-  * Check for permission when fetching user controlled issues (#20133) (#20196)
-* BUGFIXES
-  * Hide notify mail setting ui if not enabled (#20138) (#20337)
-  * Add write check for creating Commit status (#20332) (#20334)
-  * Only show Followers that current user can access (#20220) (#20253)
-  * Release page show all tags in compare dropdown (#20070) (#20071)
-  * Fix permission check for delete tag (#19985) (#20001)
-  * Only log non ErrNotExist errors in git.GetNote  (#19884) (#19905)
-  * Use exact search instead of fuzzy search for branch filter dropdown (#19885) (#19893)
-  * Set Setpgid on child git processes (#19865) (#19881)
-  * Import git from alpine 3.16 repository as 2.30.4 is needed for `safe.directory = '*'` to work but alpine 3.13 has 2.30.3 (#19876)
-  * Ensure responses are context.ResponseWriters (#19843) (#19859)
-  * Fix incorrect usage of `Count` function (#19850)
-  * Fix raw endpoint PDF file headers (#19825) (#19826)
-  * Make WIP prefixes case insensitive, e.g. allow `Draft` as a WIP prefix (#19780) (#19811)
-  * Don't return 500 on NotificationUnreadCount (#19802)
-  * Prevent NPE when cache service is disabled (#19703) (#19783)
-  * Detect truncated utf-8 characters at the end of content as still representing utf-8 (#19773) (#19774)
-  * Fix doctor pq: syntax error at or near "." quote user table name (#19765) (#19770)
-  * Fix bug with assigneees (#19757)
-
 ## [1.16.8](https://github.com/go-gitea/gitea/releases/tag/v1.16.8) - 2022-05-16

 * ENHANCEMENTS
@@ -942,12 +521,12 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Don't show context cancelled errors in attribute reader (#19006) (#19027)
  * Fix update hint bug (#18996) (#19002)
 * MISC
-  * Fix potential assignee query for repo (#18994) (#18999)
+  *  Fix potential assignee query for repo (#18994) (#18999)

 ## [1.16.3](https://github.com/go-gitea/gitea/releases/tag/v1.16.3) - 2022-03-02

 * SECURITY
-  * Git backend ignore replace objects (#18979) (#18980)
+ * Git backend ignore replace objects (#18979) (#18980) 
 * ENHANCEMENTS
  * Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)
 * BUGFIXES
@@ -980,7 +559,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Immediately Hammer if second kill is sent (#18823) (#18826)
  * Allow mermaid render error to wrap (#18791)
 * BUGFIXES
-  * Fix ldap user sync missed email in email_address table (#18786) (#18876)
+  * Fix ldap user sync missed email in email_address table (#18786) (#18876) 
  * Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
  * Don't report signal: killed errors in serviceRPC (#18850) (#18865)
  * Fix bug where certain LDAP settings were reverted (#18859)
@@ -1479,7 +1058,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Fix SVG side by side comparison link (#17375) (#17391)

 ## [1.15.4](https://github.com/go-gitea/gitea/releases/tag/v1.15.4) - 2021-10-08
-
 * BUGFIXES
  * Raw file API: don't try to interpret 40char filenames as commit SHA (#17185) (#17272)
  * Don't allow merged PRs to be reopened (#17192) (#17271)
@@ -2126,7 +1704,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Add size to Save function (#15264) (#15270)
  * Monaco improvements (#15333) (#15345)
  * Support .mailmap in code activity stats (#15009)
-  * Sort release attachments by name (#15008)
+  * Sort release attachments by name (#15008)  
  * Add ui.explore settings to control view of explore pages (#14094)
  * Make internal SSH server host key path configurable (#14918)
  * Hide resync all ssh principals when using internal ssh server (#14904)
@@ -2421,7 +1999,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Return original URL of Repositories (#13885) (#13886)

 ## [1.13.0](https://github.com/go-gitea/gitea/releases/tag/v1.13.0) - 2020-12-01
-
 * SECURITY
  * Add Allow-/Block-List for Migrate & Mirrors (#13610) (#13776)
  * Prevent git operations for inactive users (#13527) (#13536)
@@ -3335,7 +2912,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Blacklist manifest.json & milestones user (#10292) (#10293)

 ## [1.11.0](https://github.com/go-gitea/gitea/releases/tag/v1.11.0) - 2020-02-10
-
 * BREAKING
  * Fix followers and following tabs in profile (#10202) (#10203)
  * Make CertFile and KeyFile relative to CustomPath (#9868) (#9874)
@@ -3788,7 +3364,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).

 This is a re-tag version of v1.10.5 and also explicitly built with Go 1.13.

-WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be used.
+WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should **not** be used.

 ## [1.10.5](https://github.com/go-gitea/gitea/releases/tag/v1.10.5) - 2020-03-06

@@ -3809,7 +3385,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Ensure that 2fa is checked on reset-password (#9857) (#9877)

 ## [1.10.3](https://github.com/go-gitea/gitea/releases/tag/v1.10.3) - 2020-01-17
-
 * SECURITY
  * Hide credentials when submitting migration (#9102) (#9704)
  * Never allow an empty password to validate (#9682) (#9684)
@@ -3828,7 +3403,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)

 ## [1.10.2](https://github.com/go-gitea/gitea/releases/tag/v1.10.2) - 2020-01-02
-
 * BUGFIXES
  * Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
  * Add ErrReactionAlreadyExist error (#9550) (#9564)
@@ -3849,7 +3423,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix File Edit: Author/Committer interchanged (#9297) (#9300)

 ## [1.10.1](https://github.com/go-gitea/gitea/releases/tag/v1.10.1) - 2019-12-05
-
 * BUGFIXES
  * Fix max length check and limit in multiple repo forms (#9148) (#9204)
  * Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
@@ -3871,7 +3444,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Shadow password correctly for session config (#8984) (#9002)

 ## [1.10.0](https://github.com/go-gitea/gitea/releases/tag/v1.10.0) - 2019-11-13
-
 * BREAKING
  * Fix deadline on update issue or PR via API (#8698)
  * Hide some user information via API if user doesn't have enough permission (#8655) (#8657)
@@ -4169,7 +3741,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix Statuses API only shows first 10 statuses: Add paging and extend API GetCommitStatuses (#7141)

 ## [1.9.6](https://github.com/go-gitea/gitea/releases/tag/v1.9.6) - 2019-11-13
-
 * BUGFIXES
  * Allow to merge if file path contains " or \ (#8629) (#8772)
  * Fix 500 when edit hook (#8782) (#8790)
@@ -4178,7 +3749,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Add Close() method to gogitRepository (#8901) (#8958)

 ## [1.9.5](https://github.com/go-gitea/gitea/releases/tag/v1.9.5) - 2019-10-30
-
 * BREAKING
  * Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
 * BUGFIXES
@@ -4203,7 +3773,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Update heatmap fixtures to restore tests (#8615) (#8617)

 ## [1.9.4](https://github.com/go-gitea/gitea/releases/tag/v1.9.4) - 2019-10-08
-
 * BUGFIXES
  * Highlight issue references (#8101) (#8404)
  * Fix bug when migrating a private repository #7917 (#8403)
@@ -4230,7 +3799,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Make show private icon when repo avatar set (#8144) (#8175)

 ## [1.9.3](https://github.com/go-gitea/gitea/releases/tag/v1.9.3) - 2019-09-06
-
 * BUGFIXES
  * Fix go get from a private repository with Go 1.13 (#8100)
  * Strict name matching for Repository.GetTagID() (#8082)
@@ -4246,7 +3814,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)

 ## [1.9.2](https://github.com/go-gitea/gitea/releases/tag/v1.9.2) - 2019-08-22
-
 * BUGFIXES
  * Fix wrong sender when send slack webhook (#7918) (#7924)
  * Upload support text/plain; charset=utf8 (#7899)
@@ -4261,7 +3828,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)

 ## [1.9.1](https://github.com/go-gitea/gitea/releases/tag/v1.9.1) - 2019-08-14
-
 * BREAKING
  * Add pagination for admin api get orgs and fix only list public orgs bug (#7742) (#7752)
 * SECURITY
@@ -4289,7 +3855,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Correct wrong datetime format for git (#7689) (#7690)

 ## [1.9.0](https://github.com/go-gitea/gitea/releases/tag/v1.9.0) - 2019-07-30
-
 * BREAKING
  * Better logging (#6038) (#6095)
 * SECURITY
@@ -4646,7 +4211,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Added docker example for backup (#5846)

 ## [1.8.3](https://github.com/go-gitea/gitea/releases/tag/v1.8.3) - 2019-06-17
-
 * BUGFIXES
  * Always set userID on LFS authentication (#7224) (Part of #6993)
  * Fix LFS Locks over SSH (#6999) (#7223)
@@ -4657,7 +4221,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix GCArgs load from ini (#7156) (#7157)

 ## [1.8.2](https://github.com/go-gitea/gitea/releases/tag/v1.8.2) - 2019-05-29
-
 * BUGFIXES
  * Fix possbile mysql invalid connnection error (#7051) (#7071)
  * Handle invalid administrator username on install page (#7060) (#7063)
@@ -4673,7 +4236,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix wrong init dependency on markup extensions (#7038) (#7074)

 ## [1.8.1](https://github.com/go-gitea/gitea/releases/tag/v1.8.1) - 2019-05-08
-
 * BUGFIXES
  * Fix 404 when sending pull requests in some situations (#6871) (#6873)
  * Enforce osusergo build tag for releases (#6862) (#6869)
@@ -4700,7 +4262,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix config ui error about cache ttl (#6861) (#6865)

 ## [1.8.0](https://github.com/go-gitea/gitea/releases/tag/v1.8.0) - 2019-04-20
-
 * SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
  * Resolve 2FA bypass on API (#6676) (#6674)
@@ -4935,21 +4496,18 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Migrate database if app.ini found (#5290)

 ## [1.7.6](https://github.com/go-gitea/gitea/releases/tag/v1.7.6) - 2019-04-12
-
 * SECURITY
  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
 * BUGFIXES
  * Allow resend of confirmation email when logged in (#6482) (#6487)

 ## [1.7.5](https://github.com/go-gitea/gitea/releases/tag/v1.7.5) - 2019-03-27
-
 * BUGFIXES
  * Fix unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
  * Fix bug where manifest.json was being requested without cookies and continuously creating new sessions (#6372) (#6383)
  * Fix ParsePatch function to work with quoted diff --git strings (#6323) (#6332)

 ## [1.7.4](https://github.com/go-gitea/gitea/releases/tag/v1.7.4) - 2019-03-12
-
 * SECURITY
  * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
 * BUGFIXES
@@ -4959,7 +4517,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix displaying dashboard even if required to change password (#6214) (#6215)

 ## [1.7.3](https://github.com/go-gitea/gitea/releases/tag/v1.7.3) - 2019-02-27
-
 * BUGFIXES
  * Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
  * Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
@@ -4974,7 +4531,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)

 ## [1.7.2](https://github.com/go-gitea/gitea/releases/tag/v1.7.2) - 2019-02-14
-
 * BUGFIXES
  * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
  * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
@@ -4991,7 +4547,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * In basic auth check for tokens before call UserSignIn (#5725) (#6083)

 ## [1.7.1](https://github.com/go-gitea/gitea/releases/tag/v1.7.1) - 2019-01-31
-
 * SECURITY
  * Disable redirect for i18n (#5910) (#5916)
  * Only allow local login if password is non-empty (#5906) (#5908)
@@ -5013,7 +4568,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Include Go toolchain to --version (#5832) (#5830)

 ## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
-
 * SECURITY
  * Do not display the raw OpenID error in the UI (#5705) (#5712)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
@@ -5170,21 +4724,18 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Only chown directories during docker setup if necessary. Fix #4425 (#5064)

 ## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
-
 * BUGFIX
  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)

 ## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
-
 * SECURITY
  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
 * BUGFIX
  * Fix wrong text getting saved on editing second comment on an issue (#5608)

 ## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
-
 * SECURITY
  * Sanitize uploaded file names (#5571) (#5573)
  * HTMLEncode user added text (#5570) (#5575)
@@ -5199,7 +4750,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix empty wiki (#5504) (#5508)

 ## [1.6.1](https://github.com/go-gitea/gitea/releases/tag/v1.6.1) - 2018-12-08
-
 * BUGFIXES
  * Fix dependent issue searching when gitea is run in subpath (#5392) (#5400)
  * API: '/orgs/:org/repos': return private repos with read access (#5393)
@@ -5210,7 +4760,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix topic name length on database (#5493) (#5495)

 ## [1.6.0](https://github.com/go-gitea/gitea/releases/tag/v1.6.0) - 2018-11-22
-
 * BREAKING
  * Respect email privacy option in user search via API (#4512)
  * Simply remove tidb and deps (#3993)
@@ -5364,12 +4913,10 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix translation (#4355)

 ## [1.5.3](https://github.com/go-gitea/gitea/releases/tag/v1.5.3) - 2018-10-31
-
 * SECURITY
  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)

 ## [1.5.2](https://github.com/go-gitea/gitea/releases/tag/v1.5.2) - 2018-10-09
-
 * SECURITY
  * Enforce token on api routes (#4840) (#4905)
 * BUGFIXES
@@ -5386,7 +4933,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix trimming of markup section names (#4864)

 ## [1.5.1](https://github.com/go-gitea/gitea/releases/tag/v1.5.1) - 2018-09-03
-
 * SECURITY
  * Don't disclose emails of all users when sending out emails (#4784)
  * Improve URL validation for external wiki and external issues (#4710) (#4740)
@@ -5401,7 +4947,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix incorrect caption of webhook setting (#4701) (#4718)

 ## [1.5.0](https://github.com/go-gitea/gitea/releases/tag/v1.5.0) - 2018-08-10
-
 * SECURITY
  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
@@ -5465,7 +5010,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Sign release binaries (#4188)

 ## [1.4.3](https://github.com/go-gitea/gitea/releases/tag/v1.4.3) - 2018-06-26
-
 * SECURITY
  * HTML-escape plain-text READMEs (#4192) (#4214)
  * Fix open redirect vulnerability on login screen (#4312) (#4312)
@@ -5478,7 +5022,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix webhook type conflation (#4285) (#4285)

 ## [1.4.2](https://github.com/go-gitea/gitea/releases/tag/v1.4.2) - 2018-06-04
-
 * BUGFIXES
  * Adjust z-index for floating labels (#3939) (#3950)
  * Add missing token validation on application settings page (#3976) #3978
@@ -5494,7 +5037,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Respository's home page not updated after first push (#4075)

 ## [1.4.1](https://github.com/go-gitea/gitea/releases/tag/v1.4.1) - 2018-05-03
-
 * BREAKING
  * Add "error" as reserved username (#3882) (#3886)
 * SECURITY
@@ -5512,7 +5054,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Show clipboard button if disable HTTP of git protocol (#3773) (#3774)

 ## [1.4.0](https://github.com/go-gitea/gitea/releases/tag/v1.4.0) - 2018-03-25
-
 * BREAKING
  * Drop deprecated GOGS\_WORK\_DIR use (#2946)
  * Fix API status code for hook creation (#2814)
@@ -5632,7 +5173,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Add owner to delete repo message (#2886)

 ## [1.3.1](https://github.com/go-gitea/gitea/releases/tag/v1.3.1) - 2017-12-08
-
 * BUGFIXES
  * Sanitize logs for mirror sync (#3057, #3082) (#3078)
  * Fix missing branch in release bug (#3108) (#3117)
@@ -5643,7 +5183,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix missing password length check when change password (#3039) (#3071)

 ## [1.3.0](https://github.com/go-gitea/gitea/releases/tag/v1.3.0) - 2017-11-29
-
 * BREAKING
  * Make URL scheme unambiguous (#2408)
 * FEATURES
@@ -5871,13 +5410,11 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Added vendor dir for js/css libs; Documented sources (#1484) (#2241)

 ## [1.2.3](https://github.com/go-gitea/gitea/releases/tag/v1.2.3) - 2017-11-03
-
 * BUGFIXES
  * Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
  * Fix order of comments (#2835) (#2839)

 ## [1.2.2](https://github.com/go-gitea/gitea/releases/tag/v1.2.2) - 2017-10-26
-
 * BUGFIXES
  * Add checks for commits with missing author and time (#2771) (#2785)
  * Fix sending mail with a non-latin display name (#2559) (#2783)
@@ -5886,7 +5423,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix emojify image URL (#2769) (#2773)

 ## [1.2.1](https://github.com/go-gitea/gitea/releases/tag/v1.2.1) - 2017-10-16
-
 * BUGFIXES
  * Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
  * Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
@@ -5895,7 +5431,6 @@ WARNING: v1.10.5 is incorrectly tagged targeting 1.12-dev and should __not__ be
  * Fix slice out of bounds error in mailer (#2479) (#2696)

 ## [1.2.0](https://github.com/go-gitea/gitea/releases/tag/v1.2.0) - 2017-10-10
-
 * SECURITY
  * Sanitation fix from Gogs (#1461)
 * BREAKING
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -81,15 +81,13 @@ Here's how to run the test suite:
 |``make lint-frontend`` | lint frontend files  |
 |``make lint-backend``  | lint backend files   |

- run test code (Suggest run in Linux)
+- run test code (Suggest run in Linux)  

 |                                        |                                                  |
 | :------------------------------------- | :----------------------------------------------- |
 |``make test[\#TestSpecificName]``       |  run unit test  |
-|``make test-sqlite[\#TestSpecificName]``|  run [integration](tests/integration) test for SQLite |
-|[More details about integration tests](tests/integration/README.md)  |
-|``make test-e2e-sqlite[\#TestSpecificFileName]``|  run [end-to-end](tests/e2e) test for SQLite |
-|[More details about e2e tests](tests/e2e/README.md)  |
+|``make test-sqlite[\#TestSpecificName]``|  run [integration](integrations) test for SQLite |  
+|[More details about integrations](integrations/README.md)  |

 ## Vendoring

@@ -129,14 +127,14 @@ the *[How to get faster PR reviews](https://github.com/kubernetes/community/blob
 it has lots of useful tips for any project you may want to contribute.
 Some of the key points:

- Make small pull requests. The smaller, the faster to review and the
+* Make small pull requests. The smaller, the faster to review and the
  more likely it will be merged soon.
- Don't make changes unrelated to your PR. Maybe there are typos on
+* Don't make changes unrelated to your PR. Maybe there are typos on
  some comments, maybe refactoring would be welcome on a function... but
  if that is not related to your PR, please make *another* PR for that.
- Split big pull requests into multiple small ones. An incremental change
+* Split big pull requests into multiple small ones. An incremental change
  will be faster to review than a huge PR.
- Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.
+* Use the first comment as a summary explainer of your PR and you should keep this up-to-date as the PR evolves.

 If your PR could cause a breaking change you must add a BREAKING section to this comment e.g.:

@@ -146,20 +144,9 @@ If your PR could cause a breaking change you must add a BREAKING section to this

 To explain how this could affect users and how to mitigate these changes.

-Once code review starts on your PR, do not rebase nor squash your branch as it makes it
-difficult to review the new changes. Only if there is a need, sync your branch by merging
-the base branch into yours. Don't worry about merge commits messing up your tree as
-the final merge process squashes all commits into one, with the visible commit message (first
-line) being the PR title + PR index and description being the PR's first comment.
-
-Once your PR gets the `lgtm/done` label, don't worry about keeping it up-to-date or breaking
-builds (unless there's a merge conflict or a request is made by a maintainer to make
-modifications). It is the maintainer team's responsibility from this point to get it merged.
-
 ## Styleguide

-For imports you should use the following format (*without* the comments)
-
+For imports you should use the following format (_without_ the comments)
 ```go
 import (
  // stdlib
@@ -180,36 +167,25 @@ import (

 To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The Gitea code is divided into the following parts:

+- **integration:** Integrations tests
 - **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependencies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
 - **models/fixtures:** Sample model data used in integration tests.
 - **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
- **modules:** Different modules to handle specific functionality in Gitea. Shall only depend on other modules but not other packages (models, services).
+- **modules:** Different modules to handle specific functionality in Gitea.
 - **public:** Frontend files (javascript, images, css, etc.)
- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers.
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
 - **services:** Support functions for common routing operations. Uses models and modules to handle the request.
 - **templates:** Golang templates for generating the html output.
- **tests/e2e:** End to end tests
- **tests/integration:** Integration tests
- **tests/gitea-repositories-meta:** Sample repos used in integration tests. Adding a new repo requires editing `models/fixtures/repositories.yml` and `models/fixtures/repo_unit.yml` to match.
- **tests/gitea-lfs-meta:** Sample LFS objects used in integration tests. Adding a new object requires editing `models/fixtures/lfs_meta_object.yml` to match.
 - **vendor:** External code that Gitea depends on.

-## Documentation
-
-If you add a new feature or change an existing aspect of Gitea, the documentation for that feature must be created or updated.
-
 ## API v1

 The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
-
-Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.
-
-If Gitea provides functionality that GitHub does not, a new endpoint can be created.
-
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
 If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.

 Updating an existing API should not remove existing fields unless there is a really good reason to do so.
-
 The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).

 All expected results (errors, success, fail messages) should be documented
@@ -218,33 +194,49 @@ All expected results (errors, success, fail messages) should be documented
 All JSON input types must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
 and referenced in
-[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).
-
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
 They can then be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).

 All JSON responses must be defined as a struct in [modules/structs/](modules/structs/)
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
 and referenced in its category in [routers/api/v1/swagger/](routers/api/v1/swagger/)
-([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))
-
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
 They can be used like the following:
 ([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))

 In general, HTTP methods are chosen as follows:
-
- **GET** endpoints return requested object and status **OK (200)**
- **DELETE** endpoints return status **No Content (204)**
- **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
- **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
- **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
+ * **GET** endpoints return requested object and status **OK (200)**
+ * **DELETE** endpoints return status **No Content (204)**
+ * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
+ * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Objects (e.g. User) to something (e.g. Org-Team)
+ * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object

 An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
-
 ### Endpoints returning lists should
+ * support pagination (`page` & `limit` options in query)
+ * set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))

- support pagination (`page` & `limit` options in query)
- set `X-Total-Count` header via **SetTotalCountHeader** ([example](https://github.com/go-gitea/gitea/blob/7aae98cc5d4113f1e9918b7ee7dd09f67c189e3e/routers/api/v1/repo/issue.go#L444))
+## Large Character Comments
+
+Throughout the codebase there are large-text comments for sections of code, e.g.:
+
+```go
+// __________            .__               
+// \______   \ _______  _|__| ______  _  __
+//  |       _// __ \  \/ /  |/ __ \ \/ \/ /
+//  |    |   \  ___/\   /|  \  ___/\     / 
+//  |____|_  /\___  >\_/ |__|\___  >\/\_/  
+//         \/     \/             \/        
+```
+
+These were created using the `figlet` tool with the `graffiti` font.
+
+A simple way of creating these is to use the following:
+
+```bash
+figlet -f graffiti Review | sed  -e's+^+// +' - | xclip -sel clip -in
+```

 ## Backports and Frontports

@@ -267,10 +259,26 @@ with the rest of the summary matching the original PR. Similarly for frontports

 ---

-A command to help create backports can be found in `contrib/backport` and can be installed (from inside the gitea repo root directory) using:
+The below is a script that may be helpful in creating backports. YMMV.

 ```bash
-go install contrib/backport/backport.go
+#!/bin/sh
+PR="$1"
+SHA="$2"
+VERSION="$3"
+
+if [ -z "$SHA" ]; then
+    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
+fi
+
+if [ -z "$VERSION" ]; then
+    VERSION="v1.16"
+fi
+
+echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
+
 ```

 ## Developer Certificate of Origin (DCO)
@@ -299,7 +307,9 @@ known as the release freeze. All the feature pull requests should be
 merged before feature freeze. And, during the frozen period, a corresponding
 release branch is open for fixes backported from main branch. Release candidates
 are made during this period for user testing to
-obtain a final version that is maintained in this branch.
+obtain a final version that is maintained in this branch. A release is
+maintained by issuing patch releases to only correct critical problems
+such as crashes or security issues.

 Major release cycles are seasonal. They always begin on the 25th and end on
 the 24th (i.e., the 25th of December to March 24th).
@@ -309,16 +319,6 @@ for the previous version. For example, if the latest, published release is
 v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
 still possible.

-The previous release gets fixes for:
-
- Security issues
- Critical bugs
- Regressions
- Build issues
- Necessary enhancements (including necessary UI/UX fixes)
-
-The backported fixes should avoid breaking downgrade between minor releases as much as possible.
-
 ## Maintainers

 To make sure every PR is checked, we have [team
@@ -368,35 +368,35 @@ and lead the development of Gitea.
 To honor the past owners, here's the history of the owners and the time
 they served:

- 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
-  - [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>
+* 2022-01-01 ~ 2022-12-31 - https://github.com/go-gitea/gitea/issues/17872
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+  * [Andrew Thornton](https://gitea.com/zeripath) <art27@cantab.net>

- 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+* 2021-01-01 ~ 2021-12-31 - https://github.com/go-gitea/gitea/issues/13801
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

- 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
-  - [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
+* 2020-01-01 ~ 2020-12-31 - https://github.com/go-gitea/gitea/issues/9230
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>

- 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+* 2019-01-01 ~ 2019-12-31 - https://github.com/go-gitea/gitea/issues/5572
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>

- 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+* 2018-01-01 ~ 2018-12-31 - https://github.com/go-gitea/gitea/issues/3255
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

- 2016-11-04 ~ 2017-12-31
-  - [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
-  - [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
-  - [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>
+* 2016-11-04 ~ 2017-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Thomas Boerger](https://github.com/tboerger) <thomas@webhippie.de>
+  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

 ## Versions

@@ -413,29 +413,29 @@ be reviewed by two maintainers and must pass the automatic tests.

 ## Releasing Gitea

- Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
- Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
- If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
-  - Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
-  - When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
- If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
- Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
- And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
- If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
- Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
- Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
-  - bump the version of https://dl.gitea.io/gitea/version.json
-  - merge the blog post PR
-  - announce the release in discord `#announcements`
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on Discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `main` with PRs with label `changelog` and after it has been merged do following steps:
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically create a release and upload all the compiled binary. (But currently it doesn't add the release notes automatically. Maybe we should fix that.)
+* If needed send a frontport PR for the changelog to branch `main` and update the version in `docs/config.yaml` to refer to the new version.
+* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
+* Verify all release assets were correctly published through CI on dl.gitea.io and GitHub releases. Once ACKed:
+  * bump the version of https://dl.gitea.io/gitea/version.json
+  * merge the blog post PR
+  * announce the release in discord `#announcements`

 ## Copyright

 Code that you contribute should use the standard copyright header:

