1.9.0-RC1 changelog (#7367 )

[skip ci] Updated translations via Crowdin
ui - issue view - fix icon position (#7354 )
2025-07-21 17:41:16 +02:00 · 2019-07-06 19:00:49 -04:00 · 2019-07-06 22:14:41 +00:00 · 2019-07-06 18:03:00 -04:00 · 2019-07-06 22:37:46 +01:00 · 2019-07-06 16:32:15 -04:00
4381 changed files with 651544 additions and 287001 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -1,360 +1,658 @@
+---
+kind: pipeline
+name: testing
+
+platform:
+  os: linux
+  arch: amd64
+
 workspace:
  base: /go
  path: src/code.gitea.io/gitea

-clone:
-  git:
-    image: plugins/git:next
-    depth: 50
-    tags: true
+services:
+  - name: mysql
+    pull: default
+    image: mysql:5.7
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: test

-pipeline:
-  download_translations:
-    image: jonasfranz/crowdin
-    pull: true
-    secrets: [ crowdin_key ]
-    project_identifier: gitea
-    ignore_branch: true
-    download: true
-    export_dir: options/locale/
-    when:
-      event: [ push ]
-      branch: [ master ]
+  - name: mysql8
+    pull: default
+    image: mysql:8.0
+    environment:
+      MYSQL_ALLOW_EMPTY_PASSWORD: yes
+      MYSQL_DATABASE: testgitea

-  update-translations:
-    image: alpine:3.6
+  - name: pgsql
+    pull: default
+    image: postgres:9.5
+    environment:
+      POSTGRES_DB: test
+
+  - name: mssql
+    pull: default
+    image: microsoft/mssql-server-linux:latest
+    environment:
+      ACCEPT_EULA: Y
+      MSSQL_PID: Standard
+      SA_PASSWORD: MwantsaSecurePassword1
+
+  - name: ldap
+    pull: default
+    image: gitea/test-openldap:latest
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
    commands:
-      - mv ./options/locale/locale_en-US.ini ./options/
-      - sed -i -e 's/="/=/g' -e 's/"$$//g' ./options/locale/*.ini
-      - sed -i -e 's/\\\\"/"/g' ./options/locale/*.ini
-      - mv ./options/locale_en-US.ini ./options/locale/
+      - git fetch --tags --force
    when:
-      event: [ push ]
-      branch: [ master ]
+      event:
+        exclude:
+          - pull_request

-  git_push:
-    image: appleboy/drone-git-push
-    pull: true
-    secrets: [ git_push_ssh_key ]
-    remote: git@github.com:go-gitea/gitea.git
-    force: false
-    commit: true
-    commit_message: "[skip ci] Updated translations via Crowdin"
-    author_name: GiteaBot
-    author_email: teabot@gitea.io
-    when:
-      event: [ push ]
-      branch: [ master ]
-
-  pre-build:
+  - name: pre-build
+    pull: always
    image: webhippie/nodejs:latest
-    pull: true
    commands:
-      - npm install
-      - make stylesheets-check
-    when:
-      event: [ push, tag, pull_request ]
+      - make css
+      - make js

-  build-without-gcc:
-    image: golang:1.8
-    pull: true
+  - name: build-without-gcc
+    pull: always
+    image: golang:1.10 # this step is kept as the lowest version of golang that we support
    commands:
      - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
-    when:
-      event: [ push, tag, pull_request ]

-  build:
-    image: golang:1.10
-    pull: true
-    environment:
-      TAGS: bindata sqlite
+  - name: build
+    pull: always
+    image: golang:1.12
    commands:
      - make clean
      - make generate
-      - make vet
-      - make lint
-      - make fmt-check
+      - make golangci-lint
+      - make revive
      - make swagger-check
      - make swagger-validate
-      - make misspell-check
      - make test-vendor
      - make build
-    when:
-      event: [ push, tag, pull_request ]
-
-  test:
-    image: golang:1.10
-    pull: true
-    group: test
    environment:
-      TAGS: bindata sqlite
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: unit-test
+    pull: always
+    image: golang:1.12
    commands:
      - make unit-test-coverage
-    when:
-      event: [ push, pull_request ]
-      branch: [ master ]
-
-  test:
-    image: golang:1.10
-    pull: true
-    group: test
    environment:
-      TAGS: bindata sqlite
+      TAGS: bindata sqlite sqlite_unlock_notify
+    depends_on:
+      - build
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: release-test
+    pull: always
+    image: golang:1.12
    commands:
      - make test
-    when:
-      event: [ push, pull_request ]
-      branch: [ release/* ]
-
-  test:
-    image: golang:1.10
-    pull: true
-    group: test
    environment:
-      TAGS: bindata
+      TAGS: bindata sqlite sqlite_unlock_notify
+    depends_on:
+      - build
+    when:
+      branch:
+        - "release/*"
+      event:
+        - push
+        - pull_request
+
+  - name: tag-test
+    pull: always
+    image: golang:1.12
    commands:
      - make test
-    when:
-      event: [ tag ]
-
-  # Commented until db locking have been resolved!
-  # test-sqlite:
-  #   image: golang:1.10
-  #   pull: true
-  #   group: test
-  #   environment:
-  #     TAGS: bindata
-  #   commands:
-  #     - make test-sqlite
-  #   when:
-  #     event: [ push, tag, pull_request ]
-
-  test-mysql:
-    image: golang:1.10
-    pull: true
-    group: test
    environment:
      TAGS: bindata
-      TEST_LDAP: "1"
+    depends_on:
+      - build
+    when:
+      event:
+        - tag
+
+  - name: test-sqlite
+    pull: always
+    image: golang:1.12
    commands:
-      - curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-sqlite-migration
+      - timeout -s ABRT 20m make test-sqlite
+    environment:
+      TAGS: bindata
+    depends_on:
+      - build
+
+  - name: test-mysql
+    pull: always
+    image: golang:1.12
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - make test-mysql-migration
      - make integration-test-coverage
-    when:
-      event: [ push, pull_request ]
-      branch: [ master ]
-
-  test-mysql:
-    image: golang:1.10
-    pull: true
-    group: test
    environment:
      TAGS: bindata
-      TEST_LDAP: "1"
+      TEST_LDAP: 1
+    depends_on:
+      - build
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: tag-test-mysql
+    pull: always
+    image: golang:1.12
    commands:
-      - curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
      - apt-get install -y git-lfs
-      - make test-mysql
-    when:
-      event: [ tag ]
-
-  test-pgsql:
-    image: golang:1.10
-    pull: true
-    group: test
+      - timeout -s ABRT 20m make test-mysql-migration
+      - timeout -s ABRT 20m make test-mysql
    environment:
      TAGS: bindata
-      TEST_LDAP: "1"
+      TEST_LDAP: 1
+    depends_on:
+      - build
+    when:
+      event:
+        - tag
+
+  - name: test-mysql8
+    pull: always
+    image: golang:1.12
    commands:
-      - curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
      - apt-get install -y git-lfs
-      - make test-pgsql
-    when:
-      event: [ push, tag, pull_request ]
-
-  generate-coverage:
-    image: golang:1.10
-    pull: true
+      - timeout -s ABRT 20m make test-mysql8-migration
+      - timeout -s ABRT 20m make test-mysql8
    environment:
      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: test-pgsql
+    pull: always
+    image: golang:1.12
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-pgsql-migration
+      - timeout -s ABRT 20m make test-pgsql
+    environment:
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: test-mssql
+    pull: always
+    image: golang:1.12
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - make test-mssql-migration
+      - make test-mssql
+    environment:
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
+  - name: generate-coverage
+    pull: always
+    image: golang:1.12
    commands:
      - make coverage
-    when:
-      event: [ push, pull_request ]
-      branch: [ master ]
-
-  coverage:
-    image: robertstettner/drone-codecov
-    secrets: [ codecov_token ]
-    files:
-      - coverage.all
-    when:
-      event: [ push, pull_request ]
-      branch: [ master ]
-
-  static:
-    image: karalabe/xgo-latest:latest
-    pull: true
    environment:
-      TAGS: bindata sqlite
+      TAGS: bindata
+    depends_on:
+      - unit-test
+      - test-mysql
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+  - name: coverage
+    pull: always
+    image: robertstettner/drone-codecov
+    settings:
+      files:
+        - coverage.all
+    environment:
+      CODECOV_TOKEN:
+        from_secret: codecov_token
+    depends_on:
+      - generate-coverage
+    when:
+      branch:
+        - master
+      event:
+        - push
+        - pull_request
+
+---
+kind: pipeline
+name: translations
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  branch:
+    - master
+  event:
+    - push
+
+steps:
+  - name: download
+    pull: always
+    image: jonasfranz/crowdin
+    settings:
+      download: true
+      export_dir: options/locale/
+      ignore_branch: true
+      project_identifier: gitea
+    environment:
+      CROWDIN_KEY:
+        from_secret: crowdin_key
+
+  - name: update
+    pull: default
+    image: alpine:3.10
+    commands:
+      - mv ./options/locale/locale_en-US.ini ./options/
+      - "sed -i -e 's/=\"/=/g' -e 's/\"$$//g' ./options/locale/*.ini"
+      - "sed -i -e 's/\\\\\\\\\"/\"/g' ./options/locale/*.ini"
+      - mv ./options/locale_en-US.ini ./options/locale/
+
+  - name: push
+    pull: always
+    image: appleboy/drone-git-push
+    settings:
+      author_email: "teabot@gitea.io"
+      author_name: GiteaBot
+      commit: true
+      commit_message: "[skip ci] Updated translations via Crowdin"
+      remote: "git@github.com:go-gitea/gitea.git"
+    environment:
+      GIT_PUSH_SSH_KEY:
+        from_secret: git_push_ssh_key
+
+  - name: upload_translations
+    pull: always
+    image: jonasfranz/crowdin
+    settings:
+      files:
+        locale_en-US.ini: options/locale/locale_en-US.ini
+      ignore_branch: true
+      project_identifier: gitea
+    environment:
+      CROWDIN_KEY:
+        from_secret: crowdin_key
+
+---
+kind: pipeline
+name: release-master
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  branch:
+    - master
+    - "release/*"
+  event:
+    - push
+
+depends_on:
+  - testing
+  - translations
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+
+  - name: static
+    pull: always
+    image: techknowlogick/xgo:latest
    commands:
      - export PATH=$PATH:$GOPATH/bin
+      - make generate
      - make release
-    when:
-      event: [ push, tag ]
+    environment:
+      TAGS: bindata sqlite sqlite_unlock_notify

-  build_docs:
+  - name: gpg-sign
+    pull: always
+    image: plugins/gpgsign:1
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
+    depends_on:
+      - static
+
+  - name: release-branch-release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: "/gitea/${DRONE_BRANCH##release/v}"
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+    when:
+      branch:
+        - "release/*"
+      event:
+        - push
+
+  - name: release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: /gitea/master
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+    when:
+      branch:
+        - master
+      event:
+        - push
+
+---
+kind: pipeline
+name: release-version
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+trigger:
+  event:
+    - tag
+
+depends_on:
+  - testing
+  - translations
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+
+  - name: static
+    pull: always
+    image: techknowlogick/xgo:latest
+    commands:
+      - export PATH=$PATH:$GOPATH/bin
+      - make generate
+      - make release
+    environment:
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: gpg-sign
+    pull: always
+    image: plugins/gpgsign:1
+    settings:
+      detach_sign: true
+      excludes:
+        - "dist/release/*.sha256"
+      files:
+        - "dist/release/*"
+    environment:
+      GPGSIGN_KEY:
+        from_secret: gpgsign_key
+      GPGSIGN_PASSPHRASE:
+        from_secret: gpgsign_passphrase
+    depends_on:
+      - static
+
+  - name: release
+    pull: always
+    image: plugins/s3:1
+    settings:
+      acl: public-read
+      bucket: releases
+      endpoint: https://storage.gitea.io
+      path_style: true
+      source: "dist/release/*"
+      strip_prefix: dist/release/
+      target: "/gitea/${DRONE_TAG##v}"
+    environment:
+      AWS_ACCESS_KEY_ID:
+        from_secret: aws_access_key_id
+      AWS_SECRET_ACCESS_KEY:
+        from_secret: aws_secret_access_key
+    depends_on:
+      - gpg-sign
+
+  - name: github
+    pull: always
+    image: plugins/github-release:1
+    settings:
+      files:
+        - "dist/release/*"
+    environment:
+      GITHUB_TOKEN:
+        from_secret: github_token
+    depends_on:
+      - gpg-sign
+
+---
+kind: pipeline
+name: docs
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+steps:
+  - name: build-docs
+    pull: always
    image: webhippie/hugo:latest
-    pull: true
    commands:
      - cd docs
      - make trans-copy
      - make clean
      - make build

-  docker_docs:
-    image: plugins/docker:17.05
-    pull: true
-    secrets: [ docker_username, docker_password ]
-    repo: gitea/docs
-    context: docs
-    dockerfile: docs/Dockerfile
-    tags: [ '${DRONE_BRANCH##release/v}' ]
+  - name: publish-docs
+    pull: always
+    image: lucap/drone-netlify:latest
+    settings:
+      path: docs/public/
+      site_id: d2260bae-7861-4c02-8646-8f6440b12672
+    environment:
+      NETLIFY_TOKEN:
+        from_secret: netlify_token
    when:
-      event: [ push ]
-      branch: [ release/* ]
+      branch:
+        - master
+      event:
+        - push

-  docker_docs:
-    image: plugins/docker:17.05
-    pull: true
-    secrets: [ docker_username, docker_password ]
-    repo: gitea/docs
-    context: docs
-    dockerfile: docs/Dockerfile
-    tags: [ 'latest' ]
+---
+kind: pipeline
+name: docker
+
+platform:
+  os: linux
+  arch: amd64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
    when:
-      event: [ push ]
-      branch: [ master ]
+      event:
+        exclude:
+          - pull_request

-  docker:
-    image: plugins/docker:17.12
-    pull: true
-    secrets: [ docker_username, docker_password ]
-    repo: gitea/gitea
-    tags: [ '${DRONE_BRANCH##release/v}' ]
+  - name: dryrun
+    pull: always
+    image: plugins/docker:18.09
+    settings:
+      cache_from: gitea/gitea
+      dry_run: true
+      repo: gitea/gitea
    when:
-      event: [ push ]
-      branch: [ release/* ]
+      event:
+        - pull_request

-  docker:
-    image: plugins/docker:17.12
-    secrets: [ docker_username, docker_password ]
-    pull: true
-    repo: gitea/gitea
-    default_tags: true
+  - name: release
+    pull: always
+    image: plugins/docker:18.09
+    settings:
+      cache_from: gitea/gitea
+      repo: gitea/gitea
+      tags:
+        - "${DRONE_BRANCH##release/v}"
+    environment:
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_USERNAME:
+        from_secret: docker_username
+    depends_on:
+      - dryrun
    when:
-      event: [ push, tag ]
+      branch:
+        - "release/*"
+      event:
+        - push

-  gpg-sign:
-    image: plugins/gpgsign:1
-    pull: true
-    secrets: [ gpgsign_key, gpgsign_passphrase ]
-    detach_sign: true
-    files:
-      - dist/release/*
-    excludes:
-      - dist/release/*.sha256
+  - name: latest
+    pull: always
+    image: plugins/docker:18.09
+    settings:
+      cache_from: gitea/gitea
+      default_tags: true
+      repo: gitea/gitea
+    environment:
+      DOCKER_PASSWORD:
+        from_secret: docker_password
+      DOCKER_USERNAME:
+        from_secret: docker_username
+    depends_on:
+      - dryrun
    when:
-      event: [ push, tag ]
+      branch:
+        - master
+      event:
+        - push
+        - tag

-  release:
-    image: plugins/s3:1
-    pull: true
-    secrets: [ aws_access_key_id, aws_secret_access_key ]
-    bucket: releases
-    endpoint: https://storage.gitea.io
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/${DRONE_TAG##v}
-    when:
-      event: [ tag ]
+---
+kind: pipeline
+name: notify

-  release:
-    image: plugins/s3:1
-    pull: true
-    secrets: [ aws_access_key_id, aws_secret_access_key ]
-    bucket: releases
-    endpoint: https://storage.gitea.io
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/${DRONE_BRANCH##release/v}
-    when:
-      event: [ push ]
-      branch: [ release/* ]
+platform:
+  os: linux
+  arch: amd64

-  release:
-    image: plugins/s3:1
-    pull: true
-    secrets: [ aws_access_key_id, aws_secret_access_key ]
-    bucket: releases
-    endpoint: https://storage.gitea.io
-    path_style: true
-    strip_prefix: dist/release/
-    source: dist/release/*
-    target: /gitea/master
-    when:
-      event: [ push ]
-      branch: [ master ]
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea

-  github:
-    image: plugins/github-release:1
-    pull: true
-    secrets: [ github_token ]
-    files:
-      - dist/release/*
-    when:
-      event: [ tag ]
+when:
+  status:
+    - success
+    - failure

-  upload_translations:
-    image: jonasfranz/crowdin
-    pull: true
-    secrets: [ crowdin_key ]
-    project_identifier: gitea
-    ignore_branch: true
-    download: false
-    files:
-      locale_en-US.ini: options/locale/locale_en-US.ini
-    when:
-      event: [ push ]
-      branch: [ master ]
+depends_on:
+  - testing
+  - translations
+  - release-version
+  - release-master
+  - docker
+  - docs

-  discord:
+steps:
+  - name: discord
+    pull: always
    image: appleboy/drone-discord:1.0.0
-    pull: true
-    secrets: [ discord_webhook_id, discord_webhook_token ]
-    when:
-      event: [ push, tag, pull_request ]
-      status: [ changed, failure ]
-
-services:
-  mysql:
-    image: mysql:5.7
    environment:
-      - MYSQL_DATABASE=test
-      - MYSQL_ALLOW_EMPTY_PASSWORD=yes
-    when:
-      event: [ push, tag, pull_request ]
-
-  pgsql:
-    image: postgres:9.5
-    environment:
-      - POSTGRES_DB=test
-    when:
-      event: [ push, tag, pull_request ]
-
-  ldap:
-    image: gitea/test-openldap:latest
-    when:
-      event: [ push, tag, pull_request ]
+      DISCORD_WEBHOOK_ID:
+        from_secret: discord_webhook_id
+      DISCORD_WEBHOOK_TOKEN:
+        from_secret: discord_webhook_token
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,5 +1,4 @@
 # http://editorconfig.org
-
 root = true

 [*]
@@ -15,11 +14,11 @@ indent_size = 8
 indent_style = tab
 indent_size = 4

-[*.{less}]
+[*.less]
 indent_style = space
 indent_size = 4

-[*.{yml}]
+[*.{yml,json}]
 indent_style = space
 indent_size = 2

--- a/.eslintrc
+++ b/.eslintrc
@@ -0,0 +1,25 @@
+root: true
+
+extends:
+  - eslint:recommended
+
+parserOptions:
+  ecmaVersion: 2015
+
+env:
+  browser: true
+  jquery: true
+  es6: true
+
+globals:
+  Clipboard: false
+  CodeMirror: false
+  emojify: false
+  SimpleMDE: false
+  Vue: false
+  Dropzone: false
+  u2fApi: false
+  hljs: false
+
+rules:
+  no-unused-vars: [error, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+open_collective: gitea
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -1,7 +1,9 @@
+<!-- NOTE: If your issue is a security concern, please send an email to security@gitea.io instead of opening a public issue -->
+
 <!--
-    1. Please speak English, this is the language all of us can speak and write.
+    1. Please speak English, this is the language all maintainers can speak and write.
    2. Please ask questions or configuration/deploy problems on our Discord 
-       server (https://discord.gg/NsatcWJ) or forum (https://discourse.gitea.io).
+       server (https://discord.gg/gitea) or forum (https://discourse.gitea.io).
    3. Please take a moment to check that your issue doesn't already exist.
    4. Please give all relevant information below for bug reports, because 
       incomplete details will be handled as an invalid report.
--- a/.github/stale.yml
+++ b/.github/stale.yml
@@ -0,0 +1,53 @@
+# Configuration for probot-stale - https://github.com/probot/stale
+
+# Number of days of inactivity before an Issue or Pull Request becomes stale
+daysUntilStale: 60
+
+# Number of days of inactivity before an Issue or Pull Request with the stale label is closed.
+# Set to false to disable. If disabled, issues still need to be closed manually, but will remain marked as stale.
+daysUntilClose: 14
+
+# Issues or Pull Requests with these labels will never be considered stale. Set to `[]` to disable
+exemptLabels:
+  - status/blocked 
+  - kind/security 
+  - lgtm/done
+  - reviewed/confirmed
+  - priority/critical
+  - kind/proposal
+
+# Set to true to ignore issues in a project (defaults to false)
+exemptProjects: false
+
+# Set to true to ignore issues in a milestone (defaults to false)
+exemptMilestones: false
+
+# Label to use when marking as stale
+staleLabel: stale
+
+# Comment to post when marking as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs during the next 2 weeks. Thank you
+  for your contributions.
+
+# Comment to post when closing a stale Issue or Pull Request.
+closeComment: >
+  This issue has been automatically closed because of inactivity.
+  You can re-open it if needed.
+
+# Limit the number of actions per hour, from 1-30. Default is 30
+limitPerRun: 1
+
+# Optionally, specify configuration settings that are specific to just 'issues' or 'pulls':
+pulls:
+  daysUntilStale: 60
+  daysUntilClose: 60
+  markComment: >
+    This pull request has been automatically marked as stale because it has not had
+    recent activity. It will be closed if no further activity occurs during the next 2 months. Thank you
+    for your contributions.
+  closeComment: >
+    This pull request has been automatically closed because of inactivity.
+    You can re-open it if needed.
+
--- a/.gitignore
+++ b/.gitignore
@@ -51,15 +51,23 @@ coverage.all
 /log
 /public/img/avatar
 /integrations/gitea-integration-mysql
+/integrations/gitea-integration-mysql8
 /integrations/gitea-integration-pgsql
 /integrations/gitea-integration-sqlite
+/integrations/gitea-integration-mssql
 /integrations/indexers-mysql
+/integrations/indexers-mysql8
 /integrations/indexers-pgsql
 /integrations/indexers-sqlite
+/integrations/indexers-mssql
 /integrations/mysql.ini
+/integrations/mysql8.ini
 /integrations/pgsql.ini
+/integrations/mssql.ini
 /node_modules
-
+/modules/indexer/issues/indexers
+routers/repo/authorized_keys
+/yarn.lock

 # Snapcraft
 snap/.snapcraft/
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,97 @@
+linters:
+  enable:
+    - gosimple
+    - deadcode
+    - typecheck
+    - govet
+    - errcheck
+    - staticcheck
+    - unused
+    - structcheck
+    - varcheck
+    - golint
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - misspell
+    - gocritic
+  enable-all: false
+  disable-all: true
+  fast: false
+
+linters-settings:
+  gocritic:
+    disabled-checks:
+      - ifElseChain
+      - singleCaseSwitch # Every time this occured in the code, there  was no other way.
+
+issues:
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - unparam
+        - staticcheck
+    - path: models/migrations/v
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+    - linters:
+        - dupl
+      text: "webhook"
+    - linters:
+        - gocritic
+      text: "`ID' should not be capitalized"
+    - path: modules/templates/helper.go
+      linters:
+        - gocritic
+    - linters:
+        - unused
+        - deadcode
+      text: "swagger"
+    - path: contrib/pr/checkout.go
+      linters:
+        - errcheck
+    - path: models/issue.go
+      linters:
+        - errcheck
+    - path: models/migrations/
+      linters:
+        - errcheck
+    - path: modules/log/
+      linters:
+        - errcheck
+    - path: routers/routes/routes.go
+      linters:
+        - dupl
+    - path: routers/repo/view.go
+      linters:
+        - dupl
+    - path: models/migrations/
+      linters:
+        - unused
+    - linters:
+        - staticcheck
+      text: "argument x is overwritten before first use"
+    - path: modules/httplib/httplib.go
+      linters:
+        - staticcheck
+    # Enabling this would require refactoring the methods and how they are called.
+    - path: models/issue_comment_list.go
+      linters:
+        - dupl
+    # "Destroy" is misspelled in github.com/go-macaron/session/session.go:213 so it's not our responsability to fix it
+    - path: modules/session/virtual.go
+      linters:
+        - misspell
+      text: '`Destory` is a misspelling of `Destroy`'
+    - path: modules/session/memory.go
+      linters:
+        - misspell
+      text: '`Destory` is a misspelling of `Destroy`'
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1 @@
+save-exact=true
--- a/.revive.toml
+++ b/.revive.toml
@@ -0,0 +1,25 @@
+ignoreGeneratedHeader = false
+severity = "warning"
+confidence = 0.8
+errorCode = 1
+warningCode = 1
+
+[rule.blank-imports]
+[rule.context-as-argument]
+[rule.context-keys-type]
+[rule.dot-imports]
+[rule.error-return]
+[rule.error-strings]
+[rule.error-naming]
+[rule.exported]
+[rule.if-return]
+[rule.increment-decrement]
+[rule.var-naming]
+[rule.var-declaration]
+[rule.package-comments]
+[rule.range]
+[rule.receiver-naming]
+[rule.time-naming]
+[rule.unexported-return]
+[rule.indent-error-flow]
+[rule.errorf]
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -0,0 +1,11 @@
+extends: stylelint-config-standard
+
+rules:
+  block-closing-brace-empty-line-before: null
+  color-hex-length: null
+  comment-empty-line-before: null
+  declaration-empty-line-before: null
+  indentation: 4
+  no-descending-specificity: null
+  rule-empty-line-before: null
+  selector-pseudo-element-colon-notation: null
--- a/51
+++ b/51
@@ -0,0 +1,51 @@
+# GNU makefile proxy script for BSD make
+# Written and maintained by Mahmoud Al-Qudsi <mqudsi@neosmart.net>
+# Copyright NeoSmart Technologies <https://neosmart.net/> 2014-2018
+# Obtain updates from <https://github.com/neosmart/gmake-proxy>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# 1. Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# 2. Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+# SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
+# CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+# OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+JARG =
+GMAKE = "gmake"
+#When gmake is called from another make instance, -w is automatically added
+#which causes extraneous messages about directory changes to be emitted.
+#--no-print-directory silences these messages.
+GARGS = "--no-print-directory"
+
+.if "$(.MAKE.JOBS)" != ""
+JARG = -j$(.MAKE.JOBS)
+.endif
+
+#by default bmake will cd into ./obj first
+.OBJDIR: ./
+
+.PHONY: FRC
+$(.TARGETS): FRC
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.DONE .DEFAULT: .SILENT
+	$(GMAKE) $(GARGS) $(.TARGETS:S,.DONE,,) $(JARG)
+
+.ERROR: .SILENT
+	if ! which $(GMAKE) > /dev/null; then \
+		echo "GNU Make is required!"; \
+	fi
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -16,6 +16,7 @@
  - [Maintainers](#maintainers)
  - [Owners](#owners)
  - [Versions](#versions)
+  - [Releasing Gitea](#releasing-gitea)
  - [Copyright](#copyright)

 ## Introduction
@@ -63,20 +64,31 @@ high-level discussions.

 ## Testing redux

-Before sending code out for review, run all the tests for the
-whole tree to make sure the changes don't break other usage
-and keep the compatibility on upgrade. To make sure you are
-running the test suite exactly like we do, you should install
-the CLI for [Drone CI](https://github.com/drone/drone), as
-we are using the server for continous testing, following [these
-instructions](http://docs.drone.io/cli-installation/). After that,
-you can simply call `drone exec --local --build-event "pull_request"` within
-your working directory and it will try to run the test suite locally.
+Before submitting a pull request, run all the tests for the whole tree
+to make sure your changes don't cause regression elsewhere.
+
+Here's how to run the test suite:
+
+- Install the correct version of the drone-cli package.  As of this
+  writing, the correct drone-cli version is
+  [1.1.0](https://docs.drone.io/cli/install/).
+- Ensure you have enough free disk space.  You will need at least
+  15-20 Gb of free disk space to hold all of the containers drone
+  creates (a default AWS or GCE disk size won't work -- see
+  [#6243](https://github.com/go-gitea/gitea/issues/6243)).
+- Change into the base directory of your copy of the gitea repository,
+  and run `drone exec --local --build-event pull_request`.
+
+The drone version, command line, and disk requirements do change over
+time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
+[#6243](https://github.com/go-gitea/gitea/issues/6243)); if you
+discover any issues, please feel free to send us a pull request to
+update these instructions.

 ## Vendoring

 We keep a cached copy of dependencies within the `vendor/` directory,
-managing updates via [dep](https://github.com/golang/dep).
+managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).

 Pull requests should only include `vendor/` updates if they are part of
 the same change, be it a bugfix or a feature addition.
@@ -85,14 +97,14 @@ The `vendor/` update needs to be justified as part of the PR description,
 and must be verified by the reviewers and/or merger to always reference
 an existing upstream commit.

-You can find more information on how to get started with it on the [dep project website](https://golang.github.io/dep/docs/introduction.html).
+You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).

 ## Translation

 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
 The only translation that is maintained in this git repository is
 [`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
-and is synced regularily to Crowdin. Once a translation has reached
+and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
 included in the next released version.

@@ -101,8 +113,8 @@ included in the next released version.
 Generally, the go build tools are installed as-needed in the `Makefile`.
 An exception are the tools to build the CSS and images.

- To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager)
-  with `npm` and then run `npm install` and `make generate-stylesheets`.
+- To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
+  with `npm` and then run `npm install` and `make css`.
 - To build Images: ImageMagick, inkscape and zopflipng binaries must be
  available in your `PATH` to run `make generate-images`.

@@ -202,7 +214,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
 For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide gpg signed commits. 
+if possible provide gpg signed commits.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/

@@ -243,6 +255,11 @@ they served:
  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
  * [Kim Carlbäcker](https://github.com/bkcsoft) <kim.carlbacker@gmail.com>

+* 2019-01-01 ~ 2019-12-31
+  * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://github.com/techknowlogick) <matti@mdranta.net>
+
 ## Versions

 Gitea has the `master` branch as a tip branch and has version branches
@@ -256,12 +273,25 @@ in production, please download the latest release tag version. All the
 branches will be protected via GitHub, all the PRs to every branch must
 be reviewed by two maintainers and must pass the automatic tests.

+## Releasing Gitea
+
+* Let $vmaj, $vmin and $vpat be Major, Minor and Patch version numbers, $vpat should be rc1, rc2, 0, 1, ...... $vmaj.$vmin will be kept the same as milestones on github or gitea in future.
+* Before releasing, confirm all the version's milestone issues or PRs has been resolved. Then discuss the release on discord channel #maintainers and get agreed with almost all the owners and mergers. Or you can declare the version and if nobody against in about serval hours.
+* If this is a big version first you have to create PR for changelog on branch `master` with PRs with label `changelog` and after it has been merged do following steps:
+  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
+  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
+* If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
+* And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
+* If needed send PR for changelog on branch `master`.
+* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
+
 ## Copyright

 Code that you contribute should use the standard copyright header:

 ```
-// Copyright 2018 The Gitea Authors. All rights reserved.
+// Copyright 2019 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
 ```
--- a/9
+++ b/9
@@ -1,10 +1,10 @@

 ###################################
 #Build stage
-FROM golang:1.10-alpine3.7 AS build-env
+FROM golang:1.12-alpine3.10 AS build-env

 ARG GITEA_VERSION
-ARG TAGS="sqlite"
+ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata $TAGS"

 #Build deps
@@ -18,7 +18,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean generate build

