Changelog 1.11.0 (#10204)

* Changelog 1.11.0

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Backport snackport

Co-Authored-By: techknowlogick <matti@mdranta.net>

* Update CHANGELOG.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>

.changelog.yml

@@ -1,44 +1,57 @@
+# The full repository name
 repo: go-gitea/gitea
+
+# Service type (gitea or github)
+service: github
+
+# Base URL for Gitea instance if using gitea service type (optional)
+# Default: https://gitea.com
+base-url:
+
+# Changelog groups and which labeled PRs to add to each group
 groups:
-  - 
+  -
     name: BREAKING
     labels:
       - kind/breaking
-  - 
+  -
     name: FEATURE
     labels:
       - kind/feature
+  -
+    name: SECURITY
+    labels:
+      - kind/security
   -
     name: BUGFIXES
     labels:
       - kind/bug
-  - 
+  -
     name: ENHANCEMENT
     labels:
       - kind/enhancement
       - kind/refactor
       - kind/ui
   -
-    name: SECURITY
-    labels:
-      - kind/security
-  - 
     name: TESTING
     labels:
       - kind/testing
-  - 
+  -
     name: TRANSLATION
     labels:
       - kind/translation
-  - 
+  -
     name: BUILD
     labels:
       - kind/build
       - kind/lint
-  - 
+  -
     name: DOCS
     labels:
       - kind/docs
-  - 
+  -
     name: MISC
-    default: true
+    default: true
+
+# regex indicating which labels to skip for the changelog
+skip-labels: skip-changelog|backport\/.+

.drone.yml

@@ -1,6 +1,61 @@
 ---
 kind: pipeline
-name: testing
+name: compliance
+
+platform:
+  os: linux
+  arch: arm64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+steps:
+  - name: pre-build
+    pull: always
+    image: node:10 # this step is kept at the lowest version of node that we support
+    commands:
+      - make css
+      - make js
+
+  - name: build-without-gcc
+    pull: always
+    image: golang:1.11 # this step is kept as the lowest version of golang that we support
+    environment:
+      GO111MODULE: on
+      GOPROXY: off
+    commands:
+      - go build -mod=vendor -o gitea_no_gcc # test if build succeeds without the sqlite tag
+
+  - name: build-linux-386
+    pull: always
+    image: golang:1.13
+    environment:
+      GO111MODULE: on
+      GOPROXY: off
+      GOOS: linux
+      GOARCH: 386
+    commands:
+      - go build -mod=vendor -o gitea_linux_386 # test if compatible with 32 bit
+
+  - name: check
+    pull: always
+    image: golang:1.13
+    commands:
+      - make clean
+      - make golangci-lint
+      - make revive
+      - make swagger-check
+      - make swagger-validate
+      - make test-vendor
+    environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+---
+kind: pipeline
+name: testing-amd64
 
 platform:
   os: linux
@@ -25,15 +80,9 @@ services:
       MYSQL_ALLOW_EMPTY_PASSWORD: yes
       MYSQL_DATABASE: testgitea
 
-  - name: pgsql
-    pull: default
-    image: postgres:9.5
-    environment:
-      POSTGRES_DB: test
-
   - name: mssql
     pull: default
-    image: microsoft/mssql-server-linux:latest
+    image: mcr.microsoft.com/mssql/server:latest
     environment:
       ACCEPT_EULA: Y
       MSSQL_PID: Standard
@@ -54,163 +103,59 @@ steps:
         exclude:
           - pull_request
 
-  - name: pre-build
-    pull: always
-    image: webhippie/nodejs:latest
-    commands:
-      - make css
-      - make js
-
-  - name: build-without-gcc
-    pull: always
-    image: golang:1.10 # this step is kept as the lowest version of golang that we support
-    commands:
-      - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
-
   - name: build
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
-      - make clean
-      - make generate
-      - make golangci-lint
-      - make revive
-      - make swagger-check
-      - make swagger-validate
-      - make test-vendor
+      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
       - make build
     environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
       TAGS: bindata sqlite sqlite_unlock_notify
 