 ```
-// Copyright <year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
 ```

 Files in the repository contain copyright from the year they are added
--- a/4
+++ b/4
@@ -2,6 +2,8 @@ Developer Certificate of Origin
 Version 1.1

 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA

 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
@@ -31,4 +33,4 @@ By making a contribution to this project, I certify that:
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+    this project or the open source license(s) involved.
--- a/6
+++ b/6
@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.20-alpine3.17 AS build-env
+FROM golang:1.18-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -64,7 +64,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
--- a/Dockerfile.rootless
+++ b/Dockerfile.rootless
@@ -1,5 +1,5 @@
 #Build stage
-FROM golang:1.20-alpine3.17 AS build-env
+FROM golang:1.18-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
@@ -31,7 +31,6 @@ EXPOSE 2222 3000
 RUN apk --no-cache add \
    bash \
    ca-certificates \
-    dumb-init \
    gettext \
    git \
    curl \
@@ -54,9 +53,7 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

 #git:git
 USER 1000:1000
@@ -65,12 +62,12 @@ ENV GITEA_CUSTOM /var/lib/gitea/custom
 ENV GITEA_TEMP /tmp/gitea
 ENV TMPDIR /tmp/gitea

-#TODO add to docs the ability to define the ini to load (useful to test and revert a config)
+#TODO add to docs the ability to define the ini to load (usefull to test and revert a config)
 ENV GITEA_APP_INI /etc/gitea/app.ini
 ENV HOME "/var/lib/gitea/git"
 VOLUME ["/var/lib/gitea", "/etc/gitea"]
 WORKDIR /var/lib/gitea

-ENTRYPOINT ["/usr/bin/dumb-init", "--", "/usr/local/bin/docker-entrypoint.sh"]
+ENTRYPOINT ["/usr/local/bin/docker-entrypoint.sh"]
 CMD []

--- a/9
+++ b/9
@@ -6,6 +6,7 @@ Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
 Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
+Morgan Bazalgette <the@howl.moe> (@thehowl)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@@ -43,10 +44,6 @@ Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
+Gusted <williamzijl7@hotmail.com) (@Gusted)
+silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
-Xinyu Zhou <i@sourcehut.net> (@xin-u)
-Jason Song <i@wolfogre.com> (@wolfogre)
-Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
-Yu Tian <zettat123@gmail.com> (@Zettat123)
-Eddie Yang <576951401@qq.com> (@yp05327)
-Dong Ge <gedong_1994@163.com> (@sillyguodong)
--- a/387
+++ b/387
@@ -17,25 +17,24 @@ else
 DIST := dist
 DIST_DIRS := $(DIST)/binaries $(DIST)/release
 IMPORT := code.gitea.io/gitea
+export GO111MODULE=on

 GO ?= go
 SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.20.x
+XGO_VERSION := go-1.18.x

-AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.6.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.2
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.4.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0
+AIR_PACKAGE ?= github.com/cosmtrek/air@v1.29.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.4.0
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.0
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.46.0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.3
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.29.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.5.0
-GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest

 DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
@@ -100,8 +99,7 @@ LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(G

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
-GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/integrations/migration-test code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))

 FOMANTIC_WORK_DIR := web_src/fomantic

@@ -113,39 +111,25 @@ WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack pub
 BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
 BINDATA_HASH := $(addsuffix .hash,$(BINDATA_DEST))

-GENERATED_GO_DEST := modules/charset/invisible_gen.go modules/charset/ambiguous_gen.go
-
 SVG_DEST_DIR := public/img/svg

 AIR_TMP_DIR := .air

-GO_LICENSE_TMP_DIR := .go-licenses
-GO_LICENSE_FILE := assets/go-licenses.json
-
 TAGS ?=
 TAGS_SPLIT := $(subst $(COMMA), ,$(TAGS))
 TAGS_EVIDENCE := $(MAKE_EVIDENCE_DIR)/tags

 TEST_TAGS ?= sqlite sqlite_unlock_notify

-TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)
+TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR)

-GO_DIRS := cmd tests models modules routers build services tools
-WEB_DIRS := web_src/js web_src/less
+GO_DIRS := cmd integrations models modules routers build services tools

 GO_SOURCES := $(wildcard *.go)
 GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
-GO_SOURCES += $(GENERATED_GO_DEST)
-GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

 ifeq ($(filter $(TAGS_SPLIT),bindata),bindata)
 	GO_SOURCES += $(BINDATA_DEST)
-	GENERATED_GO_DEST += $(BINDATA_DEST)
-endif
-
-# Force installation of playwright dependencies by setting this flag
-ifdef DEPS_PLAYWRIGHT
-	PLAYWRIGHT_FLAGS += --with-deps
 endif

 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
@@ -199,7 +183,6 @@ help:
 	@echo " - test                             test everything"
 	@echo " - test-frontend                    test frontend files"
 	@echo " - test-backend                     test backend files"
-	@echo " - test-e2e[\#TestSpecificName]     test end to end using playwright"
 	@echo " - webpack                          build webpack files"
 	@echo " - svg                              build svg files"
 	@echo " - fomantic                         build fomantic files"
@@ -211,7 +194,6 @@ help:
 	@echo " - generate-swagger                 generate the swagger spec from code comments"
 	@echo " - swagger-validate                 check if the swagger spec is valid"
 	@echo " - golangci-lint                    run golangci-lint linter"
-	@echo " - go-licenses                      regenerate go licenses"
 	@echo " - vet                              examines Go source code and reports suspicious constructs"
 	@echo " - tidy                             run go mod tidy"
 	@echo " - test[\#TestSpecificName]    	    run unit test"
@@ -220,9 +202,9 @@ help:

 .PHONY: go-check
 go-check:
-	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9]+' go.mod | cut -d' ' -f2))
-	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
-	$(eval GO_VERSION := $(shell printf "%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9]+' | tr '.' ' ');))
+	$(eval MIN_GO_VERSION_STR := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
+	$(eval MIN_GO_VERSION := $(shell printf "%03d%03d%03d" $(shell echo '$(MIN_GO_VERSION_STR)' | tr '.' ' ')))
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');))
 	@if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \
 		echo "Gitea requires Go $(MIN_GO_VERSION_STR) or greater to build. You can get it at https://go.dev/dl/"; \
 		exit 1; \
@@ -255,33 +237,14 @@ clean:
 	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) $(BINDATA_HASH) \
 		integrations*.test \
-		e2e*.test \
-		tests/integration/gitea-integration-pgsql/ tests/integration/gitea-integration-mysql/ tests/integration/gitea-integration-mysql8/ tests/integration/gitea-integration-sqlite/ \
-		tests/integration/gitea-integration-mssql/ tests/integration/indexers-mysql/ tests/integration/indexers-mysql8/ tests/integration/indexers-pgsql tests/integration/indexers-sqlite \
-		tests/integration/indexers-mssql tests/mysql.ini tests/mysql8.ini tests/pgsql.ini tests/mssql.ini man/ \
-		tests/e2e/gitea-e2e-pgsql/ tests/e2e/gitea-e2e-mysql/ tests/e2e/gitea-e2e-mysql8/ tests/e2e/gitea-e2e-sqlite/ \
-		tests/e2e/gitea-e2e-mssql/ tests/e2e/indexers-mysql/ tests/e2e/indexers-mysql8/ tests/e2e/indexers-pgsql/ tests/e2e/indexers-sqlite/ \
-		tests/e2e/indexers-mssql/ tests/e2e/reports/ tests/e2e/test-artifacts/ tests/e2e/test-snapshots/
+		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
+		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini man/

 .PHONY: fmt
 fmt:
-	GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'
-	$(eval TEMPLATES := $(shell find templates -type f -name '*.tmpl'))
-	@# strip whitespace after '{{' and before `}}` unless there is only whitespace before it
-	@$(SED_INPLACE) -e 's/{{[ 	]\{1,\}/{{/g' -e '/^[ 	]\{1,\}}}/! s/[ 	]\{1,\}}}/}}/g' $(TEMPLATES)
-
-.PHONY: fmt-check
-fmt-check: fmt
-	@diff=$$(git diff $(GO_SOURCES) templates $(WEB_DIRS)); \
-	if [ -n "$$diff" ]; then \
-	  echo "Please run 'make fmt' and commit the result:"; \
-	  echo "$${diff}"; \
-	  exit 1; \
-	fi
-
-.PHONY: misspell-check
-misspell-check:
-	go run $(MISSPELL_PACKAGE) -error $(GO_DIRS) $(WEB_DIRS)
+	@echo "Running gitea-fmt (with gofumpt)..."
+	@MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -w '{file-list}'

 .PHONY: vet
 vet:
@@ -299,9 +262,7 @@ TAGS_PREREQ := $(TAGS_EVIDENCE)
 endif

 .PHONY: generate-swagger
-generate-swagger: $(SWAGGER_SPEC)
-
-$(SWAGGER_SPEC): $(GO_SOURCES_NO_BINDATA)
+generate-swagger:
 	$(GO) run $(SWAGGER_PACKAGE) generate spec -x "$(SWAGGER_EXCLUDE)" -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
@@ -326,6 +287,16 @@ errcheck:
 	@echo "Running errcheck..."
 	$(GO) run $(ERRCHECK_PACKAGE) $(GO_PACKAGES)

+.PHONY: fmt-check
+fmt-check:
+	# get all go files and run gitea-fmt (with gofmt) on them
+	@diff=$$(MISSPELL_PACKAGE=$(MISSPELL_PACKAGE) GOFUMPT_PACKAGE=$(GOFUMPT_PACKAGE) $(GO) run build/code-batch-process.go gitea-fmt -l '{file-list}'); \
+	if [ -n "$$diff" ]; then \
+		echo "Please run 'make fmt' and commit the result:"; \
+		echo "$${diff}"; \
+		exit 1; \
+	fi
+
 .PHONY: checks
 checks: checks-frontend checks-backend

@@ -333,17 +304,15 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: gomod-check swagger-check swagger-validate

 .PHONY: lint
 lint: lint-frontend lint-backend

 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
+	npx eslint --color --max-warnings=0 web_src/js build templates *.config.js docs/assets/js
 	npx stylelint --color --max-warnings=0 web_src/less
-	npx spectral lint -q -F hint $(SWAGGER_SPEC)
-	npx markdownlint docs *.md

 .PHONY: lint-backend
 lint-backend: golangci-lint vet editorconfig-checker
@@ -359,7 +328,7 @@ watch-frontend: node-check node_modules

 .PHONY: watch-backend
 watch-backend: go-check
-	GITEA_RUN_MODE=dev $(GO) run $(AIR_PACKAGE) -c .air.toml
+	$(GO) run $(AIR_PACKAGE) -c .air.toml

 .PHONY: test
 test: test-frontend test-backend
@@ -367,11 +336,11 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)

 .PHONY: test-frontend
 test-frontend: node_modules
-	npx vitest
+	@NODE_OPTIONS="--experimental-vm-modules --no-warnings" npx jest --color

 .PHONY: test-check
 test-check:
@@ -388,62 +357,58 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)

 .PHONY: coverage
 coverage:
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' coverage.out > coverage-bodged.out
 	grep '^\(mode: .*\)\|\(.*:[0-9]\+\.[0-9]\+,[0-9]\+\.[0-9]\+ [0-9]\+ [0-9]\+\)$$' integration.coverage.out > integration.coverage-bodged.out
-	$(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all
+	GO111MODULE=on $(GO) run build/gocovmerge.go integration.coverage-bodged.out coverage-bodged.out > coverage.all || (echo "gocovmerge failed"; echo "integration.coverage.out"; cat integration.coverage.out; echo "coverage.out"; cat coverage.out; exit 1)

 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: tidy
 tidy:
 	$(eval MIN_GO_VERSION := $(shell grep -Eo '^go\s+[0-9]+\.[0-9.]+' go.mod | cut -d' ' -f2))
 	$(GO) mod tidy -compat=$(MIN_GO_VERSION)
-	@$(MAKE) --no-print-directory $(GO_LICENSE_FILE)

-vendor: go.mod go.sum
+.PHONY: vendor
+vendor: tidy
 	$(GO) mod vendor
-	@touch vendor

-.PHONY: tidy-check
-tidy-check: tidy
-	@diff=$$(git diff go.mod go.sum $(GO_LICENSE_FILE)); \
+.PHONY: gomod-check
+gomod-check: tidy
+	@diff=$$(git diff go.sum); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make tidy' and commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi

-.PHONY: go-licenses
-go-licenses: $(GO_LICENSE_FILE)
-
-$(GO_LICENSE_FILE): go.mod go.sum
-	-$(GO) run $(GO_LICENSES_PACKAGE) save . --force --save_path=$(GO_LICENSE_TMP_DIR) 2>/dev/null
-	$(GO) run build/generate-go-licenses.go $(GO_LICENSE_TMP_DIR) $(GO_LICENSE_FILE)
-	@rm -rf $(GO_LICENSE_TMP_DIR)
-
 generate-ini-sqlite:
 	sed -e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/sqlite.ini.tmpl > tests/sqlite.ini
+			integrations/sqlite.ini.tmpl > integrations/sqlite.ini

 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test

 .PHONY: test-sqlite\#%
 test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)

 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test
+
+.PHONY: test-sqlite-migration\#%
+test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
+

 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@@ -451,20 +416,20 @@ generate-ini-mysql:
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/mysql.ini.tmpl > tests/mysql.ini
+			integrations/mysql.ini.tmpl > integrations/mysql.ini

 .PHONY: test-mysql
 test-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test

 .PHONY: test-mysql\#%
 test-mysql\#%: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./migrations.individual.mysql.test

 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@@ -472,20 +437,20 @@ generate-ini-mysql8:
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/mysql8.ini.tmpl > tests/mysql8.ini
+			integrations/mysql8.ini.tmpl > integrations/mysql8.ini

 .PHONY: test-mysql8
 test-mysql8: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test

 .PHONY: test-mysql8\#%
 test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql8.ini ./migrations.individual.mysql8.test

 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@@ -494,20 +459,20 @@ generate-ini-pgsql:
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 		-e 's|{{TEST_PGSQL_SCHEMA}}|${TEST_PGSQL_SCHEMA}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/pgsql.ini.tmpl > tests/pgsql.ini
+			integrations/pgsql.ini.tmpl > integrations/pgsql.ini

 .PHONY: test-pgsql
 test-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test

 .PHONY: test-pgsql\#%
 test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)

 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./migrations.individual.pgsql.test

 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@@ -515,205 +480,105 @@ generate-ini-mssql:
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
 		-e 's|{{REPO_TEST_DIR}}|${REPO_TEST_DIR}|g' \
-		-e 's|{{TEST_LOGGER}}|$(or $(TEST_LOGGER),test$(COMMA)file)|g' \
-		-e 's|{{TEST_TYPE}}|$(or $(TEST_TYPE),integration)|g' \
-			tests/mssql.ini.tmpl > tests/mssql.ini
+			integrations/mssql.ini.tmpl > integrations/mssql.ini

 .PHONY: test-mssql
 test-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test

 .PHONY: test-mssql\#%
 test-mssql\#%: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)

 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
-
-.PHONY: playwright
-playwright: $(PLAYWRIGHT_DIR)
-	npm install --no-save @playwright/test
-	npx playwright install $(PLAYWRIGHT_FLAGS)
-
-.PHONY: test-e2e%
-test-e2e%: TEST_TYPE ?= e2e
-	# Clear display env variable. Otherwise, chromium tests can fail.
-	DISPLAY=
-
-.PHONY: test-e2e
-test-e2e: test-e2e-sqlite
-
-.PHONY: test-e2e-sqlite
-test-e2e-sqlite: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test
-
-.PHONY: test-e2e-sqlite\#%
-test-e2e-sqlite\#%: playwright e2e.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./e2e.sqlite.test -test.run TestE2e/$*
-
-.PHONY: test-e2e-mysql
-test-e2e-mysql: playwright e2e.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test
-
-.PHONY: test-e2e-mysql\#%
-test-e2e-mysql\#%: playwright e2e.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./e2e.mysql.test -test.run TestE2e/$*
-
-.PHONY: test-e2e-mysql8
-test-e2e-mysql8: playwright e2e.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test
-
-.PHONY: test-e2e-mysql8\#%
-test-e2e-mysql8\#%: playwright e2e.mysql8.test generate-ini-mysql8
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./e2e.mysql8.test -test.run TestE2e/$*
-
-.PHONY: test-e2e-pgsql
-test-e2e-pgsql: playwright e2e.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test
-
-.PHONY: test-e2e-pgsql\#%
-test-e2e-pgsql\#%: playwright e2e.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./e2e.pgsql.test -test.run TestE2e/$*
-
-.PHONY: test-e2e-mssql
-test-e2e-mssql: playwright e2e.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test
-
-.PHONY: test-e2e-mssql\#%
-test-e2e-mssql\#%: playwright e2e.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./e2e.mssql.test -test.run TestE2e/$*
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test -test.failfast
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./migrations.individual.mssql.test -test.failfast

 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mysql
 bench-mysql: integrations.mysql.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-mssql
 bench-mssql: integrations.mssql.test generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: bench-pgsql
 bench-pgsql: integrations.pgsql.test generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

 .PHONY: integration-test-coverage
 integration-test-coverage: integrations.cover.test generate-ini-mysql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

 .PHONY: integration-test-coverage-sqlite
 integration-test-coverage-sqlite: integrations.cover.sqlite.test generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=integrations/sqlite.ini ./integrations.cover.sqlite.test -test.coverprofile=integration.coverage.out

 integrations.mysql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql.test

 integrations.mysql8.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mysql8.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mysql8.test

 integrations.pgsql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.pgsql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.pgsql.test

 integrations.mssql.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.mssql.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.mssql.test

 integrations.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags '$(TEST_TAGS)'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.mysql.test
-migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
+migrations.mysql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test

 .PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
+migrations.mysql8.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test

 .PHONY: migrations.pgsql.test
-migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
+migrations.pgsql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test

 .PHONY: migrations.mssql.test
-migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test
+migrations.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test

 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
+migrations.sqlite.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test

 .PHONY: migrations.individual.mysql8.test
 migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.mysql8.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test

 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.pgsql.test\#%
-migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
-
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test

 .PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg -test.failfast; \
-	done
-
-.PHONY: migrations.individual.mssql.test\#%
-migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+migrations.individual.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test

 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.sqlite.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
-
-e2e.mysql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
-
-e2e.mysql8.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql8.test
-
-e2e.pgsql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.pgsql.test
-
-e2e.mssql.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mssql.test
-
-e2e.sqlite.test: $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.sqlite.test -tags '$(TEST_TAGS)'
+migrations.individual.sqlite.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: check
 check: test
@@ -729,38 +594,27 @@ build: frontend backend
 frontend: $(WEBPACK_DEST)

 .PHONY: backend
-backend: go-check generate-backend $(EXECUTABLE)
+backend: go-check generate $(EXECUTABLE)

-# We generate the backend before the frontend in case we in future we want to generate things in the frontend from generated files in backend
 .PHONY: generate
-generate: generate-backend
-
-.PHONY: generate-backend
-generate-backend: $(TAGS_PREREQ) generate-go
-
-.PHONY: generate-go
-generate-go: $(TAGS_PREREQ)
+generate: $(TAGS_PREREQ)
 	@echo "Running go generate..."
 	@CC= GOOS= GOARCH= $(GO) generate -tags '$(TAGS)' $(GO_PACKAGES)

-.PHONY: security-check
-security-check:
-	go run $(GOVULNCHECK_PACKAGE) -v ./...
-
 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
-release: frontend generate release-windows release-linux release-darwin release-freebsd release-copy release-compress vendor release-sources release-docs release-check
+release: frontend generate release-windows release-linux release-darwin release-copy release-compress vendor release-sources release-docs release-check

 $(DIST_DIRS):
 	mkdir -p $(DIST_DIRS)

 .PHONY: release-windows
 release-windows: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq (,$(findstring gogit,$(TAGS)))
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
+	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -buildmode exe -dest $(DIST)/binaries -tags 'netgo osusergo gogit $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION)-gogit .
 endif
 ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
@@ -780,13 +634,6 @@ ifeq ($(CI),true)
 	cp /build/* $(DIST)/binaries
 endif

-.PHONY: release-freebsd
-release-freebsd: | $(DIST_DIRS)
-	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) run $(XGO_PACKAGE) -go $(XGO_VERSION) -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'freebsd/amd64' -out gitea-$(VERSION) .
-ifeq ($(CI),true)
-	cp /build/* $(DIST)/binaries
-endif
-
 .PHONY: release-copy
 release-copy: | $(DIST_DIRS)
 	cd $(DIST); for file in `find . -type f -name "*"`; do cp $${file} ./release/; done;
@@ -838,8 +685,6 @@ deps-backend:
 	$(GO) install $(MISSPELL_PACKAGE)
 	$(GO) install $(SWAGGER_PACKAGE)
 	$(GO) install $(XGO_PACKAGE)
-	$(GO) install $(GO_LICENSES_PACKAGE)
-	$(GO) install $(GOVULNCHECK_PACKAGE)

 node_modules: package-lock.json
 	npm install --no-save
@@ -909,11 +754,11 @@ update-translations:

 .PHONY: generate-license
 generate-license:
-	$(GO) run build/generate-licenses.go
+	GO111MODULE=on $(GO) run build/generate-licenses.go

 .PHONY: generate-gitignore
 generate-gitignore:
-	$(GO) run build/generate-gitignores.go
+	GO111MODULE=on $(GO) run build/generate-gitignores.go

 .PHONY: generate-images
 generate-images: | node_modules
@@ -926,7 +771,7 @@ generate-manpage:
 	@mkdir -p man/man1/ man/man5
 	@./gitea docs --man > man/man1/gitea.1
 	@gzip -9 man/man1/gitea.1 && echo man/man1/gitea.1.gz created
-	@#TODO A small script that formats config-cheat-sheet.en-us.md nicely for use as a config man page
+	@#TODO A smal script witch format config-cheat-sheet.en-us.md nicely to suit as config man page

 .PHONY: pr\#%
 pr\#%: clean-all
--- a/README.md
+++ b/README.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -33,39 +33,33 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>

 <p align="center">
-  <a href="README_ZH.md">View this document in Chinese</a>
+  <a href="README_ZH.md">View the chinese version of this document</a>
 </p>

 ## Purpose

 The goal of this project is to make the easiest, fastest, and most
 painless way of setting up a self-hosted Git service.
-
-As Gitea is written in Go, it works across **all** the platforms and
-architectures that are supported by Go, including Linux, macOS, and
-Windows on x86, amd64, ARM and PowerPC architectures.
-You can try it out using [the online demo](https://try.gitea.io/).
+Using Go, this can be done with an independent binary distribution across
+**all platforms** which Go supports, including Linux, macOS, and Windows
+on x86, amd64, ARM and PowerPC architectures.
+Want to try it before doing anything else?
+Do it [with the online demo](https://try.gitea.io/)!
 This project has been
 [forked](https://blog.gitea.io/2016/12/welcome-to-gitea/) from
-[Gogs](https://gogs.io) since November of 2016, but a lot has changed.
+[Gogs](https://gogs.io) since 2016.11 but changed a lot.

 ## Building

@@ -106,9 +100,9 @@ NOTES:

 ## Translating

-Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there.
+Translations are done through Crowdin. If you want to translate to a new language ask one of the managers in the Crowdin project to add a new language there. 

-You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope to fill it as questions pop up.
+You can also just create an issue for adding a language or ask on discord on the #translation channel. If you need context or find some translation issues, you can leave a comment on the string or ask on Discord. For general translation questions there is a section in the docs. Currently a bit empty but we hope fo fill it as questions pop up.

 https://docs.gitea.io/en-us/translation-guidelines/

@@ -119,17 +113,15 @@ https://docs.gitea.io/en-us/translation-guidelines/
 For more information and instructions about how to install Gitea, please look at our [documentation](https://docs.gitea.io/en-us/).
 If you have questions that are not covered by the documentation, you can get in contact with us on our [Discord server](https://discord.gg/Gitea) or create  a post in the [discourse forum](https://discourse.gitea.io/).

-We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
-
-The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
-
+We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).  
+The hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).  
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).

 ## Authors

- [Maintainers](https://github.com/orgs/go-gitea/people)
- [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
- [Translators](options/locale/TRANSLATORS)
+* [Maintainers](https://github.com/orgs/go-gitea/people)
+* [Contributors](https://github.com/go-gitea/gitea/graphs/contributors)
+* [Translators](options/locale/TRANSLATORS)

 ## Backers

@@ -151,7 +143,6 @@ Support this project by becoming a sponsor. Your logo will show up here with a l
 <a href="https://opencollective.com/gitea/sponsor/7/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/7/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/8/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/8/avatar.svg"></a>
 <a href="https://opencollective.com/gitea/sponsor/9/website" target="_blank"><img src="https://opencollective.com/gitea/sponsor/9/avatar.svg"></a>
-<a href="https://cynkra.com/" target="_blank"><img src="https://images.opencollective.com/cynkra/logo/square/64/192.png"></a>

 ## FAQ

@@ -170,7 +161,6 @@ See the [LICENSE](https://github.com/go-gitea/gitea/blob/main/LICENSE) file
 for the full license text.

 ## Screenshots
-
 Looking for an overview of the interface? Check it out!

 |![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -33,25 +33,19 @@
  <a href="https://opensource.org/licenses/MIT" title="License: MIT">
    <img src="https://img.shields.io/badge/License-MIT-blue.svg">
  </a>
-  <a href="https://gitpod.io/#https://github.com/go-gitea/gitea">
-  <img
-    src="https://img.shields.io/badge/Contribute%20with-Gitpod-908a85?logo=gitpod"
-    alt="Contribute with Gitpod"
-  />
-  </a>
  <a href="https://crowdin.com/project/gitea" title="Crowdin">
    <img src="https://badges.crowdin.net/gitea/localized.svg">
  </a>
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>

 <p align="center">
-  <a href="README.md">View this document in English</a>
+  <a href="README.md">View the english version of this document</a>
 </p>

 ## 目标
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -1,83 +1,10 @@
 # Reporting security issues

-The Gitea maintainers take security seriously.
-
+The Gitea maintainers take security seriously.  
 If you discover a security issue, please bring it to their attention right away!

-## Reporting a Vulnerability
+### Reporting a Vulnerability

 Please **DO NOT** file a public issue, instead send your report privately to `security@gitea.io`.

-## Protecting Security Information
-
-Due to the sensitive nature of security information, you can use below GPG public key encrypt your mail body.
-
-The PGP key is valid until June 24, 2024.
-
-```
-Key ID: 6FCD2D5B
-Key Type: RSA
-Expires: 6/24/2024
-Key Size: 4096/4096
-Fingerprint: 3DE0 3D1E 144A 7F06 9359 99DC AAFD 2381 6FCD 2D5B
-```
-
-UserID: Gitea Security <security@gitea.io>
-
-```
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGK1Z/4BEADFMqXA9DeeChmSxUjF0Be5sq99ZUhgrZjcN/wOzz0wuCJZC0l8
-4uC+d6mfv7JpJYlzYzOK97/x5UguKHkYNZ6mm1G9KHaXmoIBDLKDzfPdJopVNv2r
-OajijaE0uMCnMjadlg5pbhMLRQG8a9J32yyaz7ZEAw72Ab31fvvcA53NkuqO4j2w
-k7dtFQzhbNOYV0VffQT90WDZdalYHB1JHyEQ+70U9OjVD5ggNYSzX98Eu3Hjn7V7
-kqFrcAxr5TE1elf0IXJcuBJtFzQSTUGlQldKOHtGTGgGjj9r/FFAE5ioBgVD05bV
-rEEgIMM/GqYaG/nbNpWE6P3mEc2Mnn3pZaRJL0LuF26TLjnqEcMMDp5iIhLdFzXR
-3tMdtKgQFu+Mtzs3ipwWARYgHyU09RJsI2HeBx7RmZO/Xqrec763Z7zdJ7SpCn0Z
-q+pHZl24JYR0Kf3T/ZiOC0cGd2QJqpJtg5J6S/OqfX9NH6MsCczO8pUC1N/aHH2X
-CTme2nF56izORqDWKoiICteL3GpYsCV9nyCidcCmoQsS+DKvE86YhIhVIVWGRY2F
-lzpAjnN9/KLtQroutrm+Ft0mdjDiJUeFVl1cOHDhoyfCsQh62HumoyZoZvqzQd6e
-AbN11nq6aViMe2Q3je1AbiBnRnQSHxt1Tc8X4IshO3MQK1Sk7oPI6LA5oQARAQAB
-tCJHaXRlYSBTZWN1cml0eSA8c2VjdXJpdHlAZ2l0ZWEuaW8+iQJXBBMBCABBFiEE
-PeA9HhRKfwaTWZncqv0jgW/NLVsFAmK1Z/4CGwMFCQPCZwAFCwkIBwICIgIGFQoJ
-CAsCBBYCAwECHgcCF4AACgkQqv0jgW/NLVvnyxAAhxyNnWzw/rQO2qhzqicmZM94
-njSbOg+U2qMBvCdaqCQQeC+uaMmMzkDPanUUmLcyCkWqfCjPNjeSXAkE9npepVJI
-4HtmgxZQ94OU/h3CLbft+9GVRzUkVI29TSYGdvNtV2/BkNGoFFnKWQr119um0o6A
-bgha2Uy5uY8o3ZIoiKkiHRaEoWIjjeBxJxYAojsZY4YElUmsQ3ik2joG6rhFesTa
-ofVt/bL8G2xzpOG26WGIxBbqf2qjV6OtZ0hu/vtTPHeIWMLq0Mz0V3PEDQWfkGPE
-i2RYxxYDs2xzJhSQWqTNVLSq0m5xTJnbHhQPfdCX4C2jvFKgLdfmytQq49S7jiJb
-Z03HVOZ/PsyBlQfH9xJi06R5yQCMEA8h8Z5r3/NXW09kQ6OFRe6xshoTcxZGRPTo
-srhwr3uPbmCRh+YEl7qBLU6+BC5k8IRTZXqhrj/aPJu3MxgbgwV8u3vLoFSXM2lb
-a61FgeCQ0O7lkgVswwF0RppCaH9Ul3ZDapet/vCRg4NVwm9zOI/8q/Vj0FKA1GDR
-JhRu8+Ce8zlFL65D34t+PprAzSeTlbv9um3x/ZIjCco7EEKSBylt+AZj/VyA6+e5
-kjOQwRRc6dFJWBcorsSI2dG+H+QMF7ZabzmeCcz1v9HjLOPzYHoZAHhCmSppWTvX
-AJy6+lhfW2OUTqQeYSi5Ag0EYrVn/gEQALrFLQjCR3GjuHSindz0rd3Fnx/t7Sen
-T+p07yCSSoSlmnJHCQmwh4vfg1blyz0zZ4vkIhtpHsEgc+ZAG+WQXSsJ2iRz+eSN
-GwoOQl4XC3n+QWkc1ws+btr48+6UqXIQU+F8TPQyx/PIgi2nZXJB7f5+mjCqsk46
-XvH4nTr4kJjuqMSR/++wvre2qNQRa/q/dTsK0OaN/mJsdX6Oi+aGNaQJUhIG7F+E
-ZDMkn/O6xnwWNzy/+bpg43qH/Gk0eakOmz5NmQLRkV58SZLiJvuCUtkttf6CyhnX
-03OcWaajv5W8qA39dBYQgDrrPbBWUnwfO3yMveqhwV4JjDoe8sPAyn1NwzakNYqP
-RzsWyLrLS7R7J9s3FkZXhQw/QQcsaSMcGNQO047dm1P83N8JY5aEpiRo9zSWjoiw
-qoExANj5lUTZPe8M50lI182FrcjAN7dClO3QI6pg7wy0erMxfFly3j8UQ91ysS9T
-s+GsP9I3cmWWQcKYxWHtE8xTXnNCVPFZQj2nwhJzae8ypfOtulBRA3dUKWGKuDH/
-axFENhUsT397aOU3qkP/od4a64JyNIEo4CTTSPVeWd7njsGqli2U3A4xL2CcyYvt
-D/MWcMBGEoLSNTswwKdom4FaJpn5KThnK/T0bQcmJblJhoCtppXisbexZnCpuS0x
-Zdlm2T14KJ3LABEBAAGJAjwEGAEIACYWIQQ94D0eFEp/BpNZmdyq/SOBb80tWwUC
-YrVn/gIbDAUJA8JnAAAKCRCq/SOBb80tWyTBD/9AGpW6QoDF7zYjHAozH9S5RGCA
-Y7E82dG/0xmFUwPprAG0BKmmgU6TiipyVGmKIXGYYYU92pMnbvXkYQMoa+WJNncN
-D3fY52UeXeffTf4cFpStlzi9xgYtOLhFamzYu/4xhkjOX+xhOSXscCiFRyT8cF3B
-O6c5BHU+Zj0/rGPgOyPUbx7l7B9MubB/41nNX35k08e+8T3wtWDb4XF+15HnRfva
-6fblO8wgU25Orv2Rm1jnKGa9DxJ8nE40IMrqDapENtDuL+zKJsvR0+ptWvEyL56U
-GtJJG5un6mXiLKuRQT0DEv4MdZRHDgDstDnqcbEiazVEbUuvhZZob6lRY2A19m1+
-7zfnDxkhqCA1RCnv4fdvcPdCMMFHwLpdhjgW0aI/uwgwrvsEz5+JRlnLvdQHlPAg
-q7l2fGcBSpz9U0ayyfRPjPntsNCtZl1UDxGLeciPkZhyG84zEWQbk/j52ZpRN+Ik
-ALpRLa8RBFmFSmXDUmwQrmm1EmARyQXwweKU31hf8ZGbCp2lPuRYm1LuGiirXSVP
-GysjRAJgW+VRpBKOzFQoUAUbReVWSaCwT8s17THzf71DdDb6CTj31jMLLYWwBpA/
-i73DgobDZMIGEZZC1EKqza8eh11xfyHFzGec03tbh+lIen+5IiRtWiEWkDS9ll0G
-zgS/ZdziCvdAutqnGA==
-=gZWO
-----END PGP PUBLIC KEY BLOCK-----
-
-```
-
 Security reports are greatly appreciated and we will publicly thank you for it, although we keep your name confidential if you request it.
--- a/assets/emoji.json
+++ b/assets/emoji.json
--- a/assets/go-licenses.json
+++ b/assets/go-licenses.json
--- a/build.go
+++ b/build.go