-FROM alpine:3.7
+FROM alpine:3.10
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -56,5 +56,6 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY docker /
+COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
+RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -1,878 +0,0 @@
-# This file is autogenerated, do not edit; changes may be undone by the next 'dep ensure'.
-
-
-[[projects]]
-  branch = "master"
-  name = "code.gitea.io/git"
-  packages = ["."]
-  revision = "31f4b8e8c805438ac6d8914b38accb1d8aaf695e"
-
-[[projects]]
-  branch = "master"
-  name = "code.gitea.io/sdk"
-  packages = ["gitea"]
-  revision = "b2308e3f700875a3642a78bd3f6e5db8ef6f974d"
-
-[[projects]]
-  name = "github.com/PuerkitoBio/goquery"
-  packages = ["."]
-  revision = "ed7d758e9a34ba1f55e8084e0d731448b46921a8"
-
-[[projects]]
-  name = "github.com/RoaringBitmap/roaring"
-  packages = ["."]
-  revision = "1a28a7fa985680f9f4e1644c0a857ec359a444b0"
-  version = "v0.4.7"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/Smerity/govarint"
-  packages = ["."]
-  revision = "7265e41f48f15fd61751e16da866af3c704bb3ab"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/Unknwon/cae"
-  packages = [
-    ".",
-    "zip"
-  ]
-  revision = "c6aac99ea2cae2ebaf23f26f76b04fe3fcfc9f8c"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/Unknwon/com"
-  packages = ["."]
-  revision = "7677a1d7c1137cd3dd5ba7a076d0c898a1ef4520"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/Unknwon/i18n"
-  packages = ["."]
-  revision = "b64d336589669d317928070e70ba0ae558f16633"
-
-[[projects]]
-  name = "github.com/Unknwon/paginater"
-  packages = ["."]
-  revision = "7748a72e01415173a27d79866b984328e7b0c12b"
-
-[[projects]]
-  name = "github.com/andybalholm/cascadia"
-  packages = ["."]
-  revision = "349dd0209470eabd9514242c688c403c0926d266"
-
-[[projects]]
-  name = "github.com/blevesearch/bleve"
-  packages = [
-    ".",
-    "analysis",
-    "analysis/analyzer/custom",
-    "analysis/analyzer/standard",
-    "analysis/datetime/flexible",
-    "analysis/datetime/optional",
-    "analysis/lang/en",
-    "analysis/token/camelcase",
-    "analysis/token/lowercase",
-    "analysis/token/porter",
-    "analysis/token/stop",
-    "analysis/token/unicodenorm",
-    "analysis/token/unique",
-    "analysis/tokenizer/unicode",
-    "document",
-    "geo",
-    "index",
-    "index/scorch",
-    "index/scorch/mergeplan",
-    "index/scorch/segment",
-    "index/scorch/segment/mem",
-    "index/scorch/segment/zap",
-    "index/store",
-    "index/store/boltdb",
-    "index/store/gtreap",
-    "index/upsidedown",
-    "mapping",
-    "numeric",
-    "registry",
-    "search",
-    "search/collector",
-    "search/facet",
-    "search/highlight",
-    "search/highlight/format/html",
-    "search/highlight/fragmenter/simple",
-    "search/highlight/highlighter/html",
-    "search/highlight/highlighter/simple",
-    "search/query",
-    "search/scorer",
-    "search/searcher"
-  ]
-  revision = "ff210fbc6d348ad67aa5754eaea11a463fcddafd"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/blevesearch/go-porterstemmer"
-  packages = ["."]
-  revision = "23a2c8e5cf1f380f27722c6d2ae8896431dc7d0e"
-
-[[projects]]
-  name = "github.com/blevesearch/segment"
-  packages = ["."]
-  revision = "db70c57796cc8c310613541dfade3dce627d09c7"
-
-[[projects]]
-  name = "github.com/boltdb/bolt"
-  packages = ["."]
-  revision = "ccd680d8c1a0179ac3d68f692b01e1a1589cbfc7"
-  source = "github.com/go-gitea/bolt"
-
-[[projects]]
-  name = "github.com/boombuler/barcode"
-  packages = [
-    ".",
-    "qr",
-    "utils"
-  ]
-  revision = "fe0f26ff6d26693948ee8189aa064ee8c54141fa"
-
-[[projects]]
-  name = "github.com/bradfitz/gomemcache"
-  packages = ["memcache"]
-  revision = "fb1f79c6b65acda83063cbc69f6bba1522558bfc"
-
-[[projects]]
-  name = "github.com/chaseadamsio/goorgeous"
-  packages = ["."]
-  revision = "098da33fde5f9220736531b3cb26a2dec86a8367"
-
-[[projects]]
-  name = "github.com/coreos/etcd"
-  packages = ["error"]
-  revision = "01c303113d0a3d5a8075864321c3aedb72035bdd"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/coreos/go-etcd"
-  packages = ["etcd"]
-  revision = "003851be7bb0694fe3cc457a49529a19388ee7cf"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/couchbase/vellum"
-  packages = [
-    ".",
-    "regexp",
-    "utf8"
-  ]
-  revision = "eb6ae3743b3f300f2136f83ca78c08cc071edbd4"
-
-[[projects]]
-  name = "github.com/davecgh/go-spew"
-  packages = ["spew"]
-  revision = "346938d642f2ec3594ed81d874461961cd0faa76"
-  version = "v1.1.0"
-
-[[projects]]
-  name = "github.com/denisenkom/go-mssqldb"
-  packages = ["."]
-  revision = "e32ca5036449b7ea12c62ed761ea1ad7fc88a4e2"
-
-[[projects]]
-  name = "github.com/dgrijalva/jwt-go"
-  packages = ["."]
-  revision = "9ed569b5d1ac936e6494082958d63a6aa4fff99a"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/edsrzf/mmap-go"
-  packages = ["."]
-  revision = "0bce6a6887123b67a60366d2c9fe2dfb74289d2e"
-
-[[projects]]
-  name = "github.com/elazarl/go-bindata-assetfs"
-  packages = ["."]
-  revision = "57eb5e1fc594ad4b0b1dbea7b286d299e0cb43c2"
-
-[[projects]]
-  name = "github.com/ethantkoenig/rupture"
-  packages = ["."]
-  revision = "0a76f03a811abcca2e6357329b673e9bb8ef9643"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/facebookgo/clock"
-  packages = ["."]
-  revision = "600d898af40aa09a7a93ecb9265d87b0504b6f03"
-
-[[projects]]
-  name = "github.com/facebookgo/grace"
-  packages = [
-    "gracehttp",
-    "gracenet"
-  ]
-  revision = "5729e484473f52048578af1b80d0008c7024089b"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/facebookgo/httpdown"
-  packages = ["."]
-  revision = "a3b1354551a26449fbe05f5d855937f6e7acbd71"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/facebookgo/stats"
-  packages = ["."]
-  revision = "1b76add642e42c6ffba7211ad7b3939ce654526e"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/glycerine/go-unsnap-stream"
-  packages = ["."]
-  revision = "9f0cb55181dd3a0a4c168d3dbc72d4aca4853126"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/bindata"
-  packages = ["."]
-  revision = "85786f57eee3e5544a9cc24fa2afe425b97a8652"
-
-[[projects]]
-  name = "github.com/go-macaron/binding"
-  packages = ["."]
-  revision = "9440f336b443056c90d7d448a0a55ad8c7599880"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/cache"
-  packages = [
-    ".",
-    "memcache",
-    "redis"
-  ]
-  revision = "56173531277692bc2925924d51fda1cd0a6b8178"
-
-[[projects]]
-  name = "github.com/go-macaron/captcha"
-  packages = ["."]
-  revision = "8aa5919789ab301e865595eb4b1114d6b9847deb"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/csrf"
-  packages = ["."]
-  revision = "503617c6b37257a55dff6293ec28556506c3a9a8"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/gzip"
-  packages = ["."]
-  revision = "cad1c6580a07c56f5f6bc52d66002a05985c5854"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/i18n"
-  packages = ["."]
-  revision = "ef57533c3b0fc2d8581deda14937e52f11a203ab"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/go-macaron/inject"
-  packages = ["."]
-  revision = "d8a0b8677191f4380287cfebd08e462217bac7ad"
-
-[[projects]]
-  name = "github.com/go-macaron/session"
-  packages = [
-    ".",
-    "redis"
-  ]
-  revision = "66031fcb37a0fff002a1f028eb0b3a815c78306b"
-
-[[projects]]
-  name = "github.com/go-macaron/toolbox"
-  packages = ["."]
-  revision = "99a42f20e9e88daec5c0d7beb4e7eac134680ab0"
-
-[[projects]]
-  name = "github.com/go-sql-driver/mysql"
-  packages = ["."]
-  revision = "ce924a41eea897745442daaa1739089b0f3f561d"
-
-[[projects]]
-  name = "github.com/go-xorm/builder"
-  packages = ["."]
-  revision = "488224409dd8aa2ce7a5baf8d10d55764a913738"
-
-[[projects]]
-  name = "github.com/go-xorm/core"
-  packages = ["."]
-  revision = "cb1d0ca71f42d3ee1bf4aba7daa16099bc31a7e9"
-
-[[projects]]
-  name = "github.com/go-xorm/tidb"
-  packages = ["."]
-  revision = "21e49190ce47a766fa741cf7edc831a30c12c6ac"
-
-[[projects]]
-  name = "github.com/go-xorm/xorm"
-  packages = ["."]
-  revision = "d4149d1eee0c2c488a74a5863fd9caf13d60fd03"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/gogits/chardet"
-  packages = ["."]
-  revision = "2404f777256163ea3eadb273dada5dcb037993c0"
-
-[[projects]]
-  name = "github.com/gogits/cron"
-  packages = ["."]
-  revision = "7f3990acf1833faa5ebd0e86f0a4c72a4b5eba3c"
-
-[[projects]]
-  name = "github.com/golang/protobuf"
-  packages = ["proto"]
-  revision = "99511271042a09d1e01baea8781caa5210fec66e"
-
-[[projects]]
-  name = "github.com/golang/snappy"
-  packages = ["."]
-  revision = "5f1c01d9f64b941dd9582c638279d046eda6ca31"
-
-[[projects]]
-  name = "github.com/gorilla/context"
-  packages = ["."]
-  revision = "08b5f424b9271eedf6f9f0ce86cb9396ed337a42"
-  version = "v1.1.1"
-
-[[projects]]
-  name = "github.com/gorilla/mux"
-  packages = ["."]
-  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
-
-[[projects]]
-  name = "github.com/gorilla/securecookie"
-  packages = ["."]
-  revision = "e59506cc896acb7f7bf732d4fdf5e25f7ccd8983"
-  version = "v1.1.1"
-
-[[projects]]
-  name = "github.com/gorilla/sessions"
-  packages = ["."]
-  revision = "ca9ada44574153444b00d3fd9c8559e4cc95f896"
-  version = "v1.1"
-
-[[projects]]
-  name = "github.com/issue9/identicon"
-  packages = ["."]
-  revision = "d36b54562f4cf70c83653e13dc95c220c79ef521"
-
-[[projects]]
-  name = "github.com/jaytaylor/html2text"
-  packages = ["."]
-  revision = "8fb95d837f7d6db1913fecfd7bcc5333e6499596"
-
-[[projects]]
-  name = "github.com/juju/errors"
-  packages = ["."]
-  revision = "b2c7a7da5b2995941048f60146e67702a292e468"
-
-[[projects]]
-  name = "github.com/kballard/go-shellquote"
-  packages = ["."]
-  revision = "cd60e84ee657ff3dc51de0b4f55dd299a3e136f2"
-
-[[projects]]
-  name = "github.com/keybase/go-crypto"
-  packages = [
-    "brainpool",
-    "cast5",
-    "curve25519",
-    "ed25519",
-    "ed25519/internal/edwards25519",
-    "openpgp",
-    "openpgp/armor",
-    "openpgp/ecdh",
-    "openpgp/elgamal",
-    "openpgp/errors",
-    "openpgp/packet",
-    "openpgp/s2k",
-    "rsa"
-  ]
-  revision = "00ac4db533f63ef97576cbc7b07939ff7daf7329"
-
-[[projects]]
-  name = "github.com/klauspost/compress"
-  packages = [
-    "flate",
-    "gzip"
-  ]
-  revision = "8df558b6cb6f9b445f9586446cfe7223e7d8bd6b"
-  version = "v1.1"
-
-[[projects]]
-  name = "github.com/klauspost/cpuid"
-  packages = ["."]
-  revision = "09cded8978dc9e80714c4d85b0322337b0a1e5e0"
-  version = "v1.0"
-
-[[projects]]
-  name = "github.com/klauspost/crc32"
-  packages = ["."]
-  revision = "cb6bfca970f6908083f26f39a79009d608efd5cd"
-  version = "v1.1"
-
-[[projects]]
-  name = "github.com/lafriks/xormstore"
-  packages = [
-    ".",
-    "util"
-  ]
-  revision = "9cab149ea91875cf056211bd6ef82379fce9cb67"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/lib/pq"
-  packages = [
-    ".",
-    "oid"
-  ]
-  revision = "456514e2defec52e0cd37f90ccf17ec8b28295e2"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/lunny/dingtalk_webhook"
-  packages = ["."]
-  revision = "e3534c89ef969912856dfa39e56b09e58c5f5daf"
-
-[[projects]]
-  name = "github.com/markbates/goth"
-  packages = [
-    ".",
-    "gothic",
-    "providers/bitbucket",
-    "providers/dropbox",
-    "providers/facebook",
-    "providers/github",
-    "providers/gitlab",
-    "providers/gplus",
-    "providers/openidConnect",
-    "providers/twitter"
-  ]
-  revision = "4933f155d89c3c52ab4ca545c6602cf4a1e87913"
-  version = "1.45.5"
-
-[[projects]]
-  name = "github.com/mattn/go-sqlite3"
-  packages = ["."]
-  revision = "acfa60124032040b9f5a9406f5a772ee16fe845e"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/mcuadros/go-version"
-  packages = ["."]
-  revision = "88e56e02bea1c203c99222c365fa52a69996ccac"
-
-[[projects]]
-  name = "github.com/microcosm-cc/bluemonday"
-  packages = ["."]
-  revision = "f77f16ffc87a6a58814e64ae72d55f9c41374e6d"
-
-[[projects]]
-  name = "github.com/mrjones/oauth"
-  packages = ["."]
-  revision = "3f67d9c274355678b2f9844b08d643e2f9213340"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/mschoch/smat"
-  packages = ["."]
-  revision = "90eadee771aeab36e8bf796039b8c261bebebe4f"
-
-[[projects]]
-  name = "github.com/msteinert/pam"
-  packages = ["."]
-  revision = "02ccfbfaf0cc627aa3aec8ef7ed5cfeec5b43f63"
-
-[[projects]]
-  name = "github.com/nfnt/resize"
-  packages = ["."]
-  revision = "891127d8d1b52734debe1b3c3d7e747502b6c366"
-
-[[projects]]
-  name = "github.com/ngaut/deadline"
-  packages = ["."]
-  revision = "fae8f9dfd7048de16575b9d4c255278e38c28a4f"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ngaut/go-zookeeper"
-  packages = ["zk"]
-  revision = "9c3719e318c7cfd072e41eb48cb71fcaa49d5e05"
-
-[[projects]]
-  name = "github.com/ngaut/log"
-  packages = ["."]
-  revision = "d2af3a61f64d093457fb23b25d20f4ce3cd551ce"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ngaut/pools"
-  packages = ["."]
-  revision = "b7bc8c42aac787667ba45adea78233f53f548443"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ngaut/sync2"
-  packages = ["."]
-  revision = "7a24ed77b2efb460c1468b7dc917821c66e80e55"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ngaut/tso"
-  packages = [
-    "client",
-    "proto",
-    "util"
-  ]
-  revision = "118f6c141d58f1e72577ff61f43f649bf39355ee"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/ngaut/zkhelper"
-  packages = ["."]
-  revision = "6738bdc138d469112c6687fbfcfe049ccabd6a0a"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/petar/GoLLRB"
-  packages = ["llrb"]
-  revision = "53be0d36a84c2a886ca057d34b6aa4468df9ccb4"
-
-[[projects]]
-  name = "github.com/philhofer/fwd"
-  packages = ["."]
-  revision = "bb6d471dc95d4fe11e432687f8b70ff496cf3136"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/pingcap/go-hbase"
-  packages = [
-    ".",
-    "iohelper",
-    "proto"
-  ]
-  revision = "7a98d1fe4e9e115de8c77ae0e158c0d08732c550"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/pingcap/go-themis"
-  packages = [
-    ".",
-    "oracle",
-    "oracle/oracles"
-  ]
-  revision = "dbb996606c1d1fe8571fd9ac6da2254c76d2c5c9"
-
-[[projects]]
-  name = "github.com/pingcap/tidb"
-  packages = [
-    ".",
-    "ast",
-    "column",
-    "context",
-    "ddl",
-    "domain",
-    "evaluator",
-    "executor",
-    "infoschema",
-    "inspectkv",
-    "kv",
-    "kv/memkv",
-    "meta",
-    "meta/autoid",
-    "model",
-    "mysql",
-    "optimizer",
-    "optimizer/plan",
-    "parser",
-    "parser/opcode",
-    "perfschema",
-    "privilege",
-    "privilege/privileges",
-    "sessionctx",
-    "sessionctx/autocommit",
-    "sessionctx/db",
-    "sessionctx/forupdate",
-    "sessionctx/variable",
-    "store/hbase",
-    "store/localstore",
-    "store/localstore/boltdb",
-    "store/localstore/engine",
-    "store/localstore/goleveldb",
-    "structure",
-    "table",
-    "table/tables",
-    "terror",
-    "util",
-    "util/bytes",
-    "util/charset",
-    "util/codec",
-    "util/distinct",
-    "util/hack",
-    "util/segmentmap",
-    "util/sqlexec",
-    "util/stringutil",
-    "util/types"
-  ]
-  revision = "33197485abe227dcb254644cf5081c9a3c281669"
-
-[[projects]]
-  name = "github.com/pmezard/go-difflib"
-  packages = ["difflib"]
-  revision = "792786c7400a136282c1664665ae0a8db921c6c2"
-  version = "v1.0.0"
-
-[[projects]]
-  name = "github.com/pquerna/otp"
-  packages = [
-    ".",
-    "hotp",
-    "totp"
-  ]
-  revision = "54653902c20e47f3417541d35435cb6d6162e28a"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/russross/blackfriday"
-  packages = ["."]
-  revision = "11635eb403ff09dbc3a6b5a007ab5ab09151c229"
-
-[[projects]]
-  name = "github.com/satori/go.uuid"
-  packages = ["."]
-  revision = "b061729afc07e77a8aa4fad0a2fd840958f1942a"
-
-[[projects]]
-  name = "github.com/sergi/go-diff"
-  packages = ["diffmatchpatch"]
-  revision = "552b4e9bbdca9e5adafd95ee98c822fdd11b330b"
-
-[[projects]]
-  name = "github.com/shurcooL/sanitized_anchor_name"
-  packages = ["."]
-  revision = "1dba4b3954bc059efc3991ec364f9f9a35f597d2"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/steveyen/gtreap"
-  packages = ["."]
-  revision = "0abe01ef9be25c4aedc174758ec2d917314d6d70"
-
-[[projects]]
-  name = "github.com/stretchr/testify"
-  packages = ["assert"]
-  revision = "12b6f73e6084dad08a7c6e575284b177ecafbc71"
-  version = "v1.2.1"
-
-[[projects]]
-  name = "github.com/syndtr/goleveldb"
-  packages = [
-    "leveldb",
-    "leveldb/cache",
-    "leveldb/comparer",
-    "leveldb/errors",
-    "leveldb/filter",
-    "leveldb/iterator",
-    "leveldb/journal",
-    "leveldb/memdb",
-    "leveldb/opt",
-    "leveldb/storage",
-    "leveldb/table",
-    "leveldb/util"
-  ]
-  revision = "917f41c560270110ceb73c5b38be2a9127387071"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/tinylib/msgp"
-  packages = ["msgp"]
-  revision = "c8cf64dff2009d53fa8f8a16df54d1cdfc64c4a7"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/tstranex/u2f"
-  packages = ["."]
-  revision = "d21a03e0b1d9fc1df59ff54e7a513655c1748b0c"
-
-[[projects]]
-  name = "github.com/twinj/uuid"
-  packages = ["."]
-  revision = "89173bcdda19db0eb88aef1e1cb1cb2505561d31"
-  version = "0.10.0"
-
-[[projects]]
-  name = "github.com/ugorji/go"
-  packages = ["codec"]
-  revision = "c062049c1793b01a3cc3fe786108edabbaf7756b"
-
-[[projects]]
-  name = "github.com/urfave/cli"
-  packages = ["."]
-  revision = "d86a009f5e13f83df65d0d6cee9a2e3f1445f0da"
-
-[[projects]]
-  branch = "master"
-  name = "github.com/willf/bitset"
-  packages = ["."]
-  revision = "8ce1146b8621c95164efd9c8b1124cfa9b8afb4e"
-
-[[projects]]
-  name = "github.com/yohcop/openid-go"
-  packages = ["."]
-  revision = "2c050d2dae5345c417db301f11fda6fbf5ad0f0a"
-
-[[projects]]
-  name = "golang.org/x/crypto"
-  packages = [
-    "curve25519",
-    "ed25519",
-    "ed25519/internal/edwards25519",
-    "md4",
-    "pbkdf2",
-    "ssh"
-  ]
-  revision = "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94"
-
-[[projects]]
-  name = "golang.org/x/net"
-  packages = [
-    "context",
-    "html",
-    "html/atom",
-    "html/charset"
-  ]
-  revision = "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
-
-[[projects]]
-  name = "golang.org/x/oauth2"
-  packages = [
-    ".",
-    "internal"
-  ]
-  revision = "c10ba270aa0bf8b8c1c986e103859c67a9103061"
-
-[[projects]]
-  name = "golang.org/x/sync"
-  packages = ["syncmap"]
-  revision = "5a06fca2c336a4b2b2fcb45702e8c47621b2aa2c"
-
-[[projects]]
-  name = "golang.org/x/sys"
-  packages = [
-    "unix",
-    "windows",
-    "windows/svc"
-  ]
-  revision = "a646d33e2ee3172a661fc09bca23bb4889a41bc8"
-
-[[projects]]
-  name = "golang.org/x/text"
-  packages = [
-    "encoding",
-    "encoding/charmap",
-    "encoding/htmlindex",
-    "encoding/internal",
-    "encoding/internal/identifier",
-    "encoding/japanese",
-    "encoding/korean",
-    "encoding/simplifiedchinese",
-    "encoding/traditionalchinese",
-    "encoding/unicode",
-    "internal/gen",
-    "internal/tag",
-    "internal/triegen",
-    "internal/ucd",
-    "internal/utf8internal",
-    "language",
-    "runes",
-    "transform",
-    "unicode/cldr",
-    "unicode/norm"
-  ]
-  revision = "2bf8f2a19ec09c670e931282edfe6567f6be21c9"
-
-[[projects]]
-  branch = "v3"
-  name = "gopkg.in/alexcesaro/quotedprintable.v3"
-  packages = ["."]
-  revision = "2caba252f4dc53eaf6b553000885530023f54623"
-
-[[projects]]
-  name = "gopkg.in/asn1-ber.v1"
-  packages = ["."]
-  revision = "4e86f4367175e39f69d9358a5f17b4dda270378d"
-  version = "v1.1"
-
-[[projects]]
-  name = "gopkg.in/bufio.v1"
-  packages = ["."]
-  revision = "567b2bfa514e796916c4747494d6ff5132a1dfce"
-  version = "v1"
-
-[[projects]]
-  name = "gopkg.in/editorconfig/editorconfig-core-go.v1"
-  packages = ["."]
-  revision = "a872f05c2e34b37b567401384d202aff11ba06d4"
-  version = "v1.2.0"
-
-[[projects]]
-  branch = "v2"
-  name = "gopkg.in/gomail.v2"
-  packages = ["."]
-  revision = "81ebce5c23dfd25c6c67194b37d3dd3f338c98b1"
-
-[[projects]]
-  name = "gopkg.in/ini.v1"
-  packages = ["."]
-  revision = "7e7da451323b6766da368f8a1e8ec9a88a16b4a0"
-  version = "v1.31.1"
-
-[[projects]]
-  name = "gopkg.in/ldap.v2"
-  packages = ["."]
-  revision = "d0a5ced67b4dc310b9158d63a2c6f9c5ec13f105"
-  version = "v2.4.1"
-
-[[projects]]
-  name = "gopkg.in/macaron.v1"
-  packages = ["."]
-  revision = "75f2e9b42e99652f0d82b28ccb73648f44615faa"
-  version = "v1.2.4"
-
-[[projects]]
-  name = "gopkg.in/redis.v2"
-  packages = ["."]
-  revision = "e6179049628164864e6e84e973cfb56335748dea"
-  version = "v2.3.2"
-
-[[projects]]
-  name = "gopkg.in/testfixtures.v2"
-  packages = ["."]
-  revision = "b9ef14dc461bf934d8df2dfc6f1f456be5664cca"
-  version = "v2.0.0"
-
-[[projects]]
-  name = "gopkg.in/yaml.v2"
-  packages = ["."]
-  revision = "a5b47d31c556af34a302ce5d659e6fea44d90de0"
-
-[[projects]]
-  name = "strk.kbt.io/projects/go/libravatar"
-  packages = ["."]
-  revision = "5eed7bff870ae19ef51c5773dbc8f3e9fcbd0982"
-
-[solve-meta]
-  analyzer-name = "dep"
-  analyzer-version = 1
-  inputs-digest = "036b8c882671cf8d2c5e2fdbe53b1bdfbd39f7ebd7765bd50276c7c4ecf16687"
-  solver-name = "gps-cdcl"
-  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -1,106 +0,0 @@
-
-ignored = ["google.golang.org/appengine*"]
-
-[prune]
-  go-tests = true
-  unused-packages = true
-  non-go = true
-
-[[constraint]]
-  branch = "master"
-  name = "code.gitea.io/git"
-
-[[constraint]]
-  branch = "master"
-  name = "code.gitea.io/sdk"
-
-[[constraint]]
-  revision = "9f005a07e0d31d45e6656d241bb5c0f2efd4bc94"
-  name = "golang.org/x/crypto"
-
-[[constraint]]
-  revision = "a646d33e2ee3172a661fc09bca23bb4889a41bc8"
-  name = "golang.org/x/sys"
-
-[[constraint]]
-  revision = "2bf8f2a19ec09c670e931282edfe6567f6be21c9"
-  name = "golang.org/x/text"
-
-[[constraint]]
-  revision = "f2499483f923065a842d38eb4c7f1927e6fc6e6d"
-  name = "golang.org/x/net"
-
-[[constraint]]
-  #version = "v1.0.0"
-  revision = "33197485abe227dcb254644cf5081c9a3c281669"
-  name = "github.com/pingcap/tidb"
-
-[[override]]
-  name = "github.com/go-xorm/xorm"
-  #version = "0.6.5"
-  revision = "d4149d1eee0c2c488a74a5863fd9caf13d60fd03"
-
-[[override]]
-  name = "github.com/gorilla/mux"
-  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
-
-[[constraint]]
-  name = "github.com/gorilla/context"
-  version = "1.1.1"
-
-[[constraint]]
-  name = "github.com/lafriks/xormstore"
-  version = "1.0.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/lunny/dingtalk_webhook"
-
-[[constraint]]
-  name = "github.com/markbates/goth"
-  version = "1.45.5"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/mcuadros/go-version"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/russross/blackfriday"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/tstranex/u2f"
-
-[[constraint]]
-  name = "gopkg.in/editorconfig/editorconfig-core-go.v1"
-  version = "1.2.0"
-
-[[constraint]]
-  branch = "v2"
-  name = "gopkg.in/gomail.v2"
-
-[[constraint]]
-  name = "gopkg.in/ini.v1"
-  version = "1.31.1"
-
-[[constraint]]
-  name = "gopkg.in/ldap.v2"
-  version = "2.4.1"
-
-[[constraint]]
-  name = "gopkg.in/macaron.v1"
-  version = "1.2.4"
-
-[[constraint]]
-  name = "gopkg.in/testfixtures.v2"
-  version = "2.0.0"
-
-[[override]]
-  name = "github.com/boltdb/bolt"
-  revision = "ccd680d8c1a0179ac3d68f692b01e1a1589cbfc7"
-  source = "github.com/go-gitea/bolt"
-
-[[override]]
-  revision = "c10ba270aa0bf8b8c1c986e103859c67a9103061"
-  name = "golang.org/x/oauth2"
--- a/12
+++ b/12
@@ -20,7 +20,13 @@ Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
 David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
 Peter Žeby <morlinest@gmail.com> (@morlinest)
 Matti Ranta <matti@mdranta.net> (@techknowlogick)
-Michael Lustfield <mtecknology@debian.org> (@MTecknology)
-Jonas Franz <info@jonasfranz.software> (@JonasFranzDEV)
-Flynn Lufmons <fluf@warpmail.net> (@flufmonster)
+Jonas Franz <info@jonasfranz.software> (@jonasfranz)
 Alexey Terentyev <axifnx@gmail.com> (@axifive)
+Lanre Adelowo <yo@lanre.wtf> (@adelowo)
+Konrad Langenberg <k@knt.li> (@kolaente)
+He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
+Andrew Thornton <art27@cantab.net> (@zeripath)
+John Olheiser <john.olheiser@gmail.com> (@jolheiser)
+Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
+Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
+silverwind <me@silverwind.io> (@silverwind)
--- a/278
+++ b/278
@@ -1,13 +1,17 @@
 DIST := dist
 IMPORT := code.gitea.io/gitea
+export GO111MODULE=off

 GO ?= go
 SED_INPLACE := sed -i
+SHASUM ?= shasum -a 256
+
+export PATH := $($(GO) env GOPATH)/bin:$(PATH)

 ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
+	EXECUTABLE ?= gitea.exe
 else
-	EXECUTABLE := gitea
+	EXECUTABLE ?= gitea
 	UNAME_S := $(shell uname -s)
 	ifeq ($(UNAME_S),Darwin)
 		SED_INPLACE := sed -i ''
@@ -21,40 +25,54 @@ GOFMT ?= gofmt -s
 GOFLAGS := -i -v
 EXTRA_GOFLAGS ?=

-LDFLAGS := -X "main.Version=$(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')" -X "main.Tags=$(TAGS)"
-
-PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/))
-SOURCES ?= $(shell find . -name "*.go" -type f)
-
-TAGS ?=
-
-TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
-
-TEST_MYSQL_HOST ?= mysql:3306
-TEST_MYSQL_DBNAME ?= testgitea
-TEST_MYSQL_USERNAME ?= root
-TEST_MYSQL_PASSWORD ?=
-TEST_PGSQL_HOST ?= pgsql:5432
-TEST_PGSQL_DBNAME ?= testgitea
-TEST_PGSQL_USERNAME ?= postgres
-TEST_PGSQL_PASSWORD ?= postgres
-
-ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
-else
-	EXECUTABLE := gitea
-endif
+MAKE_VERSION := $(shell make -v | head -n 1)

 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
+	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
 		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
 		VERSION ?= master
 	endif
+	GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
 endif

+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+
+PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/)))
+SOURCES ?= $(shell find . -name "*.go" -type f)
+
+TAGS ?=
+
+TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
+
+SWAGGER_SPEC := templates/swagger/v1_json.tmpl
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_NEWLINE_COMMAND := -e '$$a\'
+
+TEST_MYSQL_HOST ?= mysql:3306
+TEST_MYSQL_DBNAME ?= testgitea
+TEST_MYSQL_USERNAME ?= root
+TEST_MYSQL_PASSWORD ?=
+TEST_MYSQL8_HOST ?= mysql8:3306
+TEST_MYSQL8_DBNAME ?= testgitea
+TEST_MYSQL8_USERNAME ?= root
+TEST_MYSQL8_PASSWORD ?=
+TEST_PGSQL_HOST ?= pgsql:5432
+TEST_PGSQL_DBNAME ?= testgitea
+TEST_PGSQL_USERNAME ?= postgres
+TEST_PGSQL_PASSWORD ?= postgres
+TEST_MSSQL_HOST ?= mssql:1433
+TEST_MSSQL_DBNAME ?= gitea
+TEST_MSSQL_USERNAME ?= sa
+TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1
+
+# $(call strip-suffix,filename)
+strip-suffix = $(firstword $(subst ., ,$(1)))
+
 .PHONY: all
 all: build

@@ -65,9 +83,9 @@ clean:
 	$(GO) clean -i ./...
 	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA) \
 		integrations*.test \
-		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-sqlite/ \
-		integrations/indexers-mysql/ integrations/indexers-pgsql integrations/indexers-sqlite \
-		integrations/mysql.ini integrations/pgsql.ini
+		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
+		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
+		integrations/indexers-mssql integrations/mysql.ini integrations/mysql8.ini integrations/pgsql.ini integrations/mssql.ini

 .PHONY: fmt
 fmt:
@@ -79,21 +97,20 @@ vet:

 .PHONY: generate
 generate:
-	@hash go-bindata > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/jteeuwen/go-bindata/...; \
-	fi
-	$(GO) generate $(PACKAGES)
+	GO111MODULE=on $(GO) generate $(PACKAGES)

 .PHONY: generate-swagger
 generate-swagger:
 	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
+		GO111MODULE="on" $(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.19.0; \
 	fi
-	swagger generate spec -o ./public/swagger.v1.json
+	swagger generate spec -o './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'

 .PHONY: swagger-check
 swagger-check: generate-swagger
-	@diff=$$(git diff public/swagger.v1.json); \
+	@diff=$$(git diff '$(SWAGGER_SPEC)'); \
 	if [ -n "$$diff" ]; then \
 		echo "Please run 'make generate-swagger' and commit the result:"; \
 		echo "$${diff}"; \
@@ -105,7 +122,9 @@ swagger-validate:
 	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
 	fi
-	swagger validate ./public/swagger.v1.json
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)'
+	swagger validate './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'

 .PHONY: errcheck
 errcheck:
@@ -116,17 +135,21 @@ errcheck:

 .PHONY: lint
 lint:
-	@hash golint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/golang/lint/golint; \
+	@echo 'make lint is depricated. Use "make revive" if you want to use the old lint tool, or "make golangci-lint" to run a complete code check.'
+
+.PHONY: revive
+revive:
+	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GO) get -u github.com/mgechev/revive; \
 	fi
-	for PKG in $(PACKAGES); do golint -set_exit_status $$PKG || exit 1; done;
+	revive -config .revive.toml -exclude=./vendor/... ./... || exit 1

 .PHONY: misspell-check
 misspell-check:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
-	misspell -error -i unknwon $(GOFILES)
+	misspell -error -i unknwon,destory $(GOFILES)

 .PHONY: misspell
 misspell:
@@ -147,7 +170,7 @@ fmt-check:

 .PHONY: test
 test:
-	$(GO) test -tags=sqlite $(PACKAGES)
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' $(PACKAGES)

 .PHONY: coverage
 coverage:
@@ -158,14 +181,11 @@ coverage:

 .PHONY: unit-test-coverage
 unit-test-coverage:
-	for PKG in $(PACKAGES); do $(GO) test -tags=sqlite -cover -coverprofile $$GOPATH/src/$$PKG/coverage.out $$PKG || exit 1; done;
+	$(GO) test -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: vendor
 vendor:
-	@hash dep > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/golang/dep/cmd/dep; \
-	fi
-	dep ensure -vendor-only
+	GO111MODULE=on $(GO) mod tidy && GO111MODULE=on $(GO) mod vendor

 .PHONY: test-vendor
 test-vendor: vendor
@@ -175,32 +195,74 @@ test-vendor: vendor
 		echo "$${diff}"; \
 		exit 1; \
 	fi;
-#TODO add dep status -missing when implemented

 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test

+.PHONY: test-sqlite\#%
+test-sqlite\#%: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $*
+
+.PHONY: test-sqlite-migration
+test-sqlite-migration:  migrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
+
 generate-ini:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 			integrations/mysql.ini.tmpl > integrations/mysql.ini
+	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
+		-e 's|{{TEST_MYSQL8_DBNAME}}|${TEST_MYSQL8_DBNAME}|g' \
+		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
+		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
+			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
 		-e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \
 		-e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 			integrations/pgsql.ini.tmpl > integrations/pgsql.ini
+	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
+		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
+		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
+		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
+			integrations/mssql.ini.tmpl > integrations/mssql.ini

 .PHONY: test-mysql
 test-mysql: integrations.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test

+.PHONY: test-mysql-migration
+test-mysql-migration: migrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.test
+
+.PHONY: test-mysql8
+test-mysql8: integrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.test
+
+.PHONY: test-mysql8-migration
+test-mysql8-migration: migrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.test
+
 .PHONY: test-pgsql
 test-pgsql: integrations.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test

+.PHONY: test-pgsql-migration
+test-pgsql-migration: migrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.test
+
+.PHONY: test-mssql
+test-mssql: integrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.test
+
+.PHONY: test-mssql-migration
+test-mssql-migration: migrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.test
+
+
 .PHONY: bench-sqlite
 bench-sqlite: integrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
@@ -209,6 +271,10 @@ bench-sqlite: integrations.sqlite.test
 bench-mysql: integrations.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .

+.PHONY: bench-mssql
+bench-mssql: integrations.test generate-ini
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+
 .PHONY: bench-pgsql
 bench-pgsql: integrations.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
@@ -219,13 +285,21 @@ integration-test-coverage: integrations.cover.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

 integrations.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -o integrations.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.test

 integrations.sqlite.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite'
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 integrations.cover.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
+
+.PHONY: migrations.test
+migrations.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.test
+
+.PHONY: migrations.sqlite.test
+migrations.sqlite.test: $(SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 .PHONY: check
 check: test
@@ -238,7 +312,7 @@ install: $(wildcard *.go)
 build: $(EXECUTABLE)

 $(EXECUTABLE): $(SOURCES)
-	$(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
 release: release-dirs release-windows release-linux release-darwin release-copy release-compress release-check
@@ -250,67 +324,100 @@ release-dirs:
 .PHONY: release-windows
 release-windows:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
 release-linux:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/mips64le,linux/mips,linux/mipsle' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
 release-darwin:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/karalabe/xgo; \
+		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
 release-copy:
-	$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
 release-check:
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;

 .PHONY: release-compress
 release-compress:
 	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
 	fi
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),gxz -k -9 $(notdir $(file));)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;

-.PHONY: javascripts
-javascripts: public/js/index.js
+npm-check:
+	@hash npm > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;
+	@hash npx > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;

-.IGNORE: public/js/index.js
-public/js/index.js: $(JAVASCRIPTS)
-	cat $< >| $@
+.PHONY: npm
+npm: npm-check
+	npm install --no-save

-.PHONY: stylesheets-check
-stylesheets-check: generate-stylesheets
-	@diff=$$(git diff public/css/index.css); \
-	if [ -n "$$diff" ]; then \
-		echo "Please run 'make generate-stylesheets' and commit the result:"; \
+.PHONY: npm-update
+npm-update: npm-check
+	npx updates -cu
+	rm -rf node_modules package-lock.json
+	npm install --package-lock
+
+.PHONY: js
+js: npm
+	npx eslint public/js
+
+.PHONY: css
+css: npm
+	npx stylelint public/less
+	npx lessc --clean-css="--s0 -b" public/less/index.less public/css/index.css
+	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),npx lessc --clean-css="--s0 -b" public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
+	npx postcss --use autoprefixer --no-map --replace public/css/*
+
+	@diff=$$(git diff public/css/*); \
+	if ([ -n "$$CI" ] && [ -n "$$diff" ]); then \
+		echo "Generated files in public/css have changed, please commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi;

+.PHONY: javascripts
+javascripts:
+	echo "'make javascripts' is deprecated, please use 'make js'"
+	$(MAKE) js
+
+.PHONY: stylesheets-check
+stylesheets-check:
+	echo "'make stylesheets-check' is deprecated, please use 'make css'"
+	$(MAKE) css
+
 .PHONY: generate-stylesheets
 generate-stylesheets:
-	node_modules/.bin/lessc --clean-css public/less/index.less public/css/index.css
+	echo "'make generate-stylesheets' is deprecated, please use 'make css'"
+	$(MAKE) css

 .PHONY: swagger-ui
 swagger-ui:
@@ -334,6 +441,8 @@ update-translations:
 generate-images:
 	mkdir -p $(TMPDIR)/images
 	inkscape -f $(PWD)/assets/logo.svg -w 880 -h 880 -e $(PWD)/public/img/gitea-lg.png
+	inkscape -f $(PWD)/assets/logo.svg -w 512 -h 512 -e $(PWD)/public/img/gitea-512.png
+	inkscape -f $(PWD)/assets/logo.svg -w 192 -h 192 -e $(PWD)/public/img/gitea-192.png
 	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer1 -e $(TMPDIR)/images/sm-1.png
 	inkscape -f $(PWD)/assets/logo.svg -w 120 -h 120 -jC -i layer2 -e $(TMPDIR)/images/sm-2.png
 	composite -compose atop $(TMPDIR)/images/sm-2.png $(TMPDIR)/images/sm-1.png $(PWD)/public/img/gitea-sm.png
@@ -345,12 +454,25 @@ generate-images:
 	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer2 -e $(TMPDIR)/images/32-2.png
 	composite -compose atop $(TMPDIR)/images/32-2.png $(TMPDIR)/images/32-1.png $(TMPDIR)/images/32-raw.png
 	inkscape -f $(PWD)/assets/logo.svg -w 16 -h 16 -jC -i layer1 -e $(TMPDIR)/images/16-raw.png
-	zopflipng $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
-	zopflipng $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
-	zopflipng $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
-	zopflipng $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
+	zopflipng -m -y $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
+	zopflipng -m -y $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
+	zopflipng -m -y $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
+	zopflipng -m -y $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
 	rm -f $(TMPDIR)/images/*-*.png
 	convert $(TMPDIR)/images/16.png $(TMPDIR)/images/32.png \
 					$(TMPDIR)/images/64.png $(TMPDIR)/images/128.png \
 					$(PWD)/public/img/favicon.ico
 	rm -rf $(TMPDIR)/images
+	$(foreach file, $(shell find public/img -type f -name '*.png'),zopflipng -m -y $(file) $(file);)
+
+.PHONY: pr
+pr:
+	$(GO) run contrib/pr/checkout.go $(PR)
+
+.PHONY: golangci-lint
+golangci-lint:
+	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		export BINARY="golangci-lint"; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.16.0; \
+	fi
+	golangci-lint run
--- a/README.md
+++ b/README.md
@@ -29,7 +29,7 @@ This project has been

 From the root of the source tree, run:

-    make generate all
+    TAGS="bindata" make generate all

 More info: https://docs.gitea.io/en-us/install-from-source/

@@ -38,7 +38,7 @@ More info: https://docs.gitea.io/en-us/install-from-source/
    ./gitea web

 NOTE: If you're interested in using our APIs, we have experimental
-support with [documentation](https://godoc.org/code.gitea.io/sdk/gitea).
+support with [documentation](https://try.gitea.io/api/swagger).