-  - name: unit-test
-    pull: always
-    image: golang:1.12
-    commands:
-      - make unit-test-coverage
-    environment:
-      TAGS: bindata sqlite sqlite_unlock_notify
-    depends_on:
-      - build
-    when:
-      branch:
-        - master
-      event:
-        - push
-        - pull_request
-
-  - name: release-test
-    pull: always
-    image: golang:1.12
-    commands:
-      - make test
-    environment:
-      TAGS: bindata sqlite sqlite_unlock_notify
-    depends_on:
-      - build
-    when:
-      branch:
-        - "release/*"
-      event:
-        - push
-        - pull_request
-
   - name: tag-pre-condition
     pull: always
     image: alpine/git
     commands:
       - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}
-    depends_on:
-      - build
-    when:
-      event:
-        - tag
 
-  - name: tag-test
+  - name: unit-test
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
-      - make test
+      - make unit-test-coverage
     environment:
-      TAGS: bindata
-    depends_on:
-      - tag-pre-condition
-    when:
-      event:
-        - tag
-
-  - name: test-sqlite
-    pull: always
-    image: golang:1.12
-    commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
-      - timeout -s ABRT 20m make test-sqlite-migration
-      - timeout -s ABRT 20m make test-sqlite
-    environment:
-      TAGS: bindata
-    depends_on:
-      - build
+      GOPROXY: off
+      TAGS: bindata sqlite sqlite_unlock_notify
+      GITHUB_READ_TOKEN:
+        from_secret: github_read_token
 
   - name: test-mysql
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
       - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
       - apt-get install -y git-lfs
       - make test-mysql-migration
       - make integration-test-coverage
     environment:
+      GOPROXY: off
       TAGS: bindata
       TEST_LDAP: 1
     depends_on:
       - build
-    when:
-      branch:
-        - master
-      event:
-        - push
-        - pull_request
-
-  - name: tag-test-mysql
-    pull: always
-    image: golang:1.12
-    commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
-      - timeout -s ABRT 20m make test-mysql-migration
-      - timeout -s ABRT 20m make test-mysql
-    environment:
-      TAGS: bindata
-      TEST_LDAP: 1
-    depends_on:
-      - build
-    when:
-      event:
-        - tag
 
   - name: test-mysql8
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
       - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
       - apt-get install -y git-lfs
       - timeout -s ABRT 20m make test-mysql8-migration
       - timeout -s ABRT 20m make test-mysql8
     environment:
-      TAGS: bindata
-      TEST_LDAP: 1
-    depends_on:
-      - build
-
-  - name: test-pgsql
-    pull: always
-    image: golang:1.12
-    commands:
-      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
-      - apt-get install -y git-lfs
-      - timeout -s ABRT 20m make test-pgsql-migration
-      - timeout -s ABRT 20m make test-pgsql
-    environment:
+      GOPROXY: off
       TAGS: bindata
       TEST_LDAP: 1
     depends_on:
@@ -218,13 +163,14 @@ steps:
 
   - name: test-mssql
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
       - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
       - apt-get install -y git-lfs
       - make test-mssql-migration
       - make test-mssql
     environment:
+      GOPROXY: off
       TAGS: bindata
       TEST_LDAP: 1
     depends_on:
@@ -232,10 +178,11 @@ steps:
 
   - name: generate-coverage
     pull: always
-    image: golang:1.12
+    image: golang:1.13
     commands:
       - make coverage
     environment:
+      GOPROXY: off
       TAGS: bindata
     depends_on:
       - unit-test
@@ -265,13 +212,89 @@ steps:
         - push
         - pull_request
 