@@ -1,6 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build vendor

--- a/build/code-batch-process.go
+++ b/build/code-batch-process.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -19,7 +20,7 @@ import (
 )

 // Windows has a limitation for command line arguments, the size can not exceed 32KB.
-// So we have to feed the files to some tools (like gofmt) batch by batch
+// So we have to feed the files to some tools (like gofmt/misspell) batch by batch

 // We also introduce a `gitea-fmt` command, it does better import formatting than gofmt/goimports. `gitea-fmt` calls `gofmt` internally.

@@ -60,7 +61,7 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 			"build",
 			"cmd",
 			"contrib",
-			"tests",
+			"integrations",
 			"models",
 			"modules",
 			"routers",
@@ -70,8 +71,8 @@ func newFileCollector(fileFilter string, batchSize int) (*fileCollector, error)
 		co.includePatterns = append(co.includePatterns, regexp.MustCompile(`.*\.go$`))

 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`.*\bbindata\.go$`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/gitea-repositories-meta`))
-		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`tests/integration/migration-test`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/gitea-repositories-meta`))
+		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`integrations/migration-test`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`modules/git/tests`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/fixtures`))
 		co.excludePatterns = append(co.excludePatterns, regexp.MustCompile(`models/migrations/fixtures`))
@@ -194,6 +195,7 @@ Options:

 Commands:
  %[1]s gofmt ...
+  %[1]s misspell ...

 Arguments:
  {file-list}     the file list
@@ -204,17 +206,6 @@ Example:
 `, "file-batch-exec")
 }

-func getGoVersion() string {
-	goModFile, err := os.ReadFile("go.mod")
-	if err != nil {
-		log.Fatalf(`Faild to read "go.mod": %v`, err)
-		os.Exit(1)
-	}
-	goModVersionRegex := regexp.MustCompile(`go \d+\.\d+`)
-	goModVersionLine := goModVersionRegex.Find(goModFile)
-	return string(goModVersionLine[3:])
-}
-
 func newFileCollectorFromMainOptions(mainOptions map[string]string) (fc *fileCollector, err error) {
 	fileFilter := mainOptions["file-filter"]
 	if fileFilter == "" {
@@ -237,9 +228,9 @@ func containsString(a []string, s string) bool {
 	return false
 }

-func giteaFormatGoImports(files []string, doWriteFile bool) error {
+func giteaFormatGoImports(files []string, hasChangedFiles, doWriteFile bool) error {
 	for _, file := range files {
-		if err := codeformat.FormatGoImports(file, doWriteFile); err != nil {
+		if err := codeformat.FormatGoImports(file, hasChangedFiles, doWriteFile); err != nil {
 			log.Printf("failed to format go imports: %s, err=%v", file, err)
 			return err
 		}
@@ -278,8 +269,10 @@ func main() {
 			if containsString(subArgs, "-d") {
 				log.Print("the -d option is not supported by gitea-fmt")
 			}
-			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-w")))
-			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", getGoVersion()}, substArgs...)))
+			cmdErrors = append(cmdErrors, giteaFormatGoImports(files, containsString(subArgs, "-l"), containsString(subArgs, "-w")))
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("GOFUMPT_PACKAGE"), "-extra", "-lang", "1.17"}, substArgs...)))
+		case "misspell":
+			cmdErrors = append(cmdErrors, passThroughCmd("go", append([]string{"run", os.Getenv("MISSPELL_PACKAGE")}, substArgs...)))
 		default:
 			log.Fatalf("unknown cmd: %s %v", subCmd, subArgs)
 		}
--- a/build/codeformat/formatimports.go
+++ b/build/codeformat/formatimports.go
@@ -1,11 +1,13 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

 import (
 	"bytes"
 	"errors"
+	"fmt"
 	"io"
 	"os"
 	"sort"
@@ -157,7 +159,7 @@ func formatGoImports(contentBytes []byte) ([]byte, error) {
 }

 // FormatGoImports format the imports by our rules (see unit tests)
-func FormatGoImports(file string, doWriteFile bool) error {
+func FormatGoImports(file string, doChangedFiles, doWriteFile bool) error {
 	f, err := os.Open(file)
 	if err != nil {
 		return err
@@ -181,6 +183,10 @@ func FormatGoImports(file string, doWriteFile bool) error {
 		return nil
 	}

+	if doChangedFiles {
+		fmt.Println(file)
+	}
+
 	if doWriteFile {
 		f, err = os.OpenFile(file, os.O_TRUNC|os.O_WRONLY, 0o644)
 		if err != nil {
--- a/build/codeformat/formatimports_test.go
+++ b/build/codeformat/formatimports_test.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

--- a/build/generate-bindata.go
+++ b/build/generate-bindata.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -32,15 +33,11 @@ func needsUpdate(dir, filename string) (bool, []byte) {

 	hasher := sha1.New()

-	err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
+	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
-		info, err := d.Info()
-		if err != nil {
-			return err
-		}
-		_, _ = hasher.Write([]byte(d.Name()))
+		_, _ = hasher.Write([]byte(info.Name()))
 		_, _ = hasher.Write([]byte(info.ModTime().String()))
 		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
 		return nil
--- a/build/generate-emoji.go
+++ b/build/generate-emoji.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -25,7 +26,7 @@ import (

 const (
 	gemojiURL         = "https://raw.githubusercontent.com/github/gemoji/master/db/emoji.json"
-	maxUnicodeVersion = 14
+	maxUnicodeVersion = 12
 )

 var flagOut = flag.String("o", "modules/emoji/emoji_data.go", "out")
@@ -189,10 +190,6 @@ func generate() ([]byte, error) {
 		}
 	}

-	sort.Slice(data, func(i, j int) bool {
-		return data[i].Aliases[0] < data[j].Aliases[0]
-	})
-
 	// add header
 	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))

@@ -212,12 +209,13 @@ func generate() ([]byte, error) {

 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package emoji

-// Code generated by build/generate-emoji.go. DO NOT EDIT.
+// Code generated by gen.go. DO NOT EDIT.
 // Sourced from %s
+//
 var GemojiData = %#v
 `
--- a/build/generate-go-licenses.go
+++ b/build/generate-go-licenses.go
@@ -1,84 +0,0 @@
-// Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-//go:build ignore
-
-package main
-
-import (
-	"encoding/json"
-	"io/fs"
-	"os"
-	goPath "path"
-	"path/filepath"
-	"regexp"
-	"sort"
-	"strings"
-)
-
-// regexp is based on go-license, excluding README and NOTICE
-// https://github.com/google/go-licenses/blob/master/licenses/find.go
-var licenseRe = regexp.MustCompile(`^(?i)((UN)?LICEN(S|C)E|COPYING).*$`)
-
-type LicenseEntry struct {
-	Name        string `json:"name"`
-	Path        string `json:"path"`
-	LicenseText string `json:"licenseText"`
-}
-
-func main() {
-	base, out := os.Args[1], os.Args[2]
-
-	paths := []string{}
-	err := filepath.WalkDir(base, func(path string, entry fs.DirEntry, err error) error {
-		if err != nil {
-			return err
-		}
-		if entry.IsDir() || !licenseRe.MatchString(entry.Name()) {
-			return nil
-		}
-		paths = append(paths, path)
-		return nil
-	})
-	if err != nil {
-		panic(err)
-	}
-
-	sort.Strings(paths)
-
-	entries := []LicenseEntry{}
-	for _, path := range paths {
-		path := filepath.ToSlash(path)
-
-		licenseText, err := os.ReadFile(path)
-		if err != nil {
-			panic(err)
-		}
-
-		path = strings.Replace(path, base+"/", "", 1)
-		name := goPath.Dir(path)
-
-		// There might be a bug somewhere in go-licenses that sometimes interprets the
-		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
-		// removing both of them for the sake of stable output.
-		if name == "." || name == "code.gitea.io/gitea" {
-			continue
-		}
-
-		entries = append(entries, LicenseEntry{
-			Name:        name,
-			Path:        path,
-			LicenseText: string(licenseText),
-		})
-	}
-
-	jsonBytes, err := json.MarshalIndent(entries, "", "  ")
-	if err != nil {
-		panic(err)
-	}
-
-	err = os.WriteFile(out, jsonBytes, 0o644)
-	if err != nil {
-		panic(err)
-	}
-}
--- a/build/generate-images.js
+++ b/build/generate-images.js
@@ -2,7 +2,7 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'node:fs/promises';
+import {readFile, writeFile} from 'fs/promises';

 function exit(err) {
  if (err) console.error(err);
--- a/build/generate-licenses.go
+++ b/build/generate-licenses.go
@@ -39,14 +39,6 @@ func main() {

 	defer util.Remove(file.Name())

-	if err := os.RemoveAll(destination); err != nil {
-		log.Fatalf("Cannot clean destination folder: %v", err)
-	}
-
-	if err := os.MkdirAll(destination, 0o755); err != nil {
-		log.Fatalf("Cannot create destination: %v", err)
-	}
-
 	req, err := http.NewRequest("GET", url, nil)
 	if err != nil {
 		log.Fatalf("Failed to download archive. %s", err)
--- a/build/generate-svg.js
+++ b/build/generate-svg.js
@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'node:path';
-import {readFile, writeFile, mkdir} from 'node:fs/promises';
-import {fileURLToPath} from 'node:url';
+import {parse} from 'path';
+import {readFile, writeFile, mkdir} from 'fs/promises';
+import {fileURLToPath} from 'url';

 const glob = (pattern) => fastGlob.sync(pattern, {
  cwd: fileURLToPath(new URL('..', import.meta.url)),
--- a/build/gitea-format-imports.go
+++ b/build/gitea-format-imports.go
@@ -0,0 +1,26 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+//go:build ignore
+
+package main
+
+import (
+	"log"
+	"os"
+
+	"code.gitea.io/gitea/build/codeformat"
+)
+
+func main() {
+	if len(os.Args) <= 1 {
+		log.Fatalf("Usage: gitea-format-imports [files...]")
+	}
+
+	for _, file := range os.Args[1:] {
+		if err := codeformat.FormatGoImports(file); err != nil {
+			log.Fatalf("can not format file %s, err=%v", file, err)
+		}
+	}
+}
--- a/build/gocovmerge.go
+++ b/build/gocovmerge.go
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -1,29 +1,37 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
+	"context"
 	"errors"
 	"fmt"
 	"os"
 	"strings"
 	"text/tabwriter"

+	"code.gitea.io/gitea/models"
 	asymkey_model "code.gitea.io/gitea/models/asymkey"
-	auth_model "code.gitea.io/gitea/models/auth"
+	"code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
+	pwd "code.gitea.io/gitea/modules/password"
 	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/auth/source/smtp"
 	repo_service "code.gitea.io/gitea/services/repository"
+	user_service "code.gitea.io/gitea/services/user"

 	"github.com/urfave/cli"
 )
@@ -42,6 +50,138 @@ var (
 		},
 	}

+	subcmdUser = cli.Command{
+		Name:  "user",
+		Usage: "Modify users",
+		Subcommands: []cli.Command{
+			microcmdUserCreate,
+			microcmdUserList,
+			microcmdUserChangePassword,
+			microcmdUserDelete,
+			microcmdUserGenerateAccessToken,
+		},
+	}
+
+	microcmdUserList = cli.Command{
+		Name:   "list",
+		Usage:  "List users",
+		Action: runListUsers,
+		Flags: []cli.Flag{
+			cli.BoolFlag{
+				Name:  "admin",
+				Usage: "List only admin users",
+			},
+		},
+	}
+
+	microcmdUserCreate = cli.Command{
+		Name:   "create",
+		Usage:  "Create a new user in database",
+		Action: runCreateUser,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "name",
+				Usage: "Username. DEPRECATED: use username instead",
+			},
+			cli.StringFlag{
+				Name:  "username",
+				Usage: "Username",
+			},
+			cli.StringFlag{
+				Name:  "password",
+				Usage: "User password",
+			},
+			cli.StringFlag{
+				Name:  "email",
+				Usage: "User email address",
+			},
+			cli.BoolFlag{
+				Name:  "admin",
+				Usage: "User is an admin",
+			},
+			cli.BoolFlag{
+				Name:  "random-password",
+				Usage: "Generate a random password for the user",
+			},
+			cli.BoolFlag{
+				Name:  "must-change-password",
+				Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
+			},
+			cli.IntFlag{
+				Name:  "random-password-length",
+				Usage: "Length of the random password to be generated",
+				Value: 12,
+			},
+			cli.BoolFlag{
+				Name:  "access-token",
+				Usage: "Generate access token for the user",
+			},
+			cli.BoolFlag{
+				Name:  "restricted",
+				Usage: "Make a restricted user account",
+			},
+		},
+	}
+
+	microcmdUserChangePassword = cli.Command{
+		Name:   "change-password",
+		Usage:  "Change a user's password",
+		Action: runChangePassword,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Value: "",
+				Usage: "The user to change password for",
+			},
+			cli.StringFlag{
+				Name:  "password,p",
+				Value: "",
+				Usage: "New password to set for user",
+			},
+		},
+	}
+
+	microcmdUserDelete = cli.Command{
+		Name:  "delete",
+		Usage: "Delete specific user by id, name or email",
+		Flags: []cli.Flag{
+			cli.Int64Flag{
+				Name:  "id",
+				Usage: "ID of user of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "email,e",
+				Usage: "Email of the user to delete",
+			},
+		},
+		Action: runDeleteUser,
+	}
+
+	microcmdUserGenerateAccessToken = cli.Command{
+		Name:  "generate-access-token",
+		Usage: "Generate a access token for a specific user",
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username",
+			},
+			cli.StringFlag{
+				Name:  "token-name,t",
+				Usage: "Token name",
+				Value: "gitea-admin",
+			},
+			cli.BoolFlag{
+				Name:  "raw",
+				Usage: "Display only the token value",
+			},
+		},
+		Action: runGenerateAccessToken,
+	}
+
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -161,11 +301,6 @@ var (
 			Value: "false",
 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
 		},
-		cli.StringFlag{
-			Name:  "custom-tenant-id",
-			Value: "",
-			Usage: "Use custom Tenant ID for OAuth endpoints",
-		},
 		cli.StringFlag{
 			Name:  "custom-auth-url",
 			Value: "",
@@ -225,15 +360,6 @@ var (
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
-		cli.StringFlag{
-			Name:  "group-team-map",
-			Value: "",
-			Usage: "JSON mapping between groups and org teams",
-		},
-		cli.BoolFlag{
-			Name:  "group-team-map-removal",
-			Usage: "Activate automatic team membership removal depending on groups",
-		},
 	}

 	microcmdAuthUpdateOauth = cli.Command{
@@ -339,6 +465,254 @@ var (
 	}
 )

+func runChangePassword(c *cli.Context) error {
+	if err := argsSet(c, "username", "password"); err != nil {
+		return err
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+	if len(c.String("password")) < setting.MinPasswordLength {
+		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
+	}
+
+	if !pwd.IsComplexEnough(c.String("password")) {
+		return errors.New("Password does not meet complexity requirements")
+	}
+	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
+	if err != nil {
+		return err
+	}
+	if pwned {
+		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
+	}
+	uname := c.String("username")
+	user, err := user_model.GetUserByName(ctx, uname)
+	if err != nil {
+		return err
+	}
+	if err = user.SetPassword(c.String("password")); err != nil {
+		return err
+	}
+
+	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+		return err
+	}
+
+	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
+	return nil
+}
+
+func runCreateUser(c *cli.Context) error {
+	if err := argsSet(c, "email"); err != nil {
+		return err
+	}
+
+	if c.IsSet("name") && c.IsSet("username") {
+		return errors.New("Cannot set both --name and --username flags")
+	}
+	if !c.IsSet("name") && !c.IsSet("username") {
+		return errors.New("One of --name or --username flags must be set")
+	}
+
+	if c.IsSet("password") && c.IsSet("random-password") {
+		return errors.New("cannot set both -random-password and -password flags")
+	}
+
+	var username string
+	if c.IsSet("username") {
+		username = c.String("username")
+	} else {
+		username = c.String("name")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	var password string
+	if c.IsSet("password") {
+		password = c.String("password")
+	} else if c.IsSet("random-password") {
+		var err error
+		password, err = pwd.Generate(c.Int("random-password-length"))
+		if err != nil {
+			return err
+		}
+		fmt.Printf("generated random password is '%s'\n", password)
+	} else {
+		return errors.New("must set either password or random-password flag")
+	}
+
+	// always default to true
+	changePassword := true
+
+	// If this is the first user being created.
+	// Take it as the admin and don't force a password update.
+	if n := user_model.CountUsers(nil); n == 0 {
+		changePassword = false
+	}
+
+	if c.IsSet("must-change-password") {
+		changePassword = c.Bool("must-change-password")
+	}
+
+	restricted := util.OptionalBoolNone
+
+	if c.IsSet("restricted") {
+		restricted = util.OptionalBoolOf(c.Bool("restricted"))
+	}
+
+	u := &user_model.User{
+		Name:               username,
+		Email:              c.String("email"),
+		Passwd:             password,
+		IsAdmin:            c.Bool("admin"),
+		MustChangePassword: changePassword,
+	}
+
+	overwriteDefault := &user_model.CreateUserOverwriteOptions{
+		IsActive:     util.OptionalBoolTrue,
+		IsRestricted: restricted,
+	}
+
+	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
+		return fmt.Errorf("CreateUser: %v", err)
+	}
+
+	if c.Bool("access-token") {
+		t := &models.AccessToken{
+			Name: "gitea-admin",
+			UID:  u.ID,
+		}
+
+		if err := models.NewAccessToken(t); err != nil {
+			return err
+		}
+
+		fmt.Printf("Access token was successfully created... %s\n", t.Token)
+	}
+
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
+	return nil
+}
+
+func runListUsers(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	users, err := user_model.GetAllUsers()
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
+
+	if c.IsSet("admin") {
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
+		for _, u := range users {
+			if u.IsAdmin {
+				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
+			}
+		}
+	} else {
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\n")
+		for _, u := range users {
+			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin)
+		}
+
+	}
+
+	w.Flush()
+	return nil
+}
+
+func runDeleteUser(c *cli.Context) error {
+	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
+		return fmt.Errorf("You must provide the id, username or email of a user to delete")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
+	var err error
+	var user *user_model.User
+	if c.IsSet("email") {
+		user, err = user_model.GetUserByEmail(c.String("email"))
+	} else if c.IsSet("username") {
+		user, err = user_model.GetUserByName(ctx, c.String("username"))
+	} else {
+		user, err = user_model.GetUserByID(c.Int64("id"))
+	}
+	if err != nil {
+		return err
+	}
+	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
+		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
+	}
+
+	if c.IsSet("id") && user.ID != c.Int64("id") {
+		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
+	}
+
+	return user_service.DeleteUser(user)
+}
+
+func runGenerateAccessToken(c *cli.Context) error {
+	if !c.IsSet("username") {
+		return fmt.Errorf("You must provide the username to generate a token for them")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	user, err := user_model.GetUserByName(ctx, c.String("username"))
+	if err != nil {
+		return err
+	}
+
+	t := &models.AccessToken{
+		Name: c.String("token-name"),
+		UID:  user.ID,
+	}
+
+	if err := models.NewAccessToken(t); err != nil {
+		return err
+	}
+
+	if c.Bool("raw") {
+		fmt.Printf("%s\n", t.Token)
+	} else {
+		fmt.Printf("Access token was successfully created: %s\n", t.Token)
+	}
+
+	return nil
+}
+
 func runRepoSyncReleases(_ *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -349,7 +723,7 @@ func runRepoSyncReleases(_ *cli.Context) error {

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
 				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
@@ -357,7 +731,7 @@ func runRepoSyncReleases(_ *cli.Context) error {
 			Private: true,
 		})
 		if err != nil {
-			return fmt.Errorf("SearchRepositoryByName: %w", err)
+			return fmt.Errorf("SearchRepositoryByName: %v", err)
 		}
 		if len(repos) == 0 {
 			break
@@ -400,10 +774,9 @@ func runRepoSyncReleases(_ *cli.Context) error {
 }

 func getReleaseCount(id int64) (int64, error) {
-	return repo_model.GetReleaseCountByRepoID(
-		db.DefaultContext,
+	return models.GetReleaseCountByRepoID(
 		id,
-		repo_model.FindReleasesOptions{
+		models.FindReleasesOptions{
 			IncludeTags: true,
 		},
 	)
@@ -437,7 +810,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 			AuthURL:    c.String("custom-auth-url"),
 			ProfileURL: c.String("custom-profile-url"),
 			EmailURL:   c.String("custom-email-url"),
-			Tenant:     c.String("custom-tenant-id"),
 		}
 	} else {
 		customURLMapping = nil
@@ -456,8 +828,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 		GroupClaimName:                c.String("group-claim-name"),
 		AdminGroup:                    c.String("admin-group"),
 		RestrictedGroup:               c.String("restricted-group"),
-		GroupTeamMap:                  c.String("group-team-map"),
-		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
 	}
 }

@@ -469,8 +839,8 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

-	return auth_model.CreateSource(&auth_model.Source{
-		Type:     auth_model.OAuth2,
+	return auth.CreateSource(&auth.Source{
+		Type:     auth.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
 		Cfg:      parseOAuth2Config(c),
@@ -489,7 +859,7 @@ func runUpdateOauth(c *cli.Context) error {
 		return err
 	}

-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@@ -540,12 +910,6 @@ func runUpdateOauth(c *cli.Context) error {
 	if c.IsSet("restricted-group") {
 		oAuth2Config.RestrictedGroup = c.String("restricted-group")
 	}
-	if c.IsSet("group-team-map") {
-		oAuth2Config.GroupTeamMap = c.String("group-team-map")
-	}
-	if c.IsSet("group-team-map-removal") {
-		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
-	}

 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
@@ -555,7 +919,6 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
 		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
 		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
-		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant
 	}
 	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
 		customURLMapping.TokenURL = c.String("custom-token-url")
@@ -573,21 +936,17 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.EmailURL = c.String("custom-email-url")
 	}

-	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {
-		customURLMapping.Tenant = c.String("custom-tenant-id")
-	}
-
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }

 func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 	if c.IsSet("auth-type") {
 		conf.Auth = c.String("auth-type")
 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
+		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
 			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
 		}
 		conf.Auth = c.String("auth-type")
@@ -651,8 +1010,8 @@ func runAddSMTP(c *cli.Context) error {
 		smtpConfig.Auth = "PLAIN"
 	}

-	return auth_model.CreateSource(&auth_model.Source{
-		Type:     auth_model.SMTP,
+	return auth.CreateSource(&auth.Source{
+		Type:     auth.SMTP,
 		Name:     c.String("name"),
 		IsActive: active,
 		Cfg:      &smtpConfig,
@@ -671,7 +1030,7 @@ func runUpdateSMTP(c *cli.Context) error {
 		return err
 	}

-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
@@ -692,7 +1051,7 @@ func runUpdateSMTP(c *cli.Context) error {

 	source.Cfg = smtpConfig

-	return auth_model.UpdateSource(source)
+	return auth.UpdateSource(source)
 }

 func runListAuth(c *cli.Context) error {
@@ -703,7 +1062,7 @@ func runListAuth(c *cli.Context) error {
 		return err
 	}

-	authSources, err := auth_model.Sources()
+	authSources, err := auth.Sources()
 	if err != nil {
 		return err
 	}
@@ -741,7 +1100,7 @@ func runDeleteAuth(c *cli.Context) error {
 		return err
 	}

-	source, err := auth_model.GetSourceByID(c.Int64("id"))
+	source, err := auth.GetSourceByID(c.Int64("id"))
 	if err != nil {
 		return err
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -33,10 +34,6 @@ var (
 			Name:  "not-active",
 			Usage: "Deactivate the authentication source.",
 		},
-		cli.BoolFlag{
-			Name:  "active",
-			Usage: "Activate the authentication source.",
-		},
 		cli.StringFlag{
 			Name:  "security-protocol",
 			Usage: "Security protocol name.",
@@ -120,10 +117,6 @@ var (
 			Name:  "synchronize-users",
 			Usage: "Enable user synchronization.",
 		},
-		cli.BoolFlag{
-			Name:  "disable-synchronize-users",
-			Usage: "Disable user synchronization.",
-		},
 		cli.UintFlag{
 			Name:  "page-size",
 			Usage: "Search page size.",
@@ -190,15 +183,9 @@ func parseAuthSource(c *cli.Context, authSource *auth.Source) {
 	if c.IsSet("not-active") {
 		authSource.IsActive = !c.Bool("not-active")
 	}
-	if c.IsSet("active") {
-		authSource.IsActive = c.Bool("active")
-	}
 	if c.IsSet("synchronize-users") {
 		authSource.IsSyncEnabled = c.Bool("synchronize-users")
 	}
-	if c.IsSet("disable-synchronize-users") {
-		authSource.IsSyncEnabled = !c.Bool("disable-synchronize-users")
-	}
 }

 // parseLdapConfig assigns values on config according to command line flags.
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -857,36 +858,6 @@ func TestUpdateLdapBindDn(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (via BindDN), actual: OAuth2",
 		},
-		// case 24
-		{
-			args: []string{
-				"ldap-test",
-				"--id", "24",
-				"--name", "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
-				"--active",
-				"--disable-synchronize-users",
-			},
-			id: 24,
-			existingAuthSource: &auth.Source{
-				Type:          auth.LDAP,
-				IsActive:      false,
-				IsSyncEnabled: true,
-				Cfg: &ldap.Source{
-					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
-					Enabled: true,
-				},
-			},
-			authSource: &auth.Source{
-				Type:          auth.LDAP,
-				Name:          "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
-				IsActive:      true,
-				IsSyncEnabled: false,
-				Cfg: &ldap.Source{
-					Name:    "ldap (via Bind DN) flip 'active' and 'user sync' attributes",
-					Enabled: true,
-				},
-			},
-		},
 	}

 	for n, c := range cases {
@@ -1250,33 +1221,6 @@ func TestUpdateLdapSimpleAuth(t *testing.T) {
 			},
 			errMsg: "Invalid authentication type. expected: LDAP (simple auth), actual: PAM",
 		},
-		// case 20
-		{
-			args: []string{
-				"ldap-test",
-				"--id", "20",
-				"--name", "ldap (simple auth) flip 'active' attribute",
-				"--active",
-			},
-			id: 20,
-			existingAuthSource: &auth.Source{
-				Type:     auth.DLDAP,
-				IsActive: false,
-				Cfg: &ldap.Source{
-					Name:    "ldap (simple auth) flip 'active' attribute",
-					Enabled: true,
-				},
-			},
-			authSource: &auth.Source{
-				Type:     auth.DLDAP,
-				Name:     "ldap (simple auth) flip 'active' attribute",
-				IsActive: true,
-				Cfg: &ldap.Source{
-					Name:    "ldap (simple auth) flip 'active' attribute",
-					Enabled: true,
-				},
-			},
-		},
 	}

 	for n, c := range cases {
--- a/cmd/admin_user.go
+++ b/cmd/admin_user.go
@@ -1,21 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"github.com/urfave/cli"
-)
-
-var subcmdUser = cli.Command{
-	Name:  "user",
-	Usage: "Modify users",
-	Subcommands: []cli.Command{
-		microcmdUserCreate,
-		microcmdUserList,
-		microcmdUserChangePassword,
-		microcmdUserDelete,
-		microcmdUserGenerateAccessToken,
-		microcmdUserMustChangePassword,
-	},
-}
--- a/cmd/admin_user_change_password.go
+++ b/cmd/admin_user_change_password.go
@@ -1,76 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	user_model "code.gitea.io/gitea/models/user"
-	pwd "code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserChangePassword = cli.Command{
-	Name:   "change-password",
-	Usage:  "Change a user's password",
-	Action: runChangePassword,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "username,u",
-			Value: "",
-			Usage: "The user to change password for",
-		},
-		cli.StringFlag{
-			Name:  "password,p",
-			Value: "",
-			Usage: "New password to set for user",
-		},
-	},
-}
-
-func runChangePassword(c *cli.Context) error {
-	if err := argsSet(c, "username", "password"); err != nil {
-		return err
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-	if len(c.String("password")) < setting.MinPasswordLength {
-		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
-	}
-
-	if !pwd.IsComplexEnough(c.String("password")) {
-		return errors.New("Password does not meet complexity requirements")
-	}
-	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
-	if err != nil {
-		return err
-	}
-	if pwned {
-		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
-	}
-	uname := c.String("username")
-	user, err := user_model.GetUserByName(ctx, uname)
-	if err != nil {
-		return err
-	}
-	if err = user.SetPassword(c.String("password")); err != nil {
-		return err
-	}
-
-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
-		return err
-	}
-
-	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
-	return nil
-}
--- a/cmd/admin_user_create.go
+++ b/cmd/admin_user_create.go
@@ -1,169 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"errors"
-	"fmt"
-	"os"
-
-	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "code.gitea.io/gitea/models/user"
-	pwd "code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserCreate = cli.Command{
-	Name:   "create",
-	Usage:  "Create a new user in database",
-	Action: runCreateUser,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "name",
-			Usage: "Username. DEPRECATED: use username instead",
-		},
-		cli.StringFlag{
-			Name:  "username",
-			Usage: "Username",
-		},
-		cli.StringFlag{
-			Name:  "password",
-			Usage: "User password",
-		},
-		cli.StringFlag{
-			Name:  "email",
-			Usage: "User email address",
-		},
-		cli.BoolFlag{
-			Name:  "admin",
-			Usage: "User is an admin",
-		},
-		cli.BoolFlag{
-			Name:  "random-password",
-			Usage: "Generate a random password for the user",
-		},
-		cli.BoolFlag{
-			Name:  "must-change-password",
-			Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
-		},
-		cli.IntFlag{
-			Name:  "random-password-length",
-			Usage: "Length of the random password to be generated",
-			Value: 12,
-		},
-		cli.BoolFlag{
-			Name:  "access-token",
-			Usage: "Generate access token for the user",
-		},
-		cli.BoolFlag{
-			Name:  "restricted",
-			Usage: "Make a restricted user account",
-		},
-	},
-}
-
-func runCreateUser(c *cli.Context) error {
-	if err := argsSet(c, "email"); err != nil {
-		return err
-	}
-
-	if c.IsSet("name") && c.IsSet("username") {
-		return errors.New("Cannot set both --name and --username flags")
-	}
-	if !c.IsSet("name") && !c.IsSet("username") {
-		return errors.New("One of --name or --username flags must be set")
-	}
-
-	if c.IsSet("password") && c.IsSet("random-password") {
-		return errors.New("cannot set both -random-password and -password flags")
-	}
-
-	var username string
-	if c.IsSet("username") {
-		username = c.String("username")
-	} else {
-		username = c.String("name")
-		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	var password string
-	if c.IsSet("password") {
-		password = c.String("password")
-	} else if c.IsSet("random-password") {
-		var err error
-		password, err = pwd.Generate(c.Int("random-password-length"))
-		if err != nil {
-			return err
-		}
-		fmt.Printf("generated random password is '%s'\n", password)
-	} else {
-		return errors.New("must set either password or random-password flag")
-	}
-
-	// always default to true
-	changePassword := true
-
-	// If this is the first user being created.
-	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(nil); n == 0 {
-		changePassword = false
-	}
-
-	if c.IsSet("must-change-password") {
-		changePassword = c.Bool("must-change-password")
-	}
-
-	restricted := util.OptionalBoolNone
-
-	if c.IsSet("restricted") {
-		restricted = util.OptionalBoolOf(c.Bool("restricted"))
-	}
-
-	// default user visibility in app.ini
-	visibility := setting.Service.DefaultUserVisibilityMode
-
-	u := &user_model.User{
-		Name:               username,
-		Email:              c.String("email"),
-		Passwd:             password,
-		IsAdmin:            c.Bool("admin"),
-		MustChangePassword: changePassword,
-		Visibility:         visibility,
-	}
-
-	overwriteDefault := &user_model.CreateUserOverwriteOptions{
-		IsActive:     util.OptionalBoolTrue,
-		IsRestricted: restricted,
-	}
-
-	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
-		return fmt.Errorf("CreateUser: %w", err)
-	}
-
-	if c.Bool("access-token") {
-		t := &auth_model.AccessToken{
-			Name: "gitea-admin",
-			UID:  u.ID,
-		}
-
-		if err := auth_model.NewAccessToken(t); err != nil {
-			return err
-		}
-
-		fmt.Printf("Access token was successfully created... %s\n", t.Token)