 ## Contributing

@@ -90,6 +90,10 @@ Support this project by becoming a sponsor. Your logo will show up here with a l

 Gitea is pronounced [/ɡɪ’ti:/](https://youtu.be/EM71-2uDAoY) as in "gi-tea" with a hard g.

+**Why is this not hosted on a Gitea instance?**
+
+We're [working on it](https://github.com/go-gitea/gitea/issues/1029).
+
 ## License

 This project is licensed under the MIT License.
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -5,22 +5,15 @@
 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
 [![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
-[![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
 [![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)

-| | | |
-|:---:|:---:|:---:|
-|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
-|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
-
 ## 目标

-Gitea的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用Go作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了x86，amd64，还包括 ARM 和 PowerPC。
+Gitea 的首要目标是创建一个极易安装，运行非常快速，安装和使用体验良好的自建 Git 服务。我们采用 Go 作为后端语言，这使我们只要生成一个可执行程序即可。并且他还支持跨平台，支持 Linux, macOS 和 Windows 以及各种架构，除了 x86，amd64，还包括 ARM 和 PowerPC。

 如果您想试用一下，请访问 [在线Demo](https://try.gitea.io/)！

@@ -47,3 +40,12 @@ Fork -> Patch -> Push -> Pull Request
 ## 授权许可

 本项目采用 MIT 开源授权许可证，完整的授权说明已放置在 [LICENSE](https://github.com/go-gitea/gitea/blob/master/LICENSE) 文件中。
+
+## 截图
+
+| | | |
+|:---:|:---:|:---:|
+|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
+|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
+|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
+|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -6,10 +6,15 @@
 package cmd

 import (
+	"errors"
 	"fmt"
+	"os"
+	"text/tabwriter"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/oauth2"
+	"code.gitea.io/gitea/modules/generate"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

@@ -26,6 +31,7 @@ var (
 			subcmdChangePassword,
 			subcmdRepoSyncReleases,
 			subcmdRegenerate,
+			subcmdAuth,
 		},
 	}

@@ -36,6 +42,10 @@ var (
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "name",
+				Usage: "Username. DEPRECATED: use username instead",
+			},
+			cli.StringFlag{
+				Name:  "username",
 				Usage: "Username",
 			},
 			cli.StringFlag{
@@ -50,10 +60,22 @@ var (
 				Name:  "admin",
 				Usage: "User is an admin",
 			},
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
+			cli.BoolFlag{
+				Name:  "random-password",
+				Usage: "Generate a random password for the user",
+			},
+			cli.BoolFlag{
+				Name:  "must-change-password",
+				Usage: "Force the user to change his/her password after initial login",
+			},
+			cli.IntFlag{
+				Name:  "random-password-length",
+				Usage: "Length of the random password to be generated",
+				Value: 12,
+			},
+			cli.BoolFlag{
+				Name:  "access-token",
+				Usage: "Generate access token for the user",
 			},
 		},
 	}
@@ -73,11 +95,6 @@ var (
 				Value: "",
 				Usage: "New password to set for user",
 			},
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
 		},
 	}

@@ -100,27 +117,112 @@ var (
 		Name:   "hooks",
 		Usage:  "Regenerate git-hooks",
 		Action: runRegenerateHooks,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 	}

 	microcmdRegenKeys = cli.Command{
 		Name:   "keys",
 		Usage:  "Regenerate authorized_keys file",
 		Action: runRegenerateKeys,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
+	}
+
+	subcmdAuth = cli.Command{
+		Name:  "auth",
+		Usage: "Modify external auth providers",
+		Subcommands: []cli.Command{
+			microcmdAuthAddOauth,
+			microcmdAuthUpdateOauth,
+			cmdAuthAddLdapBindDn,
+			cmdAuthUpdateLdapBindDn,
+			cmdAuthAddLdapSimpleAuth,
+			cmdAuthUpdateLdapSimpleAuth,
+			microcmdAuthList,
+			microcmdAuthDelete,
 		},
 	}
+
+	microcmdAuthList = cli.Command{
+		Name:   "list",
+		Usage:  "List auth sources",
+		Action: runListAuth,
+	}
+
+	idFlag = cli.Int64Flag{
+		Name:  "id",
+		Usage: "ID of authentication source",
+	}
+
+	microcmdAuthDelete = cli.Command{
+		Name:   "delete",
+		Usage:  "Delete specific auth source",
+		Action: runDeleteAuth,
+	}
+
+	oauthCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "name",
+			Value: "",
+			Usage: "Application Name",
+		},
+		cli.StringFlag{
+			Name:  "provider",
+			Value: "",
+			Usage: "OAuth2 Provider",
+		},
+		cli.StringFlag{
+			Name:  "key",
+			Value: "",
+			Usage: "Client ID (Key)",
+		},
+		cli.StringFlag{
+			Name:  "secret",
+			Value: "",
+			Usage: "Client Secret",
+		},
+		cli.StringFlag{
+			Name:  "auto-discover-url",
+			Value: "",
+			Usage: "OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider)",
+		},
+		cli.StringFlag{
+			Name:  "use-custom-urls",
+			Value: "false",
+			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
+		},
+		cli.StringFlag{
+			Name:  "custom-auth-url",
+			Value: "",
+			Usage: "Use a custom Authorization URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-token-url",
+			Value: "",
+			Usage: "Use a custom Token URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-profile-url",
+			Value: "",
+			Usage: "Use a custom Profile URL (option for GitLab/GitHub)",
+		},
+		cli.StringFlag{
+			Name:  "custom-email-url",
+			Value: "",
+			Usage: "Use a custom Email URL (option for GitHub)",
+		},
+	}
+
+	microcmdAuthUpdateOauth = cli.Command{
+		Name:   "update-oauth",
+		Usage:  "Update existing Oauth authentication source",
+		Action: runUpdateOauth,
+		Flags:  append(oauthCLIFlags[:1], append([]cli.Flag{idFlag}, oauthCLIFlags[1:]...)...),
+	}
+
+	microcmdAuthAddOauth = cli.Command{
+		Name:   "add-oauth",
+		Usage:  "Add new Oauth authentication source",
+		Action: runAddOauth,
+		Flags:  oauthCLIFlags,
+	}
 )

 func runChangePassword(c *cli.Context) error {
@@ -128,10 +230,6 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -154,29 +252,90 @@ func runChangePassword(c *cli.Context) error {
 }

 func runCreateUser(c *cli.Context) error {
-	if err := argsSet(c, "name", "password", "email"); err != nil {
+	if err := argsSet(c, "email"); err != nil {
 		return err
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
+	if c.IsSet("name") && c.IsSet("username") {
+		return errors.New("Cannot set both --name and --username flags")
+	}
+	if !c.IsSet("name") && !c.IsSet("username") {
+		return errors.New("One of --name or --username flags must be set")
+	}
+
+	if c.IsSet("password") && c.IsSet("random-password") {
+		return errors.New("cannot set both -random-password and -password flags")
+	}
+
+	var username string
+	if c.IsSet("username") {
+		username = c.String("username")
+	} else {
+		username = c.String("name")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
+	}
+
+	var password string
+
+	if c.IsSet("password") {
+		password = c.String("password")
+	} else if c.IsSet("random-password") {
+		var err error
+		password, err = generate.GetRandomString(c.Int("random-password-length"))
+		if err != nil {
+			return err
+		}
+
+		fmt.Printf("generated random password is '%s'\n", password)
+	} else {
+		return errors.New("must set either password or random-password flag")
 	}

 	if err := initDB(); err != nil {
 		return err
 	}

-	if err := models.CreateUser(&models.User{
-		Name:     c.String("name"),
-		Email:    c.String("email"),
-		Passwd:   c.String("password"),
-		IsActive: true,
-		IsAdmin:  c.Bool("admin"),
-	}); err != nil {
+	// always default to true
+	var changePassword = true
+
+	// If this is the first user being created.
+	// Take it as the admin and don't force a password update.
+	if n := models.CountUsers(); n == 0 {
+		changePassword = false
+	}
+
+	if c.IsSet("must-change-password") {
+		changePassword = c.Bool("must-change-password")
+	}
+
+	u := &models.User{
+		Name:               username,
+		Email:              c.String("email"),
+		Passwd:             password,
+		IsActive:           true,
+		IsAdmin:            c.Bool("admin"),
+		MustChangePassword: changePassword,
+		Theme:              setting.UI.DefaultTheme,
+	}
+
+	if err := models.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}

-	fmt.Printf("New user '%s' has been successfully created!\n", c.String("name"))
+	if c.Bool("access-token") {
+		t := &models.AccessToken{
+			Name: "gitea-admin",
+			UID:  u.ID,
+		}
+
+		if err := models.NewAccessToken(t); err != nil {
+			return err
+		}
+
+		fmt.Printf("Access token was successfully created... %s\n", t.Token)
+	}
+
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }

@@ -242,10 +401,6 @@ func getReleaseCount(id int64) (int64, error) {
 }

 func runRegenerateHooks(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -253,12 +408,148 @@ func runRegenerateHooks(c *cli.Context) error {
 }

 func runRegenerateKeys(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
 	return models.RewriteAllPublicKeys()
 }
+
+func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
+	var customURLMapping *oauth2.CustomURLMapping
+	if c.IsSet("use-custom-urls") {
+		customURLMapping = &oauth2.CustomURLMapping{
+			TokenURL:   c.String("custom-token-url"),
+			AuthURL:    c.String("custom-auth-url"),
+			ProfileURL: c.String("custom-profile-url"),
+			EmailURL:   c.String("custom-email-url"),
+		}
+	} else {
+		customURLMapping = nil
+	}
+	return &models.OAuth2Config{
+		Provider:                      c.String("provider"),
+		ClientID:                      c.String("key"),
+		ClientSecret:                  c.String("secret"),
+		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
+		CustomURLMapping:              customURLMapping,
+	}
+}
+
+func runAddOauth(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	return models.CreateLoginSource(&models.LoginSource{
+		Type:      models.LoginOAuth2,
+		Name:      c.String("name"),
+		IsActived: true,
+		Cfg:       parseOAuth2Config(c),
+	})
+}
+
+func runUpdateOauth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	oAuth2Config := source.OAuth2()
+
+	if c.IsSet("name") {
+		source.Name = c.String("name")
+	}
+
+	if c.IsSet("provider") {
+		oAuth2Config.Provider = c.String("provider")
+	}
+
+	if c.IsSet("key") {
+		oAuth2Config.ClientID = c.String("key")
+	}
+
+	if c.IsSet("secret") {
+		oAuth2Config.ClientSecret = c.String("secret")
+	}
+
+	if c.IsSet("auto-discover-url") {
+		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
+	}
+
+	// update custom URL mapping
+	var customURLMapping = &oauth2.CustomURLMapping{}
+
+	if oAuth2Config.CustomURLMapping != nil {
+		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
+		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
+		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
+		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
+	}
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
+		customURLMapping.TokenURL = c.String("custom-token-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-auth-url") {
+		customURLMapping.AuthURL = c.String("custom-auth-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-profile-url") {
+		customURLMapping.ProfileURL = c.String("custom-profile-url")
+	}
+
+	if c.IsSet("use-custom-urls") && c.IsSet("custom-email-url") {
+		customURLMapping.EmailURL = c.String("custom-email-url")
+	}
+
+	oAuth2Config.CustomURLMapping = customURLMapping
+	source.Cfg = oAuth2Config
+
+	return models.UpdateSource(source)
+}
+
+func runListAuth(c *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	loginSources, err := models.LoginSources()
+
+	if err != nil {
+		return err
+	}
+
+	// loop through each source and print
+	w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.AlignRight)
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled")
+	for _, source := range loginSources {
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
+	}
+	w.Flush()
+
+	return nil
+}
+
+func runDeleteAuth(c *cli.Context) error {
+	if !c.IsSet("id") {
+		return fmt.Errorf("--id flag is missing")
+	}
+
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	source, err := models.GetLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return err
+	}
+
+	return models.DeleteSource(source)
+}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -0,0 +1,359 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/ldap"
+
+	"github.com/urfave/cli"
+)
+
+type (
+	authService struct {
+		initDB             func() error
+		createLoginSource  func(loginSource *models.LoginSource) error
+		updateLoginSource  func(loginSource *models.LoginSource) error
+		getLoginSourceByID func(id int64) (*models.LoginSource, error)
+	}
+)
+
+var (
+	commonLdapCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "name",
+			Usage: "Authentication name.",
+		},
+		cli.BoolFlag{
+			Name:  "not-active",
+			Usage: "Deactivate the authentication source.",
+		},
+		cli.StringFlag{
+			Name:  "security-protocol",
+			Usage: "Security protocol name.",
+		},
+		cli.BoolFlag{
+			Name:  "skip-tls-verify",
+			Usage: "Disable TLS verification.",
+		},
+		cli.StringFlag{
+			Name:  "host",
+			Usage: "The address where the LDAP server can be reached.",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Usage: "The port to use when connecting to the LDAP server.",
+		},
+		cli.StringFlag{
+			Name:  "user-search-base",
+			Usage: "The LDAP base at which user accounts will be searched for.",
+		},
+		cli.StringFlag{
+			Name:  "user-filter",
+			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
+		},
+		cli.StringFlag{
+			Name:  "admin-filter",
+			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
+		},
+		cli.StringFlag{
+			Name:  "username-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user name.",
+		},
+		cli.StringFlag{
+			Name:  "firstname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
+		},
+		cli.StringFlag{
+			Name:  "surname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
+		},
+		cli.StringFlag{
+			Name:  "email-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
+		},
+		cli.StringFlag{
+			Name:  "public-ssh-key-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
+		},
+	}
+
+	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "bind-dn",
+			Usage: "The DN to bind to the LDAP server with when searching for the user.",
+		},
+		cli.StringFlag{
+			Name:  "bind-password",
+			Usage: "The password for the Bind DN, if any.",
+		},
+		cli.BoolFlag{
+			Name:  "attributes-in-bind",
+			Usage: "Fetch attributes in bind DN context.",
+		},
+		cli.BoolFlag{
+			Name:  "synchronize-users",
+			Usage: "Enable user synchronization.",
+		},
+		cli.UintFlag{
+			Name:  "page-size",
+			Usage: "Search page size.",
+		})
+
+	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "user-dn",
+			Usage: "The user’s DN.",
+		})
+
+	cmdAuthAddLdapBindDn = cli.Command{
+		Name:  "add-ldap",
+		Usage: "Add new LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapBindDn(c)
+		},
+		Flags: ldapBindDnCLIFlags,
+	}
+
+	cmdAuthUpdateLdapBindDn = cli.Command{
+		Name:  "update-ldap",
+		Usage: "Update existing LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapBindDn(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
+	}
+
+	cmdAuthAddLdapSimpleAuth = cli.Command{
+		Name:  "add-ldap-simple",
+		Usage: "Add new LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapSimpleAuth(c)
+		},
+		Flags: ldapSimpleAuthCLIFlags,
+	}
+
+	cmdAuthUpdateLdapSimpleAuth = cli.Command{
+		Name:  "update-ldap-simple",
+		Usage: "Update existing LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapSimpleAuth(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
+	}
+)
+
+// newAuthService creates a service with default functions.
+func newAuthService() *authService {
+	return &authService{
+		initDB:             initDB,
+		createLoginSource:  models.CreateLoginSource,
+		updateLoginSource:  models.UpdateSource,
+		getLoginSourceByID: models.GetLoginSourceByID,
+	}
+}
+
+// parseLoginSource assigns values on loginSource according to command line flags.
+func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
+	if c.IsSet("name") {
+		loginSource.Name = c.String("name")
+	}
+	if c.IsSet("not-active") {
+		loginSource.IsActived = !c.Bool("not-active")
+	}
+	if c.IsSet("synchronize-users") {
+		loginSource.IsSyncEnabled = c.Bool("synchronize-users")
+	}
+}
+
+// parseLdapConfig assigns values on config according to command line flags.
+func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
+	if c.IsSet("name") {
+		config.Source.Name = c.String("name")
+	}
+	if c.IsSet("host") {
+		config.Source.Host = c.String("host")
+	}
+	if c.IsSet("port") {
+		config.Source.Port = c.Int("port")
+	}
+	if c.IsSet("security-protocol") {
+		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
+		if !ok {
+			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
+		}
+		config.Source.SecurityProtocol = p
+	}
+	if c.IsSet("skip-tls-verify") {
+		config.Source.SkipVerify = c.Bool("skip-tls-verify")
+	}
+	if c.IsSet("bind-dn") {
+		config.Source.BindDN = c.String("bind-dn")
+	}
+	if c.IsSet("user-dn") {
+		config.Source.UserDN = c.String("user-dn")
+	}
+	if c.IsSet("bind-password") {
+		config.Source.BindPassword = c.String("bind-password")
+	}
+	if c.IsSet("user-search-base") {
+		config.Source.UserBase = c.String("user-search-base")
+	}
+	if c.IsSet("username-attribute") {
+		config.Source.AttributeUsername = c.String("username-attribute")
+	}
+	if c.IsSet("firstname-attribute") {
+		config.Source.AttributeName = c.String("firstname-attribute")
+	}
+	if c.IsSet("surname-attribute") {
+		config.Source.AttributeSurname = c.String("surname-attribute")
+	}
+	if c.IsSet("email-attribute") {
+		config.Source.AttributeMail = c.String("email-attribute")
+	}
+	if c.IsSet("attributes-in-bind") {
+		config.Source.AttributesInBind = c.Bool("attributes-in-bind")
+	}
+	if c.IsSet("public-ssh-key-attribute") {
+		config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
+	}
+	if c.IsSet("page-size") {
+		config.Source.SearchPageSize = uint32(c.Uint("page-size"))
+	}
+	if c.IsSet("user-filter") {
+		config.Source.Filter = c.String("user-filter")
+	}
+	if c.IsSet("admin-filter") {
+		config.Source.AdminFilter = c.String("admin-filter")
+	}
+	return nil
+}
+
+// findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
+// It returns the value of the security protocol and if it was found.
+func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
+	for i, n := range models.SecurityProtocolNames {
+		if strings.EqualFold(name, n) {
+			return i, true
+		}
+	}
+	return 0, false
+}
+
+// getLoginSource gets the login source by its id defined in the command line flags.
+// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
+func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
+	if err := argsSet(c, "id"); err != nil {
+		return nil, err
+	}
+
+	loginSource, err := a.getLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return nil, err
+	}
+
+	if loginSource.Type != loginType {
+		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
+	}
+
+	return loginSource, nil
+}
+
+// addLdapBindDn adds a new LDAP via Bind DN authentication source.
+func (a *authService) addLdapBindDn(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP via Bind DN authentication source.
+func (a *authService) updateLdapBindDn(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
+
+// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
+func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginDLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP (simple auth) authentication source.
+func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -170,17 +170,28 @@ func runCert(c *cli.Context) error {
 	if err != nil {
 		log.Fatalf("Failed to open cert.pem for writing: %v", err)
 	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
+	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	if err != nil {
+		log.Fatalf("Failed to encode certificate: %v", err)
+	}
+	err = certOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write cert: %v", err)
+	}
 	log.Println("Written cert.pem")

 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
+	err = pem.Encode(keyOut, pemBlockForKey(priv))
+	if err != nil {
+		log.Fatalf("Failed to encode key: %v", err)
+	}
+	err = keyOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write key: %v", err)
+	}
 	log.Println("Written key.pem")
-
 	return nil
 }
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -12,6 +12,8 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
+
 	"github.com/urfave/cli"
 )

@@ -22,15 +24,23 @@ func argsSet(c *cli.Context, args ...string) error {
 		if !c.IsSet(a) {
 			return errors.New(a + " is not set")
 		}
+
+		if util.IsEmptyString(a) {
+			return errors.New(a + " is required")
+		}
 	}
 	return nil
 }

 func initDB() error {
+	return initDBDisableConsole(false)
+}
+
+func initDBDisableConsole(disableConsole bool) error {
 	setting.NewContext()
 	models.LoadConfigs()

-	setting.NewXORMLogService(false)
+	setting.NewXORMLogService(disableConsole)
 	if err := models.SetEngine(); err != nil {
 		return fmt.Errorf("models.SetEngine: %v", err)
 	}
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -0,0 +1,49 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdConvert represents the available convert sub-command.
+var CmdConvert = cli.Command{
+	Name:        "convert",
+	Usage:       "Convert the database",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Action:      runConvert,
+}
+
+func runConvert(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	models.LoadConfigs()
+
+	if models.DbCfg.Type != "mysql" {
+		fmt.Println("This command can only be used with a MySQL database")
+		return nil
+	}
+
+	if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
+		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+		return err
+	}
+
+	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+
+	return nil
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -31,12 +31,12 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
+			Name:  "file, f",
+			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Usage: "Name of the dump file which will be created.",
 		},
 		cli.BoolFlag{
-			Name:  "verbose, v",
+			Name:  "verbose, V",
 			Usage: "Show process details",
 		},
 		cli.StringFlag{
@@ -48,13 +48,14 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 			Name:  "database, d",
 			Usage: "Specify the database SQL syntax",
 		},
+		cli.BoolFlag{
+			Name:  "skip-repository, R",
+			Usage: "Skip the repository dumping",
+		},
 	},
 }

 func runDump(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
 	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise
 	models.LoadConfigs()
@@ -79,13 +80,27 @@ func runDump(ctx *cli.Context) error {
 		os.Setenv("TMPDIR", tmpWorkDir)
 	}

-	reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
 	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")

-	log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+	fileName := ctx.String("file")
+	log.Printf("Packing dump files...")
+	z, err := zip.Create(fileName)
+	if err != nil {
+		log.Fatalf("Failed to create %s: %v", fileName, err)
+	}
 	zip.Verbose = ctx.Bool("verbose")
-	if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
-		log.Fatalf("Failed to dump local repositories: %v", err)
+
+	if ctx.IsSet("skip-repository") {
+		log.Printf("Skip dumping local repositories")
+	} else {
+		log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+		reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
+		if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
+			log.Fatalf("Failed to dump local repositories: %v", err)
+		}
+		if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
+			log.Fatalf("Failed to include gitea-repo.zip: %v", err)
+		}
 	}

 	targetDBType := ctx.String("database")
@@ -99,19 +114,17 @@ func runDump(ctx *cli.Context) error {
 		log.Fatalf("Failed to dump database: %v", err)
 	}

-	fileName := fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix())
-	log.Printf("Packing dump files...")
-	z, err := zip.Create(fileName)
-	if err != nil {
-		log.Fatalf("Failed to create %s: %v", fileName, err)
-	}
-
-	if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
-		log.Fatalf("Failed to include gitea-repo.zip: %v", err)
-	}
 	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
 		log.Fatalf("Failed to include gitea-db.sql: %v", err)
 	}
+
+	if len(setting.CustomConf) > 0 {
+		log.Printf("Adding custom configuration file from %s", setting.CustomConf)
+		if err := z.AddFile("app.ini", setting.CustomConf); err != nil {
+			log.Fatalf("Failed to include specified app.ini: %v", err)
+		}
+	}
+
 	customDir, err := os.Stat(setting.CustomPath)
 	if err == nil && customDir.IsDir() {
 		if err := z.AddDir("custom", setting.CustomPath); err != nil {
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -40,9 +40,10 @@ var (
 	}

 	microcmdGenerateLfsJwtSecret = cli.Command{
-		Name:   "LFS_JWT_SECRET",
-		Usage:  "Generate a new LFS_JWT_SECRET",
-		Action: runGenerateLfsJwtSecret,
+		Name:    "JWT_SECRET",
+		Aliases: []string{"LFS_JWT_SECRET"},
+		Usage:   "Generate a new JWT_SECRET",
+		Action:  runGenerateLfsJwtSecret,
 	}

 	microcmdGenerateSecretKey = cli.Command{
@@ -63,7 +64,7 @@ func runGenerateInternalToken(c *cli.Context) error {
 }

 func runGenerateLfsJwtSecret(c *cli.Context) error {
-	JWTSecretBase64, err := generate.NewLfsJwtSecret()
+	JWTSecretBase64, err := generate.NewJwtSecret()
 	if err != nil {
 		return err
 	}
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -8,16 +8,14 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"net/http"
 	"os"
-	"path/filepath"
 	"strconv"
 	"strings"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"

 	"github.com/urfave/cli"
 )
@@ -28,13 +26,6 @@ var (
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "This should only be called by Git",
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 		Subcommands: []cli.Command{
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
@@ -62,32 +53,19 @@ var (
 	}
 )

-func hookSetup(logPath string) {
-	setting.NewContext()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-	models.LoadConfigs()
-}
-
 func runHookPreReceive(c *cli.Context) error {
 	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/pre-receive.log")
+	setup("hooks/pre-receive.log")

 	// the environment setted on serv command
-	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
-	userIDStr := os.Getenv(models.EnvPusherID)
-	repoPath := models.RepoPath(username, reponame)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)

 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
@@ -109,34 +87,22 @@ func runHookPreReceive(c *cli.Context) error {
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
-		protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
-		if err != nil {
-			log.GitLogger.Fatal(2, "retrieve protected branches information failed")
-		}
-
-		if protectBranch != nil && protectBranch.IsProtected() {
-			// detect force push
-			if git.EmptySHA != oldCommitID {
-				output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
-				if err != nil {
-					fail("Internal error", "Fail to detect force push: %v", err)
-				} else if len(output) > 0 {
-					fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
-				}
-			}
-
-			// check and deletion
-			if newCommitID == git.EmptySHA {
-				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-			} else {
-				userID, _ := strconv.ParseInt(userIDStr, 10, 64)
-				canPush, err := private.CanUserPush(protectBranch.ID, userID)
-				if err != nil {
-					fail("Internal error", "Fail to detect user can push: %v", err)
-				} else if !canPush {
-					fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
-				}
+		// If the ref is a branch, check if it's protected
+		if strings.HasPrefix(refFullName, git.BranchPrefix) {
+			statusCode, msg := private.HookPreReceive(username, reponame, private.HookOptions{
+				OldCommitID:                     oldCommitID,
+				NewCommitID:                     newCommitID,
+				RefFullName:                     refFullName,
+				UserID:                          userID,
+				GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
+				GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
+				ProtectedBranchID:               prID,
+			})
+			switch statusCode {
+			case http.StatusInternalServerError:
+				fail("Internal Server Error", msg)
+			case http.StatusForbidden:
+				fail(msg, "")
 			}
 		}
 	}
@@ -149,13 +115,7 @@ func runHookUpdate(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/update.log")
+	setup("hooks/update.log")

 	return nil
 }
@@ -165,13 +125,7 @@ func runHookPostReceive(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
-	hookSetup("hooks/post-receive.log")
+	setup("hooks/post-receive.log")

 	// the environment setted on serv command
 	repoUser := os.Getenv(models.EnvRepoUsername)
@@ -200,17 +154,31 @@ func runHookPostReceive(c *cli.Context) error {
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		if err := private.PushUpdate(models.PushUpdateOptions{
-			RefFullName:  refFullName,
-			OldCommitID:  oldCommitID,
-			NewCommitID:  newCommitID,
-			PusherID:     pusherID,
-			PusherName:   pusherName,
-			RepoUserName: repoUser,
-			RepoName:     repoName,
-		}); err != nil {
-			log.GitLogger.Error(2, "Update: %v", err)
+		res, err := private.HookPostReceive(repoUser, repoName, private.HookOptions{
+			OldCommitID: oldCommitID,
+			NewCommitID: newCommitID,
+			RefFullName: refFullName,
+			UserID:      pusherID,
+			UserName:    pusherName,
+		})
+
+		if res == nil {
+			fail("Internal Server Error", err)
 		}
+
+		if res["message"] == false {
+			continue
+		}
+
+		fmt.Fprintln(os.Stderr, "")
+		if res["create"] == true {
+			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res["branch"])
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		} else {
+			fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		}
+		fmt.Fprintln(os.Stderr, "")
 	}

 	return nil
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -0,0 +1,75 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"errors"
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+
+	"github.com/urfave/cli"
+)
+
+// CmdKeys represents the available keys sub-command
+var CmdKeys = cli.Command{
+	Name:   "keys",
+	Usage:  "This command queries the Gitea database to get the authorized command for a given ssh key fingerprint",
+	Action: runKeys,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "expected, e",
+			Value: "git",
+			Usage: "Expected user for whom provide key commands",
+		},
+		cli.StringFlag{
+			Name:  "username, u",
+			Value: "",
+			Usage: "Username trying to log in by SSH",
+		},
+		cli.StringFlag{
+			Name:  "type, t",
+			Value: "",
+			Usage: "Type of the SSH key provided to the SSH Server (requires content to be provided too)",
+		},
+		cli.StringFlag{
+			Name:  "content, k",
+			Value: "",
+			Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
+		},
+	},
+}
+
+func runKeys(c *cli.Context) error {
+	if !c.IsSet("username") {
+		return errors.New("No username provided")
+	}
+	// Check username matches the expected username
+	if strings.TrimSpace(c.String("username")) != strings.TrimSpace(c.String("expected")) {
+		return nil
+	}
+
+	content := ""
+
+	if c.IsSet("type") && c.IsSet("content") {
+		content = fmt.Sprintf("%s %s", strings.TrimSpace(c.String("type")), strings.TrimSpace(c.String("content")))
+	}
+
+	if content == "" {
+		return errors.New("No key type and content provided")
+	}
+
+	if err := initDBDisableConsole(true); err != nil {
+		return err
+	}
+
+	publicKey, err := models.SearchPublicKeyByContent(content)
+	if err != nil {
+		return err
+	}
+	fmt.Println(publicKey.AuthorizedString())
+	return nil
+}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -0,0 +1,41 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/models/migrations"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdMigrate represents the available migrate sub-command.
+var CmdMigrate = cli.Command{
+	Name:        "migrate",
+	Usage:       "Migrate the database",
+	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
+	Action:      runMigrate,
+}
+
+func runMigrate(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	models.LoadConfigs()
+
+	if err := models.NewEngine(migrations.Migrate); err != nil {
+		log.Fatal("Failed to initialize ORM engine: %v", err)
+		return err
+	}
+
+	return nil
+}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -8,17 +8,19 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
+	"strconv"
 	"strings"
 	"time"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/pprof"
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/Unknwon/com"
 	"github.com/dgrijalva/jwt-go"
@@ -26,7 +28,6 @@ import (
 )

 const (
-	accessDenied        = "Repository does not exist or you do not have access"
 	lfsAuthenticateVerb = "git-lfs-authenticate"
 )

@@ -37,28 +38,15 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
+		cli.BoolFlag{
+			Name: "enable-pprof",
 		},
 	},
 }

-func setup(logPath string) error {
+func setup(logPath string) {
+	_ = log.DelLogger("console")
 	setting.NewContext()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
-	models.LoadConfigs()
-
-	if setting.UseSQLite3 || setting.UseTiDB {
-		workPath := setting.AppWorkPath
-		if err := os.Chdir(workPath); err != nil {
-			log.GitLogger.Fatal(4, "Failed to change directory %s: %v", workPath, err)
-		}
-	}
-
-	setting.NewXORMLogService(true)
-	return models.SetEngine()
 }

 func parseCmd(cmd string) (string, string) {
@@ -85,22 +73,15 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 		if !setting.ProdMode {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
-		log.GitLogger.Fatal(3, logMessage, args...)
 		return
 	}

-	log.GitLogger.Close()
 	os.Exit(1)
 }

 func runServ(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
-	if err := setup("serv.log"); err != nil {
-		fail("System init failed", fmt.Sprintf("setup: %v", err))
-	}
+	// FIXME: This needs to internationalised
+	setup("serv.log")

 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -108,13 +89,29 @@ func runServ(c *cli.Context) error {
 	}

 	if len(c.Args()) < 1 {
-		cli.ShowSubcommandHelp(c)
+		if err := cli.ShowSubcommandHelp(c); err != nil {
+			fmt.Printf("error showing subcommand help: %v\n", err)
+		}
 		return nil
 	}

+	keys := strings.Split(c.Args()[0], "-")
+	if len(keys) != 2 || keys[0] != "key" {
+		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
+	}
+	keyID := com.StrTo(keys[1]).MustInt64()
+
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
-		println("Hi there, You've successfully authenticated, but Gitea does not provide shell access.")
+		key, user, err := private.ServNoCommand(keyID)
+		if err != nil {
+			fail("Internal error", "Failed to check provided key: %v", err)
+		}
+		if key.Type == models.KeyTypeDeploy {
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
+		} else {
+			println("Hi there: " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
 	}
@@ -143,28 +140,22 @@ func runServ(c *cli.Context) error {
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))

-	isWiki := false
-	unitType := models.UnitTypeCode
-	if strings.HasSuffix(reponame, ".wiki") {
-		isWiki = true
-		unitType = models.UnitTypeWiki
-		reponame = reponame[:len(reponame)-5]
-	}
-
-	os.Setenv(models.EnvRepoUsername, username)
-	if isWiki {
-		os.Setenv(models.EnvRepoIsWiki, "true")
-	} else {
-		os.Setenv(models.EnvRepoIsWiki, "false")
-	}
-	os.Setenv(models.EnvRepoName, reponame)
-
-	repo, err := models.GetRepositoryByOwnerAndName(username, reponame)
-	if err != nil {
-		if models.IsErrRepoNotExist(err) {
-			fail(accessDenied, "Repository does not exist: %s/%s", username, reponame)
+	if setting.EnablePprof || c.Bool("enable-pprof") {
+		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
+			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}
-		fail("Internal error", "Failed to get repository: %v", err)
+
+		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		if err != nil {
+			fail("Internal Server Error", "Unable to start CPU profile: %v", err)
+		}
+		defer func() {
+			stopCPUProfiler()
+			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+			if err != nil {
+				fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
+			}
+		}()
 	}

 	requestedMode, has := allowedCommands[verb]
@@ -182,97 +173,37 @@ func runServ(c *cli.Context) error {
 		}
 	}