+
+
+---
+kind: pipeline
+name: testing-arm64
+
+platform:
+  os: linux
+  arch: arm64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+services:
+  - name: pgsql
+    pull: default
+    image: postgres:9.5
+    environment:
+      POSTGRES_DB: test
+
+  - name: ldap
+    pull: default
+    image: gitea/test-openldap:latest
+
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+    when:
+      event:
+        exclude:
+          - pull_request
+
+  - name: build
+    pull: always
+    image: golang:1.13
+    commands:
+      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
+      - make build
+    environment:
+      GOPROXY: https://goproxy.cn # proxy.golang.org is blocked in China, this proxy is not
+      GOSUMDB: sum.golang.org
+      TAGS: bindata sqlite sqlite_unlock_notify
+
+  - name: test-sqlite
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-sqlite-migration
+      - timeout -s ABRT 20m make test-sqlite
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+    depends_on:
+      - build
+
+  - name: test-pgsql
+    pull: always
+    image: golang:1.13
+    commands:
+      - "curl -s https://packagecloud.io/install/repositories/github/git-lfs/script.deb.sh | bash"
+      - apt-get install -y git-lfs
+      - timeout -s ABRT 20m make test-pgsql-migration
+      - timeout -s ABRT 20m make test-pgsql
+    environment:
+      GOPROXY: off
+      TAGS: bindata
+      TEST_LDAP: 1
+    depends_on:
+      - build
+
 ---
 kind: pipeline
 name: translations
 
 platform:
   os: linux
-  arch: amd64
+  arch: arm64
 
 workspace:
   base: /go
@@ -298,7 +321,7 @@ steps:
 
   - name: update
     pull: default
-    image: alpine:3.10
+    image: alpine:3.11
     commands:
       - mv ./options/locale/locale_en-US.ini ./options/
       - "sed -i -e 's/=\"/=/g' -e 's/\"$$//g' ./options/locale/*.ini"
@@ -350,7 +373,8 @@ trigger:
     - push
 
 depends_on:
-  - testing
+  - testing-amd64
+  - testing-arm64
   - translations
 
 steps:
@@ -364,10 +388,12 @@ steps:
     pull: always
     image: techknowlogick/xgo:latest
     commands:
+      - apt update && apt -y install curl
+      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
       - export PATH=$PATH:$GOPATH/bin
-      - make generate
       - make release
     environment:
+      GOPROXY: off
       TAGS: bindata sqlite sqlite_unlock_notify
 
   - name: gpg-sign
@@ -384,8 +410,6 @@ steps:
         from_secret: gpgsign_key
       GPGSIGN_PASSPHRASE:
         from_secret: gpgsign_passphrase
-    depends_on:
-      - static
 
   - name: release-branch-release
     pull: always
@@ -403,8 +427,6 @@ steps:
         from_secret: aws_access_key_id
       AWS_SECRET_ACCESS_KEY:
         from_secret: aws_secret_access_key
-    depends_on:
-      - gpg-sign
     when:
       branch:
         - "release/*"
@@ -427,8 +449,6 @@ steps:
         from_secret: aws_access_key_id
       AWS_SECRET_ACCESS_KEY:
         from_secret: aws_secret_access_key
-    depends_on:
-      - gpg-sign
     when:
       branch:
         - master
@@ -452,7 +472,8 @@ trigger:
     - tag
 
 depends_on:
-  - testing
+  - testing-arm64
+  - testing-amd64
 
 steps:
   - name: fetch-tags
@@ -465,10 +486,12 @@ steps:
     pull: always
     image: techknowlogick/xgo:latest
     commands:
+      - apt update && apt -y install curl
+      - curl -sL https://deb.nodesource.com/setup_12.x | bash - && apt -y install nodejs
       - export PATH=$PATH:$GOPATH/bin
-      - make generate
       - make release
     environment:
+      GOPROXY: off
       TAGS: bindata sqlite sqlite_unlock_notify
 
   - name: gpg-sign
@@ -485,8 +508,6 @@ steps:
         from_secret: gpgsign_key
       GPGSIGN_PASSPHRASE:
         from_secret: gpgsign_passphrase
-    depends_on:
-      - static
 
   - name: release
     pull: always
@@ -504,8 +525,6 @@ steps:
         from_secret: aws_access_key_id
       AWS_SECRET_ACCESS_KEY:
         from_secret: aws_secret_access_key
-    depends_on:
-      - gpg-sign
 