-	}
-
-	fmt.Printf("New user '%s' has been successfully created!\n", username)
-	return nil
-}
--- a/cmd/admin_user_delete.go
+++ b/cmd/admin_user_delete.go
@@ -1,78 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/storage"
-	user_service "code.gitea.io/gitea/services/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserDelete = cli.Command{
-	Name:  "delete",
-	Usage: "Delete specific user by id, name or email",
-	Flags: []cli.Flag{
-		cli.Int64Flag{
-			Name:  "id",
-			Usage: "ID of user of the user to delete",
-		},
-		cli.StringFlag{
-			Name:  "username,u",
-			Usage: "Username of the user to delete",
-		},
-		cli.StringFlag{
-			Name:  "email,e",
-			Usage: "Email of the user to delete",
-		},
-		cli.BoolFlag{
-			Name:  "purge",
-			Usage: "Purge user, all their repositories, organizations and comments",
-		},
-	},
-	Action: runDeleteUser,
-}
-
-func runDeleteUser(c *cli.Context) error {
-	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return fmt.Errorf("You must provide the id, username or email of a user to delete")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if err := storage.Init(); err != nil {
-		return err
-	}
-
-	var err error
-	var user *user_model.User
-	if c.IsSet("email") {
-		user, err = user_model.GetUserByEmail(ctx, c.String("email"))
-	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(ctx, c.String("username"))
-	} else {
-		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
-	}
-	if err != nil {
-		return err
-	}
-	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
-		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
-	}
-
-	if c.IsSet("id") && user.ID != c.Int64("id") {
-		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
-	}
-
-	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
-}
--- a/cmd/admin_user_generate_access_token.go
+++ b/cmd/admin_user_generate_access_token.go
@@ -1,80 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-
-	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserGenerateAccessToken = cli.Command{
-	Name:  "generate-access-token",
-	Usage: "Generate an access token for a specific user",
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "username,u",
-			Usage: "Username",
-		},
-		cli.StringFlag{
-			Name:  "token-name,t",
-			Usage: "Token name",
-			Value: "gitea-admin",
-		},
-		cli.BoolFlag{
-			Name:  "raw",
-			Usage: "Display only the token value",
-		},
-		cli.StringFlag{
-			Name:  "scopes",
-			Value: "",
-			Usage: "Comma separated list of scopes to apply to access token",
-		},
-	},
-	Action: runGenerateAccessToken,
-}
-
-func runGenerateAccessToken(c *cli.Context) error {
-	if !c.IsSet("username") {
-		return fmt.Errorf("You must provide a username to generate a token for")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	user, err := user_model.GetUserByName(ctx, c.String("username"))
-	if err != nil {
-		return err
-	}
-
-	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
-	if err != nil {
-		return err
-	}
-
-	t := &auth_model.AccessToken{
-		Name:  c.String("token-name"),
-		UID:   user.ID,
-		Scope: accessTokenScope,
-	}
-
-	if err := auth_model.NewAccessToken(t); err != nil {
-		return err
-	}
-
-	if c.Bool("raw") {
-		fmt.Printf("%s\n", t.Token)
-	} else {
-		fmt.Printf("Access token was successfully created: %s\n", t.Token)
-	}
-
-	return nil
-}
--- a/cmd/admin_user_list.go
+++ b/cmd/admin_user_list.go
@@ -1,60 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"text/tabwriter"
-
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserList = cli.Command{
-	Name:   "list",
-	Usage:  "List users",
-	Action: runListUsers,
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "admin",
-			Usage: "List only admin users",
-		},
-	},
-}
-
-func runListUsers(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	users, err := user_model.GetAllUsers()
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
-
-	if c.IsSet("admin") {
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
-		for _, u := range users {
-			if u.IsAdmin {
-				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
-			}
-		}
-	} else {
-		twofa := user_model.UserList(users).GetTwoFaStatus()
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
-		for _, u := range users {
-			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
-		}
-	}
-
-	w.Flush()
-	return nil
-}
--- a/cmd/admin_user_must_change_password.go
+++ b/cmd/admin_user_must_change_password.go
@@ -1,58 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"errors"
-	"fmt"
-
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserMustChangePassword = cli.Command{
-	Name:   "must-change-password",
-	Usage:  "Set the must change password flag for the provided users or all users",
-	Action: runMustChangePassword,
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "all,A",
-			Usage: "All users must change password, except those explicitly excluded with --exclude",
-		},
-		cli.StringSliceFlag{
-			Name:  "exclude,e",
-			Usage: "Do not change the must-change-password flag for these users",
-		},
-		cli.BoolFlag{
-			Name:  "unset",
-			Usage: "Instead of setting the must-change-password flag, unset it",
-		},
-	},
-}
-
-func runMustChangePassword(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if c.NArg() == 0 && !c.IsSet("all") {
-		return errors.New("either usernames or --all must be provided")
-	}
-
-	mustChangePassword := !c.Bool("unset")
-	all := c.Bool("all")
-	exclude := c.StringSlice("exclude")
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args(), exclude)
-	if err != nil {
-		return err
-	}
-
-	fmt.Printf("Updated %d users setting MustChangePassword to %t\n", n, mustChangePassword)
-	return nil
-}
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -1,7 +1,8 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".
@@ -57,10 +58,9 @@ func confirm() (bool, error) {
 }

 func initDB(ctx context.Context) error {
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
-	setting.LoadDBSetting()
-	setting.InitSQLLog(false)
+	setting.LoadFromExisting()
+	setting.InitDBConfig()
+	setting.NewXORMLogService(false)

 	if setting.Database.Type == "" {
 		log.Fatal(`Database settings are missing from the configuration file: %q.
@@ -68,7 +68,7 @@ Ensure you are running in the correct environment or set the correct configurati
 If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
 	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %w", setting.CustomConf, err)
+		return fmt.Errorf("unable to initialize the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -32,7 +33,7 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if !setting.Database.UseMySQL {
--- a/cmd/docs.go
+++ b/cmd/docs.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/doctor.go
+++ b/cmd/doctor.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -13,7 +14,6 @@ import (

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
-	migrate_base "code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -87,16 +87,14 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
-	setting.LoadDBSetting()
+	setting.LoadFromExisting()
+	setting.InitDBConfig()

-	setting.Log.EnableXORMLog = ctx.Bool("debug")
+	setting.EnableXORMLog = ctx.Bool("debug")
 	setting.Database.LogSQL = ctx.Bool("debug")
-	// FIXME: don't use CfgProvider directly
-	setting.CfgProvider.Section("log").Key("XORM").SetValue(",")
+	setting.Cfg.Section("log").Key("XORM").SetValue(",")

-	setting.InitSQLLog(!ctx.Bool("debug"))
+	setting.NewXORMLogService(!ctx.Bool("debug"))
 	stdCtx, cancel := installSignals()
 	defer cancel()

@@ -116,7 +114,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	recreateTables := migrate_base.RecreateTables(beans...)
+	recreateTables := migrations.RecreateTables(beans...)

 	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
@@ -168,13 +166,13 @@ func setDoctorLogger(ctx *cli.Context) {
 }

 func runDoctor(ctx *cli.Context) error {
-	stdCtx, cancel := installSignals()
-	defer cancel()
-
 	// Silence the default loggers
 	log.DelNamedLogger("console")
 	log.DelNamedLogger(log.DEFAULT)

+	stdCtx, cancel := installSignals()
+	defer cancel()
+
 	// Now setup our own
 	setDoctorLogger(ctx)

--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -91,7 +92,7 @@ func (o outputType) String() string {
 }

 var outputTypeEnum = &outputType{
-	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4", "tar.zst"},
+	Enum:    []string{"zip", "tar", "tar.sz", "tar.gz", "tar.xz", "tar.bz2", "tar.br", "tar.lz4"},
 	Default: "zip",
 }

@@ -145,10 +146,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "skip-package-data",
 			Usage: "Skip package data",
 		},
-		cli.BoolFlag{
-			Name:  "skip-index",
-			Usage: "Skip bleve index data",
-		},
 		cli.GenericFlag{
 			Name:  "type",
 			Value: outputTypeEnum,
@@ -181,22 +178,20 @@ func runDump(ctx *cli.Context) error {
 		}
 		fileName += "." + outType
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()

 	// make sure we are logging to the console no matter what the configuration tells us do to
-	// FIXME: don't use CfgProvider directly
-	if _, err := setting.CfgProvider.Section("log").NewKey("MODE", "console"); err != nil {
+	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
 	}
-	if _, err := setting.CfgProvider.Section("log.console").NewKey("STDERR", "true"); err != nil {
+	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
 		return fmt.Errorf("gitea is not initialized")
 	}
-	setting.LoadSettings() // cannot access session settings otherwise
+	setting.NewServices() // cannot access session settings otherwise

 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -324,7 +319,7 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Packing data directory...%s", setting.AppDataPath)

 		var excludes []string
-		if setting.SessionConfig.OriginalProvider == "file" {
+		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
@@ -332,16 +327,11 @@ func runDump(ctx *cli.Context) error {
 			excludes = append(excludes, opts.ProviderConfig)
 		}

-		if ctx.IsSet("skip-index") && ctx.Bool("skip-index") {
-			excludes = append(excludes, setting.Indexer.RepoPath)
-			excludes = append(excludes, setting.Indexer.IssuePath)
-		}
-
 		excludes = append(excludes, setting.RepoRootPath)
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.Packages.Path)
-		excludes = append(excludes, setting.Log.RootPath)
+		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
@@ -380,12 +370,12 @@ func runDump(ctx *cli.Context) error {
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
 	} else {
-		isExist, err := util.IsExist(setting.Log.RootPath)
+		isExist, err := util.IsExist(setting.LogRootPath)
 		if err != nil {
-			log.Error("Unable to check if %s exists. Error: %v", setting.Log.RootPath, err)
+			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
 		}
 		if isExist {
-			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
+			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
 				fatal("Failed to include log: %v", err)
 			}
 		}
@@ -411,6 +401,15 @@ func runDump(ctx *cli.Context) error {
 	return nil
 }

+func contains(slice []string, s string) bool {
+	for _, v := range slice {
+		if v == s {
+			return true
+		}
+	}
+	return false
+}
+
 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
 func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
@@ -431,7 +430,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		currentAbsPath := path.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
-			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
+			if !contains(excludeAbsPath, currentAbsPath) {
 				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
 					return err
 				}
--- a/cmd/dump_repo.go
+++ b/cmd/dump_repo.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -10,13 +11,13 @@ import (
 	"os"
 	"strings"

+	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/convert"
 	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
@@ -94,7 +95,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	var (
@@ -165,7 +166,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	// make sure the directory doesn't exist or is empty, prevent from deleting user files
 	repoDir := ctx.String("repo_dir")
 	if exists, err := util.IsExist(repoDir); err != nil {
-		return fmt.Errorf("unable to stat repo_dir %q: %w", repoDir, err)
+		return fmt.Errorf("unable to stat repo_dir %q: %v", repoDir, err)
 	} else if exists {
 		if isDir, _ := util.IsDir(repoDir); !isDir {
 			return fmt.Errorf("repo_dir %q already exists but it's not a directory", repoDir)
--- a/cmd/embedded.go
+++ b/cmd/embedded.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build bindata

@@ -112,8 +113,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	log.DelNamedLogger(log.DEFAULT)

 	// Read configuration file
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.LoadAllowEmpty()

 	pats, err := getPatterns(c.Args())
 	if err != nil {
@@ -123,7 +123,7 @@ func initEmbeddedExtractor(c *cli.Context) error {

 	sections["public"] = &section{Path: "public", Names: public.AssetNames, IsDir: public.AssetIsDir, Asset: public.Asset}
 	sections["options"] = &section{Path: "options", Names: options.AssetNames, IsDir: options.AssetIsDir, Asset: options.Asset}
-	sections["templates"] = &section{Path: "templates", Names: templates.BuiltinAssetNames, IsDir: templates.BuiltinAssetIsDir, Asset: templates.BuiltinAsset}
+	sections["templates"] = &section{Path: "templates", Names: templates.AssetNames, IsDir: templates.AssetIsDir, Asset: templates.Asset}

 	for _, sec := range sections {
 		assets = append(assets, buildAssetList(sec, pats, c)...)
@@ -186,11 +186,11 @@ func runViewDo(c *cli.Context) error {

 	data, err := assets[0].Section.Asset(assets[0].Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}

 	if _, err = os.Stdout.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", assets[0].Path, err)
+		return fmt.Errorf("%s: %v", assets[0].Path, err)
 	}

 	return nil
@@ -251,11 +251,11 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {

 	data, err := a.Section.Asset(a.Name)
 	if err != nil {
-		return fmt.Errorf("%s: %w", a.Path, err)
+		return fmt.Errorf("%s: %v", a.Path, err)
 	}

 	if err := os.MkdirAll(dir, os.ModePerm); err != nil {
-		return fmt.Errorf("%s: %w", dir, err)
+		return fmt.Errorf("%s: %v", dir, err)
 	}

 	perms := os.ModePerm & 0o666
@@ -263,7 +263,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 	fi, err := os.Lstat(dest)
 	if err != nil {
 		if !errors.Is(err, os.ErrNotExist) {
-			return fmt.Errorf("%s: %w", dest, err)
+			return fmt.Errorf("%s: %v", dest, err)
 		}
 	} else if !overwrite && !rename {
 		fmt.Printf("%s already exists; skipped.\n", dest)
@@ -272,7 +272,7 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {
 		return fmt.Errorf("%s already exists, but it's not a regular file", dest)
 	} else if rename {
 		if err := util.Rename(dest, dest+".bak"); err != nil {
-			return fmt.Errorf("Error creating backup for %s: %w", dest, err)
+			return fmt.Errorf("Error creating backup for %s: %v", dest, err)
 		}
 		// Attempt to respect file permissions mask (even if user:group will be set anew)
 		perms = fi.Mode()
@@ -280,12 +280,12 @@ func extractAsset(d string, a asset, overwrite, rename bool) error {

 	file, err := os.OpenFile(dest, os.O_WRONLY|os.O_TRUNC|os.O_CREATE, perms)
 	if err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}
 	defer file.Close()

 	if _, err = file.Write(data); err != nil {
-		return fmt.Errorf("%s: %w", dest, err)
+		return fmt.Errorf("%s: %v", dest, err)
 	}

 	fmt.Println(dest)
@@ -325,7 +325,7 @@ func getPatterns(args []string) ([]glob.Glob, error) {
 	pat := make([]glob.Glob, len(args))
 	for i := range args {
 		if g, err := glob.Compile(args[i], '/'); err != nil {
-			return nil, fmt.Errorf("'%s': Invalid glob pattern: %w", args[i], err)
+			return nil, fmt.Errorf("'%s': Invalid glob pattern: %v", args[i], err)
 		} else {
 			pat[i] = g
 		}
--- a/cmd/embedded_stub.go
+++ b/cmd/embedded_stub.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build !bindata

--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -185,7 +186,6 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
-	actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64)

 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -195,7 +195,6 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
-		ActionPerm:                      int(actionPerm),
 	}

 	scanner := bufio.NewScanner(os.Stdin)
@@ -219,9 +218,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	supportProcReceive := false
+	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcReceive = true
+		supportProcRecive = true
 	}

 	for scanner.Scan() {
@@ -242,9 +241,9 @@ Gitea or set your environment appropriately.`, "")
 		lastline++

 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcReceive all ref should be checked because
+		// if supportProcRecive all ref should be checked because
 		// permission check was delayed
-		if supportProcReceive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -313,7 +312,7 @@ func runHookPostReceive(c *cli.Context) error {

 	// First of all run update-server-info no matter what
 	if _, _, err := git.NewCommand(ctx, "update-server-info").RunStdString(nil); err != nil {
-		return fmt.Errorf("Failed to call 'git update-server-info': %w", err)
+		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}

 	// Now if we're an internal don't do anything else
@@ -793,7 +792,7 @@ func writeDataPktLine(out io.Writer, data []byte) error {
 	if err != nil {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}
-	if lr != 4 {
+	if 4 != lr {
 		return fail("Internal Server Error", "Pkt-Line response failed: %v", err)
 	}

--- a/cmd/hook_test.go
+++ b/cmd/hook_test.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

--- a/cmd/mailer.go
+++ b/cmd/mailer.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -17,8 +18,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()

 	if err := argsSet(c, "title"); err != nil {
 		return err
--- a/cmd/main_test.go
+++ b/cmd/main_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -12,7 +13,7 @@ import (

 func init() {
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	setting.LoadForTest()
 }

 func TestMain(m *testing.M) {
--- a/cmd/manager.go
+++ b/cmd/manager.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -81,7 +82,7 @@ var (
 			},
 			cli.BoolFlag{
 				Name:  "no-system",
-				Usage: "Do not show system processes",
+				Usage: "Do not show system proceses",
 			},
 			cli.BoolFlag{
 				Name:  "stacktraces",
--- a/cmd/manager_logging.go
+++ b/cmd/manager_logging.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -173,18 +174,6 @@ var (
 						Action: runAddSMTPLogger,
 					},
 				},
-			}, {
-				Name:  "log-sql",
-				Usage: "Set LogSQL",
-				Flags: []cli.Flag{
-					cli.BoolFlag{
-						Name: "debug",
-					}, cli.BoolFlag{
-						Name:  "off",
-						Usage: "Switch off SQL logging",
-					},
-				},
-				Action: runSetLogSQL,
 			},
 		},
 	}
@@ -392,18 +381,3 @@ func runReleaseReopenLogging(c *cli.Context) error {
 	fmt.Fprintln(os.Stdout, msg)
 	return nil
 }
-
-func runSetLogSQL(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-	setup("manager", c.Bool("debug"))
-
-	statusCode, msg := private.SetLogSQL(ctx, !c.Bool("off"))
-	switch statusCode {
-	case http.StatusInternalServerError:
-		return fail("InternalServerError", msg)
-	}
-
-	fmt.Fprintln(os.Stdout, msg)
-	return nil
-}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -33,7 +34,7 @@ func runMigrate(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
--- a/cmd/migrate_storage.go
+++ b/cmd/migrate_storage.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -82,35 +83,35 @@ var CmdMigrateStorage = cli.Command{
 }

 func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, attach *repo_model.Attachment) error {
+	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

 func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, mo *git_model.LFSMetaObject) error {
+	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

 func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+	return db.IterateObjects(ctx, func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, archiver *repo_model.RepoArchiver) error {
+	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
 		p := archiver.RelativePath()
 		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
@@ -118,7 +119,7 @@ func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage)
 }

 func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, pb *packages_model.PackageBlob) error {
+	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
 		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
 		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
 		return err
@@ -136,7 +137,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
--- a/cmd/migrate_storage_test.go
+++ b/cmd/migrate_storage_test.go
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -22,7 +23,7 @@ import (
 func TestMigratePackages(t *testing.T) {
 	assert.NoError(t, unittest.PrepareTestDatabase())

-	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
+	creator := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}).(*user_model.User)

 	content := "package main\n\nfunc main() {\nfmt.Println(\"hi\")\n}\n"
 	buf, err := packages_module.CreateHashedBufferFromReader(strings.NewReader(content), 1024)
@@ -43,9 +44,8 @@ func TestMigratePackages(t *testing.T) {
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
-		Creator: creator,
-		Data:    buf,
-		IsLead:  true,
+		Data:   buf,
+		IsLead: true,
 	})
 	assert.NoError(t, err)
 	assert.NotNil(t, v)
@@ -53,7 +53,8 @@ func TestMigratePackages(t *testing.T) {

 	ctx := context.Background()

-	p := t.TempDir()
+	p, err := os.MkdirTemp(os.TempDir(), "migrated_packages")
+	assert.NoError(t, err)

 	dstStorage, err := storage.NewLocalStorage(
 		ctx,
--- a/cmd/restore_repo.go
+++ b/cmd/restore_repo.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -54,8 +55,7 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	var units []string
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -42,7 +43,7 @@ const (
 var CmdServ = cli.Command{
 	Name:        "serv",
 	Usage:       "This command should only be called by SSH shell",
-	Description: "Serv provides access auth for repositories",
+	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
 		cli.BoolFlag{
@@ -61,8 +62,7 @@ func setup(logPath string, debug bool) {
 	} else {
 		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	if debug {
 		setting.RunMode = "dev"
 	}
--- a/cmd/web.go
+++ b/cmd/web.go
@@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -75,7 +76,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})

-	err := runHTTP("tcp", source, "HTTP Redirector", handler, setting.RedirectorUseProxyProtocol)
+	err := runHTTP("tcp", source, "HTTP Redirector", handler)
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
 	}
@@ -125,10 +126,8 @@ func runWeb(ctx *cli.Context) error {
 				return err
 			}
 		}
-		installCtx, cancel := context.WithCancel(graceful.GetManager().HammerContext())
-		c := install.Routes(installCtx)
+		c := install.Routes()
 		err := listen(c, false)
-		cancel()
 		if err != nil {
 			log.Critical("Unable to open listener for installer. Is Gitea already running?")
 			graceful.GetManager().DoGracefulShutdown()
@@ -149,17 +148,15 @@ func runWeb(ctx *cli.Context) error {
 		go func() {
 			http.DefaultServeMux.Handle("/debug/fgprof", fgprof.Handler())
 			_, _, finished := process.GetManager().AddTypedContext(context.Background(), "Web: PProf Server", process.SystemProcessType, true)
-			// The pprof server is for debug purpose only, it shouldn't be exposed on public network. At the moment it's not worth to introduce a configurable option for it.
 			log.Info("Starting pprof server on localhost:6060")
-			log.Info("Stopped pprof server: %v", http.ListenAndServe("localhost:6060", nil))
+			log.Info("%v", http.ListenAndServe("localhost:6060", nil))
 			finished()
 		}()
 	}

 	log.Info("Global init")
 	// Perform global initialization
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())

 	// We check that AppDataPath exists here (it should have been created during installation)
@@ -177,7 +174,7 @@ func runWeb(ctx *cli.Context) error {
 	}

 	// Set up Chi routes
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	c := routers.NormalRoutes()
 	err := listen(c, true)
 	<-graceful.GetManager().Done()
 	log.Info("PID: %d Gitea Web Finished", os.Getpid())
@@ -203,7 +200,7 @@ func setPort(port string) error {
 		defaultLocalURL += ":" + setting.HTTPPort + "/"

 		// Save LOCAL_ROOT_URL if port changed
-		setting.CreateOrAppendToCustomConf("server.LOCAL_ROOT_URL", func(cfg *ini.File) {
+		setting.CreateOrAppendToCustomConf(func(cfg *ini.File) {
 			cfg.Section("server").Key("LOCAL_ROOT_URL").SetValue(defaultLocalURL)
 		})
 	}
@@ -233,38 +230,40 @@ func listen(m http.Handler, handleRedirector bool) error {
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("tcp", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("tcp", listenAddr, "Web", m)
 	case setting.HTTPS:
 		if setting.EnableAcme {
 			err = runACME(listenAddr, m)
 			break
-		}
-		if handleRedirector {
-			if setting.RedirectOtherPort {
-				go runHTTPRedirector()
-			} else {
-				NoHTTPRedirector()
+		} else {
+			if handleRedirector {
+				if setting.RedirectOtherPort {
+					go runHTTPRedirector()
+				} else {
+					NoHTTPRedirector()
+				}
 			}
+			err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m)
 		}
-		err = runHTTPS("tcp", listenAddr, "Web", setting.CertFile, setting.KeyFile, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
 	case setting.FCGI:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("tcp", listenAddr, "FCGI Web", m, setting.UseProxyProtocol)
+		err = runFCGI("tcp", listenAddr, "FCGI Web", m)
 	case setting.HTTPUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runHTTP("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runHTTP("unix", listenAddr, "Web", m)
 	case setting.FCGIUnix:
 		if handleRedirector {
 			NoHTTPRedirector()
 		}
-		err = runFCGI("unix", listenAddr, "Web", m, setting.UseProxyProtocol)
+		err = runFCGI("unix", listenAddr, "Web", m)
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
+
 	if err != nil {
 		log.Critical("Failed to start server: %v", err)
 	}
--- a/cmd/web_acme.go
+++ b/cmd/web_acme.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -112,14 +113,14 @@ func runACME(listenAddr string, m http.Handler) error {

 			log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 			// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
-			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)), setting.RedirectorUseProxyProtocol)
+			err := runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, "Let's Encrypt HTTP Challenge", myACME.HTTPChallengeHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 			if err != nil {
 				log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 			}
 		}()
 	}

-	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m, setting.UseProxyProtocol, setting.ProxyProtocolTLSBridging)
+	return runHTTPSWithTLSConfig("tcp", listenAddr, "Web", tlsConfig, m)
 }

 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -14,8 +15,8 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 )

-func runHTTP(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
-	return graceful.HTTPListenAndServe(network, listenAddr, name, m, useProxyProtocol)
+func runHTTP(network, listenAddr, name string, m http.Handler) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, name, m)
 }

 // NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
@@ -35,7 +36,7 @@ func NoInstallListener() {
 	graceful.GetManager().InformCleanup()
 }

-func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol bool) error {
+func runFCGI(network, listenAddr, name string, m http.Handler) error {
 	// This needs to handle stdin as fcgi point
 	fcgiServer := graceful.NewServer(network, listenAddr, name)

@@ -46,7 +47,7 @@ func runFCGI(network, listenAddr, name string, m http.Handler, useProxyProtocol
 			}
 			m.ServeHTTP(resp, req)
 		}))
-	}, useProxyProtocol)
+	})
 	if err != nil {
 		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
--- a/cmd/web_https.go
+++ b/cmd/web_https.go
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -128,14 +129,14 @@ var (
 	defaultCiphersChaChaFirst = append(defaultCiphersChaCha, defaultCiphersAES...)
 )

-// runHTTPS listens on the provided network address and then calls
+// runHTTPs listens on the provided network address and then calls
 // Serve to handle requests on incoming TLS connections.
 //
 // Filenames containing a certificate and matching private key for the server must
 // be provided. If the certificate is signed by a certificate authority, the
 // certFile should be the concatenation of the server's certificate followed by the
 // CA's certificate.
-func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
+func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handler) error {
 	tlsConfig := &tls.Config{}
 	if tlsConfig.NextProtos == nil {
 		tlsConfig.NextProtos = []string{"h2", "http/1.1"}
@@ -183,9 +184,9 @@ func runHTTPS(network, listenAddr, name, certFile, keyFile string, m http.Handle
 		return err
 	}

-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }

-func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler, useProxyProtocol, proxyProtocolTLSBridging bool) error {
-	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m, useProxyProtocol, proxyProtocolTLSBridging)
+func runHTTPSWithTLSConfig(network, listenAddr, name string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, name, tlsConfig, m)
 }
--- a/contrib/autocompletion/README
+++ b/contrib/autocompletion/README
@@ -1,17 +0,0 @@
-Bash and Zsh completion
-=======================
-
-From within the gitea root run:
-
-```bash
-source contrib/autocompletion/bash_autocomplete
-```
-
-or for zsh run:
-
-```bash
-source contrib/autocompletion/zsh_autocomplete
-```
-
-These scripts will check if gitea is on the path and if so add autocompletion for `gitea`. Or if not autocompletion will work for `./gitea`.
-If gitea has been installed as a different program pass in the `PROG` environment variable to set the correct program name.
--- a/contrib/autocompletion/bash_autocomplete
+++ b/contrib/autocompletion/bash_autocomplete
@@ -1,30 +0,0 @@
-#! /bin/bash
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_bash_autocomplete() {
-  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
-    local cur opts base
-    COMPREPLY=()
-    cur="${COMP_WORDS[COMP_CWORD]}"
-    if [[ "$cur" == "-"* ]]; then
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
-    else
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
-    fi
-    COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-    return 0
-  fi
-}
-
-if [ -z "$PROG" ] && [ ! "$(command -v gitea &> /dev/null)" ] ; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete gitea
-elif [ -z "$PROG" ]; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete ./gitea
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PWD/gitea"
-else
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PROG"
-  unset PROG
-fi
-
-
-
--- a/contrib/autocompletion/zsh_autocomplete
+++ b/contrib/autocompletion/zsh_autocomplete
@@ -1,30 +0,0 @@
-#compdef ${PROG:=gitea}
-
-
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_zsh_autocomplete() {
-
-  local -a opts
-  local cur
-  cur=${words[-1]}
-  if [[ "$cur" == "-"* ]]; then
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
-  else
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}")
-  fi
-
-  if [[ "${opts[1]}" != "" ]]; then
-    _describe 'values' opts
-  else
-    _files
-  fi
-
-  return
-}
-
-if [ -z $PROG ] ; then
-  compdef _cli_zsh_autocomplete gitea
-else
-  compdef _cli_zsh_autocomplete $(basename $PROG)
-fi
--- a/contrib/backport/README
+++ b/contrib/backport/README
@@ -1,41 +0,0 @@
-`backport`
-==========
-
-`backport` is a command to help create backports of PRs. It backports a
-provided PR from main on to a released version.
-
-It will create a backport branch, cherry-pick the PR's merge commit, adjust
-the commit message and then push this back up to your fork's remote.
-
-The default version will read from `docs/config.yml`. You can override this
-using the option `--version`.
-