-	// Prohibit push to mirror repositories.
-	if requestedMode > models.AccessModeRead && repo.IsMirror {
-		fail("mirror repository is read-only", "")
-	}
-
-	// Allow anonymous clone for public repositories.
-	var (
-		keyID int64
-		user  *models.User
-	)
-	if requestedMode == models.AccessModeWrite || repo.IsPrivate {
-		keys := strings.Split(c.Args()[0], "-")
-		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
-		}
-
-		key, err := models.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
-		if err != nil {
-			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
-		}
-		keyID = key.ID
-
-		// Check deploy key or user key.
-		if key.Type == models.KeyTypeDeploy {
-			if key.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
-			}
-			// Check if this deploy key belongs to current repository.
-			if !models.HasDeployKey(key.ID, repo.ID) {
-				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
-			}
-
-			// Update deploy key activity.
-			deployKey, err := models.GetDeployKeyByRepo(key.ID, repo.ID)
-			if err != nil {
-				fail("Internal error", "GetDeployKey: %v", err)
-			}
-
-			deployKey.UpdatedUnix = util.TimeStampNow()
-			if err = models.UpdateDeployKeyCols(deployKey, "updated_unix"); err != nil {
-				fail("Internal error", "UpdateDeployKey: %v", err)
-			}
-		} else {
-			user, err = models.GetUserByKeyID(key.ID)
-			if err != nil {
-				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
-			}
-
-			if !user.IsActive || user.ProhibitLogin {
-				fail("Your account is not active or has been disabled by Administrator",
-					"User %s is disabled and have no access to repository %s",
-					user.Name, repoPath)
-			}
-
-			mode, err := models.AccessLevel(user.ID, repo)
-			if err != nil {
-				fail("Internal error", "Failed to check access: %v", err)
-			} else if mode < requestedMode {
-				clientMessage := accessDenied
-				if mode >= models.AccessModeRead {
-					clientMessage = "You do not have sufficient authorization for this action"
-				}
-				fail(clientMessage,
-					"User %s does not have level %v access to repository %s",
-					user.Name, requestedMode, repoPath)
-			}
-
-			if !repo.CheckUnitUser(user.ID, user.IsAdmin, unitType) {
-				fail("You do not have allowed for this action",
-					"User %s does not have allowed access to repository %s 's code",
-					user.Name, repoPath)
-			}
-
-			os.Setenv(models.EnvPusherName, user.Name)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", user.ID))
-		}
+	results, err := private.ServCommand(keyID, username, reponame, requestedMode, verb, lfsVerb)
+	if err != nil {
+		if private.IsErrServCommand(err) {
+			errServCommand := err.(private.ErrServCommand)
+			if errServCommand.StatusCode != http.StatusInternalServerError {
+				fail("Unauthorized", "%s", errServCommand.Error())
+			} else {
+				fail("Internal Server Error", "%s", errServCommand.Error())
+			}
+		}
+		fail("Internal Server Error", "%s", err.Error())
 	}
+	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	os.Setenv(models.EnvRepoName, results.RepoName)
+	os.Setenv(models.EnvRepoUsername, results.OwnerName)
+	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
+	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))

 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
-		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, username, repo.Name)
+		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
 		claims := jwt.MapClaims{
-			"repo": repo.ID,
+			"repo": results.RepoID,
 			"op":   lfsVerb,
 			"exp":  now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
 			"nbf":  now.Unix(),
-		}
-		if user != nil {
-			claims["user"] = user.ID
+			"user": results.UserID,
 		}
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

@@ -293,7 +224,6 @@ func runServ(c *cli.Context) error {
 		if err != nil {
 			fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
-
 		return nil
 	}

@@ -310,14 +240,6 @@ func runServ(c *cli.Context) error {
 		gitcmd = exec.Command(verb, repoPath)
 	}

-	if isWiki {
-		if err = repo.InitWiki(); err != nil {
-			fail("Internal error", "Failed to init wiki repo: %v", err)
-		}
-	}
-
-	os.Setenv(models.ProtectedBranchRepoID, fmt.Sprintf("%d", repo.ID))
-
 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
 	gitcmd.Stdin = os.Stdin
@@ -327,9 +249,9 @@ func runServ(c *cli.Context) error {
 	}

 	// Update user key activity.
-	if keyID > 0 {
-		if err = private.UpdatePublicKeyUpdated(keyID); err != nil {
-			fail("Internal error", "UpdatePublicKey: %v", err)
+	if results.KeyID > 0 {
+		if err = private.UpdatePublicKeyInRepo(results.KeyID, results.RepoID); err != nil {
+			fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
 		}
 	}

--- a/cmd/web.go
+++ b/cmd/web.go
@@ -14,7 +14,6 @@ import (
 	"strings"

 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/markup/external"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
@@ -22,6 +21,7 @@ import (
 	"github.com/Unknwon/com"
 	context2 "github.com/gorilla/context"
 	"github.com/urfave/cli"
+	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
 )

@@ -38,11 +38,6 @@ and it takes care of all the other things for you`,
 			Value: "3000",
 			Usage: "Temporary port number to prevent conflict",
 		},
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 		cli.StringFlag{
 			Name:  "pid, P",
 			Value: "/var/run/gitea.pid",
@@ -67,23 +62,51 @@ func runHTTPRedirector() {
 	var err = runHTTP(source, context2.ClearHandler(handler))

 	if err != nil {
-		log.Fatal(4, "Failed to start port redirection: %v", err)
+		log.Fatal("Failed to start port redirection: %v", err)
 	}
 }

-func runWeb(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
+func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler) error {
+	certManager := autocert.Manager{
+		Prompt:     autocert.AcceptTOS,
+		HostPolicy: autocert.HostWhitelist(domain),
+		Cache:      autocert.DirCache(directory),
+		Email:      email,
 	}
+	go func() {
+		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
+		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		if err != nil {
+			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+		}
+	}()
+	server := &http.Server{
+		Addr:      listenAddr,
+		Handler:   m,
+		TLSConfig: certManager.TLSConfig(),
+	}
+	return server.ListenAndServeTLS("", "")
+}

+func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
+	if r.Method != "GET" && r.Method != "HEAD" {
+		http.Error(w, "Use HTTPS", http.StatusBadRequest)
+		return
+	}
+	// Remove the trailing slash at the end of setting.AppURL, the request
+	// URI always contains a leading slash, which would result in a double
+	// slash
+	target := strings.TrimRight(setting.AppURL, "/") + r.URL.RequestURI()
+	http.Redirect(w, r, target, http.StatusFound)
+}
+
+func runWeb(ctx *cli.Context) error {
 	if ctx.IsSet("pid") {
 		setting.CustomPID = ctx.String("pid")
 	}

 	routers.GlobalInit()

-	external.RegisterParsers()
-
 	m := routes.NewMacaron()
 	routes.RegisterRoutes(m)

@@ -143,20 +166,29 @@ func runWeb(ctx *cli.Context) error {
 	case setting.HTTP:
 		err = runHTTP(listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
+		if setting.EnableLetsEncrypt {
+			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
+			break
+		}
 		if setting.RedirectOtherPort {
 			go runHTTPRedirector()
 		}
 		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		listener, err := net.Listen("tcp", listenAddr)
+		var listener net.Listener
+		listener, err = net.Listen("tcp", listenAddr)
 		if err != nil {
-			log.Fatal(4, "Failed to bind %s", listenAddr, err)
+			log.Fatal("Failed to bind %s: %v", listenAddr, err)
 		}
-		defer listener.Close()
+		defer func() {
+			if err := listener.Close(); err != nil {
+				log.Fatal("Failed to stop server: %v", err)
+			}
+		}()
 		err = fcgi.Serve(listener, context2.ClearHandler(m))
 	case setting.UnixSocket:
 		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
-			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
+			log.Fatal("Failed to remove unix socket directory %s: %v", listenAddr, err)
 		}
 		var listener *net.UnixListener
 		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
@@ -167,15 +199,15 @@ func runWeb(ctx *cli.Context) error {
 		// FIXME: add proper implementation of signal capture on all protocols
 		// execute this on SIGTERM or SIGINT: listener.Close()
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
-			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
+			log.Fatal("Failed to set permission of unix socket: %v", err)
 		}
 		err = http.Serve(listener, context2.ClearHandler(m))
 	default:
-		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
+		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}

 	if err != nil {
-		log.Fatal(4, "Failed to start server: %v", err)
+		log.Fatal("Failed to start server: %v", err)
 	}

 	return nil
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -34,7 +34,7 @@ func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
 	var err error
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
-		log.Fatal(4, "Failed to load https cert file %s: %v", listenAddr, err)
+		log.Fatal("Failed to load https cert file %s: %v", listenAddr, err)
 	}

 	return gracehttp.Serve(&http.Server{
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+########################################################################
+# This script some defaults for gitea to run in a FHS compliant manner #
+########################################################################
+
+# It assumes that you place this script as gitea in /usr/bin
+#
+# And place the original in /usr/lib/gitea with working files in /var/lib/gitea
+# and main configuration in /etc/gitea/app.ini
+GITEA="/usr/lib/gitea/gitea"
+WORK_DIR="/var/lib/gitea"
+APP_INI="/etc/gitea/app.ini"
+
+APP_INI_SET=""
+for i in "$@"; do
+	case "$i" in
+	"-c")
+		APP_INI_SET=1
+		;;
+	"-c="*)
+		APP_INI_SET=1
+		;;
+	"--config")
+		APP_INI_SET=1
+		;;
+	"--config="*)
+		APP_INI_SET=1
+		;;
+	*)
+	;;
+	esac
+done
+
+if [ -z "$APP_INI_SET" ]; then
+	CONF_ARG="-c \"$APP_INI\""
+fi
+
+# Provide FHS compliant defaults to
+GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"
+
+
--- a/contrib/ide/vscode/launch.json
+++ b/contrib/ide/vscode/launch.json
@@ -19,7 +19,7 @@
      "type": "go",
      "request": "launch",
      "mode": "debug",
-      "buildFlags": "-tags=\"sqlite\"",
+      "buildFlags": "-tags=\"sqlite sqlite_unlock_notify\"",
      "port": 2345,
      "host": "127.0.0.1",
      "program": "${workspaceRoot}/main.go",
--- a/contrib/ide/vscode/tasks.json
+++ b/contrib/ide/vscode/tasks.json
@@ -35,7 +35,7 @@
        "focus": false,
        "panel": "shared"
      },
-      "args": ["build", "-tags=\"sqlite\""],
+      "args": ["build", "-tags=\"sqlite sqlite_unlock_notify\""],
      "linux": {
        "args": ["-o", "gitea", "${workspaceRoot}/main.go"]
      },
--- a/contrib/k8s/gitea.yml
+++ b/contrib/k8s/gitea.yml
@@ -0,0 +1,107 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: gitea
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: gitea
+  namespace: gitea
+  labels:
+    app: gitea
+spec:
+  replicas: 1
+  template:
+    metadata:
+      name: gitea
+      labels:
+        app: gitea
+    spec:
+      containers:
+      - name: gitea
+        image: gitea/gitea:latest
+        imagePullPolicy: Always
+        volumeMounts:
+          - mountPath: "/var/lib/gitea"
+            name: "root"
+          - mountPath: "/data"
+            name: "data"
+        ports:
+          - containerPort: 22
+            name: ssh
+            protocol: TCP
+          - containerPort: 3000
+            name: http
+            protocol: TCP
+      restartPolicy: Always
+      volumes:
+        # Set up a data directory for gitea
+        # For production usage, you should consider using PV/PVC instead(or simply using storage like NAS)
+        # For more details, please see https://kubernetes.io/docs/concepts/storage/volumes/
+      - name: "root"
+        hostPath:
+          # directory location on host
+          path: "/var/lib/gitea"
+          # this field is optional
+          type: Directory
+      - name: "data"
+        hostPath:
+          path: "/data/gitea"
+          type: Directory
+  selector:
+    matchLabels:
+      app: gitea
+---
+# Using cluster mode
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-web
+  namespace: gitea
+  labels:
+    app: gitea-web
+spec:
+  ports:
+  - port: 80
+    targetPort: 3000
+    name: http
+  selector:
+    app: gitea
+---
+# Using node-port mode
+# This mainly open a specific TCP port for SSH usage on each host,
+# so you can use a proxy layer to handle it(e.g. slb, nginx)
+apiVersion: v1
+kind: Service
+metadata:
+  name: gitea-ssh
+  namespace: gitea
+  labels:
+    app: gitea-ssh
+spec:
+  ports:
+  - port: 22
+    targetPort: 22
+    nodePort: 30022
+    name: ssh
+  selector:
+    app: gitea
+  type: NodePort
+---
+# Ingress is always suitable for HTTP usage,
+# we suggest using an proxy layer such as slb to send traffic to different ports.
+# Usually 80/443 for web and 22 directly for SSH.
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: gitea
+  namespace: gitea
+spec:
+  rules:
+  - host: your-gitea-host.com
+    http:
+      paths:
+      - backend:
+          serviceName: gitea-web
+          servicePort: 80
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -0,0 +1,264 @@
+package main
+
+/*
+Checkout a PR and load the tests data into sqlite database
+*/
+
+import (
+	"flag"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"net/http"
+	"net/url"
+	"os"
+	"os/exec"
+	"os/user"
+	"path"
+	"path/filepath"
+	"runtime"
+	"strconv"
+	"time"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/markup"
+	"code.gitea.io/gitea/modules/markup/external"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/routers"
+	"code.gitea.io/gitea/routers/routes"
+
+	"github.com/Unknwon/com"
+	"github.com/go-xorm/xorm"
+	context2 "github.com/gorilla/context"
+	"gopkg.in/src-d/go-git.v4"
+	"gopkg.in/src-d/go-git.v4/config"
+	"gopkg.in/src-d/go-git.v4/plumbing"
+	"gopkg.in/testfixtures.v2"
+)
+
+var codeFilePath = "contrib/pr/checkout.go"
+
+func runPR() {
+	log.Printf("[PR] Starting gitea ...\n")
+	curDir, err := os.Getwd()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.SetCustomPathAndConf("", "", "")
+	setting.NewContext()
+
+	setting.RepoRootPath, err = ioutil.TempDir(os.TempDir(), "repos")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppDataPath, err = ioutil.TempDir(os.TempDir(), "appdata")
+	if err != nil {
+		log.Fatalf("TempDir: %v\n", err)
+	}
+	setting.AppWorkPath = curDir
+	setting.StaticRootPath = curDir
+	setting.GravatarSourceURL, err = url.Parse("https://secure.gravatar.com/avatar/")
+	if err != nil {
+		log.Fatalf("url.Parse: %v\n", err)
+	}
+
+	setting.AppURL = "http://localhost:8080/"
+	setting.HTTPPort = "8080"
+	setting.SSH.Domain = "localhost"
+	setting.SSH.Port = 3000
+	setting.InstallLock = true
+	setting.SecretKey = "9pCviYTWSb"
+	setting.InternalToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8"
+	curUser, err := user.Current()
+	if err != nil {
+		log.Fatal(err)
+	}
+	setting.RunUser = curUser.Username
+
+	log.Printf("[PR] Loading fixtures data ...\n")
+	setting.CheckLFSVersion()
+	//models.LoadConfigs()
+	/*
+		models.DbCfg.Type = "sqlite3"
+		models.DbCfg.Path = ":memory:"
+		models.DbCfg.Timeout = 500
+	*/
+	db := setting.Cfg.Section("database")
+	db.NewKey("DB_TYPE", "sqlite3")
+	db.NewKey("PATH", ":memory:")
+	setting.LogSQL = true
+	models.LoadConfigs()
+	routers.NewServices()
+	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
+
+	var helper testfixtures.Helper = &testfixtures.SQLite{}
+	models.NewEngine(func(_ *xorm.Engine) error {
+		return nil
+	})
+	models.HasEngine = true
+	//x.ShowSQL(true)
+	err = models.InitFixtures(
+		helper,
+		path.Join(curDir, "models/fixtures/"),
+	)
+	if err != nil {
+		fmt.Printf("Error initializing test database: %v\n", err)
+		os.Exit(1)
+	}
+	models.LoadFixtures()
+	os.RemoveAll(setting.RepoRootPath)
+	os.RemoveAll(models.LocalCopyPath())
+	com.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)
+
+	log.Printf("[PR] Setting up router\n")
+	//routers.GlobalInit()
+	external.RegisterParsers()
+	markup.Init()
+	m := routes.NewMacaron()
+	routes.RegisterRoutes(m)
+
+	log.Printf("[PR] Ready for testing !\n")
+	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")
+	/*
+		log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
+
+		if setting.LFS.StartServer {
+			log.Info("LFS server enabled")
+		}
+
+		if setting.EnablePprof {
+			go func() {
+				log.Info("Starting pprof server on localhost:6060")
+				log.Info("%v", http.ListenAndServe("localhost:6060", nil))
+			}()
+		}
+	*/
+
+	//Start the server
+	http.ListenAndServe(":8080", context2.ClearHandler(m))
+
+	log.Printf("[PR] Cleaning up ...\n")
+	/*
+		if err = os.RemoveAll(setting.Indexer.IssuePath); err != nil {
+			fmt.Printf("os.RemoveAll: %v\n", err)
+			os.Exit(1)
+		}
+		if err = os.RemoveAll(setting.Indexer.RepoPath); err != nil {
+			fmt.Printf("Unable to remove repo indexer: %v\n", err)
+			os.Exit(1)
+		}
+	*/
+	if err = os.RemoveAll(setting.RepoRootPath); err != nil {
+		log.Fatalf("os.RemoveAll: %v\n", err)
+	}
+	if err = os.RemoveAll(setting.AppDataPath); err != nil {
+		log.Fatalf("os.RemoveAll: %v\n", err)
+	}
+}
+
+func main() {
+	var runPRFlag = flag.Bool("run", false, "Run the PR code")
+	flag.Parse()
+	if *runPRFlag {
+		runPR()
+		return
+	}
+
+	// To force checkout (e.g. Windows complains about unclean work tree) set env variable FORCE=true
+	force, err := strconv.ParseBool(os.Getenv("FORCE"))
+	if err != nil {
+		force = false
+	}
+
+	//Otherwise checkout PR
+	if len(os.Args) != 2 {
+		log.Fatal("Need only one arg: the PR number")
+	}
+	pr := os.Args[1]
+
+	codeFilePath = filepath.FromSlash(codeFilePath) //Convert to running OS
+
+	//Copy this file if it will not exist in the PR branch
+	dat, err := ioutil.ReadFile(codeFilePath)
+	if err != nil {
+		log.Fatalf("Failed to cache this code file : %v", err)
+	}
+
+	repo, err := git.PlainOpen(".")
+	if err != nil {
+		log.Fatalf("Failed to open the repo : %v", err)
+	}
+
+	//Find remote upstream
+	remotes, err := repo.Remotes()
+	if err != nil {
+		log.Fatalf("Failed to list remotes of repo : %v", err)
+	}
+	remoteUpstream := "origin" //Default
+	for _, r := range remotes {
+		if r.Config().URLs[0] == "https://github.com/go-gitea/gitea" || r.Config().URLs[0] == "git@github.com:go-gitea/gitea.git" { //fetch at index 0
+			remoteUpstream = r.Config().Name
+			break
+		}
+	}
+
+	branch := fmt.Sprintf("pr-%s-%d", pr, time.Now().Unix())
+	branchRef := plumbing.NewBranchReferenceName(branch)
+
+	log.Printf("Fetching PR #%s in %s\n", pr, branch)
+	if runtime.GOOS == "windows" {
+		//Use git cli command for windows
+		runCmd("git", "fetch", remoteUpstream, fmt.Sprintf("pull/%s/head:%s", pr, branch))
+	} else {
+		ref := fmt.Sprintf("refs/pull/%s/head:%s", pr, branchRef)
+		err = repo.Fetch(&git.FetchOptions{
+			RemoteName: remoteUpstream,
+			RefSpecs: []config.RefSpec{
+				config.RefSpec(ref),
+			},
+		})
+		if err != nil {
+			log.Fatalf("Failed to fetch %s from %s : %v", ref, remoteUpstream, err)
+		}
+	}
+
+	tree, err := repo.Worktree()
+	if err != nil {
+		log.Fatalf("Failed to parse git tree : %v", err)
+	}
+	log.Printf("Checkout PR #%s in %s\n", pr, branch)
+	err = tree.Checkout(&git.CheckoutOptions{
+		Branch: branchRef,
+		Force:  force,
+	})
+	if err != nil {
+		log.Fatalf("Failed to checkout %s : %v", branch, err)
+	}
+
+	//Copy this file if not exist
+	if _, err := os.Stat(codeFilePath); os.IsNotExist(err) {
+		err = os.MkdirAll(filepath.Dir(codeFilePath), 0755)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+		err = ioutil.WriteFile(codeFilePath, dat, 0644)
+		if err != nil {
+			log.Fatalf("Failed to duplicate this code file in PR : %v", err)
+		}
+	}
+	time.Sleep(5 * time.Second)
+	//Start with integration test
+	runCmd("go", "run", "-tags", "sqlite sqlite_unlock_notify", codeFilePath, "-run")
+}
+func runCmd(cmd ...string) {
+	log.Printf("Executing : %s ...\n", cmd)
+	c := exec.Command(cmd[0], cmd[1:]...)
+	c.Stdout = os.Stdout
+	c.Stderr = os.Stderr
+	if err := c.Start(); err != nil {
+		log.Panicln(err)
+	}
+	if err := c.Wait(); err != nil {
+		log.Panicln(err)
+	}
+}
--- a/contrib/systemd/gitea.service
+++ b/contrib/systemd/gitea.service
@@ -2,10 +2,11 @@
 Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
-#After=mysqld.service
-#After=postgresql.service
-#After=memcached.service
-#After=redis.service
+#Requires=mysql.service
+#Requires=mariadb.service
+#Requires=postgresql.service
+#Requires=memcached.service
+#Requires=redis.service

 [Service]
 # Modify these two values and uncomment them if you have
--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -1,3 +1,4 @@
+
 ; This file lists the default values used by Gitea
 ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
 ; and modify as needed.
@@ -31,8 +32,13 @@ PULL_REQUEST_QUEUE_LENGTH = 1000
 PREFERRED_LICENSES = Apache License 2.0,MIT License
 ; Disable the ability to interact with repositories using the HTTP protocol
 DISABLE_HTTP_GIT = false
+; Value for Access-Control-Allow-Origin header, default is not to present
+; WARNING: This maybe harmful to you website if you do not give it a right value.
+ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
 USE_COMPAT_SSH_URI = false
+; Close issues as long as a commit on any branch marks it as fixed
+DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false

 [repository.editor]
 ; List of file extensions for which lines should be wrapped in the CodeMirror editor
@@ -60,6 +66,31 @@ FILE_MAX_SIZE = 3
 ; Max number of files per upload. Defaults to 5
 MAX_FILES = 5

+[repository.pull-request]
+; List of prefixes used in Pull Request title to mark them as Work In Progress
+WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+
+[repository.issue]
+; List of reasons why a Pull Request or Issue can be locked
+LOCK_REASONS=Too heated,Off-topic,Resolved,Spam
+
+[cors]
+; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+; enable cors headers (disabled by default)
+ENABLED=false
+; scheme of allowed requests
+SCHEME=http
+; list of requesting domains that are allowed
+ALLOW_DOMAIN=*
+; allow subdomains of headers listed above to request
+ALLOW_SUBDOMAIN=false
+; list of methods allowed to request
+METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+; max time to cache response
+MAX_AGE=10m
+; allow request with credentials
+ALLOW_CREDENTIALS=false
+
 [ui]
 ; Number of repositories that are displayed on one explore page
 EXPLORE_PAGING_NUM = 20
@@ -67,6 +98,10 @@ EXPLORE_PAGING_NUM = 20
 ISSUE_PAGING_NUM = 10
 ; Number of maximum commits displayed in one activity feed
 FEED_MAX_COMMIT_NUM = 5
+; Number of maximum commits displayed in commit graph.
+GRAPH_MAX_COMMIT_NUM = 100
+; Number of line of codes shown for a code comment
+CODE_COMMENT_LINES = 4
 ; Value of `theme-color` meta tag, used by Android >= 5.0
 ; An invalid color like "none" or "disable" will have the default style
 ; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
@@ -75,13 +110,19 @@ THEME_COLOR_META_TAG = `#6cc644`
 MAX_DISPLAY_FILE_SIZE = 8388608
 ; Whether the email of the user should be shown in the Explore Users page
 SHOW_USER_EMAIL = true
+; Set the default theme for the Gitea install
+DEFAULT_THEME = gitea
+; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
+THEMES = gitea,arc-green
+; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+DEFAULT_SHOW_FULL_NAME = false

 [ui.admin]
 ; Number of users that are displayed on one page
 USER_PAGING_NUM = 50
 ; Number of repos that are displayed on one page
 REPO_PAGING_NUM = 50
-; Number of notices that are displayed on in one page
+; Number of notices that are displayed on one page
 NOTICE_PAGING_NUM = 25
 ; Number of organizations that are displayed on one page
 ORG_PAGING_NUM = 50
@@ -134,7 +175,7 @@ START_SSH_SERVER = false
 BUILTIN_SSH_SERVER_USER =
 ; Domain name to be exposed in clone URL
 SSH_DOMAIN = %(DOMAIN)s
-; THe network interface the builtin SSH server should listen on
+; The network interface the builtin SSH server should listen on
 SSH_LISTEN_HOST =
 ; Port number to be exposed in clone URL
 SSH_PORT = 22
@@ -142,6 +183,9 @@ SSH_PORT = 22
 SSH_LISTEN_PORT = %(SSH_PORT)s
 ; Root path of SSH directory, default is '~/.ssh', but you have to use '/home/git/.ssh'.
 SSH_ROOT_PATH =
+; Gitea will create a authorized_keys file by default when it is not using the internal ssh server
+; If you intend to use the AuthorizedKeysCommand functionality then you should turn this off.
+SSH_CREATE_AUTHORIZED_KEYS_FILE = true
 ; For the built-in SSH server, choose the ciphers to support for SSH connections,
 ; for system SSH this setting has no effect
 SSH_SERVER_CIPHERS = aes128-ctr, aes192-ctr, aes256-ctr, aes128-gcm@openssh.com, arcfour256, arcfour128
@@ -181,6 +225,12 @@ STATIC_ROOT_PATH =
 APP_DATA_PATH = data
 ; Application level GZIP support
 ENABLE_GZIP = false
+; Application profiling (memory and cpu)
+; For "web" command it listens on localhost:6060
+; For "serve" command it dumps to disk at PPROF_DATA_PATH as (cpuprofile|memprofile)_<username>_<temporary id>
+ENABLE_PPROF = false
+; PPROF_DATA_PATH, use an absolute path when you start gitea as service
+PPROF_DATA_PATH = data/tmp/pprof
 ; Landing page, can be "home", "explore", or "organizations"
 LANDING_PAGE = home
 ; Enables git-lfs support. true or false, default is false.
@@ -207,9 +257,13 @@ NAME = gitea
 USER = root
 ; Use PASSWD = `your password` for quoting if you use special characters in the password.
 PASSWD =
-; For "postgres" only, either "disable", "require" or "verify-full"
+; For Postgres, either "disable" (default), "require", or "verify-full"
+; For MySQL, either "false" (default), "true", or "skip-verify"
 SSL_MODE = disable
-; For "sqlite3" and "tidb", use absolute path when you start gitea as service
+; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
+; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+CHARSET = utf8
+; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
 PATH = data/gitea.db
 ; For "sqlite3" only. Query timeout
 SQLITE_TIMEOUT = 500
@@ -217,9 +271,26 @@ SQLITE_TIMEOUT = 500
 ITERATE_BUFFER_SIZE = 50
 ; Show the database generated SQL
 LOG_SQL = true
+; Maximum number of DB Connect retries
+DB_RETRIES = 10
+; Backoff time per DB retry (time.Duration)
+DB_RETRY_BACKOFF = 3s

 [indexer]
+; Issue indexer type, currently support: bleve or db, default is bleve
+ISSUE_INDEXER_TYPE = bleve
+; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
 ISSUE_INDEXER_PATH = indexers/issues.bleve
+; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
+ISSUE_INDEXER_QUEUE_TYPE = levelqueue
+; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
+; default is indexers/issues.queue
+ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
+; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+; Batch queue number, default is 20
+ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
+
 ; repo indexer by default disabled, since it uses a lot of disk space
 REPO_INDEXER_ENABLED = false
 REPO_INDEXER_PATH = indexers/repos.bleve
@@ -241,11 +312,12 @@ COOKIE_USERNAME = gitea_awesome
 COOKIE_REMEMBER_NAME = gitea_incredible
 ; Reverse proxy authentication header name of user name
 REVERSE_PROXY_AUTHENTICATION_USER = X-WEBAUTH-USER
+REVERSE_PROXY_AUTHENTICATION_EMAIL = X-WEBAUTH-EMAIL
 ; The minimum password length for new Users
 MIN_PASSWORD_LENGTH = 6
-; True when users are allowed to import local server paths
+; Set to true to allow users to import local server paths
 IMPORT_LOCAL_PATHS = false
-; Prevent all users (including admin) from creating custom git hooks
+; Set to true to prevent all users (including admin) from creating custom git hooks
 DISABLE_GIT_HOOKS = false

 [openid]
@@ -289,9 +361,12 @@ ACTIVE_CODE_LIVE_MINUTES = 180
 RESET_PASSWD_CODE_LIVE_MINUTES = 180
 ; Whether a new user needs to confirm their email when registering.
 REGISTER_EMAIL_CONFIRM = false
+; List of domain names that are allowed to be used to register on a Gitea instance
+; gitea.io,example.com
+EMAIL_DOMAIN_WHITELIST=
 ; Disallow registration, only allow admins to create accounts.
 DISABLE_REGISTRATION = false
-; Allow registration only using third part services, it works only when DISABLE_REGISTRATION is false
+; Allow registration only using third-party services, it works only when DISABLE_REGISTRATION is false
 ALLOW_ONLY_EXTERNAL_REGISTRATION = false
 ; User must sign in to view anything.
 REQUIRE_SIGNIN_VIEW = false
@@ -300,14 +375,33 @@ ENABLE_NOTIFY_MAIL = false
 ; More detail: https://github.com/gogits/gogs/issues/165
 ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
+ENABLE_REVERSE_PROXY_EMAIL = false
 ; Enable captcha validation for registration
-ENABLE_CAPTCHA = true
+ENABLE_CAPTCHA = false
+; Type of captcha you want to use. Options: image, recaptcha
+CAPTCHA_TYPE = image
+; Enable recaptcha to use Google's recaptcha service
+; Go to https://www.google.com/recaptcha/admin to sign up for a key
+RECAPTCHA_SECRET  =
+RECAPTCHA_SITEKEY =
+; Change this to use recaptcha.net or other recaptcha service
+RECAPTCHA_URL = https://www.google.com/recaptcha/
 ; Default value for KeepEmailPrivate
 ; Each new user will get the value of this setting copied into their profile
 DEFAULT_KEEP_EMAIL_PRIVATE = false
 ; Default value for AllowCreateOrganization
 ; Every new user will have rights set to create organizations depending on this setting
 DEFAULT_ALLOW_CREATE_ORGANIZATION = true
+; Either "public", "limited" or "private", default is "public"
+; Limited is for signed user only
+; Private is only for member of the organization
+; Public is for everyone
+DEFAULT_ORG_VISIBILITY = public
+; Default value for EnableDependencies
+; Repositories will use dependencies by default depending on this setting
+DEFAULT_ENABLE_DEPENDENCIES = true
+; Enable heatmap on users profiles.
+ENABLE_USER_HEATMAP = true
 ; Enable Timetracking
 ENABLE_TIMETRACKING = true
 ; Default value for EnableTimetracking
@@ -320,6 +414,12 @@ DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
 ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
 ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
 NO_REPLY_ADDRESS = noreply.example.org
+; Show Registration button
+SHOW_REGISTRATION_BUTTON = true
+; Default value for AutoWatchNewRepos
+; When adding a repo to a team or creating a new repo all team members will watch the
+; repo automatically if enabled
+AUTO_WATCH_NEW_REPOS = true

 [webhook]
 ; Hook task queue length, increase if webhook shooting starts hanging
@@ -335,8 +435,8 @@ PAGING_NUM = 10
 ENABLED = false
 ; Buffer length of channel, keep it as it is if you don't know what it is.
 SEND_BUFFER_LEN = 100
-; Name displayed in mail title
-SUBJECT = %(APP_NAME)s
+; Prefix displayed before subject in mail
+SUBJECT_PREFIX =
 ; Mail server
 ; Gmail: smtp.gmail.com:587
 ; QQ: smtp.qq.com:465
@@ -352,6 +452,8 @@ SKIP_VERIFY =
 USE_CERTIFICATE = false
 CERT_FILE = custom/mailer/cert.pem
 KEY_FILE = custom/mailer/key.pem
+; Should SMTP connection use TLS
+IS_TLS_ENABLED = false
 ; Mail from address, RFC 5322. This can be just an email address, or the `"Name" <email@example.com>` format
 FROM =
 ; Mailer user name and password
@@ -360,8 +462,8 @@ USER =
 PASSWD =
 ; Send mails as plain text
 SEND_AS_PLAIN_TEXT = false
-; Enable sendmail (override SMTP)
-USE_SENDMAIL = false
+; Set Mailer Type (either SMTP, sendmail or dummy to just send to the log)
+MAILER_TYPE = smtp
 ; Specify an alternative sendmail binary
 SENDMAIL_PATH = sendmail
 ; Specify any extra sendmail arguments
@@ -402,10 +504,18 @@ SESSION_LIFE_TIME = 86400

 [picture]
 AVATAR_UPLOAD_PATH = data/avatars
-; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
-; used when resizing the image.
+REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
+; How Gitea deals with missing repository avatars
+; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
+REPOSITORY_AVATAR_FALLBACK = none
+REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
+; Max Width and Height of uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_WIDTH = 4096
 AVATAR_MAX_HEIGHT = 3072
+; Maximum alloved file size for uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_FILE_SIZE = 1048576
 ; Chinese users can choose "duoshuo"
 ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
 GRAVATAR_SOURCE = gravatar
@@ -441,16 +551,37 @@ ROOT_PATH =
 MODE = console
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
 BUFFER_LEN = 10000
+REDIRECT_MACARON_LOG = false
+MACARON = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
+ROUTER_LOG_LEVEL = Info
+ROUTER = console
+ENABLE_ACCESS_LOG = false
+ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+ACCESS = file
 ; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-LEVEL = Trace
+LEVEL = Info
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+STACKTRACE_LEVEL = None
+
+; Generic log modes
+[log.x]
+FLAGS = stdflags
+EXPRESSION =
+PREFIX =
+COLORIZE = false

 ; For "console" mode only
 [log.console]
 LEVEL =
+STDERR = false

 ; For "file" mode only
 [log.file]
 LEVEL =
+; Set the file_name for the logger. If this is a relative path this
+; will be relative to ROOT_PATH
+FILE_NAME =
 ; This enables automated log rotate(switch of following options), default is true
 LOG_ROTATE = true
 ; Max number of lines in a single file, default is 1000000
@@ -461,6 +592,10 @@ MAX_SIZE_SHIFT = 28
 DAILY_ROTATE = true
 ; delete the log file after n days, default is 7
 MAX_DAYS = 7
+; compress logs with gzip
+COMPRESS = true
+; compression level see godoc for compress/gzip
+COMPRESSION_LEVEL = -1

 ; For "conn" mode only
 [log.conn]
@@ -488,14 +623,6 @@ PASSWD =
 ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
 RECEIVERS =

-; For "database" mode only
-[log.database]
-LEVEL =
-; Either "mysql" or "postgres"
-DRIVER =
-; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
-CONN =
-
 [cron]
 ; Enable running cron tasks periodically.
 ENABLED = true
@@ -511,7 +638,7 @@ SCHEDULE = @every 10m
 SCHEDULE = @every 24h
 TIMEOUT = 60s
 ; Arguments for command 'git fsck', e.g. "--unreachable --tags"
-; see more on http://git-scm.com/docs/git-fsck/1.7.5
+; see more on http://git-scm.com/docs/git-fsck
 ARGS =

 ; Check repository statistics
@@ -550,11 +677,14 @@ MAX_GIT_DIFF_LINE_CHARACTERS = 5000
 ; Max number of files shown in diff view
 MAX_GIT_DIFF_FILES = 100
 ; Arguments for command 'git gc', e.g. "--aggressive --auto"
-; see more on http://git-scm.com/docs/git-gc/1.7.5
+; see more on http://git-scm.com/docs/git-gc/
 GC_ARGS =
+; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+EnableAutoGitWireProtocol = true

 ; Operation timeout in seconds
 [git.timeout]
+DEFAULT = 360
 MIGRATE = 600
 MIRROR = 300
 CLONE = 300
@@ -568,10 +698,28 @@ DEFAULT_INTERVAL = 8h
 MIN_INTERVAL = 10m

 [api]
-; Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
-ENABLE_SWAGGER_ENDPOINT = true
+; Enables Swagger. True or false; default is true.
+ENABLE_SWAGGER = true
 ; Max number of items in a page
 MAX_RESPONSE_ITEMS = 50
+; Default paging number of api
+DEFAULT_PAGING_NUM = 30
+; Default and maximum number of items per page for git trees api
+DEFAULT_GIT_TREES_PER_PAGE = 1000
+; Default size of a blob returned by the blobs API (default is 10MiB)
+DEFAULT_MAX_BLOB_SIZE = 10485760
+
+[oauth2]
+; Enables OAuth2 provider
+ENABLE = true
+; Lifetime of an OAuth2 access token in seconds
+ACCESS_TOKEN_EXPIRATION_TIME=3600
+; Lifetime of an OAuth2 access token in hours
+REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
+; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
+JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU

 [i18n]
 LANGS = en-US,zh-CN,zh-HK,zh-TW,de-DE,fr-FR,nl-NL,lv-LV,ru-RU,uk-UA,ja-JP,es-ES,pt-BR,pl-PL,bg-BG,it-IT,fi-FI,tr-TR,cs-CZ,sr-SP,sv-SE,ko-KR
@@ -603,11 +751,12 @@ sv-SE = sv
 ko-KR = ko

 [U2F]
+; NOTE: THE DEFAULT VALUES HERE WILL NEED TO BE CHANGED
 ; Two Factor authentication with security keys
 ; https://developers.yubico.com/U2F/App_ID.html
-APP_ID = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
-; Comma seperated list of truisted facets
-TRUSTED_FACETS = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+;APP_ID = http://localhost:3000/
+; Comma seperated list of trusted facets
+;TRUSTED_FACETS = http://localhost:3000/

 ; Extension mapping to highlight class
 ; e.g. .toml=ini
@@ -628,3 +777,9 @@ FILE_EXTENSIONS = .adoc,.asciidoc
 RENDER_COMMAND = "asciidoc --out-file=- -"
 ; Don't pass the file on STDIN, pass the filename as argument instead.
 IS_INPUT_FILE = false
+
+[metrics]
+; Enables metrics endpoint. True or false; default is false.
+ENABLED = false
+; If you want to add authorization, specify a token here
+TOKEN =
--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,12 +4,11 @@ DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)

-
 .PHONY: docker
 docker:
 	docker build --disable-content-trust=false -t $(DOCKER_REF) .
-# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite"  .
+# support also build args docker build --build-arg GITEA_VERSION=v1.2.3 --build-arg TAGS="bindata sqlite sqlite_unlock_notify"  .