   - name: github
     pull: always
@@ -516,8 +535,6 @@ steps:
     environment:
       GITHUB_TOKEN:
         from_secret: github_token
-    depends_on:
-      - gpg-sign
 
 ---
 kind: pipeline
@@ -525,17 +542,14 @@ name: docs
 
 platform:
   os: linux
-  arch: amd64
-
-workspace:
-  base: /go
-  path: src/code.gitea.io/gitea
+  arch: arm64
 
 steps:
   - name: build-docs
     pull: always
-    image: webhippie/hugo:latest
+    image: plugins/hugo:latest
     commands:
+      - apk add --no-cache make bash curl
       - cd docs
       - make trans-copy
       - make clean
@@ -543,7 +557,7 @@ steps:
 
   - name: publish-docs
     pull: always
-    image: lucap/drone-netlify:latest
+    image: techknowlogick/drone-netlify:latest
     settings:
       path: docs/public/
       site_id: d2260bae-7861-4c02-8646-8f6440b12672
@@ -558,7 +572,7 @@ steps:
 
 ---
 kind: pipeline
-name: docker
+name: docker-linux-amd64-release
 
 platform:
   os: linux
@@ -569,13 +583,13 @@ workspace:
   path: src/code.gitea.io/gitea
 
 depends_on:
-  - testing
+  - testing-amd64
+  - testing-arm64
 
 trigger:
   ref:
   - refs/heads/master
   - "refs/tags/**"
-  - "refs/pull/**"
 
 steps:
   - name: fetch-tags
@@ -583,27 +597,16 @@ steps:
     image: docker:git
     commands:
       - git fetch --tags --force
-    when:
-      event:
-        exclude:
-          - pull_request
-
-  - name: dryrun
-    pull: always
-    image: plugins/docker:linux-amd64
-    settings:
-      dry_run: true
-      repo: gitea/gitea
-    when:
-      event:
-        - pull_request
 
   - name: publish
     pull: always
     image: plugins/docker:linux-amd64
     settings:
       auto_tag: true
+      auto_tag_suffix: linux-amd64
       repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
       password:
         from_secret: docker_password
       username:
@@ -615,35 +618,152 @@ steps:
 
 ---
 kind: pipeline
-name: notify
+name: docker-linux-arm64-dry-run
 
 platform:
   os: linux
-  arch: amd64
+  arch: arm64
 
 workspace:
   base: /go
   path: src/code.gitea.io/gitea
 
-when:
+depends_on:
+  - compliance
+
+trigger:
+  ref:
+  - "refs/pull/**"
+
+steps:
+  - name: dryrun
+    pull: always
+    image: plugins/docker:linux-arm64
+    settings:
+      dry_run: true
+      repo: gitea/gitea
+      tags: linux-arm64
+      build_args:
+        - GOPROXY=off
+    when:
+      event:
+        - pull_request
+
+---
+kind: pipeline
+name: docker-linux-arm64-release
+
+platform:
+  os: linux
+  arch: arm64
+
+workspace:
+  base: /go
+  path: src/code.gitea.io/gitea
+
+depends_on:
+  - testing-amd64
+  - testing-arm64
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+steps:
+  - name: fetch-tags
+    pull: default
+    image: docker:git
+    commands:
+      - git fetch --tags --force
+
+  - name: publish
+    pull: always
+    image: plugins/docker:linux-arm64
+    settings:
+      auto_tag: true
+      auto_tag_suffix: linux-arm64
+      repo: gitea/gitea
+      build_args:
+        - GOPROXY=off
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+    when:
+      event:
+        exclude:
+        - pull_request
+
+---
+kind: pipeline
+name: docker-manifest
+
+platform:
+  os: linux
+  arch: amd64
+
+steps:
+  - name: manifest
+    pull: always
+    image: plugins/manifest
+    settings:
+      auto_tag: true
+      ignore_missing: true
+      spec: docker/manifest.tmpl
+      password:
+        from_secret: docker_password
+      username:
+        from_secret: docker_username
+
+trigger:
+  ref:
+  - refs/heads/master
+  - "refs/tags/**"
+
+depends_on:
+  - docker-linux-amd64-release
+  - docker-linux-arm64-release
+
+---
+kind: pipeline
+name: notifications
+
+platform:
+  os: linux
+  arch: arm64
+
+clone:
+  disable: true
+
+trigger:
+  branch:
+    - master
+    - "release/*"
+  event:
+    - push
+    - tag
   status:
     - success
     - failure
 