-The upstream branches will be fetched, using the remote `origin`. This can
-be overrided using `--upstream`, and fetching can be avoided using
-`--no-fetch`.
-
-By default the branch created will be called `backport-$PR-$VERSION`. You
-can override this using the option `--backport-branch`. This branch will
-be created from `--release-branch` which is `release/$(VERSION)`
-by default and will be pulled from `$(UPSTREAM)`.
-
-The merge-commit as determined by the github API will be used as the SHA to
-cherry-pick. You can override this using `--cherry-pick`.
-
-The commit message will be amended to add the `Backport` header.
-`--no-amend-message` can be set to stop this from happening.
-
-If cherry-pick is successful the backported branch will be pushed up to your
-fork using your remote. These will be determined using `git remote -v`. You
-can set your fork name using `--fork-user` and your remote name using
-`--remote`. You can avoid pushing using `--no-push`.
-
-If the push is successful, `xdg-open` will be called to open a backport url.
-You can stop this using `--no-xdg-open`.
-
-Installation
-============
-
-```bash
-go install contrib/backport/backport.go
-```
--- a/contrib/backport/backport.go
+++ b/contrib/backport/backport.go
@@ -1,473 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net/http"
-	"os"
-	"os/exec"
-	"os/signal"
-	"path"
-	"strconv"
-	"strings"
-	"syscall"
-
-	"github.com/google/go-github/v45/github"
-	"github.com/urfave/cli"
-	"gopkg.in/yaml.v3"
-)
-
-const defaultVersion = "v1.18" // to backport to
-
-func main() {
-	app := cli.NewApp()
-	app.Name = "backport"
-	app.Usage = "Backport provided PR-number on to the current or previous released version"
-	app.Description = `Backport will look-up the PR in Gitea's git log and attempt to cherry-pick it on the current version`
-	app.ArgsUsage = "<PR-to-backport>"
-
-	app.Flags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "version",
-			Usage: "Version branch to backport on to",
-		},
-		cli.StringFlag{
-			Name:  "upstream",
-			Value: "origin",
-			Usage: "Upstream remote for the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "release-branch",
-			Value: "",
-			Usage: "Release branch to backport on. Will default to release/<version>",
-		},
-		cli.StringFlag{
-			Name:  "cherry-pick",
-			Usage: "SHA to cherry-pick as backport",
-		},
-		cli.StringFlag{
-			Name:  "backport-branch",
-			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
-		},
-		cli.StringFlag{
-			Name:  "remote",
-			Value: "",
-			Usage: "Remote for your fork of the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "fork-user",
-			Value: "",
-			Usage: "Forked user name on Github",
-		},
-		cli.BoolFlag{
-			Name:  "no-fetch",
-			Usage: "Set this flag to prevent fetch of remote branches",
-		},
-		cli.BoolFlag{
-			Name:  "no-amend-message",
-			Usage: "Set this flag to prevent automatic amendment of the commit message",
-		},
-		cli.BoolFlag{
-			Name:  "no-push",
-			Usage: "Set this flag to prevent pushing the backport up to your fork",
-		},
-		cli.BoolFlag{
-			Name:  "no-xdg-open",
-			Usage: "Set this flag to not use xdg-open to open the PR URL",
-		},
-		cli.BoolFlag{
-			Name:  "continue",
-			Usage: "Set this flag to continue from a git cherry-pick that has broken",
-		},
-	}
-	cli.AppHelpTemplate = `NAME:
-	{{.Name}} - {{.Usage}}
-USAGE:
-	{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
-	{{if len .Authors}}
-AUTHOR:
-	{{range .Authors}}{{ . }}{{end}}
-	{{end}}{{if .Commands}}
-OPTIONS:
-	{{range .VisibleFlags}}{{.}}
-	{{end}}{{end}}
-`
-
-	app.Action = runBackport
-
-	if err := app.Run(os.Args); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to backport: %v\n", err)
-	}
-}
-
-func runBackport(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	continuing := c.Bool("continue")
-
-	var pr string
-
-	version := c.String("version")
-	if version == "" && continuing {
-		// determine version from current branch name
-		var err error
-		pr, version, err = readCurrentBranch(ctx)
-		if err != nil {
-			return err
-		}
-	}
-	if version == "" {
-		version = readVersion()
-	}
-	if version == "" {
-		version = defaultVersion
-	}
-
-	upstream := c.String("upstream")
-	if upstream == "" {
-		upstream = "origin"
-	}
-
-	forkUser := c.String("fork-user")
-	remote := c.String("remote")
-	if remote == "" && !c.Bool("--no-push") {
-		var err error
-		remote, forkUser, err = determineRemote(ctx, forkUser)
-		if err != nil {
-			return err
-		}
-	}
-
-	upstreamReleaseBranch := c.String("release-branch")
-	if upstreamReleaseBranch == "" {
-		upstreamReleaseBranch = path.Join("release", version)
-	}
-
-	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)
-
-	args := c.Args()
-	if len(args) == 0 && pr == "" {
-		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
-	} else if len(args) != 1 && pr == "" {
-		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
-	}
-	if pr == "" {
-		pr = args[0]
-	}
-
-	backportBranch := c.String("backport-branch")
-	if backportBranch == "" {
-		backportBranch = "backport-" + pr + "-" + version
-	}
-
-	fmt.Printf("* Backporting %s to %s as %s\n", pr, localReleaseBranch, backportBranch)
-
-	sha := c.String("cherry-pick")
-	if sha == "" {
-		var err error
-		sha, err = determineSHAforPR(ctx, pr)
-		if err != nil {
-			return err
-		}
-	}
-	if sha == "" {
-		return fmt.Errorf("unable to determine sha for cherry-pick of %s", pr)
-	}
-
-	if !c.Bool("no-fetch") {
-		if err := fetchRemoteAndMain(ctx, upstream, upstreamReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if !continuing {
-		if err := checkoutBackportBranch(ctx, backportBranch, localReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if err := cherrypick(ctx, sha); err != nil {
-		return err
-	}
-
-	if !c.Bool("no-amend-message") {
-		if err := amendCommit(ctx, pr); err != nil {
-			return err
-		}
-	}
-
-	if !c.Bool("no-push") {
-		url := "https://github.com/go-gitea/gitea/compare/" + upstreamReleaseBranch + "..." + forkUser + ":" + backportBranch
-
-		if err := gitPushUp(ctx, remote, backportBranch); err != nil {
-			return err
-		}
-
-		if !c.Bool("no-xdg-open") {
-			if err := xdgOpen(ctx, url); err != nil {
-				return err
-			}
-		} else {
-			fmt.Printf("* Navigate to %s to open PR\n", url)
-		}
-	}
-	return nil
-}
-
-func xdgOpen(ctx context.Context, url string) error {
-	fmt.Printf("* `xdg-open %s`\n", url)
-	out, err := exec.CommandContext(ctx, "xdg-open", url).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to xdg-open to %s: %w", url, err)
-	}
-	return nil
-}
-
-func gitPushUp(ctx context.Context, remote, backportBranch string) error {
-	fmt.Printf("* `git push -u %s %s`\n", remote, backportBranch)
-	out, err := exec.CommandContext(ctx, "git", "push", "-u", remote, backportBranch).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to push up to %s: %w", remote, err)
-	}
-	return nil
-}
-
-func amendCommit(ctx context.Context, pr string) error {
-	fmt.Printf("* Amending commit to prepend `Backport #%s` to body\n", pr)
-	out, err := exec.CommandContext(ctx, "git", "log", "-1", "--pretty=format:%B").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to get last log message: %w", err)
-	}
-
-	parts := strings.SplitN(string(out), "\n", 2)
-
-	if len(parts) != 2 {
-		return fmt.Errorf("unable to interpret log message:\n%s", string(out))
-	}
-	subject, body := parts[0], parts[1]
-	if !strings.HasSuffix(subject, " (#"+pr+")") {
-		subject = subject + " (#" + pr + ")"
-	}
-
-	out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to amend last log message: %w", err)
-	}
-	return nil
-}
-
-func cherrypick(ctx context.Context, sha string) error {
-	// Check if a CHERRY_PICK_HEAD exists
-	if _, err := os.Stat(".git/CHERRY_PICK_HEAD"); err == nil {
-		// Assume that we are in the middle of cherry-pick - continue it
-		fmt.Println("* Attempting git cherry-pick --continue")
-		out, err := exec.CommandContext(ctx, "git", "cherry-pick", "--continue").Output()
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "git cherry-pick --continue failed:\n%s\n", string(out))
-			return fmt.Errorf("unable to continue cherry-pick: %w", err)
-		}
-		return nil
-	}
-
-	fmt.Printf("* Attempting git cherry-pick %s\n", sha)
-	out, err := exec.CommandContext(ctx, "git", "cherry-pick", sha).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "git cherry-pick %s failed:\n%s\n", sha, string(out))
-		return fmt.Errorf("git cherry-pick %s failed: %w", sha, err)
-	}
-	return nil
-}
-
-func checkoutBackportBranch(ctx context.Context, backportBranch, releaseBranch string) error {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		return fmt.Errorf("unable to check current branch %w", err)
-	}
-
-	currentBranch := strings.TrimSpace(string(out))
-	fmt.Printf("* Current branch is %s\n", currentBranch)
-	if currentBranch == backportBranch {
-		fmt.Printf("* Current branch is %s - not checking out\n", currentBranch)
-		return nil
-	}
-
-	if _, err := exec.CommandContext(ctx, "git", "rev-list", "-1", backportBranch).Output(); err == nil {
-		fmt.Printf("* Branch %s already exists. Checking it out...\n", backportBranch)
-		return exec.CommandContext(ctx, "git", "checkout", "-f", backportBranch).Run()
-	}
-
-	fmt.Printf("* `git checkout -b %s %s`\n", backportBranch, releaseBranch)
-	return exec.CommandContext(ctx, "git", "checkout", "-b", backportBranch, releaseBranch).Run()
-}
-
-func fetchRemoteAndMain(ctx context.Context, remote, releaseBranch string) error {
-	fmt.Printf("* `git fetch %s main`\n", remote)
-	out, err := exec.CommandContext(ctx, "git", "fetch", remote, "main").Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", "main", remote, err)
-	}
-	fmt.Println(string(out))
-
-	fmt.Printf("* `git fetch %s %s`\n", remote, releaseBranch)
-	out, err = exec.CommandContext(ctx, "git", "fetch", remote, releaseBranch).Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", releaseBranch, remote, err)
-	}
-	fmt.Println(string(out))
-
-	return nil
-}
-
-func determineRemote(ctx context.Context, forkUser string) (string, string, error) {
-	out, err := exec.CommandContext(ctx, "git", "remote", "-v").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to list git remotes:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to determine forked remote: %w", err)
-	}
-	lines := strings.Split(string(out), "\n")
-	for _, line := range lines {
-		fields := strings.Split(line, "\t")
-		name, remote := fields[0], fields[1]
-		// only look at pushers
-		if !strings.HasSuffix(remote, " (push)") {
-			continue
-		}
-		// only look at github.com pushes
-		if !strings.Contains(remote, "github.com") {
-			continue
-		}
-		// ignore go-gitea/gitea
-		if strings.Contains(remote, "go-gitea/gitea") {
-			continue
-		}
-		if !strings.Contains(remote, forkUser) {
-			continue
-		}
-		if strings.HasPrefix(remote, "git@github.com:") {
-			forkUser = strings.TrimPrefix(remote, "git@github.com:")
-		} else if strings.HasPrefix(remote, "https://github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://github.com/")
-		} else if strings.HasPrefix(remote, "https://www.github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://www.github.com/")
-		} else if forkUser == "" {
-			return "", "", fmt.Errorf("unable to extract forkUser from remote %s: %s", name, remote)
-		}
-		idx := strings.Index(forkUser, "/")
-		if idx >= 0 {
-			forkUser = forkUser[:idx]
-		}
-		return name, forkUser, nil
-	}
-	return "", "", fmt.Errorf("unable to find appropriate remote in:\n%s", string(out))
-}
-
-func readCurrentBranch(ctx context.Context) (pr, version string, err error) {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read current git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to read current git branch: %w", err)
-	}
-	parts := strings.Split(strings.TrimSpace(string(out)), "-")
-
-	if len(parts) != 3 || parts[0] != "backport" {
-		fmt.Fprintf(os.Stderr, "Unable to continue from git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to continue from git branch:\n%s", string(out))
-	}
-
-	return parts[1], parts[2], nil
-}
-
-func readVersion() string {
-	bs, err := os.ReadFile("docs/config.yaml")
-	if err != nil {
-		if err == os.ErrNotExist {
-			log.Println("`docs/config.yaml` not present")
-			return ""
-		}
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	type params struct {
-		Version string
-	}
-	type docConfig struct {
-		Params params
-	}
-	dc := &docConfig{}
-	if err := yaml.Unmarshal(bs, dc); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	if dc.Params.Version == "" {
-		fmt.Fprintf(os.Stderr, "No version in `docs/config.yaml`")
-		return ""
-	}
-
-	version := dc.Params.Version
-	if version[0] != 'v' {
-		version = "v" + version
-	}
-
-	split := strings.SplitN(version, ".", 3)
-
-	return strings.Join(split[:2], ".")
-}
-
-func determineSHAforPR(ctx context.Context, prStr string) (string, error) {
-	prNum, err := strconv.Atoi(prStr)
-	if err != nil {
-		return "", err
-	}
-
-	client := github.NewClient(http.DefaultClient)
-
-	pr, _, err := client.PullRequests.Get(ctx, "go-gitea", "gitea", prNum)
-	if err != nil {
-		return "", err
-	}
-
-	if pr.Merged == nil || !*pr.Merged {
-		return "", fmt.Errorf("PR #%d is not yet merged - cannot determine sha to backport", prNum)
-	}
-
-	if pr.MergeCommitSHA != nil {
-		return *pr.MergeCommitSHA, nil
-	}
-
-	return "", nil
-}
-
-func installSignals() (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(context.Background())
-	go func() {
-		// install notify
-		signalChannel := make(chan os.Signal, 1)
-
-		signal.Notify(
-			signalChannel,
-			syscall.SIGINT,
-			syscall.SIGTERM,
-		)
-		select {
-		case <-signalChannel:
-		case <-ctx.Done():
-		}
-		cancel()
-		signal.Reset()
-	}()
-
-	return ctx, cancel
-}
--- a/contrib/environment-to-ini/environment-to-ini.go
+++ b/contrib/environment-to-ini/environment-to-ini.go
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

--- a/contrib/fixtures/fixture_generation.go
+++ b/contrib/fixtures/fixture_generation.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

--- a/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
+++ b/contrib/gitea-monitoring-mixin/dashboards/overview.libsonnet
@@ -29,7 +29,7 @@ local addIssueLabelsOverrides(labels) =

  grafanaDashboards+:: {

-    local giteaSelector = 'job=~"$job", instance=~"$instance"',
+    local giteaSelector = 'job="$job", instance="$instance"',
    local giteaStatsPanel =
      grafana.statPanel.new(
        'Gitea stats',
@@ -399,31 +399,25 @@ local addIssueLabelsOverrides(labels) =
      .addTemplate(
        {
          hide: 0,
-          label: 'job',
+          label: null,
          name: 'job',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations, job)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
        {
          hide: 0,
-          label: 'instance',
+          label: null,
          name: 'instance',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations{job="$job"}, instance)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
--- a/contrib/init/gentoo/gitea
+++ b/contrib/init/gentoo/gitea
@@ -2,43 +2,14 @@

 DIR=/var/lib/gitea
 USER=git
-HOME=/home/${USER}
-GITEA_WORK_DIR=${DIR}
-EXECUTABLE=/usr/local/bin/gitea

-export USER
-export HOME
-export GITEA_WORK_DIR
-
-name=$RC_SVCNAME
-cfgfile="/etc/$RC_SVCNAME/app.ini"
-command="${EXECUTABLE}"
-command_user="${USER}"
-command_args="web -c /etc/$RC_SVCNAME/app.ini"
-command_background="yes"
-pidfile="/run/$RC_SVCNAME/$RC_SVCNAME.pid"
 start_stop_daemon_args="--user ${USER} --chdir ${DIR}"
+command="/usr/local/bin/gitea"
+command_args="web -c /etc/gitea/app.ini"
+command_background=yes
+pidfile=/run/gitea.pid

 depend()
 {
    need net
-    ###
-    # Don't forget to add the database service requirements
-    ###
-    #after postgresql
-    #after mysql
-    #after mariadb
-    #after memcached
-    #after redis
-}
-
-start_pre()
-{
-        checkpath --directory --owner $command_user:$command_user --mode 0750 \
-                /run/$RC_SVCNAME /var/log/$RC_SVCNAME
-        ##
-        # If you want to bind Gitea to a port below 1024, uncomment
-        # the value below
-        ##
-        #setcap cap_net_bind_service=+ep "${EXECUTABLE}"
 }
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

@@ -13,6 +14,7 @@ import (
 	"fmt"
 	"log"
 	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
 	"os/user"
@@ -25,14 +27,12 @@ import (
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/unittest"
 	gitea_git "code.gitea.io/gitea/modules/git"
-	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
 	repo_module "code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/routers"
-	markup_service "code.gitea.io/gitea/services/markup"

 	"github.com/go-git/go-git/v5"
 	"github.com/go-git/go-git/v5/config"
@@ -49,8 +49,7 @@ func runPR() {
 		log.Fatal(err)
 	}
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.LoadAllowEmpty()

 	setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
 	if err != nil {
@@ -62,7 +61,11 @@ func runPR() {
 	}
 	setting.AppWorkPath = curDir
 	setting.StaticRootPath = curDir
-	setting.GravatarSource = "https://secure.gravatar.com/avatar/"
+	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
+	if err != nil {
+		log.Fatalf("url.Parse: %v\n", err)
+	}
+
 	setting.AppURL = "http://localhost:8080/"
 	setting.HTTPPort = "8080"
 	setting.SSH.Domain = "localhost"
@@ -77,13 +80,14 @@ func runPR() {
 	setting.RunUser = curUser.Username

 	log.Printf("[PR] Loading fixtures data ...\n")
+	gitea_git.CheckLFSVersion()
 	//models.LoadConfigs()
 	/*
 		setting.Database.Type = "sqlite3"
 		setting.Database.Path = ":memory:"
 		setting.Database.Timeout = 500
 	*/
-	dbCfg := setting.CfgProvider.Section("database")
+	dbCfg := setting.Cfg.Section("database")
 	dbCfg.NewKey("DB_TYPE", "sqlite3")
 	dbCfg.NewKey("PATH", ":memory:")

@@ -108,13 +112,13 @@ func runPR() {
 	unittest.LoadFixtures()
 	util.RemoveAll(setting.RepoRootPath)
 	util.RemoveAll(repo_module.LocalCopyPath())
-	unittest.CopyDir(path.Join(curDir, "tests/gitea-repositories-meta"), setting.RepoRootPath)
+	unittest.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)

 	log.Printf("[PR] Setting up router\n")
 	// routers.GlobalInit()
 	external.RegisterRenderers()
-	markup.Init(markup_service.ProcessorHelper())
-	c := routers.NormalRoutes(graceful.GetManager().HammerContext())
+	markup.Init()
+	c := routers.NormalRoutes()

 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -49,8 +49,12 @@ After=network.target
 ###

 [Service]
-# Uncomment the next line if you have repos with lots of files and get a HTTP 500 error because of that
-# LimitNOFILE=524288:524288
+# Modify these two values and uncomment them if you have
+# repos with lots of files and get an HTTP error 500 because
+# of that
+###
+#LimitMEMLOCK=infinity
+#LimitNOFILE=65535
 RestartSec=2s
 Type=simple
 User=git
@@ -74,13 +78,6 @@ Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 ###
-# In some cases, when using CapabilityBoundingSet and AmbientCapabilities option, you may want to
-# set the following value to false to allow capabilities to be applied on gitea process. The following
-# value if set to true sandboxes gitea service and prevent any processes from running with privileges
-# in the host user namespace.
-###
-#PrivateUsers=false
-###

 [Install]
 WantedBy=multi-user.target
--- a/custom/conf/app.example.ini
+++ b/custom/conf/app.example.ini
@@ -7,38 +7,6 @@
 ;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.


-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Default Configuration (non-`app.ini` configuration)
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; These values are environment-dependent but form the basis of a lot of values. They will be
-;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
-;;
-;; - _`AppPath`_: This is the absolute path of the running gitea binary.
-;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
-;;   - The `--work-path` flag passed to the binary
-;;   - The environment variable `$GITEA_WORK_DIR`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to the directory of the _`AppPath`_
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`AppPath`_
-;; - _`CustomPath`_: This is the base directory for custom templates and other options.
-;; It is determined by using the first set thing in the following hierarchy:
-;;   - The `--custom-path` flag passed to the binary
-;;   - The environment variable `$GITEA_CUSTOM`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`AppWorkPath`_
-;; - _`CustomConf`_: This is the path to the `app.ini` file.
-;;   - The `--config` flag passed to the binary
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`CustomPath`_
-;;
-;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; General Settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -58,21 +26,9 @@ RUN_MODE = ; prod
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
+;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
-;; Expect PROXY protocol headers on connections
-;USE_PROXY_PROTOCOL = false
-;;
-;; Use PROXY protocol in TLS Bridging mode
-;PROXY_PROTOCOL_TLS_BRIDGING = false
-;;
-; Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
-;PROXY_PROTOCOL_HEADER_TIMEOUT=5s
-;;
-; Accept PROXY protocol headers with UNKNOWN type
-;PROXY_PROTOCOL_ACCEPT_UNKNOWN=false
-;;
 ;; Set the domain for the server
 ;DOMAIN = localhost
 ;;
@@ -83,8 +39,6 @@ RUN_MODE = ; prod
 ;STATIC_URL_PREFIX =
 ;;
 ;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
-;; Relative paths will be made absolute against the _`AppWorkPath`_.
 ;HTTP_ADDR = 0.0.0.0
 ;;
 ;; The port to listen on. Leave empty when using a unix socket.
@@ -97,8 +51,6 @@ RUN_MODE = ; prod
 ;REDIRECT_OTHER_PORT = false
 ;PORT_TO_REDIRECT = 80
 ;;
-;; expect PROXY protocol header on connections to https redirector.
-;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@@ -124,19 +76,13 @@ RUN_MODE = ; prod
 ;; Do not set this variable if PROTOCOL is set to 'unix'.
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
-;; When making local connections pass the PROXY protocol header.
-;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
-;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
 ;;
 ;; Whether to use the builtin SSH server or not.
 ;START_SSH_SERVER = false
 ;;
-;; Expect PROXY protocol header on connections to the built-in SSH server
-;SSH_SERVER_USE_PROXY_PROTOCOL = false
-;;
-;; Username to use for the builtin SSH server. If blank, then it is the value of RUN_USER.
+;; Username to use for the builtin SSH server.
 ;BUILTIN_SSH_SERVER_USER = %(RUN_USER)s
 ;;
 ;; Domain name to be exposed in clone URL
@@ -179,7 +125,7 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
-;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
+;; relative paths are made absolute relative to the APP_DATA_PATH
 ;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ;;
 ;; Directory to create temporary files in when testing public keys using ssh-keygen,
@@ -275,10 +221,10 @@ RUN_MODE = ; prod
 ;;
 ;; Root directory containing templates and static files.
 ;; default is the path where Gitea is executed
-;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
+;STATIC_ROOT_PATH =
 ;;
 ;; Default path for App data
-;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
+;APP_DATA_PATH = data
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -289,7 +235,7 @@ RUN_MODE = ; prod
 ;ENABLE_PPROF = false
 ;;
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
+;PPROF_DATA_PATH = data/tmp/pprof
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ -367,7 +313,6 @@ USER = root
 ;DB_TYPE = sqlite3
 ;PATH= ; defaults to data/gitea.db
 ;SQLITE_TIMEOUT = ; Query timeout defaults to: 500
-;SQLITE_JOURNAL_MODE = ; defaults to sqlite database default (often DELETE), can be used to enable WAL mode. https://www.sqlite.org/pragma.html#pragma_journal_mode
 ;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
@@ -403,9 +348,6 @@ LOG_SQL = false ; if unset defaults to true
 ;;
 ;; Database maximum number of open connections, default is 0 meaning no maximum
 ;MAX_OPEN_CONNS = 0
-;;
-;; Whether execute database models migrations automatically
-;AUTO_MIGRATION = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -416,19 +358,14 @@ LOG_SQL = false ; if unset defaults to true
 ;; Whether the installer is disabled (set to true to disable the installer)
 INSTALL_LOCK = false
 ;;
-;; Global secret key that will be used
-;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
+;; Global secret key that will be used - if blank will be regenerated.
 SECRET_KEY =
 ;;
-;; Alternative location to specify secret key, instead of this file; you cannot specify both this and SECRET_KEY, and must pick one
-;; This key is VERY IMPORTANT. If you lose it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
-;SECRET_KEY_URI = file:/etc/gitea/secret_key
-;;
 ;; Secret used to validate communication within Gitea binary.
 INTERNAL_TOKEN=
 ;;
-;; Alternative location to specify internal token, instead of this file; you cannot specify both this and INTERNAL_TOKEN, and must pick one
-;INTERNAL_TOKEN_URI = file:/etc/gitea/internal_token
+;; Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: file:/etc/gitea/internal_token)
+;INTERNAL_TOKEN_URI = ;e.g. /etc/gitea/internal_token
 ;;
 ;; How long to remember that a user is logged in before requiring relogin (in days)
 ;LOGIN_REMEMBER_DAYS = 7
@@ -439,10 +376,9 @@ INTERNAL_TOKEN=
 ;; Name of cookie used to store authentication information.
 ;COOKIE_REMEMBER_NAME = gitea_incredible
 ;;
-;; Reverse proxy authentication header name of user name, email, and full name
+;; Reverse proxy authentication header name of user name and email
 ;REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
 ;REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
-;REVERSE_PROXY_AUTHENTICATION_FULL_NAME = X-WEBAUTH-FULLNAME
 ;;
 ;; Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request
 ;REVERSE_PROXY_LIMIT = 1
@@ -539,6 +475,20 @@ ENABLE = true
 ;; Maximum length of oauth2 token/cookie stored on server
 ;MAX_TOKEN_LENGTH = 32767

+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+[U2F]
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
+;;
+;; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
+;; Two Factor authentication with security keys
+;; https://developers.yubico.com/U2F/App_ID.html
+;;
+;; DEPRECATED - this only applies to previously registered security keys using the U2F standard
+APP_ID = ; e.g. http://localhost:3000/
+
+
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 [log]
@@ -670,7 +620,7 @@ ROUTER = console
 ;PATH =
 ;;
 ;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)s/home
+;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -695,7 +645,6 @@ ROUTER = console
 ;GC_ARGS =
 ;;
 ;; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
-;; To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
 ;ENABLE_AUTO_GIT_WIRE_PROTOCOL = true
 ;;
 ;; Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
@@ -757,19 +706,13 @@ ROUTER = console
 ;ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ;ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
 ;ENABLE_REVERSE_PROXY_EMAIL = false
-;ENABLE_REVERSE_PROXY_FULL_NAME = false
 ;;
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Enable this to require captcha validation for login
-;REQUIRE_CAPTCHA_FOR_LOGIN = false
-;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha
 ;CAPTCHA_TYPE = image
 ;;
-;; Change this to use recaptcha.net or other recaptcha service
-;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;; Enable recaptcha to use Google's recaptcha service
 ;; Go to https://www.google.com/recaptcha/admin to sign up for a key
 ;RECAPTCHA_SECRET =
@@ -779,17 +722,8 @@ ROUTER = console
 ;HCAPTCHA_SECRET =
 ;HCAPTCHA_SITEKEY =
 ;;
-;; Change this to use demo.mcaptcha.org or your self-hosted mcaptcha.org instance.
-;MCAPTCHA_URL = https://demo.mcaptcha.org
-;;
-;; Go to your configured mCaptcha instance and register a sitekey
-;; and use your account's secret.
-;MCAPTCHA_SECRET =
-;MCAPTCHA_SITEKEY =
-;;
-;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
-;CF_TURNSTILE_SITEKEY =
-;CF_TURNSTILE_SECRET =
+;; Change this to use recaptcha.net or other recaptcha service
+;RECAPTCHA_URL = https://www.google.com/recaptcha/
 ;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
@@ -882,8 +816,8 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
-;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
+;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -931,18 +865,14 @@ ROUTER = console
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki
 ;DISABLED_REPO_UNITS =
 ;;
-;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages.
+;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
-;;
-;; Comma separated list of default forked repo units.
-;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
-;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
 ;;
 ;; Prefix archive files by placing them in a directory named after the repository
 ;PREFIX_ARCHIVE_FILES = true
@@ -965,9 +895,6 @@ ROUTER = console
 ;; Don't allow download source archive files from UI
 ;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false

-;; Allow fork repositories without maximum number limit
-;ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@@ -1047,9 +974,6 @@ ROUTER = console
 ;;
 ;; Add co-authored-by and co-committed-by trailers if committer does not match author
 ;ADD_CO_COMMITTER_TRAILERS = true
-;;
-;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
-;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1158,9 +1082,6 @@ ROUTER = console
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
-;; headers to permit
-;HEADERS = Content-Type,User-Agent
-;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN

@@ -1174,7 +1095,7 @@ ROUTER = console
 ;EXPLORE_PAGING_NUM = 20
 ;;
 ;; Number of issues that are displayed on one page
-;ISSUE_PAGING_NUM = 20
+;ISSUE_PAGING_NUM = 10
 ;;
 ;; Number of maximum commits displayed in one activity feed
 ;FEED_MAX_COMMIT_NUM = 5
@@ -1182,9 +1103,6 @@ ROUTER = console
 ;; Number of items that are displayed in home feed
 ;FEED_PAGING_NUM = 20
 ;;
-;; Number of items that are displayed in a single subsitemap
-;SITEMAP_PAGING_NUM = 20
-;;
 ;; Number of maximum commits displayed in commit graph.
 ;GRAPH_MAX_COMMIT_NUM = 100
 ;;
@@ -1320,9 +1238,6 @@ ROUTER = console
 ;; List of file extensions that should be rendered/edited as Markdown
 ;; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
 ;FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
-;;
-;; Enables math inline and block detection
-;ENABLE_MATH = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1349,7 +1264,7 @@ ROUTER = console
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+;ISSUE_INDEXER_PATH = indexers/issues.bleve
 ;;
 ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
@@ -1367,7 +1282,7 @@ ROUTER = console
 ;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
 ;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ;; default is queues/common
-;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
 ;;
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
@@ -1423,7 +1338,7 @@ ROUTER = console
 ;TYPE = persistable-channel
 ;;
 ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
-;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;DATADIR = queues/
 ;;
 ;; Default queue length before a channel queue will block
 ;LENGTH = 20
@@ -1590,11 +1505,6 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; NOTICE: this section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
-;; please refer to
-;; https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini
-;; https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md
-;;
 ;ENABLED = false
 ;;
 ;; Buffer length of channel, keep it as it is if you don't know what it is.
@@ -1603,42 +1513,30 @@ ROUTER = console
 ;; Prefix displayed before subject in mail
 ;SUBJECT_PREFIX =
 ;;
-;; Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy".
-;; - sendmail: use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
-;; - dummy: send email messages to the log as a testing phase.
-;; If your provider does not explicitly say which protocol it uses but does provide a port,
-;; you can set SMTP_PORT instead and this will be inferred.
-;; (Before 1.18, see the notice, this was controlled via MAILER_TYPE and IS_TLS_ENABLED.)
-;PROTOCOL =