 .PHONY: docker-build
 docker-build:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" webhippie/golang:edge make clean generate build
+	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" webhippie/golang:edge make clean generate build
--- a/docker/etc/profile.d/gitea.sh
+++ b/docker/etc/profile.d/gitea.sh
@@ -1,2 +0,0 @@
-#!/bin/bash
-export GITEA_CUSTOM=/data/gitea
--- a/docker/etc/s6/gitea/setup
+++ b/docker/etc/s6/gitea/setup
@@ -1,43 +0,0 @@
-#!/bin/bash
-
-if [ ! -d /data/git/.ssh ]; then
-    mkdir -p /data/git/.ssh
-    chmod 700 /data/git/.ssh
-fi
-
-if [ ! -f /data/git/.ssh/environment ]; then
-    echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
-    chmod 600 /data/git/.ssh/environment
-fi
-
-if [ ! -f /data/gitea/conf/app.ini ]; then
-    mkdir -p /data/gitea/conf
-
-    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
-    # INSTALL_LOCK is empty
-    if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
-        INSTALL_LOCK=true
-    fi
-
-    # Substitude the environment variables in the template
-    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
-    RUN_MODE=${RUN_MODE:-"dev"} \
-    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
-    HTTP_PORT=${HTTP_PORT:-"3000"} \
-    ROOT_URL=${ROOT_URL:-""} \
-    DISABLE_SSH=${DISABLE_SSH:-"false"} \
-    SSH_PORT=${SSH_PORT:-"22"} \
-    DB_TYPE=${DB_TYPE:-"sqlite3"} \
-    DB_HOST=${DB_HOST:-"localhost:3306"} \
-    DB_NAME=${DB_NAME:-"gitea"} \
-    DB_USER=${DB_USER:-"root"} \
-    DB_PASSWD=${DB_PASSWD:-""} \
-    INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
-    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
-    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
-    SECRET_KEY=${SECRET_KEY:-""} \
-    envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
-fi
-
-chown -R ${USER}:git /data/gitea /app/gitea /data/git
-chmod 0755 /data/gitea /app/gitea /data/git
--- a/docker/etc/s6/openssh/run
+++ b/docker/etc/s6/openssh/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /usr/sbin/sshd -D
-popd
--- a/docker/etc/s6/openssh/setup
+++ b/docker/etc/s6/openssh/setup
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-if [ ! -d /data/ssh ]; then
-    mkdir -p /data/ssh
-fi
-
-if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
-    echo "Generating /data/ssh/ssh_host_ed25519_key..."
-    ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_rsa_key..."
-    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_dsa_key..."
-    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
-fi
-
-if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
-    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
-    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
-fi
-
-chown root:root /data/ssh/*
-chmod 0700 /data/ssh
-chmod 0600 /data/ssh/*
--- a/docker/etc/s6/syslogd/finish
+++ b/docker/etc/s6/syslogd/finish
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
--- a/docker/etc/s6/syslogd/run
+++ b/docker/etc/s6/syslogd/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /sbin/syslogd -nS -O-
-popd
--- a/docker/etc/s6/syslogd/setup
+++ b/docker/etc/s6/syslogd/setup
@@ -1 +0,0 @@
-#!/bin/bash
--- a/docker/root/etc/nsswitch.conf
+++ b/docker/root/etc/nsswitch.conf
--- a/docker/root/etc/s6/.s6-svscan/finish
+++ b/docker/root/etc/s6/.s6-svscan/finish
--- a/docker/root/etc/s6/gitea/finish
+++ b/docker/root/etc/s6/gitea/finish
--- a/docker/root/etc/s6/gitea/run
+++ b/docker/root/etc/s6/gitea/run
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
@@ -0,0 +1,53 @@
+#!/bin/bash
+
+if [ ! -d /data/git/.ssh ]; then
+    mkdir -p /data/git/.ssh
+    chmod 700 /data/git/.ssh
+fi
+
+if [ ! -f /data/git/.ssh/environment ]; then
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment
+    chmod 600 /data/git/.ssh/environment
+
+elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then
+    sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment
+fi
+
+if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+    mkdir -p ${GITEA_CUSTOM}/conf
+
+    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
+    # INSTALL_LOCK is empty
+    if [ -n "$SECRET_KEY" ] && [ -z "$INSTALL_LOCK" ]; then
+        INSTALL_LOCK=true
+    fi
+
+    # Substitude the environment variables in the template
+    APP_NAME=${APP_NAME:-"Gitea: Git with a cup of tea"} \
+    RUN_MODE=${RUN_MODE:-"dev"} \
+    SSH_DOMAIN=${SSH_DOMAIN:-"localhost"} \
+    HTTP_PORT=${HTTP_PORT:-"3000"} \
+    ROOT_URL=${ROOT_URL:-""} \
+    DISABLE_SSH=${DISABLE_SSH:-"false"} \
+    SSH_PORT=${SSH_PORT:-"22"} \
+    LFS_START_SERVER=${LFS_START_SERVER:-"false"} \
+    DB_TYPE=${DB_TYPE:-"sqlite3"} \
+    DB_HOST=${DB_HOST:-"localhost:3306"} \
+    DB_NAME=${DB_NAME:-"gitea"} \
+    DB_USER=${DB_USER:-"root"} \
+    DB_PASSWD=${DB_PASSWD:-""} \
+    INSTALL_LOCK=${INSTALL_LOCK:-"false"} \
+    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
+    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
+    SECRET_KEY=${SECRET_KEY:-""} \
+    envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
+    chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
+fi
+
+# only chown if current owner is not already the gitea ${USER}. No recursive check to save time
+if ! [[ $(ls -ld /data/gitea | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/gitea; fi
+if ! [[ $(ls -ld /app/gitea  | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /app/gitea;  fi
+if ! [[ $(ls -ld /data/git   | awk '{print $3}') = ${USER} ]]; then chown -R ${USER}:git /data/git;   fi
+chmod 0755 /data/gitea /app/gitea /data/git
--- a/docker/root/etc/s6/openssh/finish
+++ b/docker/root/etc/s6/openssh/finish
--- a/docker/root/etc/s6/openssh/run
+++ b/docker/root/etc/s6/openssh/run
@@ -0,0 +1,6 @@
+#!/bin/bash
+[[ -f ./setup ]] && source ./setup
+
+pushd /root > /dev/null
+    exec su-exec root /usr/sbin/sshd -D -e 2>&1
+popd
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+if [ ! -d /data/ssh ]; then
+    mkdir -p /data/ssh
+fi
+
+if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
+    echo "Generating /data/ssh/ssh_host_ed25519_key..."
+    ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_rsa_key..."
+    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
+if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
+    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
+fi
+
+chown root:root /data/ssh/*
+chmod 0700 /data/ssh
+chmod 0600 /data/ssh/*
--- a/docker/root/etc/ssh/sshd_config
+++ b/docker/root/etc/ssh/sshd_config
@@ -29,4 +29,5 @@ AllowUsers git

 Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
-UsePrivilegeSeparation no
+
+AcceptEnv GIT_PROTOCOL
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -4,6 +4,9 @@ RUN_MODE = $RUN_MODE
 [repository]
 ROOT = /data/git/repositories

+[repository.local]
+LOCAL_COPY_PATH = /data/gitea/tmp/local-repo
+
 [repository.upload]
 TEMP_PATH = /data/gitea/uploads

@@ -14,6 +17,8 @@ HTTP_PORT        = $HTTP_PORT
 ROOT_URL         = $ROOT_URL
 DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
+LFS_START_SERVER = $LFS_START_SERVER
+LFS_CONTENT_PATH = /data/git/lfs

 [database]
 PATH = /data/gitea/gitea.db
@@ -23,11 +28,15 @@ NAME    = $DB_NAME
 USER    = $DB_USER
 PASSWD  = $DB_PASSWD

+[indexer]
+ISSUE_INDEXER_PATH = /data/gitea/indexers/issues.bleve
+
 [session]
 PROVIDER_CONFIG = /data/gitea/sessions

 [picture]
 AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

 [attachment]
 PATH = /data/gitea/attachments
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
@@ -4,7 +4,15 @@ if [ "${USER}" != "git" ]; then
    # rename user
    sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
    # switch sshd config to different user
-    sed -i -e "s/AllowUsers git/AllowUsers ${USER}/g" /etc/ssh/sshd_config
+    sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config
+fi
+
+if [ -z "${USER_GID}" ]; then
+  USER_GID="`id -g ${USER}`"
+fi
+
+if [ -z "${USER_UID}" ]; then
+  USER_UID="`id -u ${USER}`"
 fi

 ## Change GID for USER?
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -1,2 +1,3 @@
 public/
+templates/swagger/v1_json.tmpl
 themes/
--- a/docs/Dockerfile
+++ b/docs/Dockerfile
@@ -1,22 +0,0 @@
-# build stage
-FROM golang:alpine AS build-env
-
-RUN apk add --no-cache git 
-RUN go get -d -v github.com/mholt/caddy/caddy github.com/pedronasser/caddy-search github.com/simia-tech/caddy-locale
-WORKDIR /go/src/github.com/mholt/caddy/caddy
-
-RUN sed -i '/This is where other plugins get plugged in (imported)/a _ "github.com/pedronasser/caddy-search"' caddymain/run.go \
- && sed -i '/This is where other plugins get plugged in (imported)/a _ "github.com/simia-tech/caddy-locale"' caddymain/run.go \
- && go install -v . \
- && /go/bin/caddy -version
-
-FROM alpine:edge
-EXPOSE 80
-
-RUN apk add --no-cache wget mailcap ca-certificates
-COPY --from=build-env /go/bin/caddy /usr/sbin/caddy
-
-COPY docker/caddy.conf /etc/caddy.conf
-COPY public /srv/www
-
-CMD ["/usr/sbin/caddy", "-conf", "/etc/caddy.conf"]
--- a/docs/README.md
+++ b/docs/README.md
@@ -1,20 +1,16 @@
 # Gitea: Docs

-[![Build Status](http://drone.gitea.io/api/badges/go-gitea/docs/status.svg)](http://drone.gitea.io/go-gitea/docs)
-[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
 [![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")

 ## Hosting

-This page is hosted on our infrastructure within Docker containers, it gets
+These pages are hosted using [netlifycms](https://www.netlifycms.org/) and get
 automatically updated on every push to the `master` branch.

-If you want to host this page on your own you can take our docker image
-[gitea/docs](https://hub.docker.com/r/gitea/docs/).
-
 ## Install

-This pages uses the [Hugo](https://github.com/spf13/hugo) static site generator.
+These pages use the [Hugo](https://gohugo.io/) static site generator.
 If you are planning to contribute you'll want to download and install Hugo on
 your local machine.

--- a/docs/README_ZH.md
+++ b/docs/README_ZH.md
@@ -0,0 +1,42 @@
+# Gitea: 文档
+
+[![Build Status](http://drone.gitea.io/api/badges/go-gitea/docs/status.svg)](http://drone.gitea.io/go-gitea/docs)
+[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")
+
+## 关于托管方式
+
+本页面托管在我们 Docker 容器内的基础设施上， 它会在每次推送到 `master` 分支的时候自动更新，如果你想自己管理这个页面，你可以从我们的 Docker 镜像 [gitea/docs](https://hub.docker.com/r/gitea/docs/) 中获取它。
+
+## 安装 Hugo
+
+本页面使用了 [Hugo](https://github.com/spf13/hugo) 静态页面生成工具，如果您有维护它的意愿，则需要在本地计算机上下载并安装 Hugo。Hugo 的安装教程不在本文档的讲述范围之内，详情请参见 [官方文档](https://gohugo.io/overview/installing/)。
+
+## 如何部署
+
+在 [localhost:1313](http://localhost:1313) 处构建和运行网站的命令如下，如果需要停止可以使用组合键 `Ctrl+C`:
+
+```
+make server
+```
+
+完成更改后，只需创建一个 Pull Request (PR)，该 PR 一经合并网站将自动更新。
+
+## 如何贡献您的代码
+
+Fork -> Patch -> Push -> Pull Request
+
+## 关于我们
+
+* [维护者信息](https://github.com/orgs/go-gitea/people)
+* [代码贡献者信息](https://github.com/go-gitea/docs/graphs/contributors)
+
+## 许可证
+
+此项目采用 Apache-2.0 许可协议，请参见 [协议文件](LICENSE) 获取更多信息。
+
+## 版权声明
+
+```
+Copyright (c) 2016 The Gitea Authors <https://gitea.io>
+```
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -6,6 +6,7 @@ theme: gitea
 defaultContentLanguage: en-us
 defaultContentLanguageInSubdir: true
 enableMissingTranslationPlaceholders: true
+enableEmoji: true

 permalinks:
  post: /:year/:month/:title/
@@ -31,7 +32,7 @@ menu:
      post: active
    - name: API
      url: https://try.gitea.io/api/swagger
-      weight: 25
+      weight: 45
      pre: plug
    - name: Blog
      url: https://blog.gitea.io/
@@ -79,7 +80,7 @@ languages:
          post: active
        - name: API
          url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
          pre: plug
        - name: 博客
          url: https://blog.gitea.io/
@@ -122,7 +123,7 @@ languages:
          post: active
        - name: API
          url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
          pre: plug
        - name: 部落格
          url: https://blog.gitea.io/
@@ -165,7 +166,7 @@ languages:
          post: active
        - name: API
          url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
          pre: plug
        - name: Blog
          url: https://blog.gitea.io/
@@ -208,7 +209,7 @@ languages:
          post: active
        - name: API
          url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
          pre: plug
        - name: Blog
          url: https://blog.gitea.io/
@@ -241,17 +242,17 @@ languages:
    menu:
      page:
        - name: Site
-          url: /fr-fr/
+          url: https://gitea.io/en-us/
          weight: 10
          pre: home
          post: active
        - name: Documentation
-          url: https://docs.gitea.io/fr-fr/
+          url: /fr-fr/
          weight: 20
          pre: question
        - name: API
          url: https://try.gitea.io/api/swagger
-          weight: 25
+          weight: 45
          pre: plug
        - name: Blog
          url: https://blog.gitea.io/
--- a/docs/content/doc/advanced/api-usage.en-us.md
+++ b/docs/content/doc/advanced/api-usage.en-us.md
@@ -17,7 +17,7 @@ menu:

 ## Enabling/configuring API access

-By default, `ENABLE_SWAGGER_ENDPOINT` is true, and
+By default, `ENABLE_SWAGGER` is true, and
 `MAX_RESPONSE_ITEMS` is set to 50.  See [Config Cheat
 Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) for more
 information.
@@ -31,18 +31,26 @@ Gitea supports these methods of API authentication:
 - `access_token=...` parameter in URL query string
 - `Authorization: token ...` header in HTTP headers

-All of these methods accept the same apiKey token type.  You can
+All of these methods accept the same API key token type.  You can
 better understand this by looking at the code -- as of this writing,
 Gitea parses queries and headers to find the token in
 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).

-You can create an apiKey token via your gitea install's web interface:
+You can create an API key token via your Gitea installation's web interface:
 `Settings | Applications | Generate New Token`.

+### OAuth2
+
+Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-us/oauth2-provider) are accepted by these methods:
+
+- `Authorization bearer ...` header in HTTP headers
+- `token=...` parameter in URL query string
+- `access_token=...` parameter in URL query string
+
 ### More on the `Authorization:` header

 For historical reasons, Gitea needs the word `token` included before
-the apiKey token in an authorization header, like this:
+the API key token in an authorization header, like this:

 ```
 Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
@@ -73,3 +81,13 @@ using BasicAuth, as follows:
 $ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
 [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
 ```
+
+As of v1.8.0 of Gitea, if using basic authentication with the API and your user has two factor authentication enabled, you'll need to send an additional header that contains the one time password (6 digit rotating token). An example of the header is `X-Gitea-OTP: 123456` where `123456` is where you'd place the code from your authenticator. Here is how the request would look like in curl:
+
+```
+$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+```
+
+## Sudo
+
+The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.
--- a/docs/content/doc/advanced/api-usage.zh-cn.md
+++ b/docs/content/doc/advanced/api-usage.zh-cn.md
@@ -0,0 +1,71 @@
+---
+date: "2018-06-24:00:00+02:00"
+title: "API 使用指南"
+slug: "api-usage"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "API 使用指南"
+    weight: 40
+    identifier: "api-usage"
+---
+
+# Gitea API 使用指南
+
+## 开启/配置 API 访问
+
+通常情况下， `ENABLE_SWAGGER` 默认开启并且参数 `MAX_RESPONSE_ITEMS` 默认为 50。您可以从 [Config Cheat
+Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/) 中获取更多配置相关信息。
+
+## 通过 API 认证
+
+Gitea 支持以下几种 API 认证方式：
+
+- HTTP basic authentication 方式
+- 通过指定 `token=...` URL 查询参数方式
+- 通过指定 `access_token=...` URL 查询参数方式
+- 通过指定 `Authorization: token ...` HTTP header 方式
+
+以上提及的认证方法接受相同的 apiKey token 类型，您可以在编码时通过查阅代码更好地理解这一点。
+Gitea 调用解析查询参数以及头部信息来获取 token 的代码可以在 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47) 中找到。
+
+您可以通过您的 gitea web 界面来创建 apiKey token：
+`Settings | Applications | Generate New Token`.
+
+### 关于 `Authorization:` header
+
+由于一些历史原因，Gitea 需要在 header 的 apiKey token 里引入前缀 `token`，类似于如下形式：
+
+```
+Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675
+```
+
+以 `curl` 命令为例，它会以如下形式携带在请求中：
+
+```
+curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
+    -H "accept: application/json" \
+    -H "Authorization: token 65eaa9c8ef52460d22a93307fe0aee76289dc675" \
+    -H "Content-Type: application/json" -d "{ \"body\": \"testing\", \"title\": \"test 20\"}" -i
+```
+
+正如上例所示，您也可以在 GET 请求中使用同一个 token 并以 `token=` 的查询参数形式携带 token 来进行认证。
+
+## 通过 API 列出您发布的令牌
+
+`/users/:name/tokens` 是一个特殊的接口，需要您使用 basic authentication 进行认证，具体原因在 issue 中
+[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346) 有所提及，使用方法如下所示：
+
+### 使用 Basic authentication 认证：
+
+```
+$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
+```
+
+## 使用 Sudo 方式请求 API
+
+此 API 允许管理员借用其他用户身份进行 API 请求。只需在请求中指定查询参数 `sudo=` 或是指定 header 中的 `Sudo:` 为需要使用的用户 username 即可。
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -15,8 +15,8 @@ menu:

 # Configuration Cheat Sheet

-This is a cheat sheet for the Gitea configuration file. It contains most settings
-that can configured as well as their default values.
+This is a cheat sheet for the Gitea configuration file. It contains most of the settings
+that can be configured as well as their default values.

 Any changes to the Gitea configuration file should be made in `custom/conf/app.ini`
 or any corresponding location. When installing from a distribution, this will
@@ -44,7 +44,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 - `ROOT`: **~/gitea-repositories/**: Root path for storing all repository data. It must be
   an absolute path.
- `SCRIPT_TYPE`: **bash**: The script type this server supports, usually this is `bash`,
+- `SCRIPT_TYPE`: **bash**: The script type this server supports. Usually this is `bash`,
   but some users report that only `sh` is available.
 - `ANSI_CHARSET`: **\<empty\>**: The default charset for an unrecognized charset.
 - `FORCE_PRIVATE`: **false**: Force every new repository to be private.
@@ -62,12 +62,40 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   HTTP protocol.
 - `USE_COMPAT_SSH_URI`: **false**: Force ssh:// clone url instead of scp-style uri when
   default SSH port is used.
+- `ACCESS_CONTROL_ALLOW_ORIGIN`: **\<empty\>**: Value for Access-Control-Allow-Origin header,
+   default is not to present. **WARNING**: This maybe harmful to you website if you do not
+   give it a right value.
+- `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
+
+### Repository - Pull Request (`repository.pull-request`)
+
+- `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
+ title to mark them as Work In Progress
+
+### Repository - Issue (`repository.issue`)
+
+- `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked
+
+## CORS (`cors`)
+
+- `ENABLED`: **false**: enable cors headers (disabled by default)
+- `SCHEME`: **http**: scheme of allowed requests
+- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
+- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
+- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
+- `MAX_AGE`: **10m**: max time to cache response
+- `ALLOW_CREDENTIALS`: **false**: allow request with credentials

 ## UI (`ui`)

 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
 - `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
+- `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
+- `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
+- `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes
+  regardless of the value of `DEFAULT_THEME`.
+- `DEFAULT_SHOW_FULL_NAME`: false: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.

 ### UI - Admin (`ui.admin`)

@@ -116,9 +144,13 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
 - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
-   on another (https) port.
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
+- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
+- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
+- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
+   By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
+- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
+- `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
+- `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)

 ## Database (`database`)

@@ -127,14 +159,23 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
 - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
- `SSL_MODE`: **disable**: For PostgreSQL only.
+- `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
+- `CHARSET`: **utf8**: For MySQL only, either "utf8" or "utf8mb4", default is "utf8". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **true**: Log the executed SQL.
+- `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
+- `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occured.

 ## Indexer (`indexer`)

+- `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently support: bleve or db, if it's db, below issue indexer item will be invalid.
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search.
- `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space).
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number.
+
+- `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
 - `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request.
 - `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
@@ -149,9 +190,13 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   information.
 - `REVERSE_PROXY_AUTHENTICATION_USER`: **X-WEBAUTH-USER**: Header name for reverse proxy
   authentication.
- `DISABLE_GIT_HOOKS`: **false**: Prevent all users (including admin) from creating custom
+- `REVERSE_PROXY_AUTHENTICATION_EMAIL`: **X-WEBAUTH-EMAIL**: Header name for reverse proxy
+   authentication provided email.
+- `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
   git hooks.
- `IMPORT_LOCAL_PATHS`: **false**: Prevent all users (including admin) from importing local path on server.
+- `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
+- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)

 ## OpenID (`openid`)

@@ -171,13 +216,31 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   Requires `Mailer` to be enabled.
 - `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create
   accounts for users.
+- `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD`: **false**: Enable this to force externally created
+   accounts (via GitHub, OpenID Connect, etc) to create a password. Warning: enabling this will
+   decrease security, so you should only enable it if you know what you're doing.
 - `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
 - `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
   something happens, like creating issues. Requires `Mailer` to be enabled.
 - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
   for reverse authentication.
- `ENABLE_CAPTCHA`: **true**: Enable this to use captcha validation for registration.
+- `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
+   provided email rather than a generated email.
+- `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
+- `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
+- `CAPTCHA_TYPE`: **image**: \[image, recaptcha\]
+- `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
+- `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
+- `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
+- `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
+- `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
+- `EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
+  on this instance.
+- `SHOW_REGISTRATION_BUTTON`: **! DISABLE\_REGISTRATION**: Show Registration Button
+- `AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
+- `DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".

 ## Webhook (`webhook`)

@@ -198,12 +261,18 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
 - `SKIP_VERIFY`: **\<empty\>**: Do not verify the self-signed certificates.
   - **Note:** Gitea only supports SMTP with STARTTLS.
- `USE_SENDMAIL`: **false** Use the operating system's `sendmail` command instead of SMTP.
+- `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
+- `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
+   - **smtp** Use SMTP to send mail
+   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
   This is common on linux systems.
+   - **dummy** Send email messages to the log as a testing phase.
   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
-     `FROM` and `SENDMAIL_PATH`.
- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system. (can be
-   command or full path)
+     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
+- `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
+   command or full path).
+- ``IS_TLS_ENABLED`` :  **false** : Decide if SMTP connections should use TLS.

 ## Cache (`cache`)

@@ -215,7 +284,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 ## Session (`session`)

- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql\].
+- `PROVIDER`: **memory**: Session engine provider \[memory, file, redis, mysql, couchbase, memcache, nodb, postgres\].
 - `PROVIDER_CONFIG`: **data/sessions**: For file, the root path; for others, the connection string.
 - `COOKIE_SECURE`: **false**: Enable this to force using HTTPS for all session access.
 - `COOKIE_NAME`: **i\_like\_gitea**: The name of the cookie used for the session ID.
@@ -227,8 +296,17 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   `http://cn.gravatar.com/avatar/`.
 - `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
-   http://www.libravatar.org)
- `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store local and cached files.
+   [http://www.libravatar.org](http://www.libravatar.org)).
+- `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
+- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: Path to store repository avatar image files.
+- `REPOSITORY_AVATAR_FALLBACK`: **none**: How Gitea deals with missing repository avatars
+  - none = no avatar will be displayed
+  - random = random avatar will be generated
+  - image = default image will be used (which is set in `REPOSITORY_AVATAR_DEFAULT_IMAGE`)
+- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
+- `AVATAR_MAX_WIDTH`: **4096**: Maximum avatar image width in pixels.
+- `AVATAR_MAX_HEIGHT`: **3072**: Maximum avatar image height in pixels.
+- `AVATAR_MAX_FILE_SIZE`: **1048576** (1Mb): Maximum avatar image file size in bytes.

 ## Attachment (`attachment`)

@@ -242,8 +320,64 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Log (`log`)

 - `ROOT_PATH`: **\<empty\>**: Root path for log files.
- `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values.
- `LEVEL`: **Trace**: General log level. \[Trace, Debug, Info, Warn, Error, Critical\]
+- `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
+- `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to its own logger or the default logger.
+- `MACARON`: **file**: Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.macaron\]`. By default the file mode will log to `$ROOT_PATH/macaron.log`. (If you set this to `,` it will log to default gitea logger.)
+- `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
+- `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default gitea logger.)
+NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
+- `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
+- `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
+- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
+  - The following variables are available:
+  - `Ctx`: the `macaron.Context` of the request.
+  - `Identity`: the SignedUserName or `"-"` if not logged in.
+  - `Start`: the start time of the request.
+  - `ResponseWriter`: the responseWriter from the request.
+  - You must be very careful to ensure that this template does not throw errors or panics as this template runs outside of the panic/recovery script.
+- `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
+
+### Log subsections (`log.name`, `log.name.*`)
+
+- `LEVEL`: **log.LEVEL**: Sets the log-level of this sublogger. Defaults to the `LEVEL` set in the global `[log]` section.
+- `STACKTRACE_LEVEL`: **log.STACKTRACE_LEVEL**: Sets the log level at which to log stack traces.
+- `MODE`: **name**: Sets the mode of this sublogger - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
+- `EXPRESSION`: **""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
+- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/base.go` for more information.
+- `PREFIX`: **""**: An additional prefix for every log line in this logger. Defaults to empty.
+- `COLORIZE`: **false**: Colorize the log lines by default
+
+### Console log mode (`log.console`, `log.console.*`, or `MODE=console`)
+
+- For the console logger `COLORIZE` will default to `true` if not on windows or the terminal is determined to be able to color.
+- `STDERR`: **false**: Use Stderr instead of Stdout.
+
+### File log mode (`log.file`, `log.file.*` or `MODE=file`)
+
+- `FILE_NAME`: Set the file name for this logger. Defaults as described above. If relative will be relative to the `ROOT_PATH`
+- `LOG_ROTATE`: **true**: Rotate the log files.
+- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+- `DAILY_ROTATE`: **true**: Rotate logs daily.
+- `MAX_DAYS`: **7**: Delete the log file after n days
+- `COMPRESS`: **true**: Compress old log files by default with gzip
+- `COMPRESSION_LEVEL`: **-1**: Compression level
+
+### Conn log mode (`log.conn`, `log.conn.*` or `MODE=conn`)
+
+- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+- `RECONNECT`: **false**: Try to reconnect when connection is lost.
+- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+- `ADDR`: **:7020**: Sets the address to connect to.
+
+### SMTP log mode (`log.smtp`, `log.smtp.*` or `MODE=smtp`)
+
+- `USER`: User email address to send from.
+- `PASSWD`: Password for the smtp server.
+- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+- `RECEIVERS`: Email addresses to send to.
+- `SUBJECT`: **Diagnostic message from Gitea**

 ## Cron (`cron`)

@@ -265,7 +399,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 - `SCHEDULE`: **every 24h**: Cron syntax for scheduling repository health check.
 - `TIMEOUT`: **60s**: Time duration syntax for health check execution timeout.
- `ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`.
+- `ARGS`: **\<empty\>**: Arguments for command `git fsck`, e.g. `--unreachable --tags`. See more on http://git-scm.com/docs/git-fsck

 ### Cron - Repository Statistics Check (`cron.check_repo_stats`)

@@ -277,12 +411,37 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `MAX_GIT_DIFF_LINES`: **100**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
 - `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
- `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`.
+- `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+
+## Git - Timeout settings (`git.timeout`)
+- `DEFAUlT`: **360**: Git operations default timeout seconds.
+- `MIGRATE`: **600**: Migrate external repositories timeout seconds.
+- `MIRROR`: **300**: Mirror external repositories timeout seconds.
+- `CLONE`: **300**: Git clone from internal repositories timeout seconds.
+- `PULL`: **300**: Git pull from internal repositories timeout seconds.
+- `GC`: **60**: Git repository GC timeout seconds.
+
+## Metrics (`metrics`)
+
+- `ENABLED`: **false**: Enables /metrics endpoint for prometheus.
+- `TOKEN`: **\<empty\>**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file`.

 ## API (`api`)
- 
- `ENABLE_SWAGGER_ENDPOINT`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true. 
- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page
+
+- `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
+- `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
+- `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.
+
+## OAuth2 (`oauth2`)
+
+- `ENABLE`: **true**: Enables OAuth2 provider.
+- `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
+- `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
+- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
+- `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.

 ## i18n (`i18n`)

@@ -336,6 +495,10 @@ IS_INPUT_FILE = false
 - RENDER\_COMMAND: External command to render all matching extensions.
 - IS\_INPUT\_FILE: **false** Input is not a standard input but a file param followed `RENDER_COMMAND`.

+Two special environment variables are passed to the render command:
+- `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
+- `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
+
 ## Other (`other`)

 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -78,10 +78,25 @@ menu:
 - `NAME`: 数据库名称。
 - `USER`: 数据库用户名。
 - `PASSWD`: 数据库用户密码。
- `SSL_MODE`: PostgreSQL数据库是否启用SSL模式。
+- `SSL_MODE`: MySQL 或 PostgreSQL数据库是否启用SSL模式。
+- `CHARSET`: **utf8**: 仅当数据库为 MySQL 时有效, 可以为 "utf8" 或 "utf8mb4"。注意：如果使用 "utf8mb4"，你的 MySQL InnoDB 版本必须在 5.6 以上。
 - `PATH`: Tidb 或者 SQLite3 数据文件存放路径。
 - `LOG_SQL`: **true**: 显示生成的SQL，默认为真。

+## Indexer (`indexer`)
+
+- `ISSUE_INDEXER_TYPE`: **bleve**: 工单索引类型，当前支持 `bleve` 或 `db`，当为 `db` 时其它工单索引项可不用设置。
+- `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: 工单索引文件存放路径，当索引类型为 `bleve` 时有效。
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: 工单索引队列类型，当前支持 `channel`， `levelqueue` 或 `redis`。
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `levelqueue` 时，保存索引队列的磁盘路径。
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `redis` 时，保存Redis队列的连接字符串。
+- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: 队列处理中批量提交数量。
+
+- `REPO_INDEXER_ENABLED`: **false**: 是否启用代码搜索（启用后会占用比较大的磁盘空间）。
+- `REPO_INDEXER_PATH`: **indexers/repos.bleve**: 用于代码搜索的索引文件路径。
+- `UPDATE_BUFFER_LEN`: **20**: 代码索引请求的缓冲区长度。
+- `MAX_FILE_SIZE`: **1048576**: 进行解析的源代码文件的最大长度，小于该值时才会索引。
+
 ## Security (`security`)

 - `INSTALL_LOCK`: 是否允许运行安装向导，(跟管理员账号有关，十分重要)。
@@ -187,7 +202,25 @@ menu:
 - `MAX_GIT_DIFF_FILES`: 比较视图中的最大现实文件数目。
 - `GC_ARGS`: 执行 `git gc` 命令的参数, 比如： `--aggressive --auto`。

-## markup (`markup`)
+## Git - 超时设置 (`git.timeout`)
+
+- `DEFAUlT`: **360**: Git操作默认超时时间，单位秒
+- `MIGRATE`: **600**: 迁移外部仓库时的超时时间，单位秒
+- `MIRROR`: **300**: 镜像外部仓库的超时时间，单位秒
+- `CLONE`: **300**: 内部仓库间克隆的超时时间，单位秒
+- `PULL`: **300**: 内部仓库间拉取的超时时间，单位秒
+- `GC`: **60**: git仓库GC的超时时间，单位秒
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: 是否根据 Git Wire Protocol协议支持情况自动切换版本，当 git 版本在 2.18 及以上时会自动切换到版本2。为 `false` 则不切换。
+
+## API (`api`)
+
+- `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
+- `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
+- `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: BLOBS API默认最大大小.
+
+## Markup (`markup`)

 外部渲染工具支持，你可以用你熟悉的文档渲染工具. 比如一下将新增一个名字为 `asciidoc` 的渲染工具which is followed `markup.` ini section. And there are some config items below.

--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@@ -15,19 +15,28 @@ menu:

 # Customizing Gitea

-Customizing Gitea is typically done using the `custom` folder. This is the central
-place to override configuration settings, templates, etc.
+Customizing Gitea is typically done using the `CustomPath` folder - by default this is
+the `custom` folder from the running directory, but may be different if your build has
+set this differently. This is the central place to override configuration settings,
+templates, etc. You can check the `CustomPath` using `gitea help`. You can override
+the `CustomPath` by setting either the `GITEA_CUSTOM` environment variable or by
+using the `--custom-path` option on the `gitea` binary. (The option will override the
+environment variable.)

-If Gitea is deployed from binary, all default paths will be relative to the gitea
+If Gitea is deployed from binary, all default paths will be relative to the Gitea
 binary. If installed from a distribution, these paths will likely be modified to
-the Linux Filesystem Standard. Gitea will create required folders, including `custom/`.
-Application settings are configured in `custom/conf/app.ini`. Distributions may
-provide a symlink for `custom` using `/etc/gitea/`.
+the Linux Filesystem Standard. Gitea will attempt to create required folders, including
+`custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
+
+Application settings can be found in file `CustomConf` which is by default,
+`CustomPath/conf/app.ini` but may be different if your build has set this differently.
+Again `gitea help` will allow you review this variable and you can override it using the
+`--config` option on the `gitea` binary.