 depends_on:
-  - testing
+  - testing-amd64
+  - testing-arm64
   - translations
   - release-version
   - release-master
-  - docker
+  - docker-linux-amd64-release
+  - docker-linux-arm64-release
+  - docker-manifest
   - docs
 
 steps:
   - name: discord
     pull: always
-    image: appleboy/drone-discord:1.0.0
-    environment:
-      DISCORD_WEBHOOK_ID:
+    image: appleboy/drone-discord:1.2.4
+    settings:
+      message: "{{#success build.status}} ✅  Build #{{build.number}} of `{{repo.name}}` succeeded.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{else}} ❌  Build #{{build.number}} of `{{repo.name}}` failed.\n\n📝 Commit by {{commit.author}} on `{{commit.branch}}`:\n``` {{commit.message}} ```\n\n🌐 {{ build.link }} {{/success}}\n"
+      webhook_id:
         from_secret: discord_webhook_id
-      DISCORD_WEBHOOK_TOKEN:
+      webhook_token:
         from_secret: discord_webhook_token

.editorconfig

@@ -5,6 +5,7 @@ root = true
 charset = utf-8
 insert_final_newline = true
 trim_trailing_whitespace = true
+end_of_line = lf
 
 [*.go]
 indent_style = tab
@@ -24,7 +25,7 @@ indent_size = 2
 
 [*.js]
 indent_style = space
-indent_size = 4
+indent_size = 2
 
 [Makefile]
 indent_style = tab

.eslintignore

@@ -0,0 +1 @@
+/web_src/js/semanticDropdown.js

.eslintrc

@@ -1,25 +1,53 @@
 root: true
 
 extends:
+  - eslint-config-airbnb-base
   - eslint:recommended
 
 parserOptions:
-  ecmaVersion: 2015
+  ecmaVersion: 2020
 
 env:
   browser: true
-  jquery: true
   es6: true
+  jquery: true
+  node: true
 
 globals:
+  __webpack_public_path__: true
   Clipboard: false
   CodeMirror: false
-  emojify: false
-  SimpleMDE: false
-  Vue: false
   Dropzone: false
-  u2fApi: false
+  emojify: false
   hljs: false
+  SimpleMDE: false
+  u2fApi: false
+  Vue: false
 
 rules:
-  no-unused-vars: [error, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
+  arrow-body-style: [0]
+  camelcase: [0]
+  comma-dangle: [2, only-multiline]
+  consistent-return: [0]
+  default-case: [0]
+  func-names: [0]
+  import/extensions: [0]
+  max-len: [0]
+  newline-per-chained-call: [0]
+  no-alert: [0]
+  no-continue: [0]
+  no-mixed-operators: [0]
+  no-multi-assign: [0]
+  no-new: [0]
+  no-param-reassign: [0]
+  no-plusplus: [0]
+  no-restricted-syntax: [0]
+  no-shadow: [0]
+  no-unused-vars: [2, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
+  no-use-before-define: [0]
+  no-var: [2]
+  one-var-declaration-per-line: [0]
+  one-var: [0]
+  prefer-const: [2, {destructuring: all}]
+  prefer-destructuring: [0]
+  radix: [2, as-needed]

.gitattributes

@@ -1,6 +1,7 @@
+* text=auto eol=lf
 conf/* linguist-vendored
 docker/* linguist-vendored
 options/* linguist-vendored
 public/* linguist-vendored
 scripts/* linguist-vendored
-templates/* linguist-vendored
+templates/* linguist-vendored