+;; Mail server
+;; Gmail: smtp.gmail.com:587
+;; QQ: smtp.qq.com:465
+;; As per RFC 8314 using Implicit TLS/SMTPS on port 465 (if supported) is recommended,
+;; otherwise STARTTLS on port 587 should be used.
+;HOST =
 ;;
-;; Mail server address, e.g. smtp.gmail.com.
-;; For smtp+unix, this should be a path to a unix socket instead.
-;; (Before 1.18, see the notice, this was combined with SMTP_PORT as HOST.)
-;SMTP_ADDR =
+;; Disable HELO operation when hostnames are different.
+;DISABLE_HELO =
 ;;
-;; Mail server port. Common ports are:
-;;   25:  insecure SMTP
-;;   465: SMTP Secure
-;;   587: StartTLS
-;; If no protocol is specified, it will be inferred by this setting.
-;; (Before 1.18, this was combined with SMTP_ADDR as HOST.)
-;SMTP_PORT =
-;;
-;; Enable HELO operation. Defaults to true.
-;ENABLE_HELO = true
-;;
-;; Custom hostname for HELO operation.
-;; If no value is provided, one is retrieved from system.
+;; Custom hostname for HELO operation, if no value is provided, one is retrieved from system.
 ;HELO_HOSTNAME =
 ;;
-;; If set to `true`, completely ignores server certificate validation errors.
-;; This option is unsafe. Consider adding the certificate to the system trust store instead.
-;FORCE_TRUST_SERVER_CERT = false
+;; Whether or not to skip verification of certificates; `true` to disable verification. This option is unsafe. Consider adding the certificate to the system trust store instead.
+;SKIP_VERIFY = false
 ;;
-;; Use client certificate in connection.
-;USE_CLIENT_CERT = false
-;CLIENT_CERT_FILE = custom/mailer/cert.pem
-;CLIENT_KEY_FILE = custom/mailer/key.pem
+;; Use client certificate
+;USE_CERTIFICATE = false
+;CERT_FILE = custom/mailer/cert.pem
+;KEY_FILE = custom/mailer/key.pem
+;;
+;; Should SMTP connect with TLS, (if port ends with 465 TLS will always be used.)
+;; If this is false but STARTTLS is supported the connection will be upgraded to TLS opportunistically.
+;IS_TLS_ENABLED = false
 ;;
 ;; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 ;FROM =
@@ -1646,15 +1544,19 @@ ROUTER = console
 ;; Sometimes it is helpful to use a different address on the envelope. Set this to use ENVELOPE_FROM as the from on the envelope. Set to `<>` to send an empty address.
 ;ENVELOPE_FROM =
 ;;
-;; Mailer user name and password, if required by provider.
+;; Mailer user name and password
+;; Please Note: Authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via STARTTLS) or `HOST=localhost`.
 ;USER =
 ;;
 ;; Use PASSWD = `your password` for quoting if you use special characters in the password.
 ;PASSWD =
 ;;
-;; Send mails only in plain text, without HTML alternative
+;; Send mails as plain text
 ;SEND_AS_PLAIN_TEXT = false
 ;;
+;; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+;MAILER_TYPE = smtp
+;;
 ;; Specify an alternative sendmail binary
 ;SENDMAIL_PATH = sendmail
 ;;
@@ -1668,47 +1570,6 @@ ROUTER = console
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[email.incoming]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable handling of incoming emails.
-;ENABLED = false
-;;
-;; The email address including the %{token} placeholder that will be replaced per user/action.
-;; Example: incoming+%{token}@example.com
-;; The placeholder must appear in the user part of the address (before the @).
-;REPLY_TO_ADDRESS =
-;;
-;; IMAP server host
-;HOST =
-;;
-;; IMAP server port
-;PORT =
-;;
-;; Username of the receiving account
-;USERNAME =
-;;
-;; Password of the receiving account
-;PASSWORD =
-;;
-;; Whether the IMAP server uses TLS.
-;USE_TLS = false
-;;
-;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
-;SKIP_TLS_VERIFY = true
-;;
-;; The mailbox name where incoming mail will end up.
-;MAILBOX = INBOX
-;;
-;; Whether handled messages should be deleted from the mailbox.
-;DELETE_HANDLED_MESSAGE = true
-;;
-;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
-;MAXIMUM_MESSAGE_SIZE = 10485760
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cache]
@@ -1725,7 +1586,7 @@ ROUTER = console
 ;INTERVAL = 60
 ;;
 ;; For "redis" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@@ -1764,9 +1625,9 @@ ROUTER = console
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
+;PROVIDER_CONFIG = data/sessions
 ;;
 ;; Session cookie name
 ;COOKIE_NAME = i_like_gitea
@@ -2198,7 +2059,7 @@ ROUTER = console
 ;[cron.update_checker]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = true
+;ENABLED = false
 ;RUN_AT_START = false
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
@@ -2217,28 +2078,6 @@ ROUTER = console
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Garbage collect LFS pointers in repositories
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.gc_lfs]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;; Garbage collect LFS pointers in repositories (default false)
-;RUN_AT_START = false
-;; Interval as a duration between each gc run (default every 24h)
-;SCHEDULE = @every 24h
-;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
-;OLDER_THAN = 168h
-;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
-;LAST_UPDATED_MORE_THAN_AGO = 72h
-; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
-;NUMBER_TO_CHECK_PER_REPO = 100
-;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
-;PROPORTION_TO_CHECK_PER_REPO = 0.6
-
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Operation timeout in seconds
@@ -2274,7 +2113,7 @@ ROUTER = console
 ;[api]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Enables the API documentation endpoints (/api/swagger, /api/v1/swagger, …). True or false.
+;; Enables Swagger. True or false; default is true.
 ;ENABLE_SWAGGER = true
 ;; Max number of items in a page
 ;MAX_RESPONSE_ITEMS = 50
@@ -2282,7 +2121,7 @@ ROUTER = console
 ;DEFAULT_PAGING_NUM = 30
 ;; Default and maximum number of items per page for git trees api
 ;DEFAULT_GIT_TREES_PER_PAGE = 1000
-;; Default max size of a blob returned by the blobs API (default is 10MiB)
+;; Default size of a blob returned by the blobs API (default is 10MiB)
 ;DEFAULT_MAX_BLOB_SIZE = 10485760

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2291,7 +2130,7 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; The first locale will be used as the default if user browser's language doesn't match any locale in the list.
-;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
+;LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN
 ;NAMES = English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2312,10 +2151,7 @@ ROUTER = console
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Generate sitemap. Defaults to `true`.
-;ENABLE_SITEMAP = true
-;; Enable/Disable RSS/Atom feed
-;ENABLE_FEED = true
+

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2384,8 +2220,8 @@ ROUTER = console
 ;QUEUE_LENGTH = 1000
 ;;
 ;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`.
-;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
+;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2401,16 +2237,13 @@ ROUTER = console
 ;;
 ;; Allowed domains for migrating, default is blank. Blank means everything will be allowed.
 ;; Multiple domains could be separated by commas.
-;; Wildcard is supported: "github.com, *.github.com"
 ;ALLOWED_DOMAINS =
 ;;
 ;; Blocklist for migrating, default is blank. Multiple domains could be separated by commas.
 ;; When ALLOWED_DOMAINS is not blank, this option has a higher priority to deny domains.
-;; Wildcard is supported.
 ;BLOCKED_DOMAINS =
 ;;
 ;; Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291 (false by default)
-;; If a domain is allowed by ALLOWED_DOMAINS, this option will be ignored.
 ;ALLOW_LOCALNETWORKS = false

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2424,23 +2257,6 @@ ROUTER = console
 ;;
 ;; Enable/Disable user statistics for nodeinfo if federation is enabled
 ;SHARE_USER_STATISTICS = true
-;;
-;; Maximum federation request and response size (MB)
-;MAX_SIZE = 4
-;;
-;; WARNING: Changing the settings below can break federation.
-;;
-;; HTTP signature algorithms
-;ALGORITHMS = rsa-sha256, rsa-sha512, ed25519
-;;
-;; HTTP signature digest algorithm
-;DIGEST_ALGORITHM = SHA-256
-;;
-;; GET headers for federation requests
-;GET_HEADERS = (request-target), Date
-;;
-;; POST headers for federation requests
-;POST_HEADERS = (request-target), Date, Digest

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2453,41 +2269,6 @@ ROUTER = console
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
-;;
-;; Maximum count of package versions a single owner can have (`-1` means no limits)
-;LIMIT_TOTAL_OWNER_COUNT = -1
-;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_TOTAL_OWNER_SIZE = -1
-;; Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CARGO = -1
-;; Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CHEF = -1
-;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_COMPOSER = -1
-;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONAN = -1
-;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONDA = -1
-;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONTAINER = -1
-;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_GENERIC = -1
-;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_HELM = -1
-;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_MAVEN = -1
-;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NPM = -1
-;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NUGET = -1
-;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PUB = -1
-;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PYPI = -1
-;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_RUBYGEMS = -1
-;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_VAGRANT = -1

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2560,19 +2341,3 @@ ROUTER = console
 ;PROXY_URL =
 ;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 ;PROXY_HOSTS =
-
-; [actions]
-;; Enable/Disable actions capabilities
-;ENABLED = false
-;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-;DEFAULT_ACTIONS_URL = https://gitea.com
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for action logs, will override storage setting
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[storage.actions_log]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; storage type
-;STORAGE_TYPE = local
--- a/docker/manifest.rootless.tmpl
+++ b/docker/manifest.rootless.tmpl
@@ -1,12 +1,10 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
  - "latest-rootless"
-{{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/manifest.tmpl
+++ b/docker/manifest.tmpl
@@ -1,12 +1,10 @@
 image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
 {{#if build.tags}}
-{{#unless contains "-rc" build.tag }}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
  - "latest"
-{{/unless}}
 {{/if}}
 manifests:
  -
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -14,6 +14,11 @@ if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi

+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
@@ -31,12 +36,17 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi

+if [ -e /data/ssh/ssh_host_dsa_cert ]; then
+  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
+fi
+
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
+    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
--- a/docker/root/etc/templates/sshd_config
+++ b/docker/root/etc/templates/sshd_config
@@ -16,6 +16,8 @@ HostKey /data/ssh/ssh_host_rsa_key
 ${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
 ${SSH_ECDSA_CERT}
+HostKey /data/ssh/ssh_host_dsa_key
+${SSH_DSA_CERT}

 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals
--- a/docker/rootless/etc/templates/app.ini
+++ b/docker/rootless/etc/templates/app.ini
@@ -37,7 +37,7 @@ PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions

 [picture]
 AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/repo-avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars

 [attachment]
 PATH = $GITEA_WORK_DIR/data/attachments
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -2,6 +2,3 @@ public/
 templates/swagger/v1_json.tmpl
 themes/
 resources/
-
-# Temporary lock file while building
-/.hugo_build.lock
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -2,8 +2,6 @@ THEME := themes/gitea
 PUBLIC := public
 ARCHIVE := https://dl.gitea.io/theme/master.tar.gz

-HUGO_PACKAGE := github.com/gohugoio/hugo@v0.82.0
-
 .PHONY: all
 all: build

@@ -13,19 +11,19 @@ clean:

 .PHONY: trans-copy
 trans-copy:
-	bash scripts/trans-copy.sh
+	@bash scripts/trans-copy

 .PHONY: server
 server: $(THEME)
-	go run $(HUGO_PACKAGE) server
+	hugo server

 .PHONY: build
 build: $(THEME)
-	go run $(HUGO_PACKAGE) --cleanDestinationDir
+	hugo --cleanDestinationDir

 .PHONY: build-offline
 build-offline: $(THEME)
-	go run $(HUGO_PACKAGE) --baseURL="/" --cleanDestinationDir
+	hugo --baseURL="/" --cleanDestinationDir

 .PHONY: update
 update: $(THEME)
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -18,13 +18,10 @@ params:
  description: Git with a cup of tea
  author: The Gitea Authors
  website: https://docs.gitea.io
-  version: 1.18.5
-  minGoVersion: 1.19
-  goVersion: 1.20
-  minNodeVersion: 16
-  search: nav
-  repo: "https://github.com/go-gitea/gitea"
-  docContentPath: "docs/content"
+  version: 1.16.8
+  minGoVersion: 1.18
+  goVersion: 1.18
+  minNodeVersion: 14

 outputs:
  home:
--- a/docs/content/doc/advanced/clone-filter.en-us.md
+++ b/docs/content/doc/advanced/clone-filter.en-us.md
@@ -30,6 +30,7 @@ see Git version of the server.
 By default, clone filters are enabled, unless `DISABLE_PARTIAL_CLONE` under
 `[git]` is set to `true`.

+
 See [GitHub blog post: Get up to speed with partial clone](https://github.blog/2020-12-21-get-up-to-speed-with-partial-clone-and-shallow-clone/)
 for common use cases of clone filters (blobless and treeless clones), and
 [GitLab docs for partial clone](https://docs.gitlab.com/ee/topics/git/partial_clone.html)
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -27,56 +27,23 @@ accurately recorded in [app.example.ini](https://github.com/go-gitea/gitea/blob/
 (s/main/\<tag|release\>). Any string in the format `%(X)s` is a feature powered
 by [ini](https://github.com/go-ini/ini/#recursive-values), for reading values recursively.

-In the default values below, a value in the form `$XYZ` refers to an environment variable. (However, see `environment-to-ini`.) Values in the form  _`XxYyZz`_ refer to values listed as part of the default configuration. These notation forms will not work in your own `app.ini` file and are only listed here as documentation.
-
 Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 **Note:** A full restart is required for Gitea configuration changes to take effect.

 {{< toc >}}

-## Default Configuration (non-`app.ini` configuration)
-
-These values are environment-dependent but form the basis of a lot of values. They will be
-reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
-
- _`AppPath`_: This is the absolute path of the running gitea binary.
- _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
-  - The `--work-path` flag passed to the binary
-  - The environment variable `$GITEA_WORK_DIR`
-  - A built-in value set at build time (see building from source)
-  - Otherwise it defaults to the directory of the _`AppPath`_
-  - If any of the above are relative paths then they are made absolute against the
-the directory of the _`AppPath`_
- _`CustomPath`_: This is the base directory for custom templates and other options.
-It is determined by using the first set thing in the following hierarchy:
-  - The `--custom-path` flag passed to the binary
-  - The environment variable `$GITEA_CUSTOM`
-  - A built-in value set at build time (see building from source)
-  - Otherwise it defaults to _`AppWorkPath`_`/custom`
-  - If any of the above are relative paths then they are made absolute against the
-the directory of the _`AppWorkPath`_
- _`CustomConf`_: This is the path to the `app.ini` file.
-  - The `--config` flag passed to the binary
-  - A built-in value set at build time (see building from source)
-  - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
-  - If any of the above are relative paths then they are made absolute against the
-the directory of the _`CustomPath`_
-
-In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
-
 ## Overall (`DEFAULT`)

 - `APP_NAME`: **Gitea: Git with a cup of tea**: Application name, used in the page title.
- `RUN_USER`: **_current OS username_/`$USER`/`$USERNAME` e.g. git**: The user Gitea will run as.
-   This should be a dedicated system (non-user) account. Setting this incorrectly will cause Gitea
-   to not start.
+- `RUN_USER`: **git**: The user Gitea will run as. This should be a dedicated system
+   (non-user) account. Setting this incorrectly will cause Gitea to not start.
 - `RUN_MODE`: **prod**: Application run mode, affects performance and debugging. Either "dev", "prod" or "test".

 ## Repository (`repository`)

- `ROOT`: **%(APP_DATA_PATH)s/gitea-repositories**: Root path for storing all repository data.
-   A relative path is interpreted as **_`AppWorkPath`_/%(ROOT)s**.
+- `ROOT`: **%(APP_DATA_PATH)/gitea-repositories**: Root path for storing all repository data.
+   A relative path is interpreted as **%(GITEA_WORK_DIR)/%(ROOT)**.
 - `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
   but some users report that only `sh` is available.
 - `DETECTED_CHARSETS_ORDER`: **UTF-8, UTF-16BE, UTF-16LE, UTF-32BE, UTF-32LE, ISO-8859, windows-1252, ISO-8859, windows-1250, ISO-8859, ISO-8859, ISO-8859, windows-1253, ISO-8859, windows-1255, ISO-8859, windows-1251, windows-1256, KOI8-R, ISO-8859, windows-1254, Shift_JIS, GB18030, EUC-JP, EUC-KR, Big5, ISO-2022, ISO-2022, ISO-2022, IBM424_rtl, IBM424_ltr, IBM420_rtl, IBM420_ltr**: Tie-break order of detected charsets - if the detected charsets have equal confidence, charsets earlier in the list will be chosen in preference to those later. Adding `defaults` will place the unnamed charsets at that point.
@@ -104,8 +71,7 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
 - `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
 - `DISABLED_REPO_UNITS`: **_empty_**: Comma separated list of globally disabled repo units. Allowed values: \[repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects\]
- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages**: Comma separated list of default new repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
- `DEFAULT_FORK_REPO_UNITS`: **repo.code,repo.pulls**: Comma separated list of default forked repo units. The set of allowed values and rules is the same as `DEFAULT_REPO_UNITS`.
+- `DEFAULT_REPO_UNITS`: **repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects**: Comma separated list of default repo units. Allowed values: \[repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects\]. Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility. External wiki and issue tracker can't be enabled by default as it requires additional settings. Disabled repo units will not be added to new repositories regardless if it is in the default list.
 - `PREFIX_ARCHIVE_FILES`: **true**: Prefix archive files by placing them in a directory named after the repository.
 - `DISABLE_MIGRATIONS`: **false**: Disable migrating feature.
 - `DISABLE_STARS`: **false**: Disable stars feature.
@@ -113,7 +79,6 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
 - `ALLOW_ADOPTION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to adopt unadopted repositories
 - `ALLOW_DELETION_OF_UNADOPTED_REPOSITORIES`: **false**: Allow non-admin users to delete unadopted repositories
 - `DISABLE_DOWNLOAD_SOURCE_ARCHIVES`: **false**: Don't allow download source archive files from UI
- `ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT`: **true**: Allow fork repositories without maximum number limit

 ### Repository - Editor (`repository.editor`)

@@ -136,7 +101,6 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
 - `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review.
 - `POPULATE_SQUASH_COMMENT_WITH_COMMIT_MESSAGES`: **false**: In default squash-merge messages include the commit message of all commits comprising the pull request.
 - `ADD_CO_COMMITTER_TRAILERS`: **true**: Add co-authored-by and co-committed-by trailers to merge commit messages if committer does not match author.
- `TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY`: **false**: PR patches are tested using a three-way merge method to discover if there are conflicts. If this setting is set to **true**, conflicting patches will be retested using `git apply` - This was the previous behaviour in 1.18 (and earlier) but is somewhat inefficient. Please report if you find that this setting is required.

 ### Repository - Issue (`repository.issue`)

@@ -167,9 +131,9 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
  - `always`: Always sign
  - Options other than `never` and `always` can be combined as a comma separated list.
 - `DEFAULT_TRUST_MODEL`: **collaborator**: \[collaborator, committer, collaboratorcommitter\]: The default trust model used for verifying commits.
-  - `collaborator`: Trust signatures signed by keys of collaborators.
-  - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
-  - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
+   - `collaborator`: Trust signatures signed by keys of collaborators.
+   - `committer`: Trust signatures that match committers (This matches GitHub and will force Gitea signed commits to have Gitea as the committer).
+   - `collaboratorcommitter`: Trust signatures signed by keys of collaborators which match the committer.
 - `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
 - `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
  - Options as above, with the addition of:
@@ -189,7 +153,6 @@ In addition there is _`StaticRootPath`_ which can be set as a built-in at build
 Configuration for set the expected MIME type based on file extensions of downloadable files. Configuration presents in key-value pairs and file extensions starts with leading `.`.

 The following configuration set `Content-Type: application/vnd.android.package-archive` header when downloading files with `.apk` file extension.
-
 ```ini
 .apk=application/vnd.android.package-archive
 ```
@@ -203,17 +166,15 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
 - `MAX_AGE`: **10m**: max time to cache response
 - `ALLOW_CREDENTIALS`: **false**: allow request with credentials
- `HEADERS`: **Content-Type,User-Agent**: additional headers that are permitted in requests
 - `X_FRAME_OPTIONS`: **SAMEORIGIN**: Set the `X-Frame-Options` header value.

 ## UI (`ui`)

 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
- `ISSUE_PAGING_NUM`: **20**: Number of issues that are shown in one page (for all pages that list issues, milestones, projects).
+- `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
 - `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
 - `FEED_PAGING_NUM`: **20**: Number of items that are displayed in home feed.
- `SITEMAP_PAGING_NUM`: **20**: Number of items that are displayed in a single subsitemap.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `CODE_COMMENT_LINES`: **4**: Number of line of codes shown for a code comment.
 - `DEFAULT_THEME`: **auto**: \[auto, gitea, arc-green\]: Set the default theme for the Gitea install.
@@ -239,10 +200,6 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `NOTICE_PAGING_NUM`: **25**: Number of notices that are shown in one page.
 - `ORG_PAGING_NUM`: **50**: Number of organizations that are shown in one page.

-### UI - User (`ui.user`)
-
- `REPO_PAGING_NUM`: **15**: Number of repos that are shown in one page.
-
 ### UI - Metadata (`ui.meta`)

 - `AUTHOR`: **Gitea - Git with a cup of tea**: Author meta tag of the homepage.
@@ -275,16 +232,10 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional
  URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
  always displayed
- `ENABLE_MATH`: **true**: Enables detection of `\(...\)`, `\[...\]`, `$...$` and `$$...$$` blocks as math blocks.

 ## Server (`server`)

- `APP_DATA_PATH`: **_`AppWorkPath`_/data**: This is the default root path for storing data.
 - `PROTOCOL`: **http**: \[http, https, fcgi, http+unix, fcgi+unix\]
- `USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol headers on connections
- `PROXY_PROTOCOL_TLS_BRIDGING`: **false**: When protocol is https, expect PROXY protocol headers after TLS negotiation.
- `PROXY_PROTOCOL_HEADER_TIMEOUT`: **5s**: Timeout to wait for PROXY protocol header (set to 0 to have no timeout)
- `PROXY_PROTOCOL_ACCEPT_UNKNOWN`: **false**: Accept PROXY protocol headers with Unknown type.
 - `DOMAIN`: **localhost**: Domain name of this server.
 - `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
   Overwrite the automatically generated public URL.
@@ -294,19 +245,14 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   This includes CSS files, images, JS files and web fonts.
   Avatar images are dynamic resources and still served by Gitea.
   The option can be just a different path, as in `/static`, or another domain, as in `https://cdn.example.com`.
-   Requests are then made as `%(ROOT_URL)s/static/assets/css/index.css` or `https://cdn.example.com/assets/css/index.css` respectively.
+   Requests are then made as `%(ROOT_URL)s/static/css/index.css` and `https://cdn.example.com/css/index.css` respective.
   The static files are located in the `public/` directory of the Gitea source repository.
-   You can proxy the STATIC_URL_PREFIX requests to Gitea server to serve the static
-   assets, or copy the manually built Gitea assets from `$GITEA_BUILD/public` to
-   the assets location, eg: `/var/www/assets`, make sure `$STATIC_URL_PREFIX/assets/css/index.css`
-   points to `/var/www/assets/css/index.css`.
-
 - `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
-  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
-  - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the _`AppWorkPath`_.
+   - If `PROTOCOL` is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use. Relative paths will be made absolute against the AppWorkPath.
 - `HTTP_PORT`: **3000**: HTTP listen port.
-  - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
+   - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
     defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
 - `UNIX_SOCKET_PERMISSION`: **666**: Permissions for the Unix socket.
 - `LOCAL_ROOT_URL`: **%(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/**: Local
@@ -314,17 +260,14 @@ The following configuration set `Content-Type: application/vnd.android.package-a
   most cases you do not need to change the default value. Alter it only if
   your SSH server node is not the same as HTTP node. Do not set this variable
   if `PROTOCOL` is set to `http+unix`.
- `LOCAL_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: When making local connections pass the PROXY protocol header.
-   This should be set to false if the local connection will go through the proxy.
 - `PER_WRITE_TIMEOUT`: **30s**: Timeout for any write to the connection. (Set to -1 to
   disable all timeouts.)
 - `PER_WRITE_PER_KB_TIMEOUT`: **10s**: Timeout per Kb written to connections.

 - `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
- `SSH_SERVER_USE_PROXY_PROTOCOL`: **false**: Expect PROXY protocol header on connections to the built-in SSH Server.
 - `BUILTIN_SSH_SERVER_USER`: **%(RUN_USER)s**: Username to use for the built-in SSH Server.
- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)s**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
+- `SSH_USER`: **%(BUILTIN_SSH_SERVER_USER)**: SSH username displayed in clone URLs. This is only for people who configure the SSH server themselves; in most cases, you want to leave this blank and modify the `BUILTIN_SSH_SERVER_USER`.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
 - `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
@@ -351,24 +294,23 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MINIMUM_KEY_SIZE_CHECK`: **true**: Indicate whether to check minimum key size with corresponding type.

 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. Paths are relative to `CUSTOM_PATH`.
- `STATIC_ROOT_PATH`: **_`StaticRootPath`_**: Upper level of template and static files path.
- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data. Relative paths will be made absolute against _`AppWorkPath`_.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. When chaining, the server certificate must come first, then intermediate CA certificates (if any). This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. This is ignored if `ENABLE_ACME=true`. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
+- `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
 - `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enable gzip compression for runtime-generated content, static resources excluded.
- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on `localhost:6060`. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
- `PPROF_DATA_PATH`: **_`AppWorkPath`_/data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
+- `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
+- `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start Gitea as service
 - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login, **custom**\]. Where custom would instead be any URL such as "/org/repo" or even `https://anotherwebsite.com`
 - `LFS_START_SERVER`: **false**: Enables Git LFS support.
- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)s/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
+- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
 - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
 - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit).
 - `LFS_LOCKS_PAGING_NUM`: **50**: Maximum number of LFS Locks returned per page.

 - `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
- `REDIRECTOR_USE_PROXY_PROTOCOL`: **%(USE_PROXY_PROTOCOL)s**: expect PROXY protocol header on connections to https redirector.
 - `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
 - `SSL_MIN_VERSION`: **TLSv1.2**: Set the minimum version of ssl support.
 - `SSL_MAX_VERSION`: **\<empty\>**: Set the maximum version of ssl support.
@@ -428,18 +370,17 @@ The following configuration set `Content-Type: application/vnd.android.package-a
  (e.g. `ALTER USER user SET SEARCH_PATH = schema_name,"$user",public;`).
 - `SSL_MODE`: **disable**: SSL/TLS encryption mode for connecting to the database. This option is only applied for PostgreSQL and MySQL.
  - Valid values for MySQL:
-    - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
-    - `false`: Disable TLS.
-    - `disable`: Alias for `false`, for compatibility with PostgreSQL.
-    - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
-    - `prefer`: Enable TLS with fallback to non-TLS connection.
+     - `true`: Enable TLS with verification of the database server certificate against its root certificate. When selecting this option make sure that the root certificate required to validate the database server certificate (e.g. the CA certificate) is on the system certificate store of both the database and Gitea servers. See your system documentation for instructions on how to add a CA certificate to the certificate store.
+     - `false`: Disable TLS.
+     - `disable`: Alias for `false`, for compatibility with PostgreSQL.
+     - `skip-verify`: Enable TLS without database server certificate verification. Use this option if you have self-signed or invalid certificate on the database server.
+     - `prefer`: Enable TLS with fallback to non-TLS connection.
  - Valid values for PostgreSQL:
-    - `disable`: Disable TLS.
-    - `require`: Enable TLS without any verifications.
-    - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
-    - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
+     - `disable`: Disable TLS.
+     - `require`: Enable TLS without any verifications.
+     - `verify-ca`: Enable TLS with verification of the database server certificate against its root certificate.
+     - `verify-full`: Enable TLS and verify the database server name matches the given certificate in either the `Common Name` or `Subject Alternative Name` fields.
 - `SQLITE_TIMEOUT`: **500**: Query timeout for SQLite3 only.