 - [Quick Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
 - [Complete List](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)

-If the `custom` folder can't be found next to the binary, check the `GITEA_CUSTOM`
+If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
 environment variable; this can be used to override the default path to something else.
 `GITEA_CUSTOM` might, for example, be set by an init script.

@@ -38,7 +47,8 @@ environment variable; this can be used to override the default path to something
 ## Customizing /robots.txt

 To make Gitea serve a custom `/robots.txt` (default: empty 404), create a file called
-`robots.txt` in the `custom` folder with [expected contents](http://www.robotstxt.org/).
+`robots.txt` in the `custom` folder (or `CustomPath`) with
+[expected contents](http://www.robotstxt.org/).

 ## Serving custom public files

@@ -55,11 +65,11 @@ Place the png image at the following path: `custom/public/img/avatar\_default.pn
 ## Customizing Gitea pages

 The `custom/templates` folder allows changing every single page of Gitea. Templates
-to override can be found in the `templates` directory of Gitea source. Override by
+to override can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source. Override by
 making a copy of the file under `custom/templates` using a full path structure
 matching source.

-Any statement contained inside `{{` and `}}` are Gitea's templete syntax and
+Any statement contained inside `{{` and `}}` are Gitea's template syntax and
 shouldn't be touched without fully understanding these components.

 ### Adding links and tabs
@@ -88,6 +98,50 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
 - `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.

+## Adding Analytics to Gitea
+
+Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `custom/templates/custom/header.tmpl` file.
+
 ## Customizing gitignores, labels, licenses, locales, and readmes.

 Place custom files in corresponding sub-folder under `custom/options`.
+
+**NOTE:** The files should not have a file extension, e.g. `Labels` rather than `Labels.txt`
+
+### gitignores
+
+To add custom .gitignore, add a file with existing [.gitignore rules](https://git-scm.com/docs/gitignore) in it to `custom/options/gitignore`
+
+### Labels
+
+To add a custom label set, add a file that follows the [label format](https://github.com/go-gitea/gitea/blob/master/options/label/Default) to `custom/options/label`  
+`#hex-color label name ; label description`
+
+### Licenses
+
+To add a custom license, add a file with the license text to `custom/options/license`
+
+### Locales
+
+Locales are managed via our [crowdin](https://crowdin.com/project/gitea).  
+You can override a locale by placing an altered locale file in `custom/options/locale`.  
+Gitea's default locale files can be found in  the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.  
+  
+To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
+
+```
+[i18n]
+LANGS = en-US,foo-BAR
+NAMES = English,FooBar
+```
+
+Locales may change between versions, so keeping track of your customized locales is highly encouraged.
+
+### Readmes
+
+To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `custom/options/readme`
+
+## Customizing the look of Gitea
+
+As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.  
+As of version 1.8.0 Gitea also has per-user themes. The list of themes a user can choose from can be configured with the `THEMES` value in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` (defaults to `gitea` and `arc-green`, light and dark respectively)
--- a/docs/content/doc/advanced/customizing-gitea.zh-cn.md
+++ b/docs/content/doc/advanced/customizing-gitea.zh-cn.md
@@ -0,0 +1,88 @@
+---
+date: "2017-04-15T14:56:00+02:00"
+title: "自定义 Gitea 配置"
+slug: "customizing-gitea"
+weight: 9
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "自定义 Gitea 配置"
+    weight: 9
+    identifier: "customizing-gitea"
+---
+
+# 自定义 Gitea 配置
+
+Gitea 引用 `custom` 目录中的自定义配置文件来覆盖配置、模板等默认配置。
+
+如果从二进制部署 Gitea ，则所有默认路径都将相对于该 gitea 二进制文件；如果从发行版安装，则可能会将这些路径修改为Linux文件系统标准。Gitea
+将会自动创建包括 `custom/` 在内的必要应用目录，应用本身的配置存放在
+`custom/conf/app.ini` 当中。在发行版中可能会以 `/etc/gitea/` 的形式为 `custom` 设置一个符号链接，查看配置详情请移步：
+
+- [快速备忘单](https://docs.gitea.io/en-us/config-cheat-sheet/)
+- [完整配置清单](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)
+
+如果您在 binary 同目录下无法找到 `custom` 文件夹，请检查您的 `GITEA_CUSTOM`
+环境变量配置， 因为它可能被配置到了其他地方（可能被一些启动脚本设置指定了目录）。
+
+- [环境变量清单](https://docs.gitea.io/en-us/specific-variables/)
+
+**注：** 必须完全重启 Gitea 以使配置生效。
+
+## 使用自定义 /robots.txt
+
+将 [想要展示的内容](http://www.robotstxt.org/) 存放在 `custom` 目录中的
+`robots.txt` 文件来让 Gitea 使用自定义的`/robots.txt` （默认：空 404）。
+
+## 使用自定义的公共文件
+
+将自定义的公共文件（比如页面和图片）作为 webroot 放在 `custom/public/` 中来让 Gitea 提供这些自定义内容（符号链接将被追踪）。
+
+举例说明：`image.png` 存放在 `custom/public/`中，那么它可以通过链接 http://gitea.domain.tld/image.png 访问。
+
+## 修改默认头像
+
+替换以下目录中的 png 图片： `custom/public/img/avatar\_default.png`
+
+## 自定义 Gitea 页面
+
+您可以改变 Gitea `custom/templates` 的每个单页面。您可以在 Gitea 源码的 `templates` 目录中找到用于覆盖的模板文件，应用将根据
+`custom/templates` 目录下的路径结构进行匹配和覆盖。
+
+包含在 `{{` 和 `}}` 中的任何语句都是 Gitea 的模板语法，如果您不完全理解这些组件，不建议您对它们进行修改。
+
+### 添加链接和页签
+
+如果您只是想添加额外的链接到顶部导航栏或额外的选项卡到存储库视图，您可以将它们放在您 `custom/templates/custom/` 目录下的 `extra_links.tmpl` 和 `extra_tabs.tmpl` 文件中。
+
+举例说明：假设您需要在网站放置一个静态的“关于”页面，您只需将该页面放在您的
+"custom/public/"目录下（比如 `custom/public/impressum.html`）并且将它与 `custom/templates/custom/extra_links.tmpl` 链接起来即可。
+
+这个链接应当使用一个名为“item”的 class 来匹配当前样式，您可以使用 `{{AppSubUrl}}` 来获取 base URL:
+`<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
+
+同理，您可以将页签添加到 `extra_tabs.tmpl` 中，使用同样的方式来添加页签。它的具体样式需要与
+`templates/repo/header.tmpl` 中已有的其他选项卡的样式匹配
+([source in GitHub](https://github.com/go-gitea/gitea/blob/master/templates/repo/header.tmpl))
+
+### 页面的其他新增内容
+
+除了 `extra_links.tmpl` 和 `extra_tabs.tmpl`，您可以在您的 `custom/templates/custom/` 目录中存放一些其他有用的模板，例如：
+
+- `header.tmpl`，在 `<head>` 标记结束之前的模板，例如添加自定义CSS文件
+- `body_outer_pre.tmpl`，在 `<body>` 标记开始处的模板
+- `body_inner_pre.tmpl`，在顶部导航栏之前，但在主 container 内部的模板，例如添加一个 `<div class="full height">`
+- `body_inner_post.tmpl`，在主 container 结束处的模板
+- `body_outer_post.tmpl`，在底部 `<footer>` 元素之前.
+- `footer.tmpl`，在 `<body>` 标签结束处的模板，可以在这里填写一些附加的 Javascript 脚本。
+
+## 自定义 gitignores，labels， licenses， locales 以及 readmes
+
+将自定义文件放在 `custom/options` 下相应子的文件夹中即可
+
+## 更改 Gitea 外观
+
+Gitea 目前由两种内置主题，分别为默认 `gitea` 主题和深色主题 `arc-green`，您可以通过修改
+`app.ini` [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) 部分的 `DEFAULT_THEME` 的值来变更至一个可用的 Gitea 外观。
--- a/docs/content/doc/advanced/external-renderers.en-us.md
+++ b/docs/content/doc/advanced/external-renderers.en-us.md
@@ -0,0 +1,70 @@
+---
+date: "2018-11-23:00:00+02:00"
+title: "External renderers"
+slug: "external-renderers"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "External renderers"
+    weight: 40
+    identifier: "external-renderers"
+---
+
+# Custom files rendering configuration
+
+Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries, 
+it is just a matter of:
+* installing external binaries
+* add some configuration to your `app.ini` file
+* restart your Gitea instance
+
+## Installing external binaries
+
+In order to get file rendering through external binaries, their associated packages must be installed. 
+If you're using a Docker image, your `Dockerfile` should contain something along this lines:
+
+```
+FROM gitea/gitea:1.6.0
+[...]
+
+COPY custom/app.ini /data/gitea/conf/app.ini
+[...]
+
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng python-dev py-pip python3-dev py3-pip
+# install any other package you need for your external renderers
+
+RUN pip3 install --upgrade pip
+RUN pip3 install -U setuptools
+RUN pip3 install jupyter matplotlib docutils 
+# add above any other python package you may need to install
+```
+
+## `app.ini` file configuration
+
+add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
+
+```
+[markup.asciidoc]
+ENABLED = true
+FILE_EXTENSIONS = .adoc,.asciidoc
+RENDER_COMMAND = "asciidoctor --out-file=- -"
+; Input is not a standard input but a file
+IS_INPUT_FILE = false
+
+[markup.jupyter]
+ENABLED = true
+FILE_EXTENSIONS = .ipynb
+RENDER_COMMAND = "jupyter nbconvert --stdout --to html --template basic "
+IS_INPUT_FILE = true
+
+[markup.restructuredtext]
+ENABLED = true
+FILE_EXTENSIONS = .rst
+RENDER_COMMAND = rst2html.py
+IS_INPUT_FILE = false
+```
+
+Once your configuration changes have been made, restart Gitea to have changes take effect.
--- a/docs/content/doc/advanced/hacking-on-gitea.en-us.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.en-us.md
@@ -15,41 +15,275 @@ menu:

 # Hacking on Gitea

-Familiarity with the existing [installation instructions](https://golang.org/doc/install)
-is required for this section.
+## Installing go and setting the GOPATH

-To contribute to Gitea, fork the project and work on the `master` branch.
+You should [install go](https://golang.org/doc/install) and set up your go
+environment correctly. In particular, it is recommended to set the `$GOPATH`
+environment variable and to add the go bin directory or directories
+`${GOPATH//://bin:}/bin` to the `$PATH`. See the Go wiki entry for
+[GOPATH](https://github.com/golang/go/wiki/GOPATH).

-Some internal packages are referenced using their respective Github URL. This can
-become problematic. To "trick" the Go tool into thinking this is a clone from the
-official repository, download the source code using "go get" and follow these instructions.
+You will also need make.
+<a href='{{< relref "doc/advanced/make.en-us.md" >}}'>(See here how to get Make)</a>

-```
+**Note**: When executing make tasks that require external tools, like
+`make misspell-check`, Gitea will automatically download and build these as
+necessary. To be able to use these you must have the `"$GOPATH"/bin` directory
+on the executable path. If you don't add the go bin directory to the
+executable path you will have to manage this yourself.
+
+**Note 2**: Go version 1.9 or higher is required; however, it is important
+to note that our continuous integration will check that the formatting of the
+source code is not changed by `gofmt` using `make fmt-check`. Unfortunately,
+the results of `gofmt` can differ by the version of `go`. It is therefore
+recommended to install the version of go that our continuous integration is
+running. At the time of writing this is Go version 1.12; however, this can be
+checked by looking at the
+[master `.drone.yml`](https://github.com/go-gitea/gitea/blob/master/.drone.yml)
+(At the time of writing
+[line 67](https://github.com/go-gitea/gitea/blob/8917d66571a95f3da232a0c27bc1300210d10fde/.drone.yml#L67)
+is the relevant line - but this may change.)
+
+## Downloading and cloning the Gitea source code
+
+Go is quite opinionated about where it expects its source code, and simply
+cloning the Gitea repository to an arbitrary path is likely to lead to
+problems - the fixing of which is out of scope for this document. Further, some
+internal packages are referenced using their respective GitHub URL and at
+present we use `vendor/` directories.
+
+The recommended method of obtaining the source code is by using the `go get` command:
+
+```bash
 go get -d code.gitea.io/gitea
+cd "$GOPATH/src/code.gitea.io/gitea"
 ```

-Fork the [Gitea repository](https://github.com/go-gitea/gitea) on GitHub, it should
-then be possible to switch the source directory on the command line.
+This will clone the Gitea source code to: `"$GOPATH/src/code.gitea.io/gitea"`, or if `$GOPATH`
+is not set `"$HOME/go/src/code.gitea.io/gitea"`.

-```
-cd $GOPATH/src/code.gitea.io/gitea
-```
+## Forking Gitea

-To be able to create pull requests, the forked repository should be added as a remote
-to the Gitea sources, otherwise changes can't be pushed.
+As stated above, you cannot clone Gitea to an arbitrary path. Download the master Gitea source
+code as above. Then, fork the [Gitea repository](https://github.com/go-gitea/gitea) on GitHub,
+and either switch the git remote origin for your fork or add your fork as another remote:

-```
+```bash
+# Rename original Gitea origin to upstream
+cd "$GOPATH/src/code.gitea.io/gitea"
 git remote rename origin upstream
-git remote add origin git@github.com:<USERNAME>/gitea.git
+git remote add origin "git@github.com:$GITHUB_USERNAME/gitea.git"
 git fetch --all --prune
 ```

-This should provide a working development environment for Gitea. Take a look at
-the `Makefile` to get an overview about the available tasks. The most common tasks
-should be `make test` which will start our test environment and `make build` which
-will build a `gitea` binary into the working directory. Writing test cases is not
-mandatory to contribute, but it is highly encouraged and helps developers sleep
-at night.
+or:

-That's it! You are ready to hack on Gitea. Test changes, push them to the repository,
-and open a pull request.
+```bash
+# Add new remote for our fork
+cd "$GOPATH/src/code.gitea.io/gitea"
+git remote add "$FORK_NAME" "git@github.com:$GITHUB_USERNAME/gitea.git"
+git fetch --all --prune
+```
+
+To be able to create pull requests, the forked repository should be added as a remote
+to the Gitea sources. Otherwise, changes can't be pushed.
+
+## Building Gitea (Basic)
+
+Take a look at our
+<a href='{{< relref "doc/installation/from-source.en-us.md" >}}'>instructions</a>
+for <a href='{{< relref "doc/installation/from-source.en-us.md" >}}'>building
+from source</a>.
+
+The simplest recommended way to build from source is:
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make generate build
+```
+
+However, there are a number of additional make tasks you should be aware of.
+These are documented below but you can look at our
+[`Makefile`](https://github.com/go-gitea/gitea/blob/master/Makefile) for more,
+and look at our
+[`.drone.yml`](https://github.com/go-gitea/gitea/blob/master/.drone.yml) to see
+how our continuous integration works.
+
+### Formatting, linting, vetting and spell-check
+
+Our continous integration will reject PRs that are not properly formatted, fail
+linting, vet or spell-check.
+
+You should format your code with `go fmt` using:
+
+```bash
+make fmt
+```
+
+and can test whether your changes would match the results with:
+
+```bash
+make fmt-check # which runs make fmt internally
+```
+
+**Note**: The results of `go fmt` are dependent on the version of `go` present.
+You should run the same version of go that is on the continuous integration
+server as mentioned above. `make fmt-check` will only check if your `go` would
+format differently - this may be different from the CI server version.
+
+You should lint, vet and spell-check with:
+
+```bash
+make vet lint misspell-check
+```
+
+### Updating CSS
+
+To generate the CSS, you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our CSS. Do **not** edit the files in `public/css` directly, as they are generated from `lessc` from the files in `public/less`.
+
+Edit files in `public/less`, run the linter, regenerate the CSS and commit all changed files:
+
+```bash
+make css
+```
+
+### Updating JS
+
+To run the JavaScript linter you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. Edit files in `public/js` and run the linter:
+
+```bash
+make js
+```
+
+### Updating the API
+
+When creating new API routes or modifying existing API routes, you **MUST**
+update and/or create [Swagger](https://swagger.io/docs/specification/2-0/what-is-swagger/)
+documentation for these using [go-swagger](https://goswagger.io/) comments.
+The structure of these comments is described in the [specification](https://goswagger.io/use/spec.html#annotation-syntax).
+If you want more information about the Swagger structure, you can look at the
+[Swagger 2.0 Documentation](https://swagger.io/docs/specification/2-0/basic-structure/)
+or compare with a previous PR adding a new API endpoint, e.g. [PR #5483](https://github.com/go-gitea/gitea/pull/5843/files#diff-2e0a7b644cf31e1c8ef7d76b444fe3aaR20)
+
+You should be careful not to break the API for downstream users which depend
+on a stable API. In general, this means additions are acceptable, but deletions
+or fundamental changes to the API will be rejected.
+
+Once you have created or changed an API endpoint, please regenerate the Swagger
+documentation using:
+
+```bash
+make generate-swagger
+```
+
+You should validate your generated Swagger file and spell-check it with:
+
+```bash
+make swagger-validate mispell-check
+```
+
+You should commit the changed swagger JSON file. The continous integration
+server will check that this has been done using:
+
+```bash
+make swagger-check
+```
+
+**Note**: Please note you should use the Swagger 2.0 documentation, not the
+OpenAPI 3 documentation.
+
+### Creating new configuration options
+
+When creating new configuration options, it is not enough to add them to the
+`modules/setting` files. You should add information to `custom/conf/app.ini`
+and to the
+<a href='{{< relref "doc/advanced/config-cheat-sheet.en-us.md" >}}'>configuration cheat sheet</a>
+found in `docs/content/doc/advanced/config-cheat-sheet.en-us.md`
+
+### Changing the logo
+
+When changing the Gitea logo SVG, you will need to run and commit the results
+of:
+
+```bash
+make generate-images
+```
+
+This will create the necessary Gitea favicon and others.
+
+### Database Migrations
+
+If you make breaking changes to any of the database persisted structs in the
+`models/` directory, you will need to make a new migration. These can be found
+in `models/migrations/`. You can ensure that your migrations work for the main
+database types using:
+
+```bash
+make test-sqlite-migration # with sqlite switched for the appropriate database
+```
+
+## Testing
+
+There are two types of test run by Gitea: Unit tests and Integration Tests.
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make test # Runs the unit tests
+```
+
+Unit tests will not and cannot completely test Gitea alone. Therefore, we
+have written integration tests; however, these are database dependent.
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make generate build test-sqlite
+```
+
+will run the integration tests in an sqlite environment. Other database tests
+are available but may need adjustment to the local environment.
+
+Look at
+[`integrations/README.md`](https://github.com/go-gitea/gitea/blob/master/integrations/README.md)
+for more information and how to run a single test.
+
+Our continuous integration will test the code passes its unit tests and that
+all supported databases will pass integration test in a Docker environment.
+Migration from several recent versions of Gitea will also be tested.
+
+Please submit your PR with additional tests and integration tests as
+appropriate.
+
+## Documentation for the website
+
+Documentation for the website is found in `docs/`. If you change this you
+can test your changes to ensure that they pass continuous integration using:
+
+```bash
+cd "$GOPATH/src/code.gitea.io/gitea/docs"
+make trans-copy clean build
+```
+
+You will require a copy of [Hugo](https://gohugo.io/) to run this task. Please
+note: this may generate a number of untracked git objects, which will need to
+be cleaned up.
+
+## Visual Studio Code
+
+A `launch.json` and `tasks.json` are provided within `contrib/ide/vscode` for
+Visual Studio Code. Look at
+[`contrib/ide/README.md`](https://github.com/go-gitea/gitea/blob/master/contrib/ide/README.md)
+for more information.
+
+## Submitting PRs
+
+Once you're happy with your changes, push them up and open a pull request. It
+is recommended that you allow Gitea Managers and Owners to modify your PR
+branches as we will need to update it to master before merging and/or may be
+able to help fix issues directly.
+
+Any PR requires two approvals from the Gitea maintainers and needs to pass the
+continous integration. Take a look at our
+[`CONTRIBUTING.md`](https://github.com/go-gitea/gitea/blob/master/CONTRIBUTING.md)
+document.
+
+If you need more help pop on to [Discord](https://discord.gg/gitea) #Develop
+and chat there.
+
+That's it! You are ready to hack on Gitea.
--- a/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.zh-cn.md
@@ -17,7 +17,8 @@ menu:

 首先你需要一些运行环境，这和 [从源代码安装]({{< relref "from-source.zh-cn.md" >}}) 相同，如果你还没有设置好，可以先阅读那个章节。