- `SQLITE_JOURNAL_MODE`: **""**: Change journal mode for SQlite3. Can be used to enable [WAL mode](https://www.sqlite.org/wal.html) when high load causes write congestion. See [SQlite3 docs](https://www.sqlite.org/pragma.html#pragma_journal_mode) for possible values. Defaults to the default for the database file, often DELETE.
 - `ITERATE_BUFFER_SIZE`: **50**: Internal buffer size for iterating.
 - `CHARSET`: **utf8mb4**: For MySQL only, either "utf8" or "utf8mb4". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
@@ -449,7 +390,6 @@ The following configuration set `Content-Type: application/vnd.android.package-a
 - `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
 - `MAX_IDLE_CONNS` **2**: Max idle database connections on connection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
 - `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
- `AUTO_MIGRATION` **true**: Whether execute database models migrations automatically.

 Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
 relation to port exhaustion.
@@ -459,10 +399,10 @@ relation to port exhaustion.
 - `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently supported: `bleve`, `db` or `elasticsearch`.
 - `ISSUE_INDEXER_CONN_STR`: ****: Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch. i.e. http://elastic:changeme@localhost:9200
 - `ISSUE_INDEXER_NAME`: **gitea_issues**: Issue indexer name, available when ISSUE_INDEXER_TYPE is elasticsearch
- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch. Relative paths will be made absolute against _`AppWorkPath`_.
+- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search; available when ISSUE_INDEXER_TYPE is bleve and elasticsearch.
 - The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility:
 - `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`. **DEPRECATED** use settings in `[queue.issue_indexer]`.
- `ISSUE_INDEXER_QUEUE_DIR`: **queues/common**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved. **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+- `ISSUE_INDEXER_QUEUE_DIR`: **queues/common**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the path where the queue will be saved. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 - `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string. When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of the form `leveldb://path/to/db?option=value&....`, and overrides `ISSUE_INDEXER_QUEUE_DIR`. **DEPRECATED** use settings in `[queue.issue_indexer]`.
 - `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number. **DEPRECATED** use settings in `[queue.issue_indexer]`.

@@ -484,7 +424,7 @@ relation to port exhaustion.
 Configuration at `[queue]` will set defaults for queues with overrides for individual queues at `[queue.*]`. (However see below.)

 - `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel` (uses a LevelDB internally), `channel`, `level`, `redis`, `dummy`
- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`common`**. (Previously each queue would default to `DATADIR/`**`name`**.) Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for individual queues can be set in `queue.name` sections but will default to `DATADIR/`**`common`**. (Previously each queue would default to `DATADIR/`**`name`**.)
 - `LENGTH`: **20**: Maximal queue size before channel queues block
 - `BATCH_LENGTH`: **20**: Batch data before passing to the handler
 - `CONN_STR`: **redis://127.0.0.1:6379/0**: Connection string for the redis queue type. Options can be set using query params. Similarly LevelDB options can also be set using: **leveldb://relative/path?option=value** or **leveldb:///absolute/path?option=value**, and will override `DATADIR`
@@ -495,11 +435,11 @@ Configuration at `[queue]` will set defaults for queues with overrides for indiv
 - `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
 - `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
 - Queues by default come with a dynamically scaling worker pool. The following settings configure this:
- `WORKERS`: **0**: Number of initial workers for the queue.
+- `WORKERS`: **0** (v1.14 and before: **1**): Number of initial workers for the queue.
 - `MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue.
 - `BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing.
 - `BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long.
- `BOOST_WORKERS`: **1**: This many workers will be added to the worker pool if there is a boost.
+- `BOOST_WORKERS`: **1** (v1.14 and before: **5**): This many workers will be added to the worker pool if there is a boost.

 Gitea creates the following non-unique queues:

@@ -540,8 +480,7 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 ## Security (`security`)

 - `INSTALL_LOCK`: **false**: Controls access to the installation page. When set to "true", the installation page is not accessible.
- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This key is VERY IMPORTANT, if you lost it, the data encrypted by it (like 2FA secret) can't be decrypted anymore.
- `SECRET_KEY_URI`: **<empty>**: Instead of defining SECRET_KEY, this option can be used to use the key stored in a file (example value: `file:/etc/gitea/secret_key`). It shouldn't be lost like SECRET_KEY.
+- `SECRET_KEY`: **\<random at every install\>**: Global secret key. This should be changed.
 - `LOGIN_REMEMBER_DAYS`: **7**: Cookie lifetime, in days.
 - `COOKIE_USERNAME`: **gitea\_awesome**: Name of the cookie used to store the current username.
 - `COOKIE_REMEMBER_NAME`: **gitea\_incredible**: Name of cookie used to store authentication
@@ -550,8 +489,6 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   authentication.
 - `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
   authentication provided email.
- `REVERSE_PROXY_AUTHENTICATION_FULL_NAME`: **X-WEBAUTH-FULLNAME**: Header name for reverse proxy
-   authentication provided full name.
 - `REVERSE_PROXY_LIMIT`: **1**: Interpret X-Forwarded-For header or the X-Real-IP header and set this as the remote IP for the request.
   Number of trusted proxy count. Set to zero to not use these headers.
 - `REVERSE_PROXY_TRUSTED_PROXIES`: **127.0.0.0/8,::1/128**: List of IP addresses and networks separated by comma of trusted proxy servers. Use `*` to trust all.
@@ -567,40 +504,25 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
 - `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to Gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining INTERNAL_TOKEN in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, pbkdf2_v1, pbkdf2_hi, scrypt, bcrypt\], argon2 and scrypt will spend significant amounts of memory.
-  - Note: The default parameters for `pbkdf2` hashing have changed - the previous settings are available as `pbkdf2_v1` but are not recommended.
-  - The hash functions may be tuned by using `$` after the algorithm:
-    - `argon2$<time>$<memory>$<threads>$<key-length>`
-    - `bcrypt$<cost>`
-    - `pbkdf2$<iterations>$<key-length>`
-    - `scrypt$<n>$<r>$<p>$<key-length>`
-  - The defaults are:
-    - `argon2`:    `argon2$2$65536$8$50`
-    - `bcrypt`:    `bcrypt$10`
-    - `pbkdf2`:    `pbkdf2$50000$50`
-    - `pbkdf2_v1`: `pbkdf2$10000$50`
-    - `pbkdf2_v2`: `pbkdf2$50000$50`
-    - `pbkdf2_hi`: `pbkdf2$320000$50`
-    - `scrypt`:    `scrypt$65536$16$2$50`
-  - Adjusting the algorithm parameters using this functionality is done at your own risk.
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
+- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[argon2, pbkdf2, scrypt, bcrypt\], argon2 will spend more memory than others.
 - `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
 - `MIN_PASSWORD_LENGTH`: **6**: Minimum password length for new users.
 - `PASSWORD_COMPLEXITY`: **off**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, checking is disabled (off):
-  - lower - use one or more lower latin characters
-  - upper - use one or more upper latin characters
-  - digit - use one or more digits
-  - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
-  - off - do not check password complexity
+    - lower - use one or more lower latin characters
+    - upper - use one or more upper latin characters
+    - digit - use one or more digits
+    - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
+    - off - do not check password complexity
 - `PASSWORD_CHECK_PWN`: **false**: Check [HaveIBeenPwned](https://haveibeenpwned.com/Passwords) to see if a password has been exposed.
 - `SUCCESSFUL_TOKENS_CACHE_SIZE`: **20**: Cache successful token hashes. API tokens are stored in the DB as pbkdf2 hashes however, this means that there is a potentially significant hashing load when there are multiple API operations. This cache will store the successfully hashed tokens in a LRU cache as a balance between performance and security.

 ## Camo (`camo`)

 - `ENABLED`: **false**: Enable media proxy, we support images only at the moment.
- `SERVER_URL`: **<empty>**: URL of camo server, it **is required** if camo is enabled.
- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding URLs, it **is required** if camo is enabled.
- `ALLWAYS`: **false**: Set to true to use camo for both HTTP and HTTPS content, otherwise only non-HTTPS URLs are proxied
+- `SERVER_URL`: **<empty>**: url of camo server, it **is required** if camo is enabled.
+- `HMAC_KEY`: **<empty>**: Provide the HMAC key for encoding urls, it **is required** if camo is enabled.
+- `ALLWAYS`: **false**: Set to true to use camo for https too lese only non https urls are proxyed

 ## OpenID (`openid`)

@@ -613,18 +535,18 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o

 ## OAuth2 Client (`oauth2_client`)

- `REGISTER_EMAIL_CONFIRM`: _[service]_ **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
+- `REGISTER_EMAIL_CONFIRM`: *[service]* **REGISTER\_EMAIL\_CONFIRM**: Set this to enable or disable email confirmation of OAuth2 auto-registration. (Overwrites the REGISTER\_EMAIL\_CONFIRM setting of the `[service]` section)
 - `OPENID_CONNECT_SCOPES`: **\<empty\>**: List of additional openid connect scopes. (`openid` is implicitly added)
 - `ENABLE_AUTO_REGISTRATION`: **false**: Automatically create user accounts for new oauth2 users.
 - `USERNAME`: **nickname**: The source of the username for new oauth2 accounts:
-  - userid - use the userid / sub attribute
-  - nickname - use the nickname attribute
-  - email - use the username part of the email attribute
+    - userid - use the userid / sub attribute
+    - nickname - use the nickname attribute
+    - email - use the username part of the email attribute
 - `UPDATE_AVATAR`: **false**: Update avatar if available from oauth2 provider. Update will be performed on each login.
 - `ACCOUNT_LINKING`: **login**: How to handle if an account / email already exists:
-  - disabled - show an error
-  - login - show an account linking login
-  - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)
+    - disabled - show an error
+    - login - show an account linking login
+    - auto - automatically link with the account (Please be aware that this will grant access to an existing account just because the same username or email is provided. You must make sure that this does not cause issues with your authentication providers.)

 ## Service (`service`)

@@ -652,23 +574,15 @@ Certain queues have defaults that override the defaults set in `[queue]` (this o
   for reverse authentication.
 - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
   provided email rather than a generated email.
- `ENABLE_REVERSE_PROXY_FULL_NAME`: **false**: Enable this to allow to auto-registration with a
-   provided full name for the user.
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
- `REQUIRE_CAPTCHA_FOR_LOGIN`: **false**: Enable this to require captcha validation for login. You also must enable `ENABLE_CAPTCHA`.
 - `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
-   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You also must enable `ENABLE_CAPTCHA`.
- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha, mcaptcha, cfturnstile\]
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha\]
 - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
 - `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
 - `HCAPTCHA_SECRET`: **""**: Sign up at https://www.hcaptcha.com/ to get a secret for hcaptcha.
 - `HCAPTCHA_SITEKEY`: **""**: Sign up at https://www.hcaptcha.com/ to get a sitekey for hcaptcha.
- `MCAPTCHA_SECRET`: **""**: Go to your mCaptcha instance to get a secret for mCaptcha.
- `MCAPTCHA_SITEKEY`: **""**: Go to your mCaptcha instance to get a sitekey for mCaptcha.
- `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: Set the mCaptcha URL.
- `CF_TURNSTILE_SECRET` **""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a secret for cloudflare turnstile.
- `CF_TURNSTILE_SITEKEY` **""**: Go to https://dash.cloudflare.com/?to=/:account/turnstile to get a sitekey for cloudflare turnstile.
 - `DEFAULT_KEEP_EMAIL_PRIVATE`: **false**: By default set users to keep their email address private.
 - `DEFAULT_ALLOW_CREATE_ORGANIZATION`: **true**: Allow new users to create organizations by default.
 - `DEFAULT_USER_IS_RESTRICTED`: **false**: Give new users restricted permissions by default
@@ -714,7 +628,7 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 - `QUEUE_LENGTH`: **1000**: Hook task queue length. Use caution when editing this value.
 - `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
- `ALLOWED_HOST_LIST`: **external**: Webhook can only call allowed hosts for security reasons. Comma separated list.
+- `ALLOWED_HOST_LIST`: **external**: Since 1.15.7. Default to `*` for 1.15.x, `external` for 1.16 and later. Webhook can only call allowed hosts for security reasons. Comma separated list.
  - Built-in networks:
    - `loopback`: 127.0.0.0/8 for IPv4 and ::1/128 for IPv6, localhost is included.
    - `private`: RFC 1918 (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16) and RFC 4193 (FC00::/7). Also called LAN/Intranet.
@@ -729,56 +643,42 @@ Define allowed algorithms and their minimum key length (use -1 to disable a type

 ## Mailer (`mailer`)

-⚠️ This section is for Gitea 1.18 and later. If you are using Gitea 1.17 or older,
-please refer to
-[Gitea 1.17 app.ini example](https://github.com/go-gitea/gitea/blob/release/v1.17/custom/conf/app.example.ini)
-and
-[Gitea 1.17 configuration document](https://github.com/go-gitea/gitea/blob/release/v1.17/docs/content/doc/advanced/config-cheat-sheet.en-us.md)
-
 - `ENABLED`: **false**: Enable to use a mail service.
- `PROTOCOL`: **\<empty\>**: Mail server protocol. One of "smtp", "smtps", "smtp+starttls", "smtp+unix", "sendmail", "dummy". _Before 1.18, this was inferred from a combination of `MAILER_TYPE` and `IS_TLS_ENABLED`._
-  - SMTP family, if your provider does not explicitly say which protocol it uses but does provide a port, you can set SMTP_PORT instead and this will be inferred.
-  - **sendmail** Use the operating system's `sendmail` command instead of SMTP. This is common on Linux systems.
-  - **dummy** Send email messages to the log as a testing phase.
-  - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`, `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
-  - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
- `SMTP_ADDR`: **\<empty\>**: Mail server address. e.g. smtp.gmail.com. For smtp+unix, this should be a path to a unix socket instead. _Before 1.18, this was combined with `SMTP_PORT` under the name `HOST`._
- `SMTP_PORT`: **\<empty\>**: Mail server port. If no protocol is specified, it will be inferred by this setting. Common ports are listed below. _Before 1.18, this was combined with `SMTP_ADDR` under the name `HOST`._
-  - 25:  insecure SMTP
-  - 465: SMTP Secure
-  - 587: StartTLS
- `USE_CLIENT_CERT`: **false**: Use client certificate for TLS/SSL.
- `CLIENT_CERT_FILE`: **custom/mailer/cert.pem**: Client certificate file.
- `CLIENT_KEY_FILE`: **custom/mailer/key.pem**: Client key file.
- `FORCE_TRUST_SERVER_CERT`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe. Consider adding the certificate to the system trust store instead.
+- `DISABLE_HELO`: **\<empty\>**: Disable HELO operation.
+- `HELO_HOSTNAME`: **\<empty\>**: Custom hostname for HELO operation.
+- `HOST`: **\<empty\>**: SMTP mail host address and port (example: smtp.gitea.io:587).
+  - As per RFC 8314, if supported, Implicit TLS/SMTPS on port 465 is recommended, otherwise opportunistic TLS via STARTTLS on port 587 should be used.
+- `IS_TLS_ENABLED` :  **false** : Forcibly use TLS to connect even if not on a default SMTPS port.
+  - Note, if the port ends with `465` Implicit TLS/SMTPS/SMTP over TLS will be used despite this setting.
+  - Otherwise if `IS_TLS_ENABLED=false` and the server supports `STARTTLS` this will be used. Thus if `STARTTLS` is preferred you should set `IS_TLS_ENABLED=false`.
+- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or
+   the "Name" \<email@example.com\> format.
+- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
 - `USER`: **\<empty\>**: Username of mailing user (usually the sender's e-mail address).
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
-  - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or SMTP host is localhost. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
- `ENABLE_HELO`: **true**: Enable HELO operation.
- `HELO_HOSTNAME`: **(retrieved from system)**: HELO hostname.
- `FROM`: **\<empty\>**: Mail from address, RFC 5322. This can be just an email address, or the "Name" \<email@example.com\> format.
- `ENVELOPE_FROM`: **\<empty\>**: Address set as the From address on the SMTP mail envelope. Set to `<>` to send an empty address.
+   - Please note: authentication is only supported when the SMTP server communication is encrypted with TLS (this can be via `STARTTLS`) or `HOST=localhost`. See [Email Setup]({{< relref "doc/usage/email-setup.en-us.md" >}}) for more information.
+- `SEND_AS_PLAIN_TEXT`: **false**: Send mails as plain text.
+- `SKIP_VERIFY`: **false**: Whether or not to skip verification of certificates; `true` to disable verification.
+   - **Warning:** This option is unsafe. Consider adding the certificate to the system trust store instead.
+   - **Note:** Gitea only supports SMTP with STARTTLS.
+- `USE_CERTIFICATE`: **false**: Use client certificate.
+- `CERT_FILE`: **custom/mailer/cert.pem**
+- `KEY_FILE`: **custom/mailer/key.pem**
 - `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be command or full path).
- `SENDMAIL_ARGS`: **\<empty\>**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
+- `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
+   - **smtp** Use SMTP to send mail
+   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
+   This is common on Linux systems.
+   - **dummy** Send email messages to the log as a testing phase.
+   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
+     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
+- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
+   command or full path).
+- `SENDMAIL_ARGS`: **_empty_**: Specify any extra sendmail arguments. (NOTE: you should be aware that email addresses can look like options - if your `sendmail` command takes options you must set the option terminator `--`)
 - `SENDMAIL_TIMEOUT`: **5m**: default timeout for sending email through sendmail
 - `SENDMAIL_CONVERT_CRLF`: **true**: Most versions of sendmail prefer LF line endings rather than CRLF line endings. Set this to false if your version of sendmail requires CRLF line endings.
 - `SEND_BUFFER_LEN`: **100**: Buffer length of mailing queue. **DEPRECATED** use `LENGTH` in `[queue.mailer]`
- `SEND_AS_PLAIN_TEXT`: **false**: Send mails only in plain text, without HTML alternative.
-
-## Incoming Email (`email.incoming`)
-
- `ENABLED`: **false**: Enable handling of incoming emails.
- `REPLY_TO_ADDRESS`: **\<empty\>**: The email address including the `%{token}` placeholder that will be replaced per user/action. Example: `incoming+%{token}@example.com`. The placeholder must appear in the user part of the address (before the `@`).
- `HOST`: **\<empty\>**: IMAP server host.
- `PORT`: **\<empty\>**: IMAP server port.
- `USERNAME`: **\<empty\>**: Username of the receiving account.
- `PASSWORD`: **\<empty\>**: Password of the receiving account.
- `USE_TLS`: **false**: Whether the IMAP server uses TLS.
- `SKIP_TLS_VERIFY`: **false**: If set to `true`, completely ignores server certificate validation errors. This option is unsafe.
- `MAILBOX`: **INBOX**: The mailbox name where incoming mail will end up.
- `DELETE_HANDLED_MESSAGE`: **true**: Whether handled messages should be deleted from the mailbox.
- `MAXIMUM_MESSAGE_SIZE`: **10485760**: Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.

 ## Cache (`cache`)

@@ -786,9 +686,9 @@ and
 - `ADAPTER`: **memory**: Cache engine adapter, either `memory`, `redis`, `twoqueue` or `memcache`. (`twoqueue` represents a size limited LRU cache.)
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory and twoqueue cache only.
 - `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`. For `twoqueue` sets configuration for the queue.
-  - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
-  - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
-  - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
+   - Redis: `redis://:macaron@127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
+   - TwoQueue LRU cache: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000` representing the maximum number of objects stored in the cache.
 - `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to -1 disables caching.

 ## Cache - LastCommitCache settings (`cache.last_commit`)
@@ -800,7 +700,7 @@ and
 ## Session (`session`)

 - `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, db, mysql, couchbase, memcache, postgres\]. Setting `db` will reuse the configuration in `[database]`
- `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string. Relative paths will be made absolute against _`AppWorkPath`_.
+- `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for db, empty (database config will be used); for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
 - `GC_INTERVAL_TIME`: **86400**: GC interval in seconds.
@@ -812,9 +712,9 @@ and

 - `GRAVATAR_SOURCE`: **gravatar**: Can be `gravatar`, `duoshuo` or anything like
   `http://cn.gravatar.com/avatar/`.
- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only. **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
+- `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
-   [http://www.libravatar.org](http://www.libravatar.org)). **DEPRECATED [v1.18+]** moved to database. Use admin panel to configure.
+   [http://www.libravatar.org](http://www.libravatar.org)).

 - `AVATAR_STORAGE_TYPE`: **default**: Storage type defined in `[storage.xxx]`. Default is `default` which will read `[storage]` if no section `[storage]` will be a type `local`.
 - `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
@@ -831,6 +731,7 @@ and
  - image = default image will be used (which is set in `REPOSITORY_AVATAR_FALLBACK_IMAGE`)
 - `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)

+
 ## Project (`project`)

 Default templates for project boards:
@@ -865,13 +766,11 @@ Default templates for project boards:
 - `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.

 ### Router Log (`log`)
-
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
 - `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default Gitea logger.)
  NB: You must have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.

 ### Access Log (`log`)
-
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default Gitea logger.)
 - `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
@@ -888,9 +787,9 @@ Default templates for project boards:
 - `STACKTRACE_LEVEL`: **log.STACKTRACE_LEVEL**: Sets the log level at which to log stack traces.
 - `MODE`: **name**: Sets the mode of this sublogger - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
 - `EXPRESSION`: **""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/flags.go` for more information.
+- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/base.go` for more information.
 - `PREFIX`: **""**: An additional prefix for every log line in this logger. Defaults to empty.
- `COLORIZE`: **false**: Whether to colorize the log lines
+- `COLORIZE`: **false**: Colorize the log lines by default

 ### Console log mode (`log.console`, `log.console.*`, or `MODE=console`)

@@ -929,9 +828,9 @@ Default templates for project boards:
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.

 - `SCHEDULE` accept formats
-  - Full crontab specs, e.g. `* * * * * ?`
-  - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
-  - See more: [cron documentation](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+   - Full crontab specs, e.g. `* * * * * ?`
+   - Descriptors, e.g. `@midnight`, `@every 1h30m` ...
+   - See more: [cron decument](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)

 ### Basic cron tasks - enabled by default

@@ -988,7 +887,6 @@ Default templates for project boards:
 ### Extended cron tasks (not enabled by default)

 #### Cron - Garbage collect all repositories ('cron.git_gc_repos')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.
@@ -997,42 +895,36 @@ Default templates for project boards:
 - `ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. The default value is same with [git] -> GC_ARGS

 #### Cron - Update the '.ssh/authorized_keys' file with Gitea SSH keys ('cron.resync_all_sshkeys')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Resynchronize pre-receive, update and post-receive hooks of all repositories ('cron.resync_all_hooks')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Reinitialize all missing Git repositories for which records exist ('cron.reinit_missing_repos')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron - Delete all repositories missing their Git files ('cron.delete_missing_repos')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete generated repository avatars ('cron.delete_generated_repository_avatars')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
 - `SCHEDULE`: **@every 72h**: Cron syntax for scheduling repository archive cleanup, e.g. `@every 1h`.

 #### Cron -  Delete all old actions from database ('cron.delete_old_actions')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NOTICE_ON_SUCCESS`: **false**: Set to true to switch on success notices.
@@ -1040,36 +932,24 @@ Default templates for project boards:
 - `OLDER_THAN`: **@every 8760h**: any action older than this expression will be deleted from database, suggest using `8760h` (1 year) because that's the max length of heatmap.

 #### Cron -  Check for new Gitea versions ('cron.update_checker')
-
- `ENABLED`: **true**: Enable service.
+- `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `ENABLE_SUCCESS_NOTICE`: **true**: Set to false to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax for scheduling a work, e.g. `@every 168h`.
 - `HTTP_ENDPOINT`: **https://dl.gitea.io/gitea/version.json**: the endpoint that Gitea will check for newer versions

 #### Cron -  Delete all old system notices from database ('cron.delete_old_system_notices')
-
 - `ENABLED`: **false**: Enable service.
 - `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
 - `NO_SUCCESS_NOTICE`: **false**: Set to true to switch off success notices.
 - `SCHEDULE`: **@every 168h**: Cron syntax to set how often to check.
 - `OLDER_THAN`: **@every 8760h**: any system notice older than this expression will be deleted from database.

-#### Cron -  Garbage collect LFS pointers in repositories ('cron.gc_lfs')
-
- `ENABLED`: **false**: Enable service.
- `RUN_AT_START`: **false**: Run tasks at start up time (if ENABLED).
- `SCHEDULE`: **@every 24h**: Cron syntax to set how often to check.
- `OLDER_THAN`: **168h**: Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
- `LAST_UPDATED_MORE_THAN_AGO`: **72h**: Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
- `NUMBER_TO_CHECK_PER_REPO`: **100**: Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
- `PROPORTION_TO_CHECK_PER_REPO`: **0.6**: Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
-
 ## Git (`git`)

 - `PATH`: **""**: The path of Git executable. If empty, Gitea searches through the PATH environment.
- `HOME_PATH`: **%(APP_DATA_PATH)s/home**: The HOME directory for Git.
-   This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
+- `HOME_PATH`: **%(APP_DATA_PATH)/home**: The HOME directory for Git.
+	  This directory will be used to contain the `.gitconfig` and possible `.gnupg` directories that Gitea's git calls will use. If you can confirm Gitea is the only application running in this environment, you can set it to the normal home directory for Gitea user.
 - `DISABLE_DIFF_HIGHLIGHT`: **false**: Disables highlight of added and removed changes.
 - `MAX_GIT_DIFF_LINES`: **1000**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
@@ -1077,8 +957,7 @@ Default templates for project boards:
 - `COMMITS_RANGE_SIZE`: **50**: Set the default commits range size
 - `BRANCHES_RANGE_SIZE`: **20**: Set the default branches range size
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1.
-  To enable this for Git over SSH when using a OpenSSH server, add `AcceptEnv GIT_PROTOCOL` to your sshd_config file.
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use Git wire protocol version 2 when Git version >= 2.18, default is true, set to false when you always want Git wire protocol version 1
 - `PULL_REQUEST_PUSH_MESSAGE`: **true**: Respond to pushes to a non-default branch with a URL for creating a Pull Request (if the repository has them enabled)
 - `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
 - `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
@@ -1087,8 +966,7 @@ Default templates for project boards:
 - `DISABLE_PARTIAL_CLONE`: **false** Disable the usage of using partial clones for git.

 ## Git - Timeout settings (`git.timeout`)
-
- `DEFAULT`: **360**: Git operations default timeout seconds.
+- `DEFAUlT`: **360**: Git operations default timeout seconds.
 - `MIGRATE`: **600**: Migrate external repositories timeout seconds.
 - `MIRROR`: **300**: Mirror external repositories timeout seconds.
 - `CLONE`: **300**: Git clone from internal repositories timeout seconds.
@@ -1104,11 +982,11 @@ Default templates for project boards:

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: Enables the API documentation endpoints (`/api/swagger`, `/api/v1/swagger`, …). True or false.
+- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
 - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
 - `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for Git trees API.
- `DEFAULT_MAX_BLOB_SIZE`: **10485760** (10MiB): Default max size of a blob that can be returned by the blobs API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.

 ## OAuth2 (`oauth2`)

@@ -1123,10 +1001,13 @@ Default templates for project boards:

 ## i18n (`i18n`)

- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
+- `LANGS`: **en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pt-PT,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR,el-GR,fa-IR,hu-HU,id-ID,ml-IN**:
     List of locales shown in language selector. The first locale will be used as the default if user browser's language doesn't match any locale in the list.
 - `NAMES`: **English,简体中文,繁體中文（香港）,繁體中文（台灣）,Deutsch,Français,Nederlands,Latviešu,Русский,Українська,日本語,Español,Português do Brasil,Português de Portugal,Polski,Български,Italiano,Suomi,Türkçe,Čeština,Српски,Svenska,한국어,Ελληνικά,فارسی,Magyar nyelv,Bahasa Indonesia,മലയാളം**: Visible names corresponding to the locales

+## U2F (`U2F`) **DEPRECATED**
+- `APP_ID`: **`ROOT_URL`**: Declares the facet of the application which is used for authentication of previously registered U2F keys. Requires HTTPS.
+
 ## Markup (`markup`)

 - `MERMAID_MAX_SOURCE_CHARACTERS`: **5000**: Set the maximum size of a Mermaid source. (Set to -1 to disable)
@@ -1154,7 +1035,6 @@ IS_INPUT_FILE = false
  - iframe: Render the content in a separate standalone page and embed it into current page by iframe. The iframe is in sandbox mode with same-origin disabled, and the JS code are safely isolated from parent page.

 Two special environment variables are passed to the render command:
-
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.

@@ -1170,10 +1050,10 @@ REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
 ALLOW_DATA_URI_IMAGES = true
 ```

- `ELEMENT`: The element this policy applies to. Must be non-empty.
- `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
- `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
- `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).
+ - `ELEMENT`: The element this policy applies to. Must be non-empty.
+ - `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
+ - `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
+ - `ALLOW_DATA_URI_IMAGES`: **false** Allow data uri images (`<img src="data:image/png;base64,..."/>`).

 Multiple sanitisation rules can be defined by adding unique subsections, e.g. `[markup.sanitizer.TeX-2]`.
 To apply a sanitisation rules only for a specify external renderer they must use the renderer name, e.g. `[markup.sanitizer.asciidoc.rule-1]`.
@@ -1190,7 +1070,7 @@ in this mapping or the filetype using heuristics.
 ## Time (`time`)

 - `FORMAT`: Time format to display on UI. i.e. RFC1123 or 2006-01-02 15:04:05
- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Asia/Shanghai
+- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Shanghai/Asia

 ## Task (`task`)

@@ -1204,45 +1084,20 @@ Task queue configuration has been moved to `queue.task`. However, the below conf

 - `MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
 - `RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas. Wildcard is supported: `github.com, *.github.com`.
- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains. Wildcard is supported.
- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291. If a domain is allowed by `ALLOWED_DOMAINS`, this option will be ignored.
+- `ALLOWED_DOMAINS`: **\<empty\>**: Domains allowlist for migrating repositories, default is blank. It means everything will be allowed. Multiple domains could be separated by commas.
+- `BLOCKED_DOMAINS`: **\<empty\>**: Domains blocklist for migrating repositories, default is blank. Multiple domains could be separated by commas. When `ALLOWED_DOMAINS` is not blank, this option has a higher priority to deny domains.
+- `ALLOW_LOCALNETWORKS`: **false**: Allow private addresses defined by RFC 1918, RFC 1122, RFC 4632 and RFC 4291
 - `SKIP_TLS_VERIFY`: **false**: Allow skip tls verify

 ## Federation (`federation`)

 - `ENABLED`: **false**: Enable/Disable federation capabilities
 - `SHARE_USER_STATISTICS`: **true**: Enable/Disable user statistics for nodeinfo if federation is enabled
- `MAX_SIZE`: **4**: Maximum federation request and response size (MB)
-
- WARNING: Changing the settings below can break federation.
-
- `ALGORITHMS`: **rsa-sha256, rsa-sha512, ed25519**: HTTP signature algorithms
- `DIGEST_ALGORITHM`: **SHA-256**: HTTP signature digest algorithm
- `GET_HEADERS`: **(request-target), Date**: GET headers for federation requests
- `POST_HEADERS`: **(request-target), Date, Digest**: POST headers for federation requests

 ## Packages (`packages`)

 - `ENABLED`: **true**: Enable/Disable package registry capabilities
 - `CHUNKED_UPLOAD_PATH`: **tmp/package-upload**: Path for chunked uploads. Defaults to `APP_DATA_PATH` + `tmp/package-upload`
- `LIMIT_TOTAL_OWNER_COUNT`: **-1**: Maximum count of package versions a single owner can have (`-1` means no limits)
- `LIMIT_TOTAL_OWNER_SIZE`: **-1**: Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CARGO`: **-1**: Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CHEF`: **-1**: Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_COMPOSER`: **-1**: Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CONAN`: **-1**: Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CONDA`: **-1**: Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_CONTAINER`: **-1**: Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_GENERIC`: **-1**: Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_HELM`: **-1**: Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_MAVEN`: **-1**: Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_NPM`: **-1**: Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_NUGET`: **-1**: Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_PUB`: **-1**: Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_PYPI`: **-1**: Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_RUBYGEMS`: **-1**: Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
- `LIMIT_SIZE_VAGRANT`: **-1**: Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)

 ## Mirror (`mirror`)

@@ -1326,52 +1181,14 @@ is `data/repo-archive` and the default of `MINIO_BASE_PATH` is `repo-archive/`.
 - `PROXY_HOSTS`: **\<empty\>**: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.

 i.e.
-
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
 PROXY_HOSTS = *.github.com
 ```

-## Actions (`actions`)
-
- `ENABLED`: **false**: Enable/Disable actions capabilities
- `DEFAULT_ACTIONS_URL`: **https://gitea.com**: Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-
-`DEFAULT_ACTIONS_URL` indicates where should we find the relative path action plugin. i.e. when use an action in a workflow file like
-
-```yaml
-name: versions
-on:
-  push:
-    branches:
-      - main
-      - releases/*
-jobs:
-  build:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-```
-
-Now we need to know how to get actions/checkout, this configuration is the default git server to get it. That means we will get the repository via git clone ${DEFAULT_ACTIONS_URL}/actions/checkout and fetch tag v3.
-
-To help people who don't want to mirror these actions in their git instances, the default value is https://gitea.com
-To help people run actions totally in their network, they can change the value and copy all necessary action repositories into their git server.
-
-Of course we should support the form in future PRs like
-
-```yaml
-steps:
-  - uses: gitea.com/actions/checkout@v3
-```
-
-although Github don't support this form.
-
 ## Other (`other`)

 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
 - `SHOW_FOOTER_VERSION`: **true**: Show Gitea and Go version information in the footer.
 - `SHOW_FOOTER_TEMPLATE_LOAD_TIME`: **true**: Show time of template execution in the footer.
- `ENABLE_SITEMAP`: **true**: Generate sitemap.
- `ENABLE_FEED`: **true**: Enable/Disable RSS/Atom feed.
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -15,14 +15,7 @@ menu:

 # 配置说明

-这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。
-所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。
-如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。
-标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。
-
-## ⚠️时效性警告⚠️
-
-此文档的内容可能过于陈旧或者错误，请参考英文文档。
+这是针对Gitea配置文件的说明，你可以了解Gitea的强大配置。需要说明的是，你的所有改变请修改 `custom/conf/app.ini` 文件而不是源文件。所有默认值可以通过 [app.example.ini](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.example.ini) 查看到。如果你发现 `%(X)s` 这样的内容，请查看 [ini](https://github.com/go-ini/ini/#recursive-values) 这里的说明。标注了 :exclamation: 的配置项表明除非你真的理解这个配置项的意义，否则最好使用默认值。

 {{< toc >}}

@@ -145,19 +138,7 @@ menu:
 - `ENABLE_NOTIFY_MAIL`: 是否发送工单创建等提醒邮件，需要 `Mailer` 被激活。
 - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: 允许反向代理认证，更多细节见：https://github.com/gogits/gogs/issues/165
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: 允许通过反向认证做自动注册。
- `ENABLE_CAPTCHA`: **false**: 注册时使用图片验证码。
- `REQUIRE_CAPTCHA_FOR_LOGIN`: **false**: 登录时需要图片验证码。需要同时开启 `ENABLE_CAPTCHA`。
- `CAPTCHA_TYPE`: **image**: \[image, recaptcha, hcaptcha, mcaptcha, cfturnstile\]，人机验证类型，分别表示图片认证、 recaptcha 、 hcaptcha 、mcaptcha 、和 cloudlfare 的 turnstile。
- `RECAPTCHA_SECRET`: **""**: recaptcha 服务的密钥，可在 https://www.google.com/recaptcha/admin 获取。
- `RECAPTCHA_SITEKEY`: **""**: recaptcha 服务的网站密钥 ，可在 https://www.google.com/recaptcha/admin 获取。
- `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: 设置 recaptcha 的 url 。
- `HCAPTCHA_SECRET`: **""**: hcaptcha 服务的密钥，可在 https://www.hcaptcha.com/ 获取。
- `HCAPTCHA_SITEKEY`: **""**: hcaptcha 服务的网站密钥，可在 https://www.hcaptcha.com/ 获取。
- `MCAPTCHA_SECRET`: **""**: mCaptcha 服务的密钥。
- `MCAPTCHA_SITEKEY`: **""**: mCaptcha 服务的网站密钥。
- `MCAPTCHA_URL` **https://demo.mcaptcha.org/**: 设置 remCaptchacaptcha 的 url 。
- `CF_TURNSTILE_SECRET` **""**: cloudlfare turnstile 服务的密钥，可在 https://dash.cloudflare.com/?to=/:account/turnstile 获取。
- `CF_TURNSTILE_SITEKEY` **""**: cloudlfare turnstile 服务的网站密钥 ，可在 https://www.google.com/recaptcha/admin 获取。
+- `ENABLE_CAPTCHA`: 注册时使用图片验证码。

 ### Service - Expore (`service.explore`)

@@ -192,8 +173,8 @@ menu:
 - `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
 - `INTERVAL`: **60**: 只对内存缓存有效，GC间隔，单位秒。
 - `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
-  - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
-  - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
+    - Memache: `127.0.0.1:9090;127.0.0.1:9091`
 - `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 -1 则禁用缓存。

 ## Cache - LastCommitCache settings (`cache.last_commit`)
@@ -258,6 +239,7 @@ file -I test01.xls
 test01.xls: application/vnd.ms-excel; charset=binary
 ```

+
 ## Log (`log`)

 - `ROOT_PATH`: 日志文件根目录。
@@ -269,9 +251,10 @@ test01.xls: application/vnd.ms-excel; charset=binary
 - `ENABLED`: 是否在后台运行定期任务。
 - `RUN_AT_START`: 是否启动时自动运行。
 - `SCHEDULE` 所接受的格式
-  - 完整 crontab 控制, 例如 `* * * * * ?`
-  - 描述符, 例如 `@midnight`, `@every 1h30m` ...
-  - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+   - 完整 crontab 控制, 例如 `* * * * * ?`
+   - 描述符, 例如 `@midnight`, `@every 1h30m` ...
+   - 更多细节参见 [cron api文档](https://pkg.go.dev/github.com/gogs/cron@v0.0.0-20171120032916-9f6c956d3e14)
+

 ### Cron - Update Mirrors (`cron.update_mirrors`)

@@ -311,7 +294,7 @@ test01.xls: application/vnd.ms-excel; charset=binary

 ## API (`api`)

- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false.
+- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
 - `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
 - `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
 - `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
@@ -363,7 +346,7 @@ ALLOW_DATA_URI_IMAGES = true
 - `ALLOW_DATA_URI_IMAGES`: **false** 允许 data uri 图片 (`<img src="data:image/png;base64,..."/>`)。

 多个净化规则可以被同时定义，只要section名称最后一位不重复即可。如： `[markup.sanitizer.TeX-2]`。
-为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 section。
+为了针对一种渲染类型进行一个特殊的净化策略，必须使用形如 `[markup.sanitizer.asciidoc.rule-1]` 的方式来命名 seciton。
 如果此规则没有匹配到任何渲染类型，它将会被应用到所有的渲染类型。

 ## Time (`time`)
@@ -457,7 +440,6 @@ Repository archive 的存储配置。 如果 `STORAGE_TYPE` 为空，则此配
 - `PROXY_HOSTS`: **\<empty\>**: 逗号分隔的多个需要代理的网址，支持 * 号匹配符号， ** 表示匹配所有网站

 i.e.
-
 ```ini
 PROXY_ENABLED = true
 PROXY_URL = socks://127.0.0.1:1080
--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@@ -121,7 +121,7 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_inner_pre.tmpl`, before the top navigation bar, but already inside the main container `<div class="full height">`.
 - `body_inner_post.tmpl`, before the end of the main container.
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional JavaScript.
+- `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.

 #### Example: PlantUML

@@ -129,7 +129,7 @@ You can add [PlantUML](https://plantuml.com/) support to Gitea's markdown by usi
 The data is encoded and sent to the PlantUML server which generates the picture. There is an online
 demo server at http://www.plantuml.com/plantuml, but if you (or your users) have sensitive data you
 can set up your own [PlantUML server](https://plantuml.com/server) instead. To set up PlantUML rendering,
-copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
+copy javascript files from https://gitea.com/davidsvantesson/plantuml-code-highlight and put them in your
 `$GITEA_CUSTOM/public` folder. Then add the following to `custom/footer.tmpl`:

 ```html
@@ -137,9 +137,9 @@ copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highl
  $(async () => {
    if (!$('.language-plantuml').length) return;
    await Promise.all([
-      $.getScript('https://your-gitea-server.com/assets/deflate.js'),
-      $.getScript('https://your-gitea-server.com/assets/encode.js'),
-      $.getScript('https://your-gitea-server.com/assets/plantuml_codeblock_parse.js'),
+      $.getScript('https://your-server.com/deflate.js'), 
+      $.getScript('https://your-server.com/encode.js'),
+      $.getScript('https://your-server.com/plantuml_codeblock_parse.js'),
    ]);
    // Replace call with address to your plantuml server
    parsePlantumlCodeBlocks("https://www.plantuml.com/plantuml");
@@ -149,13 +149,13 @@ copy JavaScript files from https://gitea.com/davidsvantesson/plantuml-code-highl

 You can then add blocks like the following to your markdown:

-```plantuml
-Alice -> Bob: Authentication Request
-Bob --> Alice: Authentication Response
+    ```plantuml
+        Alice -> Bob: Authentication Request
+        Bob --> Alice: Authentication Response

-Alice -> Bob: Another authentication Request
-Alice <-- Bob: Another authentication Response
-```
+        Alice -> Bob: Another authentication Request
+        Alice <-- Bob: Another authentication Response
+    ```

 The script will detect tags with `class="language-plantuml"`, but you can change this by providing a second argument to `parsePlantumlCodeBlocks`.

@@ -202,7 +202,7 @@ You can display STL file directly in Gitea by adding:

 to the file `templates/custom/footer.tmpl`

-You also need to download the content of the library [Madeleine.js](https://github.com/beige90/Madeleine.js) and place it under `$GITEA_CUSTOM/public/` folder.
+You also need to download the content of the library [Madeleine.js](https://jinjunho.github.io/Madeleine.js/) and place it under `$GITEA_CUSTOM/public/` folder.

 You should end-up with a folder structure similar to:

@@ -335,8 +335,8 @@ The list of themes a user can choose from can be configured with the `THEMES` va

 To make a custom theme available to all users:

-1. Add a CSS file to `$GITEA_CUSTOM/public/css/theme-<theme-name>.css`.
-  The value of `$GITEA_CUSTOM` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
+1. Add a CSS file to `$GITEA_PUBLIC/public/css/theme-<theme-name>.css`.
+  The value of `$GITEA_PUBLIC` of your instance can be queried by calling `gitea help` and looking up the value of "CustomPath".
 2. Add `<theme-name>` to the comma-separated list of setting `THEMES` in `app.ini`

 Community themes are listed in [gitea/awesome-gitea#themes](https://gitea.com/gitea/awesome-gitea#themes).
--- a/docs/content/doc/advanced/environment-variables.zh-cn.md
+++ b/docs/content/doc/advanced/environment-variables.zh-cn.md
@@ -25,31 +25,31 @@ GITEA_CUSTOM=/home/gitea/custom ./gitea web

 因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：

-* `GOOS`
-* `GOARCH`
-* [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+  * `GOOS`
+  * `GOARCH`
+  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)

 您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。

 ## Gitea 的文件目录

-* `GITEA_WORK_DIR`：工作目录的绝对路径
-* `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
-* `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
-* `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+  * `GITEA_WORK_DIR`：工作目录的绝对路径
+  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代

 ## 操作系统配置

-* `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
-* `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
-* `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量

 ### 仅限于 Windows 的配置

-* `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
-* `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
-* `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径

 ## Miscellaneous

-* `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
+  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
--- a/Show More
+++ b/Show More