-如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea使用Govendor来管理依赖，因此所有依赖项都被工具自动copy在vendor子目录下。用下面的命令来下载源码：
+如果你想为 Gitea 贡献代码，你需要 Fork 这个项目并且以 `master` 为开发分支。Gitea 使用 Govendor
+来管理依赖，因此所有依赖项都被工具自动 copy 在 vendor 子目录下。用下面的命令来下载源码：

 ```
 go get -d code.gitea.io/gitea
@@ -39,4 +40,4 @@ git fetch --all --prune

 然后你就可以开始开发了。你可以看一下 `Makefile` 的内容。`make test` 可以运行测试程序， `make build` 将生成一个 `gitea` 可运行文件在根目录。如果你的提交比较复杂，尽量多写一些单元测试代码。

-好了，到这里你已经设置好了所有的开发Gitea所需的环境。欢迎成为 Gitea 的 Contributor。
+好了，到这里你已经设置好了所有的开发 Gitea 所需的环境。欢迎成为 Gitea 的 Contributor。
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@@ -0,0 +1,390 @@
+---
+date: "2019-04-02T17:06:00+01:00"
+title: "Advanced: Logging Configuration"
+slug: "logging-configuration"
+weight: 55
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Logging Configuration"
+    weight: 55
+    identifier: "logging-configuration"
+---
+
+# Logging Configuration
+
+The logging framework has been revamped in Gitea 1.9.0.
+
+## Log Groups
+
+The fundamental thing to be aware of in Gitea is that there are several
+log groups:
+
+* The "Default" logger
+* The Macaron logger
+* The Router logger
+* The Access logger
+* The XORM logger
+
+There is also the go log logger.
+
+### The go log logger
+
+Go provides its own extremely basic logger in the `log` package,
+however, this is not sufficient for our purposes as it does not provide
+a way of logging at multiple levels, nor does it provide a good way of
+controlling where these logs are logged except through setting of a
+writer.
+
+We have therefore redirected this logger to our Default logger, and we
+will log anything that is logged using the go logger at the INFO level.
+
+### The "Default" logger
+
+Calls to `log.Info`, `log.Debug`, `log.Error` etc. from the `code.gitea.io/gitea/modules/log` package will log to this logger.
+
+You can configure the outputs of this logger by setting the `MODE`
+value in the `[log]` section of the configuration.
+
+Each output sublogger is configured in a separate `[log.sublogger]`
+section, but there are certain default values. These will not be inherited from the `[log]` section:
+
+* `FLAGS` is `stdflags` (Equal to
+`date,time,medfile,shortfuncname,levelinitial`)
+* `FILE_NAME` will default to `%(ROOT_PATH)/gitea.log`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+The provider type of the sublogger can be set using the `MODE` value in
+its subsection, but will default to the name. This allows you to have
+multiple subloggers that will log to files.
+
+### The "Macaron" logger
+
+By default Macaron will log to its own go `log` instance. This writes
+to `os.Stdout`. You can redirect this log to a Gitea configurable logger
+through setting the `REDIRECT_MACARON_LOG` setting in the `[log]`
+section which you can configure the outputs of by setting the `MACARON`
+value in the `[log]` section of the configuration. `MACARON` defaults
+to `file` if unset.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.macaron]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FLAGS` is `stdflags` (Equal to
+`date,time,medfile,shortfuncname,levelinitial`)
+* `FILE_NAME` will default to `%(ROOT_PATH)/macaron.log`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+NB: You can redirect the macaron logger to send its events to the gitea
+log using the value: `MACARON = ,`
+
+### The "Router" logger
+
+There are two types of Router log. By default Macaron send its own
+router log which will be directed to Macaron's go `log`, however if you
+`REDIRECT_MACARON_LOG` you will enable Gitea's router log. You can
+disable both types of Router log by setting `DISABLE_ROUTER_LOG`.
+
+If you enable the redirect, you can configure the outputs of this
+router log by setting the `ROUTER` value in the `[log]` section of the
+configuration. `ROUTER` will default to `console` if unset. The Gitea
+Router logs the same data as the Macaron log but has slightly different
+coloring. It logs at the `Info` level by default, but this can be
+changed if desired by setting the `ROUTER_LOG_LEVEL` value.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.router]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/router.log`
+* `FLAGS` defaults to `date,time`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+NB: You can redirect the router logger to send its events to the Gitea
+log using the value: `ROUTER = ,`
+
+### The "Access" logger
+
+The Access logger is a new logger for version 1.9. It provides a NCSA
+Common Log compliant log format. It's highly configurable but caution
+should be taken when changing its template. The main benefit of this
+logger is that Gitea can now log accesses in a standard log format so
+standard tools may be used.
+
+You can enable this logger using `ENABLE_ACCESS_LOG`. Its outputs are
+configured by setting the `ACCESS` value in the `[log]` section of the
+configuration. `ACCESS` defaults to `file` if unset.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.access]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/access.log`
+* `FLAGS` defaults to `` or None
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+If desired the format of the Access logger can be changed by changing
+the value of the `ACCESS_LOG_TEMPLATE`.
+
+NB: You can redirect the access logger to send its events to the Gitea
+log using the value: `ACCESS = ,`
+
+#### The ACCESS_LOG_TEMPLATE
+
+This value represent a go template. It's default value is:
+
+`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
+
+The template is passed following options:
+
+* `Ctx` is the `macaron.Context`
+* `Identity` is the `SignedUserName` or `"-"` if the user is not logged
+in
+* `Start` is the start time of the request
+* `ResponseWriter` is the `macaron.ResponseWriter`
+
+Caution must be taken when changing this template as it runs outside of
+the standard panic recovery trap. The template should also be as simple
+as it runs for every request.
+
+### The "XORM" logger
+
+The XORM logger is a long-standing logger that exists to collect XORM
+log events. It is enabled by default but can be switched off by setting
+`ENABLE_XORM_LOG` to `false` in the `[log]` section. Its outputs are
+configured by setting the `XORM` value in the `[log]` section of the
+configuration. `XORM` defaults to `,` if unset, meaning it is redirected
+to the main Gitea log.
+
+XORM will log SQL events by default. This can be changed by setting
+the `LOG_SQL` value to `false` in the `[database]` section.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.xorm]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/xorm.log`
+* `FLAGS` defaults to `date,time`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+## Log outputs
+
+Gitea provides 4 possible log outputs:
+
+* `console` - Log to `os.Stdout` or `os.Stderr`
+* `file` - Log to a file
+* `conn` - Log to a keep-alive TCP connection
+* `smtp` - Log via email
+
+Certain configuration is common to all modes of log output:
+
+* `LEVEL` is the lowest level that this output will log. This value
+is inherited from `[log]` and in the case of the non-default loggers
+from `[log.sublogger]`.
+* `STACKTRACE_LEVEL` is the lowest level that this output will print
+a stacktrace. This value is inherited.
+* `MODE` is the mode of the log output. It will default to the sublogger
+name. Thus `[log.console.macaron]` will default to `MODE = console`.
+* `COLORIZE` will default to `true` for `console` as
+described, otherwise it will default to `false`.
+
+### Non-inherited default values
+
+There are several values which are not inherited as described above but
+rather default to those specific to type of logger, these are:
+`EXPRESSION`, `FLAGS`, `PREFIX` and `FILE_NAME`.
+
+#### `EXPRESSION`
+
+`EXPRESSION` represents a regular expression that log events must match to be logged by the sublogger. Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match. NB: the whole message or string doesn't need to completely match.
+
+Please note this expression will be run in the sublogger's goroutine
+not the logging event subroutine. Therefore it can be complicated.
+
+#### `FLAGS`
+
+`FLAGS` represents the preceding logging context information that is
+printed before each message. It is a comma-separated string set. The order of values does not matter.
+
+Possible values are:
+
+* `none` or `,` - No flags.
+* `date` - the date in the local time zone: `2009/01/23`.
+* `time` - the time in the local time zone: `01:23:23`.
+* `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
+time.
+* `longfile` - full file name and line number: `/a/b/c/d.go:23`.
+* `shortfile` - final file name element and line number: `d.go:23`.
+* `funcname` - function name of the caller: `runtime.Caller()`.
+* `shortfuncname` - last part of the function name. Overrides
+`funcname`.
+* `utc` - if date or time is set, use UTC rather than the local time
+zone.
+* `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
+* `level` - Provided level in brackets `[INFO]`
+* `medfile` - Last 20 characters of the filename - equivalent to
+`shortfile,longfile`.
+* `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
+
+### Console mode
+
+For loggers in console mode, `COLORIZE` will default to `true` if not
+on windows, or the windows terminal can be set into ANSI mode or is a
+cygwin or Msys pipe.
+
+If `STDERR` is set to `true` the logger will use `os.Stderr` instead of
+`os.Stdout`.
+
+### File mode
+
+The `FILE_NAME` defaults as described above. If set it will be relative
+to the provided `ROOT_PATH` in the master `[log]` section.
+
+Other values:
+
+* `LOG_ROTATE`: **true**: Rotate the log files.
+* `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+* `DAILY_ROTATE`: **true**: Rotate logs daily.
+* `MAX_DAYS`: **7**: Delete the log file after n days
+* `COMPRESS`: **true**: Compress old log files by default with gzip
+* `COMPRESSION_LEVEL`: **-1**: Compression level
+
+### Conn mode
+
+* `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+* `RECONNECT`: **false**: Try to reconnect when connection is lost.
+* `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+* `ADDR`: **:7020**: Sets the address to connect to.
+
+### SMTP mode
+
+It is not recommended to use this logger to send general logging
+messages. However, you could perhaps set this logger to work on `FATAL`.
+
+* `USER`: User email address to send from.
+* `PASSWD`: Password for the smtp server.
+* `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+* `RECEIVERS`: Email addresses to send to.
+* `SUBJECT`: **Diagnostic message from Gitea**
+
+## Default Configuration
+
+The default empty configuration is equivalent to:
+
+```ini
+[log]
+ROOT_PATH = %(GITEA_WORK_DIR)/log
+MODE = console
+LEVEL = Info
+STACKTRACE_LEVEL = None
+REDIRECT_MACARON_LOG = false
+ENABLE_ACCESS_LOG = false
+ENABLE_XORM_LOG = true
+XORM = ,
+
+[log.console]
+MODE = console
+LEVEL = %(LEVEL)
+STACKTRACE_LEVEL = %(STACKTRACE_LEVEL)
+FLAGS = stdflags
+PREFIX =
+COLORIZE = true # Or false if your windows terminal cannot color
+```
+
+This is equivalent to sending all logs to the console, with default go log being sent to the console log too.
+
+## Log colorization
+
+Logs to the console will be colorized by default when not running on
+Windows. Terminal sniffing will occur on Windows and if it is
+determined that we are running on a terminal capable of color we will
+colorize.
+
+Further, on *nix it is becoming common to have file logs that are
+colored by default. Therefore file logs will be colorised by default
+when not running on Windows.
+
+You can switch on or off colorization by using the `COLORIZE` value.
+
+From a development point of view. If you write
+`log.Info("A %s string", "formatted")` the `formatted` part of the log
+message will be Bolded on colorized logs.
+
+You can change this by either rendering the formatted string yourself.
+Or you can wrap the value in a `log.ColoredValue` struct.
+
+The `log.ColoredValue` struct contains a pointer to value, a pointer to
+string of bytes which should represent a color and second set of reset
+bytes. Pointers were chosen to prevent copying of large numbers of
+values. There are several helper methods:
+
+* `log.NewColoredValue` takes a value and 0 or more color attributes
+that represent the color. If 0 are provided it will default to a cached
+bold. Note, it is recommended that color bytes constructed from
+attributes should be cached if this is a commonly used log message.
+* `log.NewColoredValuePointer` takes a pointer to a value, and
+0 or more color attributes that represent the color.
+* `log.NewColoredValueBytes` takes a value and a pointer to an array
+of bytes representing the color.
+
+These functions will not double wrap a `log.ColoredValue`. They will
+also set the `resetBytes` to the cached `resetBytes`.
+
+The `colorBytes` and `resetBytes` are not exported to prevent
+accidental overwriting of internal values.
+
+## ColorFormat & ColorFormatted
+
+Structs may implement the `log.ColorFormatted` interface by implementing the `ColorFormat(fmt.State)` function.
+
+If a `log.ColorFormatted` struct is logged with `%-v` format, its `ColorFormat` will be used instead of the usual `%v`. The full `fmt.State` will be passed to allow implementers to look at additional flags.
+
+In order to help implementers provide `ColorFormat` methods. There is a
+`log.ColorFprintf(...)` function in the log module that will wrap values in `log.ColoredValue` and recognise `%-v`.
+
+In general it is recommended not to make the results of this function too verbose to help increase its versatility. Usually this should simply be an `ID`:`Name`. If you wish to make a more verbose result, it is recommended to use `%-+v` as your marker.
+
+## Log Spoofing protection
+
+In order to protect the logs from being spoofed with cleverly
+constructed messages. Newlines are now prefixed with a tab and control
+characters except those used in an ANSI CSI are escaped with a
+preceding `\` and their octal value.
+
+## Creating a new named logger group
+
+Should a developer wish to create a new named logger, `NEWONE`. It is
+recommended to add an `ENABLE_NEWONE_LOG` value to the `[log]`
+section, and to add a new `NEWONE` value for the modes.
+
+A function like `func newNewOneLogService()` is recommended to manage
+construction of the named logger. e.g.
+
+```go
+func newNewoneLogService() {
+	EnableNewoneLog = Cfg.Section("log").Key("ENABLE_NEWONE_LOG").MustBool(false)
+	Cfg.Section("log").Key("NEWONE").MustString("file") // or console? or "," if you want to send this to default logger by default
+	if EnableNewoneLog {
+		options := newDefaultLogOptions()
+		options.filename = filepath.Join(LogRootPath, "newone.log")
+		options.flags = "stdflags"
+		options.bufferLength = Cfg.Section("log").Key("BUFFER_LEN").MustInt64(10000)
+		generateNamedLogger("newone", options)
+	}
+}
+```
+
+You should then add `newOneLogService` to `NewServices()` in
+`modules/setting/setting.go`
--- a/docs/content/doc/advanced/make.zh-cn.md
+++ b/docs/content/doc/advanced/make.zh-cn.md
@@ -0,0 +1,45 @@
+---
+date: "2017-01-14T11:00:00-02:00"
+title: "Make 安装"
+slug: "make"
+weight: 10
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Make 安装"
+    weight: 30
+    identifier: "make"
+---
+
+# 安装 Make
+
+Gitea 大量使用了 Make 工具来自动执行任务并改进开发，本文将介绍如何安装 Make。
+
+### 在 Linux 环境下
+
+可以使用包管理工具来安装 Make。
+
+Ubuntu/Debian 环境，执行以下命令：
+
+```bash
+sudo apt-get install make
+```
+
+Fedora/RHEL/CentOS，执行以下命令：
+
+```bash
+sudo yum install make
+```
+
+### 在 Windows 环境下
+
+您可以参照以下三种方案在 Windows 环境安装 Make：
+
+- 直接使用 [exe文件](http://www.equation.com/servlet/equation.cmd?fa=make)：将适合您系统的exe文件拷贝到某处并添加至环境变量 `PATH` 中。
+  - [32 位版本](ftp://ftp.equation.com/make/32/make.exe)
+  - [64 位版本](ftp://ftp.equation.com/make/64/make.exe)
+- 使用 [MinGW](http://www.mingw.org/) 工具：
+  - 此处使用二进制文件 `mingw32-make.exe` 替代前面提到的 `make.exe`文件。同样您需要将包含此exe文件的 `bin` 目录添加至环境变量 `PATH`中。
+- 通过 [Chocolatey](https://chocolatey.org/packages/make) 安装： 执行 `choco install make` 命令即可。
--- a/docs/content/doc/advanced/migrations.en-us.md
+++ b/docs/content/doc/advanced/migrations.en-us.md
@@ -0,0 +1,72 @@
+---
+date: "2019-04-15T17:29:00+08:00"
+title: "Advanced: Migrations Interfaces"
+slug: "migrations-interfaces"
+weight: 30
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Migrations Interfaces"
+    weight: 55
+    identifier: "migrations-interfaces"
+---
+
+# Migration Features
+
+The new migration features were introduced in Gitea 1.9.0. It defines two interfaces to support migrating 
+repositories data from other git host platforms to gitea or, in the future migrating gitea data to other 
+git host platforms. Currently, only the migrations from github via APIv3 to Gitea is implemented.
+
+First of all, Gitea defines some standard objects in packages `modules/migrations/base`. They are
+ `Repository`, `Milestone`, `Release`, `Label`, `Issue`, `Comment`, `PullRequest`.
+
+## Downloader Interfaces
+
+To migrate from a new git host platform, there are two steps to be updated.
+
+- You should implement a `Downloader` which will get all kinds of repository informations.
+- You should implement a `DownloaderFactory` which is used to detect if the URL matches and 
+create a Downloader.
+- You'll need to register the `DownloaderFactory` via `RegisterDownloaderFactory` on init.
+
+```Go
+type Downloader interface {
+	GetRepoInfo() (*Repository, error)
+	GetMilestones() ([]*Milestone, error)
+	GetReleases() ([]*Release, error)
+	GetLabels() ([]*Label, error)
+	GetIssues(start, limit int) ([]*Issue, error)
+	GetComments(issueNumber int64) ([]*Comment, error)
+	GetPullRequests(start, limit int) ([]*PullRequest, error)
+}
+```
+
+```Go
+type DownloaderFactory interface {
+	Match(opts MigrateOptions) (bool, error)
+	New(opts MigrateOptions) (Downloader, error)
+}
+```
+
+## Uploader Interface
+
+Currently, only a `GiteaLocalUploader` is implemented, so we only save downloaded 
+data via this `Uploader` on the local Gitea instance. Other uploaders are not supported
+and will be implemented in future.
+
+```Go
+// Uploader uploads all the informations
+type Uploader interface {
+	CreateRepo(repo *Repository, includeWiki bool) error
+	CreateMilestone(milestone *Milestone) error
+	CreateRelease(release *Release) error
+	CreateLabel(label *Label) error
+	CreateIssue(issue *Issue) error
+	CreateComment(issueNumber int64, comment *Comment) error
+	CreatePullRequest(pr *PullRequest) error
+	Rollback() error
+}
+
+```
--- a/docs/content/doc/advanced/oauth2-provider.md
+++ b/docs/content/doc/advanced/oauth2-provider.md
@@ -0,0 +1,92 @@
+---
+date: "2019-04-19:44:00+01:00"
+title: "OAuth2 provider"
+slug: "oauth2-provider"
+weight: 41
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "OAuth2 Provider"
+    weight: 41
+    identifier: "oauth2-provider"
+---
+
+
+# OAuth2 provider
+
+Gitea supports acting as an OAuth2 provider to allow third party applications to access its resources with the user's consent. This feature is available since release 1.8.0.
+
+## Endpoints
+
+
+Endpoint               | URL
+-----------------------|----------------------------
+Authorization Endpoint | `/login/oauth/authorize`
+Access Token Endpoint  | `/login/oauth/access_token`
+
+
+## Supported OAuth2 Grants
+
+At the moment Gitea only supports the [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) standard with additional support of the [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636) extension.
+ 
+
+To use the Authorization Code Grant as a third party application it is required to register a new application via the "Settings" (`/user/settings/applications`) section of the settings.
+
+## Scopes
+
+Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and his/her organizations.
+
+## Example
+
+**Note:** This example does not use PKCE.
+
+1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources:
+
+```curl
+https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
+``` 
+
+The `CLIENT_ID` can be obtained by registering an application in the settings. The `STATE` is a random string that will be send back to your application after the user authorizes. The `state` parameter is optional but should be used to prevent CSRF attacks.
+
+
+![Authorization Page](/authorize.png)
+
+The user will now be asked to authorize your application. If they authorize it, the user will be redirected to the `REDIRECT_URL`, for example:
+
+```curl
+https://[REDIRECT_URI]?code=RETURNED_CODE&state=STATE
+```
+
+2. Using the provided `code` from the redirect, you can request a new application and refresh token. The access token endpoints accepts POST requests with  `application/json` and `application/x-www-form-urlencoded` body, for example:
+
+```curl
+POST https://[YOUR-GITEA-URL]/login/oauth/access_token
+```
+
+```json
+{
+	"client_id": "YOUR_CLIENT_ID",
+	"client_secret": "YOUR_CLIENT_SECRET",
+	"code": "RETURNED_CODE",
+	"grant_type": "authorization_code",
+	"redirect_uri": "REDIRECT_URI"
+}
+```
+
+Response:
+```json
+{  
+"access_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjowLCJleHAiOjE1NTUxNzk5MTIsImlhdCI6MTU1NTE3NjMxMn0.0-iFsAwBtxuckA0sNZ6QpBQmywVPz129u75vOM7wPJecw5wqGyBkmstfJHAjEOqrAf_V5Z-1QYeCh_Cz4RiKug",  
+"token_type":"bearer",  
+"expires_in":3600,  
+"refresh_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjoxLCJjbnQiOjEsImV4cCI6MTU1NzgwNDMxMiwiaWF0IjoxNTU1MTc2MzEyfQ.S_HZQBy4q9r5SEzNGNIoFClT43HPNDbUdHH-GYNYYdkRfft6XptJBkUQscZsGxOW975Yk6RbgtGvq1nkEcklOw"  
+}
+```
+
+The `CLIENT_SECRET` is the unique secret code generated for this application. Please note that the secret will only be visible after you created/registered the application with Gitea and cannot be recovered. If you lose the secret you must regenerate the secret via the application's settings.
+
+The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.
+
+3. Use the  `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.
--- a/docs/content/doc/advanced/specific-variables.en-us.md
+++ b/docs/content/doc/advanced/specific-variables.en-us.md
@@ -59,11 +59,10 @@ For documentation about each of the variables available, refer to the
  * `HOST`: Host Macaron will listen on
  * `PORT`: Port Macaron will listen on
  * `MACARON_ENV`: global variable to provide special functionality for development environments
-     vs. production environments. If MACARON_ENV is set to "" or "development" then templates will
+     vs. production environments. If MACARON_ENV is set to "" or "development", then templates will
     be recompiled on every request. For more performance, set the MACARON_ENV environment variable
     to "production".

 ## Miscellaneous

  * `SKIP_MINWINSVC`: If set to 1, do not run as a service on Windows.
-  * `ZOOKEEPER_PATH`: [Zookeeper](http://zookeeper.apache.org/) jar file path
--- a/docs/content/doc/advanced/specific-variables.zh-cn.md
+++ b/docs/content/doc/advanced/specific-variables.zh-cn.md
@@ -0,0 +1,62 @@
+---
+date: "2017-04-08T11:34:00+02:00"
+title: "环境变量清单"
+slug: "specific-variables"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "环境变量清单"
+    weight: 20
+    identifier: "specific-variables"
+---
+
+# 环境变量清单
+
+这里是用来控制 Gitea 行为表现的的环境变量清单，您需要在执行如下 Gitea 启动命令前设置它们来确保配置生效：
+
+```
+GITEA_CUSTOM=/home/gitea/custom ./gitea web
+```
+
+## Go 的配置
+
+因为 Gitea 使用 Go 语言编写，因此它使用了一些相关的 Go 的配置参数：
+
+  * `GOOS`
+  * `GOARCH`
+  * [`GOPATH`](https://golang.org/cmd/go/#hdr-GOPATH_environment_variable)
+
+您可以在[官方文档](https://golang.org/cmd/go/#hdr-Environment_variables)中查阅这些配置参数的详细信息。
+
+## Gitea 的文件目录
+
+  * `GITEA_WORK_DIR`：工作目录的绝对路径
+  * `GITEA_CUSTOM`：默认情况下 Gitea 使用默认目录 `GITEA_WORK_DIR`/custom，您可以使用这个参数来配置 *custom* 目录
+  * `GOGS_WORK_DIR`： 已废弃，请使用 `GITEA_WORK_DIR` 替代
+  * `GOGS_CUSTOM`： 已废弃，请使用 `GITEA_CUSTOM` 替代
+
+## 操作系统配置
+
+  * `USER`：Gitea 运行时使用的系统用户，它将作为一些 repository 的访问地址的一部分
+  * `USERNAME`： 如果没有配置 `USER`， Gitea 将使用 `USERNAME`
+  * `HOME`： 用户的 home 目录，在 Windows 中会使用 `USERPROFILE` 环境变量
+
+### 仅限于 Windows 的配置
+
+  * `USERPROFILE`： 用户的主目录，如果未配置则会使用 `HOMEDRIVE` + `HOMEPATH`
+  * `HOMEDRIVE`: 用于访问 home 目录的主驱动器路径（C盘）
+  * `HOMEPATH`：在指定主驱动器下的 home 目录相对路径
+
+## Macaron（Gitea 使用的 web 框架）
+
+  * `HOST`：Macaron 监听的主机地址
+  * `PORT`：Macaron 监听的端口地址
+  * `MACARON_ENV`：为开发环境和生产环境提供特殊功能性配置的全局变量，当 MACARON_ENV 设置为 "" 或 "development"
+  时，每次请求都会重编译页面模板。为了提高性能表现，可将它设置为 "production"。
+
+## Miscellaneous
+
+  * `SKIP_MINWINSVC`：如果设置为 1，在 Windows 上不会以 service 的形式运行。
--- a/docs/content/doc/advanced/third-party-tools.en-us.md
+++ b/docs/content/doc/advanced/third-party-tools.en-us.md
@@ -0,0 +1,36 @@
+---
+date: "2018-05-22T11:00:00+00:00"
+title: "Advanced: Third Party Tools"
+slug: "third-party-tools"
+weight: 50
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Third Party Tools"
+    weight: 50
+    identifier: "third-party-tools"
+---
+
+# List of third-party tools
+**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
+
+*This is by no means a complete list, so feel free to ask about adding more!*
+
+### Continuous Integration
+[BuildKite Connector](https://github.com/techknowlogick/gitea-buildkite-connector)  
+[Jenkins Plugin](https://github.com/jenkinsci/gitea-plugin)  
+[Using Gitea with Drone](https://docs.drone.io/installation/gitea/)
+
+
+### Migrating
+[Installation script for Gitea](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
+[GitHub Migrator](https://gitea.com/gitea/migrator)
+
+
+### Mobile
+[GitNex for Android](https://gitlab.com/mmarif4u/gitnex)
+
+###  Editor Extensions
+ - [Gitea Extension for Visual Studio](https://github.com/maikebing/Gitea.VisualStudio)   Download from   [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio)
--- a/docs/content/doc/features/authentication.en-us.md
+++ b/docs/content/doc/features/authentication.en-us.md
@@ -91,7 +91,7 @@ Both the LDAP via BindDN and the simple auth LDAP share the following fields:
    name given on sign-in form.
  - Example: `(&(objectClass=posixAccount)(uid=%s))`
  - Example for Microsoft Active Directory (AD): `(&(objectCategory=Person)(memberOf=CN=user-group,OU=example,DC=example,DC=org)(sAMAccountName=%s)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))`
-  - To substitute more than once `%[1]s` should be used instead, e.g. when
+  - To substitute more than once, `%[1]s` should be used instead, e.g. when
    matching supplied login name against multiple attributes such as user
    identifier, email or even phone number.
  - Example: `(&(objectClass=Person)(|(uid=%[1]s)(mail=%[1]s)(mobile=%[1]s)))`
@@ -115,6 +115,10 @@ Both the LDAP via BindDN and the simple auth LDAP share the following fields:
  - Example: `cn=%s,ou=Users,dc=mydomain,dc=com`
  - Example: `uid=%s,ou=Users,dc=mydomain,dc=com`

+- User Search Base  (optional)
+  - The LDAP base at which user accounts will be searched for.
+  - Example: `ou=Users,dc=mydomain,dc=com`
+
 - User Filter **(required)**
  - An LDAP filter declaring when a user should be allowed to log in. The `%s`
    matching parameter will be substituted with login name given on sign-in
@@ -181,7 +185,7 @@ configure this, set the fields below:

 ## FreeIPA

- In order to log in to Gitea using FreeIPA credentials,a bind account needs to
+- In order to log in to Gitea using FreeIPA credentials, a bind account needs to
  be created for Gitea:

 - On the FreeIPA server, create a `gitea.ldif` file, replacing `dc=example,dc=com`
--- a/docs/content/doc/features/comparison.en-us.md
+++ b/docs/content/doc/features/comparison.en-us.md
@@ -15,9 +15,9 @@ menu:

 # Gitea compared to other Git hosting options

-To help decide if Gitea is suited for your needs here is how it compares to other Git self hosted options.
+To help decide if Gitea is suited for your needs, here is how it compares to other Git self hosted options.

-Be warned that we don't regularly check for feature changes in other products so this list can be outdated. If you find anything that needs to be updated in table below please report [issue on Github](https://github.com/go-gitea/gitea/issues).
+Be warned that we don't regularly check for feature changes in other products, so this list may be outdated. If you find anything that needs to be updated in the table below, please report it in an [issue on GitHub](https://github.com/go-gitea/gitea/issues).

 _Symbols used in table:_

@@ -37,11 +37,14 @@ _Symbols used in table:_
 | Multiple OS support | ✓ | ✓ | ✘ | ✘ | ✘ | ✘ | ✓ |
 | Easy upgrade process | ✓ | ✓ | ✘ | ✓ | ✓ | ✘ | ✓ |
 | Markdown support | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Static Git-powered pages | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Orgmode support | ✓ | ✘ | ✓ | ✘ | ✘ | ✘ | ? |
+| CSV support | ✓ | ✘ | ✓ | ✘ | ✘ | ✓ | ? |
+| Third-party render tool support | ✓ | ✘ | ✘ | ✘ | ✘ | ✓ | ? |
+| Static Git-powered pages | [✘](https://github.com/go-gitea/gitea/issues/302) | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Integrated Git-powered wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Deploy Tokens | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Repository Tokens with write rights | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✓ |
-| Built-in Container Registry | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Built-in Container Registry | [✘](https://github.com/go-gitea/gitea/issues/2316) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | External git mirroring | ✓ | ✓ | ✘ | ✘ | ✓ | ✓ | ✓ |
 | FIDO U2F (2FA) | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Built-in CI/CD | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
@@ -53,7 +56,7 @@ _Symbols used in table:_
 |---------|-------|------|-----------|-----------|-----------|-----------|--------------|
 | Repository topics | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Repository code search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Global code search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Global code search | ✓ | ✘ | ✓ | ✘ | ✓ | ✓ | ✓ |
 | Git LFS 2.0 | ✓ | ✘ | ✓ | ✓ | ✓ | ⁄ | ✓ |
 | Group Milestones | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Granular user roles (Code, Issues, Wiki etc) | ✓ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
@@ -74,16 +77,19 @@ _Symbols used in table:_
 | Issue templates | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Labels | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Time tracking | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Multiple assignees for issues | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Multiple assignees for issues | ✓ | ✘ | ✓ | ✘ | ✓ | ✘ | ✘ |
 | Related issues | ✘ | ✘ | ⁄ | ✘ | ✓ | ✘ | ✘ |
 | Confidential issues | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Comment reactions | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Lock Discussion | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Lock Discussion | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Batch issue handling | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Issue Boards | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Issue Boards | [✘](https://github.com/go-gitea/gitea/issues/3476) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Create new branches from issues | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Issue search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
-| Global issue search | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Global issue search | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Issue dependency | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
+| Create issue via email | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
+| Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✘ | ✓ | ✘ | ✘ |

 #### Pull/Merge requests

@@ -92,13 +98,13 @@ _Symbols used in table:_
 | Pull/Merge requests | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Squash merging | ✓ | ✘ | ✓ | ✘ | ✓ | ✓ | ✓ |
 | Rebase merging | ✓ | ✓ | ✓ | ✘ | ⁄ | ✘ | ✓ |
-| Pull/Merge request inline comments | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Pull/Merge request approval | ✘ | ✘ | ⁄ | ✓ | ✓ | ✓ | ✓ |
-| Merge conflict resolution | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Pull/Merge request inline comments | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Pull/Merge request approval | ✓ | ✘ | ⁄ | ✓ | ✓ | ✓ | ✓ |
+| Merge conflict resolution | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Restrict push and merge access to certain users | ✓ | ✘ | ✓ | ⁄ | ✓ | ✓ | ✓ |
-| Revert specific commits or a merge request | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Revert specific commits or a merge request | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Pull/Merge requests templates | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Cherry-picking changes | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Cherry-picking changes | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |


 #### 3rd-party integrations
@@ -112,8 +118,9 @@ _Symbols used in table:_
 | LDAP user synchronization | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | OpenId Connect support | ✓ | ✘ | ✓ | ✓ | ✓ | ? | ✘ |
 | OAuth 2.0 integration (external authorization) | ✓ | ✘ | ⁄ | ✓ | ✓ | ? | ✓ |
-| Act as OAuth 2.0 provider | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Act as OAuth 2.0 provider | [✓](https://github.com/go-gitea/gitea/pull/5378) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Two factor authentication (2FA) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Mattermost/Slack integration | ✓ | ✓ | ⁄ | ✓ | ✓ | ⁄ | ✓ |
-| Discord integration | ✓ | ✓ | ✓ | ✘ | ✘ | ✘ | ✘ |
+| Discord integration | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Microsoft Teams integration | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | External CI/CD status display | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
--- a/docs/content/doc/features/comparison.zh-cn.md
+++ b/docs/content/doc/features/comparison.zh-cn.md
@@ -0,0 +1,127 @@
+---
+date: "2019-02-14T11:51:04+08:00"
+title: "横向对比 Gitea 与其它 Git 托管工具"
+slug: "comparison"
+weight: 5
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "features"
+    name: "横向对比"
+    weight: 5
+    identifier: "comparison"
+---
+
+# 横向对比 Gitea 与其它 Git 托管工具
+
+这里列出了 Gitea 与其它一些 Git 托管工具之间的异同，以便确认 Gitea 是否能够满足您的需求。
+
+请注意，此列表中的某些表项可能已经过时，因为我们并没有定期检查其它产品的功能是否有所更改。你可以前往 [Github issue](https://github.com/go-gitea/gitea/issues) 来帮助我们更新过时的内容，感谢！
+
+_表格中的符号含义:_
+
+* _✓ - 支持_
+
+* _⁄ - 部分支持_
+
+* _✘ - 不支持_
+
+* _? - 不确定_
+
+#### 主要特性
+
+| 特性                  | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+|-----------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
+| 开源免费              | ✓     | ✓    | ✘         | ✓         | ✘         | ✘         | ✓            |
+| 低资源开销 (RAM/CPU)  | ✓     | ✓    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| 支持多种数据库        | ✓     | ✓    | ✘         | ⁄         | ⁄         | ✓         | ✓            |
+| 支持多种操作系统      | ✓     | ✓    | ✘         | ✘         | ✘         | ✘         | ✓            |
+| 升级简便              | ✓     | ✓    | ✘         | ✓         | ✓         | ✘         | ✓            |
+| 支持 Markdown         | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 支持 Orgmode          | ✓     | ✘    | ✓         | ✘         | ✘         | ✘         | ?            |
+| 支持 CSV              | ✓     | ✘    | ✓         | ✘         | ✘         | ✓         | ?            |
+| 支持第三方渲染工具    | ✓     | ✘    | ✘         | ✘         | ✘         | ✓         | ?            |
+| Git 驱动的静态 pages  | ✘     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Git 驱动的集成化 wiki | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 部署令牌              | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 仓库写权限令牌        | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
+| 内置容器 Registry     | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 外部 Git 镜像         | ✓     | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
+| FIDO U2F (2FA)        | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 内置 CI/CD            | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 子组织：组织内的组织  | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✓            |
+
+#### 代码管理
+
+| 特性                                     | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+|------------------------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
+| 仓库主题描述                             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 仓库内代码搜索                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 全局代码搜索                             | ✓     | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
+| Git LFS 2.0                              | ✓     | ✘    | ✓         | ✓         | ✓         | ⁄         | ✓            |
+| 组织里程碑                               | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 细粒度用户角色 (例如 Code, Issues, Wiki) | ✓     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 提交人的身份验证                         | ✘     | ✘    | ?         | ✓         | ✓         | ✓         | ✘            |
+| GPG 签名的提交                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 拒绝未用通过验证的提交                   | ✘     | ✘    | ✓         | ✓         | ✓         | ✘         | ✓            |
+| 仓库活跃度页面                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 分支管理                                 | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 建立新分支                               | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 在线代码编辑                             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 提交的统计图表                           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+
+#### Issue 管理
+
+| 特性                 | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+|----------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
+| 跟踪 Issue           | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Issue 模板           | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 标签                 | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 跟踪时间             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Issue 可有多个负责人 | ✓     | ✘    | ✓         | ✘         | ✓         | ✘         | ✘            |
+| 关联的 issues        | ✘     | ✘    | ⁄         | ✘         | ✓         | ✘         | ✘            |
+| 私密 issues          | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 评论反馈             | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 锁定讨论             | ✘     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Issue 批量处理       | ✓     | ✘    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| Issue 看板           | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| 从 issues 创建分支   | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+| Issue 搜索           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 全局 Issue 搜索      | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Issue 依赖           | ✓     | ✘    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
+| Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✘ | ✓ | ✘ | ✘ |
+
+#### Pull/Merge requests
+
+| 特性                                 | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+|--------------------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
+| Pull/Merge requests                  | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| Squash merging                       | ✓     | ✘    | ✓         | ✘         | ✓         | ✓         | ✓            |
+| Rebase merging                       | ✓     | ✓    | ✓         | ✘         | ⁄         | ✘         | ✓            |
+| 评论 Pull/Merge request 中的某行代码 | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 指定 Pull/Merge request 的审核人     | ✓     | ✘    | ⁄         | ✓         | ✓         | ✓         | ✓            |
+| 解决 Merge 冲突                      | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 限制某些用户的 push 和 merge 权限    | ✓     | ✘    | ✓         | ⁄         | ✓         | ✓         | ✓            |
+| 回退某些 commits 或 merge request    | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| Pull/Merge requests 模板             | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 查看 Cherry-picking 的更改           | ✘     | ✘    | ✘         | ✓         | ✓         | ✘         | ✘            |
+
+
+#### 第三方集成
+
+| 特性                       | Gitea | Gogs | GitHub EE | GitLab CE | GitLab EE | BitBucket | RhodeCode CE |
+|----------------------------|-------|------|-----------|-----------|-----------|-----------|--------------|
+| 支持 Webhook               | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 自定义 Git 钩子            | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 集成 AD / LDAP             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 支持多个 LDAP / AD 服务    | ✓     | ✓    | ✘         | ✘         | ✓         | ✓         | ✓            |
+| LDAP 用户同步              | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
+| 支持 OpenId 连接           | ✓     | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
+| 集成 OAuth 2.0（外部授权） | ✓     | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
+| 作为 OAuth 2.0 provider    | [✓](https://github.com/go-gitea/gitea/pull/5378)     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 二次验证 (2FA)             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 集成 Mattermost/Slack      | ✓     | ✓    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
+| 集成 Discord               | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
+| 显示外部 CI/CD 的状态      | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
--- a/docs/content/doc/features/webhooks.en-us.md
+++ b/docs/content/doc/features/webhooks.en-us.md
@@ -15,8 +15,8 @@ menu:

 # Webhooks

-Gitea supports web hooks for repository events, this can be found in the settings
-page(`/:username/:reponame/settings/hooks`). All event pushes are POST requests.
+Gitea supports web hooks for repository events. This can be found in the settings
+page `/:username/:reponame/settings/hooks`. All event pushes are POST requests.
 The two methods currently supported are Gitea and Slack.

 ### Event information
@@ -26,8 +26,8 @@ a Payload URL:


 ```
-X-Github-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
-X-Github-Event: push
+X-GitHub-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
+X-GitHub-Event: push
 X-Gogs-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
 X-Gogs-Event: push
 X-Gitea-Delivery: f6266f16-1bf3-46a5-9ea4-602e06ead473
--- a/docs/content/doc/help/faq.en-us.md
+++ b/docs/content/doc/help/faq.en-us.md
@@ -0,0 +1,270 @@
+---
+date: "2019-04-05T16:00:00+02:00"
+title: "FAQ"
+slug: "faq"
+weight: 5
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "FAQ"
+    weight: 5
+    identifier: "faq"
+---
+
+# Frequently Asked Questions
+
+This page contains some common questions and answers.  
+Also see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}})
+
+* [Difference between 1.x and 1.x.x downloads](#difference-between-1-x-and-1-x-x-downloads)
+* [How to migrate from Gogs/GitHub/etc. to Gitea](#how-to-migrate-from-gogs-github-etc-to-gitea)
+* [Where does Gitea store "x" file](#where-does-gitea-store-x-file)
+* [Not seeing a clone URL or the clone URL being incorrect](#not-seeing-a-clone-url-or-the-clone-url-being-incorrect)
+* [Custom Templates not loading or working incorrectly](#custom-templates-not-loading-or-working-incorrectly)
+* [Active user vs login prohibited user](#active-user-vs-login-prohibited-user)
+* [Setting up logging](#setting-up-logging)
+* [What is Swagger?](#what-is-swagger)
+* [Adjusting your server for public/private use](#adjusting-your-server-for-public-private-use)
+  * [Preventing spammers](#preventing-spammers)
+  * [Only allow/block certain email domains](#only-allow-block-certain-email-domains)
+  * [Issue only users](#issue-only-users)
+  * [Enable Fail2ban](#enable-fail2ban)
+* [Adding custom themes](#how-to-add-use-custom-themes)
+* [SSHD vs built-in SSH](#sshd-vs-built-in-ssh)
+* [Gitea is running slow](#gitea-is-running-slow)
+* [Can't create repositories/files](#cant-create-repositories-files)
+* [Translation is incorrect/how to add more translations](#translation-is-incorrect-how-to-add-more-translations)
+* [Hooks aren't running](#hooks-aren-t-running)
+* [SSH Issues](#ssh-issues)
+  * [SSH Common Errors](#ssh-common-errors)
+* [Missing releases after migration repository with tags](#missing-releases-after-migrating-repository-with-tags)
+* [LFS Issues](#lfs-issues)
+
+
+## Difference between 1.x and 1.x.x downloads
+Version 1.7.x will be used for this example.  
+**NOTE:** this example applies to Docker images as well!  
+
+On our [downloads page](https://dl.gitea.io/gitea/) you will see a 1.7 directory, as well as directories for 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, and 1.7.6.  
+The 1.7 and 1.7.0 directories are **not** the same. The 1.7 directory is built on each merged commit to the [`release/v1.7`](https://github.com/go-gitea/gitea/tree/release/v1.7) branch.  
+The 1.7.0 directory, however, is a build that was created when the [`v1.7.0`](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) tag was created.  
+
+This means that 1.x downloads will change as commits are merged to their respective branch (think of it as a separate "master" branch for each release).  
+On the other hand, 1.x.x downloads should never change.
+
+## How to migrate from Gogs/GitHub/etc. to Gitea
+To migrate from Gogs to Gitea:
+
+* [Gogs version 0.9.146 or less]({{< relref "doc/upgrade/from-gogs.en-us.md" >}})
+* [Gogs version 0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)
+
+To migrate from GitHub to Gitea, you can use Gitea's [Migrator tool](https://gitea.com/gitea/migrator)
+
+To migrate from Gitlab to Gitea, you can use this non-affiliated tool:  
+https://github.com/loganinak/MigrateGitlabToGogs
+
+## Where does Gitea store "x" file
+* WorkPath
+  * Environment variable `GITEA_WORK_DIR`
+  * Else binary location
+* AppDataPath (default for database, indexers, etc.)
+  * `APP_DATA_PATH` from `app.ini`
+  * Else `%(WorkPath)/data`
+* CustomPath (custom templates)
+  * Environment variable `GITEA_CUSTOM`
+  * Else `%(WorkPath)/custom`
+* HomeDir
+  * Unix: Environment variable `HOME`
+  * Windows: Environment variable `USERPROFILE`, else environment variables `HOMEDRIVE`+`HOMEPATH`
+* RepoRootPath
+  * `ROOT` in `app.ini`
+  * Else `%(HomeDir)/gitea-repositories`
+* INI (config file)
+  * `-c` flag
+  * Else `%(CustomPath)/conf/app.ini`
+* SQLite Database 
+  * `PATH` in `database` section of `app.ini`
+  * Else `%(AppDataPath)/gitea.db`
+
+## Not seeing a clone URL or the clone URL being incorrect
+There are a few places that could make this show incorrectly.
+
+1. If using a reverse proxy, make sure you have followed the correction directions in the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}})
+2. Make sure you have correctly set `ROOT_URL` in the `server` section of your `app.ini`
+
+If certain clone options aren't showing up (HTTP/S or SSH), the following options can be checked in your `app.ini`
+
+`DISABLE_HTTP_GIT`: if set to true, there will be no HTTP/HTTPS link  
+`DISABLE_SSH`: if set to true, there will be no SSH link  
+`SSH_EXPOSE_ANONYMOUS`: if set to false, SSH links will be hidden for anonymous users  
+
+
+## Custom Templates not loading or working incorrectly
+Gitea's custom templates must be added to the correct location or Gitea will not find and use them.  
+The correct path for the template(s) will be relative to the `CustomPath`
+
+1. To find `CustomPath`, look for Custom File Root Path in Site Administration -> Configuration 
+  * If that doesn't exist, you can try `echo $GITEA_CUSTOM`
+2. If you are still unable to find a path, the default can be [calculated above](#where-does-gitea-store-x-file)
+3. Once you have figured out the correct custom path, you can refer to the [customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}}) page to add your template to the correct location.
+
+## Active user vs login prohibited user
+In Gitea, an "active" user refers to a user that has activated their account via email.  
+A "login prohibited" user is a user that is not allowed to log in to Gitea anymore
+
+## Setting up logging 
+* [Official Docs]({{< relref "doc/advanced/logging-documentation.en-us.md" >}})
+
+## What is Swagger?
+[Swagger](https://swagger.io/) is what Gitea uses for its API.  
+All Gitea instances have the built-in API, though it can be disabled by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`  
+For more information, refer to Gitea's [API docs]({{< relref "doc/advanced/api-usage.en-us.md" >}})
+
+[Swagger Example](https://try.gitea.io/api/swagger)
+
+## Adjusting your server for public/private use
+
+### Preventing spammers
+There are multiple things you can combine to prevent spammers.  
+
+1. By only whitelisting certain domains with OpenID (see below)
+2. Setting `ENABLE_CAPTCHA` to `true` in your `app.ini` and properly configuring `RECAPTCHA_SECRET` and `RECAPTCHA_SITEKEY`
+3. Settings `DISABLE_REGISTRATION` to `true` and creating new users via the [CLI]({{< relref "doc/usage/command-line.en-us.md" >}}), [API]({{< relref "doc/advanced/api-usage.en-us.md" >}}), or Gitea's Admin UI  
+
+### Only allow/block certain email domains
+If using OpenID, you can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` in your `app.ini`  
+**NOTE:** whitelisted takes precedence, so if it is non-blank then blacklisted is ignored
+
+### Issue only users
+The current way to achieve this is to create/modify a user with a max repo creation limit of 0.
+
+### Enable Fail2ban
+
+Use [Fail2Ban]({{ relref "doc/usage/fail2ban-setup.md" >}}) to monitor and stop automated login attempts or other malicious behavior based on log patterns
+
+## How to add/use custom themes
+Gitea supports two official themes right now, `gitea` and `arc-green` (`light` and `dark` respectively)  
+To add your own theme, currently the only way is to provide a complete theme (not just color overrides)  
+  
+As an example, let's say our theme is `arc-blue` (this is a real theme, and can be found [in this issue](https://github.com/go-gitea/gitea/issues/6011))  
+Name the `.css` file `theme-arc-blue.css` and add it to your custom folder in `custom/pulic/css`  
+Allow users to use it by adding `arc-blue` to the list of `THEMES` in your `app.ini`
+
+## SSHD vs built-in SSH
+SSHD is the built-in SSH server on most Unix systems.  
+Gitea also provides its own SSH server, for usage when SSHD is not available.
+
+## Gitea is running slow
+The most common culprit for this is loading federated avatars.  
+This can be turned off by setting `ENABLE_FEDERATED_AVATAR` to `false` in your `app.ini`  
+Another option that may need to be changed is setting `DISABLE_GRAVATAR` to `true` in your `app.ini`
+
+## Can't create repositories/files
+Make sure that Gitea has sufficient permissions to write to its home directory and data directory.  
+See [AppDataPath and RepoRootPath](#where-does-gitea-store-x-file)
+
+**Note for Arch users:** At the time of writing this, there is an issue with the Arch package's systemd file including this line:
+`ReadWritePaths=/etc/gitea/app.ini`  
+Which makes all other paths non-writeable to Gitea.
+
+## Translation is incorrect/how to add more translations
+Our translations are currently crowd-sourced on our [Crowdin project](https://crowdin.com/project/gitea)  
+Whether you want to change a translation or add a new one, it will need to be there as all translations are overwritten in our CI via the Crowdin integration.
+
+## Hooks aren't running
+If Gitea is not running hooks, a common cause is incorrect setup of SSH keys.  
+See [SSH Issues](#ssh-issues) for more information.  
+  
+You can also try logging into the administration panel and running the `Resynchronize pre-receive, update and post-receive hooks of all repositories.` option.
+
+## SSH issues
+If you cannot reach repositories over `ssh`, but `https` works fine, consider looking into the following.
+
+First, make sure you can access Gitea via SSH.  
+`ssh git@myremote.example`  
+
+If the connection is successful, you should receive an error message like the following:
+```
+Hi there, You've successfully authenticated, but Gitea does not provide shell access.
+If this is unexpected, please log in with password and setup Gitea under another user.
+```
+
+If you do not get the above message but still connect, it means your SSH key is **not** being managed by Gitea. This means hooks won't run, among other potential problems.
+
+If you cannot connect at all, your SSH key may not be configured correctly locally. 
+This is specific to SSH and not Gitea, so will not be covered here. 
+
+### SSH Common Errors
+
+```
+Permission denied (publickey).
+fatal: Could not read from remote repository.
+```
+
+This error signifies that the server rejected a log in attempt, check the
+following things:
+
+* On the client:
+  * Ensure the public and private ssh keys are added to the correct Gitea user.
+  * Make sure there are no issues in the remote url. In particular, ensure the name of the
+    git user (before the `@`) is spelled correctly.
+  * Ensure public and private ssh keys are correct on client machine.
+* On the server:
+  * Make sure the repository exists and is correctly named.
+  * Check the permissions of the `.ssh` directory in the system user's home directory.
+  * Verify that the correct public keys are added to `.ssh/authorized_keys`.  
+    Try to run `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys)` on the
+    Gitea admin panel.
+  * Read Gitea logs.
+  * Read /var/log/auth (or similar).
+  * Check permissions of repositories.
+
+The following is an example of a missing public SSH key where authentication
+succeeded, but some other setting is preventing SSH from reaching the correct
+repository.
+
+```
+fatal: Could not read from remote repository.
+
+Please make sure you have the correct access rights
+and the repository exists.
+```
+
+In this case, look into the following settings:
+
+* On the server:
+  * Make sure that the `git` system user has a usable shell set
+    * Verify this with `getent passwd git | cut -d: -f7`
+    * `usermod` or `chsh` can be used to modify this.
+  * Ensure that the `gitea serv` command in `.ssh/authorized_keys` uses the
+    correct configuration file.
+
+## Missing releases after migrating repository with tags
+
+To migrate an repository *with* all tags, you need to do two things:
+
+* Push tags to the repository:
+```
+ git push --tags
+ ```
+ 
+ * (Re-)sync tags of all repositories within Gitea:
+ ```
+ gitea admin repo-sync-releases
+ ```
+
+## LFS Issues
+
+For issues concerning LFS data upload
+
+```
+batch response: Authentication required: Authorization error: <GITEA_LFS_URL>/info/lfs/objects/batch                                                                                                              
+Check that you have proper access to the repository
+error: failed to push some refs to '<GIT_REPO_URL>'
+```
+Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.  
+By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit. 
+
+You may want to set this value to `60m` or `120m`.
--- a/docs/content/doc/help/seek-help.en-us.md
+++ b/docs/content/doc/help/seek-help.en-us.md
@@ -15,12 +15,21 @@ menu:

 # Support Options

- [Discord](https://discord.gg/NsatcWJ)
+- [Discord](https://discord.gg/Gitea)
 - [Discourse Forum](https://discourse.gitea.io/)

+**NOTE:** When asking for support, it may be a good idea to have the following available so that the person helping has all the info they need:
+
+1. Your `app.ini` (with any sensitive data scrubbed as necessary)
+2. The `gitea.log` (and any other appropriate log files for the situation)
+  * e.g. If the error is related to the database, the `xorm.log` might be helpful
+3. Any error messages you are seeing
+4. When possible, try to replicate the issue on [try.gitea.io](https://try.gitea.io) and include steps so that others can reproduce the issue.
+  * This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
+
 ## Bugs

-If you found a bug, please create an [issue on Github](https://github.com/go-gitea/gitea/issues).
+If you found a bug, please create an [issue on GitHub](https://github.com/go-gitea/gitea/issues).

 ## Chinese Support

--- a/docs/content/doc/help/troubleshooting.en-us.md
+++ b/docs/content/doc/help/troubleshooting.en-us.md
@@ -1,82 +0,0 @@
---
-date: "2016-11-08T16:00:00+02:00"
-title: "Troubleshooting"
-slug: "troubleshooting"
-weight: 10
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "Troubleshooting"
-    weight: 20
-    identifier: "troubleshooting"
---
-
-# Troubleshooting
-
-This page contains some common seen issues and their solutions.
-
-## SSH issues
-
-For issues reaching repositories over `ssh` while the gitea web front-end, but
-`https` based git repository access works fine, consider looking into the following.
-
-```
-Permission denied (publickey).
-fatal: Could not read from remote repository.
-```
-
-This error signifies that the server rejected a log in attempt, check the
-following things:
-
-* On the client:
-  * Ensure the public and private ssh keys are added to the correct Gitea user.
-  * Make sure there are no issues in the remote url, ensure the name of the
-    git user (before the `@`) is spelled correctly.
-  * Ensure public and private ssh keys are correct on client machine.
-  * Try to connect using ssh (ssh git@myremote.example) to ensure a connection
-    can be made.
-* On the server:
-  * Make sure the repository exists and is correctly named.
-  * Check the permissions of the `.ssh` directory in the system user's home directory.
-  * Verify that the correct public keys are added to `.ssh/authorized_keys`.
-    Try to run `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys)` on the
-    Gitea admin panel.
-  * Read gitea logs.
-  * Read /var/log/auth (or similar).
-  * Check permissions of repositories.
-
-The following is an example of a missing public SSH key where authentication
-succeeded, but some other setting is preventing SSH from reaching the correct
-repository.
-
-```
-fatal: Could not read from remote repository.
-
-Please make sure you have the correct access rights
-and the repository exists.
-```
-
-In this case, look into the following settings:
-
-* On the server:
-  * Make sure that the `git` system user has a usable shell set
-    * Verify this with `getent passwd git | cut -d: -f7`
-    * `usermod` or `chsh` can be used to modify this.
-  * Ensure that the `gitea serv` command in `.ssh/authorized_keys` uses the
-    correct configuration file.
-
-## Missing releases after migrating repository with tags
-
-To migrate an repository *with* all tags you need to do two things
-
-* Push tags to the repository:
-```
- git push --tags
- ```
- 
- * (Re-)sync tags of all repositories within gitea:
- ```
- gitea admin repo-sync-releases
- ```
--- a/docs/content/doc/installation/from-binary.en-us.md
+++ b/docs/content/doc/installation/from-binary.en-us.md
@@ -17,14 +17,22 @@ menu:

 All downloads come with SQLite, MySQL and PostgreSQL support, and are built with
 embedded assets. This can be different for older releases. Choose the file matching
-the destination platform from the [downloads page](https://dl.gitea.io/gitea), copy
+the destination platform from the [downloads page](https://dl.gitea.io/gitea/), copy
 the URL and replace the URL within the commands below:

 ```sh
-wget -O gitea https://dl.gitea.io/gitea/1.4.2/gitea-1.4.2-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
 chmod +x gitea
 ```

+## Verify GPG signature
+Gitea signs all binaries with a [GPG key](https://pgp.mit.edu/pks/lookup?op=vindex&fingerprint=on&search=0x2D9AE806EC1592E2) to prevent against unwanted modification of binaries. To validate the binary, download the signature file which ends in `.asc` for the binary you downloaded and use the gpg command line tool.
+
+```sh
+gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
+gpg --verify gitea-1.8.3-linux-amd64.asc gitea-1.8.3-linux-amd64
+```
+
 ## Test

 After getting a binary, it can be tested with `./gitea web` or moved to a permanent
@@ -36,14 +44,17 @@ location. When launched manually, Gitea can be killed using `Ctrl+C`.

 ## Recommended server configuration

+**NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/specific-variables.en-us.md" >}}) as well!  
+Of note, configuring `GITEA_WORK_DIR` will tell Gitea where to base its working directory, as well as ease installation.
+
 ### Prepare environment

-Check that git is installed on the server, if it is not install it first.
+Check that Git is installed on the server. If it is not, install it first.
 ```sh
 git --version
 ```

-Create user to run gitea (ex. `git`)
+Create user to run Gitea (ex. `git`)
 ```sh
 adduser \
   --system \
@@ -58,30 +69,62 @@ adduser \
 ### Create required directory structure

 ```sh
-mkdir -p /var/lib/gitea/{custom,data,indexers,public,log}
-chown git:git /var/lib/gitea/{data,indexers,log}
-chmod 750 /var/lib/gitea/{data,indexers,log}
+mkdir -p /var/lib/gitea/{custom,data,log}
+chown -R git:git /var/lib/gitea/
+chmod -R 750 /var/lib/gitea/
 mkdir /etc/gitea
 chown root:git /etc/gitea
 chmod 770 /etc/gitea
 ```

-**NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done it is recommended to set rights to read-only using:
+**NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done, it is recommended to set rights to read-only using:
 ```
 chmod 750 /etc/gitea
 chmod 644 /etc/gitea/app.ini
 ```
+If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group `root:root`, mode `0660`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.

-### Copy gitea binary to global location
+### Configure Gitea's working directory
+
+**NOTE:** If you plan on running Gitea as a Linux service, you can skip this step as the service file allows you to set `WorkingDirectory`. Otherwise, consider setting this environment variable (semi-)permanently so that Gitea consistently uses the correct working directory.
+```
+export GITEA_WORK_DIR=/var/lib/gitea/
+```
+
+### Copy Gitea binary to global location

 ```
 cp gitea /usr/local/bin/gitea
 ```

-### Create service file to start gitea automatically
+## Running Gitea
+
+After the above steps, two options to run Gitea are:
+
+### 1. Creating a service file to start Gitea automatically (recommended)

 See how to create [Linux service]({{< relref "run-as-service-in-ubuntu.en-us.md" >}})

+### 2. Running from command-line/terminal
+
+```
+GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
+```
+
+## Updating to a new version
+
+You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance. 
+The binary file name should not be changed during the update to avoid problems 
+in existing repositories. 
+
+It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
+
+If you have carried out the installation steps as described above, the binary should 
+have the generic name `gitea`. Do not change this, i.e. to include the version number. 
+
+See below for troubleshooting instructions to repair broken repositories after 
+an update of your Gitea version.
+
 ## Troubleshooting

 ### Old glibc versions
@@ -93,9 +136,40 @@ SQLite support in the binaries provided by dl.gitea.io. In this situation, it is
 possible to [install from source]({{< relref "from-source.en-us.md" >}}) without sqlite
 support.

-### Running gitea on another port
+### Running Gitea on another port

 For errors like `702 runWeb()] [E] Failed to start server: listen tcp 0.0.0.0:3000:
-bind: address already in use` gitea needs to be started on another free port. This
-is possible using `./gitea web -p $PORT`. It's possible another instance of gitea
+bind: address already in use` Gitea needs to be started on another free port. This
+is possible using `./gitea web -p $PORT`. It's possible another instance of Gitea
 is already running.
+
+### Running Gitea on Raspbian
+
+As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices. 
+
+It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
+
+<!---
+please remove after fixing the arm7 bug
+--->
+### Git error after updating to a new version of Gitea
+
+If the binary file name has been changed during the update to a new version of Gitea, 
+git hooks in existing repositories will not work any more. In that case, a git 
+error will be displayed when pushing to the repository.
+
+```
+remote: ./hooks/pre-receive.d/gitea: line 2: [...]: No such file or directory
+```
+
+The `[...]` part of the error message will contain the path to your previous Gitea 
+binary.
+
+To solve this, go to the admin options and run the task `Resynchronize pre-receive, 
+update and post-receive hooks of all repositories` to update all hooks to contain
+the new binary path. Please note that this overwrite all git hooks including ones
+with customizations made.
+
+If you aren't using the built-in to Gitea SSH server you will also need to re-write
+the authorized key file by running the `Update the '.ssh/authorized_keys' file with
+Gitea SSH keys.` task in the admin options.
--- a/docs/content/doc/installation/from-package.en-us.md
+++ b/docs/content/doc/installation/from-package.en-us.md
@@ -20,7 +20,7 @@ menu:
 Although there is a package of Gitea in Debian's [contrib](https://wiki.debian.org/SourcesList),
 it is not supported directly by us.

-Unfortunately the package is not maintained anymore and broken because of missing sources.
+Unfortunately, the package is not maintained anymore and broken because of missing sources.
 Please follow the [deployment from binary]({{< relref "from-binary.en-us.md" >}}) guide instead.

 Should the packages get updated and fixed, we will provide up-to-date installation instructions here.
@@ -64,3 +64,16 @@ bundled templates, options, plugins and themes are in `/usr/local/share/gitea`,
 is in `/usr/local/etc/rc.d/gitea`.

 To enable Gitea to run as a service, run `sysrc gitea_enable=YES` and start it with `service gitea start`.
+
+## Cloudron
+
+Gitea is available as a 1-click install on [Cloudron](https://cloudron.io). For those unaware,
+Cloudron makes it easy to run apps like Gitea on your server and keep them up-to-date and secure.
+
+[![Install](https://cloudron.io/img/button.svg)](https://cloudron.io/button.html?app=io.gitea.cloudronapp)
+
+The Gitea package is maintained [here](https://git.cloudron.io/cloudron/gitea-app).
+
+There is a [demo instance](https://my-demo.cloudron.me) (username: cloudron password: cloudron) where
+you can experiment with running Gitea.
+
--- a/docs/content/doc/installation/from-source.en-us.md
+++ b/docs/content/doc/installation/from-source.en-us.md
@@ -15,43 +15,60 @@ menu:

 # Installation from source

-This section will not include basic [installation instructions](https://golang.org/doc/install).
+You should [install go](https://golang.org/doc/install) and set up your go
+environment correctly. In particular, it is recommended to set the `$GOPATH`
+environment variable and to add the go bin directory or directories
+`${GOPATH//://bin:}/bin` to the `$PATH`. See the Go wiki entry for
+[GOPATH](https://github.com/golang/go/wiki/GOPATH).

-**Note**: Go version 1.8 or higher is required
+**Note**: When executing make tasks that require external tools, like
+`make misspell-check`, Gitea will automatically download and build these as
+necessary. To be able to use these, you must have the `"$GOPATH/bin"` directory
+on the executable path. If you don't add the go bin directory to the
+executable path, you will have to manage this yourself.
+
+**Note 2**: Go version 1.9 or higher is required. However, it is recommended to
+obtain the same version as our continuous integration, see the advice given in
+<a href='{{< relref "doc/advanced/hacking-on-gitea.en-us.md" >}}'>Hacking on
+Gitea</a>

 ## Download

-First retrieve the source code. The easiest way is to use the Go tool. Use the following
-commands to fetch the source and switch into the source directory.
+First, retrieve the source code. The easiest way is to use the Go tool. Use the
+following commands to fetch the source and switch into the source directory.
+Go is quite opinionated about where it expects its source code, and simply
+cloning the Gitea repository to an arbitrary path is likely to lead to
+problems - the fixing of which is out of scope for this document.

-```
+```bash
 go get -d -u code.gitea.io/gitea
-cd $GOPATH/src/code.gitea.io/gitea
+cd "$GOPATH/src/code.gitea.io/gitea"
 ```

-Decide which version of Gitea to build and install. Currently, there are multiple options
-to choose from. The `master` branch represents the current development version. To build
-with master, skip to the [build section](#build).
+Decide which version of Gitea to build and install. Currently, there are
+multiple options to choose from. The `master` branch represents the current
+development version. To build with master, skip to the [build section](#build).

 To work with tagged releases, the following commands can be used:
-```
+
+```bash
 git branch -a
 git checkout v1.0
 ```

-To validate a Pull Request, first enable the new branch (`xyz` is the PR id; for example
-`2663` for [#2663](https://github.com/go-gitea/gitea/pull/2663)):
+To validate a Pull Request, first enable the new branch (`xyz` is the PR id;
+for example `2663` for [#2663](https://github.com/go-gitea/gitea/pull/2663)):

-```
+```bash
 git fetch origin pull/xyz/head:pr-xyz
 ```

-To build Gitea from source at a specific tagged release (like v1.0.0), list the available
-tags and check out the specific tag.
+To build Gitea from source at a specific tagged release (like v1.0.0), list the
+available tags and check out the specific tag.

 List available tags with the following.

-```
+```bash
 git tag -l
 git checkout v1.0.0  # or git checkout pr-xyz
 ```
@@ -59,33 +76,67 @@ git checkout v1.0.0  # or git checkout pr-xyz
 ## Build

 Since all required libraries are already bundled in the Gitea source, it's
-possible to build Gitea with no additional downloads. Various
-[make tasks](https://github.com/go-gitea/gitea/blob/master/Makefile) are
-provided to keep the build process as simple as possible.
-<a href='{{< relref "doc/advanced/make.en-us.md" >}}'>See here how to get Make</a>.
+possible to build Gitea with no additional downloads apart from Make
+<a href='{{< relref "doc/advanced/make.en-us.md" >}}'>(See here how to get Make)</a>.
+Various [make tasks](https://github.com/go-gitea/gitea/blob/master/Makefile)
+are provided to keep the build process as simple as possible.
+
 Depending on requirements, the following build tags can be included.

 * `bindata`: Build a single monolithic binary, with all assets included.
-* `sqlite`: Enable support for a [SQLite3](https://sqlite.org/) database. Suggested only
-  for tiny installations.
-* `tidb`: Enable support for a [TiDB](https://github.com/pingcap/tidb) database.
-* `pam`: Enable support for PAM (Linux Pluggable Authentication Modules). Can be used to
-  authenticate local users or extend authentication to methods available to PAM.
+* `sqlite sqlite_unlock_notify`: Enable support for a
+  [SQLite3](https://sqlite.org/) database. Suggested only for tiny
+  installations.
+* `pam`: Enable support for PAM (Linux Pluggable Authentication Modules). Can
+  be used to authenticate local users or extend authentication to methods
+  available to PAM.

-Bundling assets into the binary using the `bindata` build tag can make development and
-testing easier, but is not ideal for a production deployment. To include assets, they
-must be built separately using the `generate` make task.
+Bundling assets into the binary using the `bindata` build tag can make
+development and testing easier, but is not ideal for a production deployment.
+To include assets, they must be built separately using the `generate` make
+task e.g.:

-```
+```bash
 TAGS="bindata" make generate build
 ```

+In the default release build of our continuous integration system, the build
+tags are: `TAGS="bindata sqlite sqlite_unlock_notify"`. The simplest
+recommended way to build from source is therefore:
+
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make generate build
+```
+
 ## Test

-After following the steps above a `gitea` binary will be available in the working directory.
+After following the steps above, a `gitea` binary will be available in the working directory.
 It can be tested from this directory or moved to a directory with test data. When Gitea is
 launched manually from command line, it can be killed by pressing `Ctrl + C`.

-```
+```bash
 ./gitea web
 ```
+
+## Changing the default CustomPath, CustomConf and AppWorkDir
+
+Gitea will search for a number of things from the `CustomPath`. By default this is
+the `custom/` directory in the current working directory when running Gitea. It will also
+look for its configuration file `CustomConf` in `$CustomPath/conf/app.ini`, and will use the
+current working directory as the relative base path `AppWorkDir` for a number configurable
+values.
+
+These values, although useful when developing, may conflict with downstream users preferences.
+
+One option is to use a script file to shadow the `gitea` binary and create an appropriate
+environment before running Gitea. However, when building you can change these defaults
+using the `LDFLAGS` environment variable for `make`. The appropriate settings are as follows
+
+* To set the `CustomPath` use `LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=custom-path\""`
+* For `CustomConf` you should use `-X \"code.gitea.io/gitea/modules/setting.CustomConf=conf.ini\"`
+* For `AppWorkDir` you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkDir=working-directory\"`
+
+Add as many of the strings with their preceding `-X` to the `LDFLAGS` variable and run `make build`
+with the appropriate `TAGS` as above.
+
+Running `gitea help` will allow you to review what the computed settings will be for your `gitea`.
--- a/docs/content/doc/installation/from-source.fr-fr.md
+++ b/docs/content/doc/installation/from-source.fr-fr.md
@@ -57,8 +57,7 @@ git checkout pr-xyz
 Comme nous regroupons déjà toutes les bibliothèques requises pour compiler Gitea, vous pouvez continuer avec le processus de compilation lui-même. Nous fournissons diverses [tâches Make](https://github.com/go-gitea/gitea/blob/master/Makefile) pour rendre le processus de construction aussi simple que possible. <a href='{{< relref "doc/advanced/make.fr-fr.md" >}}'>Voyez ici comment obtenir Make</a>. Selon vos besoins, vous pourrez éventuellement ajouter diverses options de compilation, vous pouvez choisir entre ces options :

 * `bindata`: Intègre toutes les ressources nécessaires à l'exécution d'une instance de Gitea, ce qui rend un déploiement facile car il n'est pas nécessaire de se préoccuper des fichiers supplémentaires.
-* `sqlite`: Active la prise en charge d'une base de données [SQLite3](https://sqlite.org/), ceci n'est recommandé que pour les petites installations de Gitea.
-* `tidb`: Active la prise en charge d'une base de données [TiDB](https://github.com/pingcap/tidb), c'est une base de données simplet et basée sur des fichiers. Elle est comparable à SQLite.
+* `sqlite sqlite_unlock_notify`: Active la prise en charge d'une base de données [SQLite3](https://sqlite.org/), ceci n'est recommandé que pour les petites installations de Gitea.
 * `pam`: Active la prise en charge de PAM (mLinux Pluggable Authentication Modules), très utile si vos utilisateurs doivent être authentifiés avec les comptes du système.

 Il est temps de compiler le binaire, nous suggérons d'intégrer les ressources avec l'option de compilation `bindata`. Pour inclure les ressources, vous devrez également exécuter la tâche Make `generate`. Dans le cas échéant, les ressources ne pourront pas être intégrées:
--- a/docs/content/doc/installation/from-source.zh-cn.md
+++ b/docs/content/doc/installation/from-source.zh-cn.md
@@ -47,8 +47,7 @@ git checkout v1.0.0
 我们已经将所有的依赖项拷贝到本工程，我们提供了一些 [编译选项](https://github.com/go-gitea/gitea/blob/master/Makefile) 来让编译更简单。你可以按照你的需求来设置编译开关，可用编译选项如下：

 * `bindata`: 这个编译选项将会把运行Gitea所需的所有外部资源都打包到可执行文件中，这样部署将非常简单因为除了可执行程序将不再需要任何其他文件。
-* `sqlite`: 这个编译选项将启用SQLite3数据库的支持，建议只在少数人使用时使用这个模式。
-* `tidb`: 这个编译选项启用tidb嵌入式数据库的支持，他跟SQLite类似但是是用纯Go编写的。
+* `sqlite sqlite_unlock_notify`: 这个编译选项将启用SQLite3数据库的支持，建议只在少数人使用时使用这个模式。
 * `pam`: 这个编译选项将会启用 PAM (Linux Pluggable Authentication Modules) 认证，如果你使用这一认证模式的话需要开启这个选项。

 我们支持两种方式进行编译，Make 工具 和 Go 工具。不过我们推荐使用 Make工具，因为他将会给出更多的编译选项。
--- a/docs/content/doc/installation/from-source.zh-tw.md
+++ b/docs/content/doc/installation/from-source.zh-tw.md
@@ -47,8 +47,7 @@ git checkout v1.0.0
 完成設定相依性套件環境等工作後，您就可以開始編譯工作了。我們提供了不同的[編譯選項](https://github.com/go-gitea/gitea/blob/master/Makefile) ，讓編譯過程更加簡單。您可以根據需求來調整編譯選項，底下是可用的編譯選項說明：

 * `bindata`: 使用此標籤來嵌入所有 Gitea 相關資源，您不用擔心其他額外檔案，對於部署來說非常方便。
-* `sqlite`: 使用此標籤來啟用 [SQLite3](https://sqlite.org/) 資料庫，建議只有少數人時才使用此模式。
-* `tidb`: 使用此標籤來啟用 [TiDB](https://github.com/pingcap/tidb) 資料庫，它是檔案形式的資料庫，跟 SQLite 類似。
+* `sqlite sqlite_unlock_notify`: 使用此標籤來啟用 [SQLite3](https://sqlite.org/) 資料庫，建議只有少數人時才使用此模式。
 * `pam`: 使用此標籤來啟用 PAM (Linux Pluggable Authentication Modules) 認證，對於系統使用者來說，此方式最方便了。

 現在您可以開始編譯執行檔了，我們建議使用 `bindata` 編譯選項，使用 `bindata` 選項前，您必須執行 `generate` 任務將所有資源都一起編譯進去，否則相關資源都不會被編譯進執行檔:
--- a/docs/content/doc/installation/run-as-service-in-ubuntu.en-us.md
+++ b/docs/content/doc/installation/run-as-service-in-ubuntu.en-us.md
@@ -29,7 +29,7 @@ Uncomment any service that needs to be enabled on this host, such as MySQL.
 Change the user, home directory, and other required startup values. Change the
 PORT or remove the -p flag if default port is used.

-Enable and start gitea at boot:
+Enable and start Gitea at boot:
 ```
 sudo systemctl enable gitea
 sudo systemctl start gitea
@@ -45,7 +45,7 @@ sudo apt install supervisor

 Create a log dir for the supervisor logs:
 ```
-# assuming gitea is installed in /home/git/gitea/
+# assuming Gitea is installed in /home/git/gitea/
 mkdir /home/git/gitea/log/supervisor
 ```

@@ -57,7 +57,7 @@ sudo vim /etc/supervisor/supervisord.conf
 Append the configuration from the sample
 [supervisord config](https://github.com/go-gitea/gitea/blob/master/contrib/supervisor/gitea).

-Change the user(git) and home(/home/git) settings to match the deployment
+Change the user (git) and home (/home/git) settings to match the deployment
 environment. Change the PORT or remove the -p flag if default port is used.

 Lastly enable and start supervisor at boot:
--- a/docs/content/doc/installation/run-as-service-in-ubuntu.zh-cn.md
+++ b/docs/content/doc/installation/run-as-service-in-ubuntu.zh-cn.md
@@ -0,0 +1,63 @@
+---
+date: "2017-07-21T12:00:00+02:00"
+title: "在 Linux 中以 service 方式运行"
+slug: "linux-service"
+weight: 10
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "installation"
+    name: "在Linux中以service方式运行"
+    weight: 20
+    identifier: "linux-service"
+---
+
+### 在 Ubuntu 16.04 LTS 中以 service 方式运行
+
+#### systemd 方式
+
+在 terminal 中执行以下命令：
+```
+sudo vim /etc/systemd/system/gitea.service
+```
+
+接着拷贝示例代码 [gitea.service](https://github.com/go-gitea/gitea/blob/master/contrib/systemd/gitea.service) 并取消对任何需要运行在主机上的服务部分的注释，譬如 MySQL。
+
+修改 user，home 目录以及其他必须的初始化参数，如果使用自定义端口，则需修改 PORT 参数，反之如果使用默认端口则需删除 -p 标记。
+
+激活 gitea 并将它作为系统自启动服务：
+```
+sudo systemctl enable gitea
+sudo systemctl start gitea
+```
+
+
+#### 使用 supervisor
+
+在 terminal 中执行以下命令安装 supervisor：
+```
+sudo apt install supervisor
+```
+
+为 supervisor 配置日志路径：
+```
+# assuming gitea is installed in /home/git/gitea/
+mkdir /home/git/gitea/log/supervisor
+```
+
+在文件编辑器中打开 supervisor 的配置文件：
+```
+sudo vim /etc/supervisor/supervisord.conf
+```
+
+增加如下示例配置
+[supervisord config](https://github.com/go-gitea/gitea/blob/master/contrib/supervisor/gitea)。
+
+将 user(git) 和 home(/home/git) 设置为与上文部署中匹配的值。如果使用自定义端口，则需修改 PORT 参数，反之如果使用默认端口则需删除 -p 标记。
+
+最后激活 supervisor 并将它作为系统自启动服务：
+```
+sudo systemctl enable supervisor
+sudo systemctl start supervisor
+```
--- a/docs/content/doc/installation/windows-service.en-us.md
+++ b/docs/content/doc/installation/windows-service.en-us.md
@@ -13,6 +13,27 @@ menu:
    identifier: "windows-service"
 ---

+# Prerequisites
+
+The following changes are made in C:\gitea\custom\conf\app.ini:
+
+```
+RUN_USER = COMPUTERNAME$
+```
+
+Sets Gitea to run as the local system user.
+
+COMPUTERNAME is whatever the response is from `echo %COMPUTERNAME%` on the command line. If the response is `USER-PC` then `RUN_USER = USER-PC$`
+
+## Use absolute paths
+
+If you use sqlite3, change the `PATH` to include the full path:
+
+```
+[database]
+PATH     = c:/gitea/data/gitea.db
+```
+
 # Register as a Windows Service

 To register Gitea as a Windows service, open a command prompt (cmd) as an Administrator,
@@ -25,7 +46,7 @@ sc create gitea start= auto binPath= ""C:\gitea\gitea.exe" web --config "C:\gite
 Do not forget to replace `C:\gitea` with the correct Gitea directory.

 Open "Windows Services", search for the service named "gitea", right-click it and click on
-"Run". If everything is OK Gitea will be reachable on `http://localhost:3000` (or the port
+"Run". If everything is OK, Gitea will be reachable on `http://localhost:3000` (or the port
 that was configured).

 ## Unregister as a service
--- a/docs/content/doc/installation/with-docker.en-us.md
+++ b/docs/content/doc/installation/with-docker.en-us.md
@@ -19,17 +19,19 @@ Gitea provides automatically updated Docker images within its Docker Hub organiz
 possible to always use the latest stable tag or to use another service that handles updating
 Docker images.

-This reference setup guides users through the setup based on `docker-compose`, the installation
-of `docker-compose` is out of scope of this documentation. To install `docker-compose` follow
+This reference setup guides users through the setup based on `docker-compose`, but the installation
+of `docker-compose` is out of scope of this documentation. To install `docker-compose` itself, follow
 the official [install instructions](https://docs.docker.com/compose/install/).

 ## Basics

 The most simple setup just creates a volume and a network and starts the `gitea/gitea:latest`
-image as a service. Since there is no database available one can be initialized using SQLite3.
+image as a service. Since there is no database available, one can be initialized using SQLite3.
 Create a directory like `gitea` and paste the following content into a file named `docker-compose.yml`.
 Note that the volume should be owned by the user/group with the UID/GID specified in the config file.
 If you don't give the volume correct permissions, the container may not start.
+Also be aware that the tag `:latest` will install the current development version.
+For a stable release you can use `:1` or specify a certain release like `:1.5.1`.

 ```yaml
 version: "2"
@@ -103,6 +105,11 @@ services:
    environment:
      - USER_UID=1000
      - USER_GID=1000
+      - DB_TYPE=mysql
+      - DB_HOST=db:3306
+      - DB_NAME=gitea
+      - DB_USER=gitea
+      - DB_PASSWD=gitea
    restart: always
    networks:
      - gitea
@@ -146,6 +153,11 @@ services:
    environment:
      - USER_UID=1000
      - USER_GID=1000
+      - DB_TYPE=postgres
+      - DB_HOST=db:5432
+      - DB_NAME=gitea
+      - DB_USER=gitea
+      - DB_PASSWD=gitea
    restart: always
    networks:
      - gitea
@@ -175,7 +187,7 @@ services:
 To use named volumes instead of host volumes, define and use the named volume
 within the `docker-compose.yml` configuration. This change will automatically
 create the required volume. You don't need to worry about permissions with
-named volumes, Docker will deal with that automatically.
+named volumes; Docker will deal with that automatically.

 ```diff
 version: "2"
@@ -218,10 +230,10 @@ Notice: if using a non-3000 port on http, change app.ini to match

 ## Install

-After starting the Docker setup via `docker-compose` Gitea should be available using a
+After starting the Docker setup via `docker-compose`, Gitea should be available using a
 favorite browser to finalize the installation. Visit http://server-ip:3000 and follow the
 installation wizard. If the database was started with the `docker-compose` setup as
-documented above please note that `db` must be used as the database hostname.
+documented above, please note that `db` must be used as the database hostname.

 ## Environments variables

@@ -236,11 +248,12 @@ You can configure some of Gitea's settings via environment variables:
 * `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 * `HTTP_PORT`: **3000**: HTTP listen port.
 * `ROOT_URL`: **""**: Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match (e.g. in Docker).
+* `LFS_START_SERVER`: **false**: Enables git-lfs support.
 * `DB_TYPE`: **sqlite3**: The database type in use \[mysql, postgres, mssql, sqlite3\].
 * `DB_HOST`: **localhost:3306**: Database host address and port.
 * `DB_NAME`: **gitea**: Database name.
 * `DB_USER`: **root**: Database username.
-* `DB_PASSWD`: **"<empty>"**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
+* `DB_PASSWD`: **"\<empty>"**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
 * `INSTALL_LOCK`: **false**: Disallow access to the install page.
 * `SECRET_KEY`: **""**: Global secret key. This should be changed. If this has a value and `INSTALL_LOCK` is empty, `INSTALL_LOCK` will automatically set to `true`.
 * `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create accounts for users.
@@ -251,7 +264,84 @@ You can configure some of Gitea's settings via environment variables:
 # Customization

 Customization files described [here](https://docs.gitea.io/en-us/customizing-gitea/) should
-be placed in `/data/gitea` directory. If using host volumes it's quite easy to access these
-files; for named volumes this is done through another container or by direct access at
+be placed in `/data/gitea` directory. If using host volumes, it's quite easy to access these
+files; for named volumes, this is done through another container or by direct access at
 `/var/lib/docker/volumes/gitea_gitea/_data`. The configuration file will be saved at
 `/data/gitea/conf/app.ini` after the installation.
+
+# Upgrading
+
+:exclamation::exclamation: **Make sure you have volumed data to somewhere outside Docker container** :exclamation::exclamation:
+
+To upgrade your installation to the latest release:
+```
+# Edit `docker-compose.yml` to update the version, if you have one specified
+# Pull new images
+docker-compose pull
+# Start a new container, automatically removes old one
+docker-compose up -d
+```
+
+# SSH Container Passthrough
+
+Since SSH is running inside the container, you'll have to pass SSH from the host to the
+container if you wish to use SSH support. If you wish to do this without running the container
+SSH on a non-standard port (or move your host port to a non-standard port), you can forward
+SSH connections destined for the container with a little extra setup.
+
+This guide assumes that you have created a user on the host called `git` which shares the same 
+UID/GID as the container values `USER_UID`/`USER_GID`. You should also create the directory
+`/var/lib/gitea` on the host, owned by the `git` user and mounted in the container, e.g.
+
+```
+  services:
+    server:
+      image: gitea/gitea:latest
+      environment:
+        - USER_UID=1000
+        - USER_GID=1000
+      restart: always
+      networks:
+        - gitea
+      volumes:
+        - /var/lib/gitea:/data
+      ports:
+        - "3000:3000"
+        - "127.0.0.1:2222:22"
+```
+
+You can see that we're also exposing the container SSH port to port 2222 on the host, and binding this
+to 127.0.0.1 to prevent it being accessible external to the host machine itself.
+
+On the **host**, you should create the file `/app/gitea/gitea` with the following contents and
+make it executable (`chmod +x /app/gitea/gitea`):
+
+```
+#!/bin/sh
+ssh -p 2222 -o StrictHostKeyChecking=no git@127.0.0.1 "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
+```
+
+Your `git` user needs to have an SSH key generated:
+
+```
+sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
+```
+
+Still on the host, symlink the container `.ssh/authorized_keys` file to your git user `.ssh/authorized_keys`.
+This can be done on the host as the `/var/lib/gitea` directory is mounted inside the container under `/data`:
+
+```
+ln -s /var/lib/gitea/git/.ssh/authorized_keys /home/git/.ssh/authorized_keys
+```
+
+Then echo the `git` user SSH key into the authorized_keys file so the host can talk to the container over SSH:
+
+```
+echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty $(cat /home/git/.ssh/id_rsa.pub)" >> /var/lib/gitea/git/.ssh/authorized_keys
+```
+
+Now you should be able to use Git over SSH to your container without disrupting SSH access to the host.
+
+Please note: SSH container passthrough will work only if using opensshd in container, and will not work if
+`AuthorizedKeysCommand` is used in combination with setting `SSH_CREATE_AUTHORIZED_KEYS_FILE=false` to disable
+authorized files key generation.
--- a/docs/content/doc/upgrade/from-gogs.en-us.md
+++ b/docs/content/doc/upgrade/from-gogs.en-us.md
@@ -31,52 +31,56 @@ There are some basic steps to follow. On a Linux system run as the Gogs user:
 * Copy `gogs/data/` to `gitea/data/`. It contains issue attachments and avatars.
 * Verify by starting Gitea with `gitea web`.
 * Enter Gitea admin panel on the UI, run `Rewrite '.ssh/authorized_keys' file`.
+* Launch every major version of the binary ( `1.1.4` → `1.2.3` → `1.3.4` → `1.4.2` →  etc ) to migrate database.
 * If custom or config path was changed, run `Rewrite all update hook of repositories`.

-### Change gogs specific information:
+## Change gogs specific information

 * Rename `gogs-repositories/` to `gitea-repositories/`
 * Rename `gogs-data/` to `gitea-data/`
 * In `gitea/custom/conf/app.ini` change:

-### Upgrading to most recent `gitea` version:
-After successful migration from `gogs` to `gitea 1.0.x` it is possible to upgrade to the recent `gitea` version.
-Simply download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea)
-and replace the binary.
+  FROM:

-FROM:
-```
-[database]
-PATH = /home/:USER/gogs/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gogs-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gogs/log
-```
+  ```ini
+  [database]
+  PATH = /home/:USER/gogs/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gogs-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gogs-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gogs/log
+  ```

-TO:
-```
-[database]
-PATH = /home/:USER/gitea/data/:DATABASE.db
-[attachment]
-PATH = /home/:USER/gitea-data/attachments
-[picture]
-AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
-[log]
-ROOT_PATH = /home/:USER/gitea/log
-```
+  TO:
+
+  ```ini
+  [database]
+  PATH = /home/:USER/gitea/data/:DATABASE.db
+  [attachment]
+  PATH = /home/:USER/gitea-data/attachments
+  [picture]
+  AVATAR_UPLOAD_PATH = /home/:USER/gitea-data/avatars
+  [log]
+  ROOT_PATH = /home/:USER/gitea/log
+  ```

 * Verify by starting Gitea with `gitea web`

-### Troubleshooting
+## Upgrading to most recent `gitea` version
+
+After successful migration from `gogs` to `gitea 1.0.x`, it is possible to upgrade to the recent `gitea` version.
+Simply download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea)
+and replace the binary.
+
+## Troubleshooting

 * If errors are encountered relating to custom templates in the `gitea/custom/templates`
  folder, try moving the templates causing the errors away one by one. They may not be
  compatible with Gitea or an update.

-### Add Gitea to startup on Unix
+## Add Gitea to startup on Unix

 Update the appropriate file from [gitea/contrib](https://github.com/go-gitea/gitea/tree/master/contrib)
 with the right environment variables.
--- a/Show More
+++ b/Show More