.gitignore

@@ -12,6 +12,7 @@ _test
 
 # MS VSCode
 .vscode
+__debug_bin
 
 # Architecture specific extensions/prefixes
 *.[568vq]
@@ -65,9 +66,9 @@ coverage.all
 /integrations/pgsql.ini
 /integrations/mssql.ini
 /node_modules
-/modules/indexer/issues/indexers
-routers/repo/authorized_keys
 /yarn.lock
+/public/js
+/public/css
 
 # Snapcraft
 snap/.snapcraft/
@@ -77,3 +78,4 @@ prime/
 *.snap
 *.snap-build
 *_source.tar.bz2
+.DS_Store

.golangci.yml

@@ -19,6 +19,9 @@ linters:
   disable-all: true
   fast: false
 
+run:
+  timeout: 3m
+
 linters-settings:
   gocritic:
     disabled-checks:
@@ -70,6 +73,9 @@ issues:
     - path: routers/routes/routes.go
       linters:
         - dupl
+    - path: routers/api/v1/repo/issue_subscription.go
+      linters:
+        - dupl
     - path: routers/repo/view.go
       linters:
         - dupl
@@ -86,12 +92,6 @@ issues:
     - path: models/issue_comment_list.go
       linters:
         - dupl
-    # "Destroy" is misspelled in github.com/go-macaron/session/session.go:213 so it's not our responsability to fix it
-    - path: modules/session/virtual.go
-      linters:
+    - linters:
         - misspell
-      text: '`Destory` is a misspelling of `Destroy`'
-    - path: modules/session/memory.go
-      linters:
-        - misspell
-      text: '`Destory` is a misspelling of `Destroy`'
+      text: '`Unknwon` is a misspelling of `Unknown`'

.ignore

@@ -0,0 +1,5 @@
+/vendor
+/public/vendor
+/modules/options/bindata.go
+/modules/public/bindata.go
+/modules/templates/bindata.go

CONTRIBUTING.md

@@ -11,7 +11,9 @@
   - [Translation](#translation)
   - [Code review](#code-review)
   - [Styleguide](#styleguide)
-  - [Sign-off your work](#sign-off-your-work)
+  - [Design guideline](#design-guideline)
+  - [API v1](#api-v1)
+  - [Developer Certificate of Origin (DCO)](#developer-certificate-of-origin-dco)
   - [Release Cycle](#release-cycle)
   - [Maintainers](#maintainers)
   - [Owners](#owners)
@@ -71,13 +73,15 @@ Here's how to run the test suite:
 
 - Install the correct version of the drone-cli package.  As of this
   writing, the correct drone-cli version is
-  [1.1.0](https://docs.drone.io/cli/install/).
+  [1.2.0](https://docs.drone.io/cli/install/).
 - Ensure you have enough free disk space.  You will need at least
   15-20 Gb of free disk space to hold all of the containers drone
   creates (a default AWS or GCE disk size won't work -- see
   [#6243](https://github.com/go-gitea/gitea/issues/6243)).
 - Change into the base directory of your copy of the gitea repository,
-  and run `drone exec --local --build-event pull_request`.
+  and run `drone exec --event pull_request`.
+- At the moment `drone exec` doesn't support the Docker Toolbox on Windows 10
+  (see [drone-cli#135](https://github.com/drone/drone-cli/issues/135))
 
 The drone version, command line, and disk requirements do change over
 time (see [#4053](https://github.com/go-gitea/gitea/issues/4053) and
@@ -111,13 +115,15 @@ included in the next released version.
 ## Building Gitea
 
 Generally, the go build tools are installed as-needed in the `Makefile`.
-An exception are the tools to build the CSS and images.
+An exception are the tools to build the CSS, JS and images.
 
-- To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
-  with `npm` and then run `npm install` and `make css`.
+- To build CSS and JS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 10.0 or above
+  with `npm` and then run `npm install`, `make css` and `make js`.
 - To build Images: ImageMagick, inkscape and zopflipng binaries must be
   available in your `PATH` to run `make generate-images`.
 
+For more details on how to generate files, build and test Gitea, see the [hacking instructions](https://docs.gitea.io/en-us/hacking-on-gitea/)
+
 ## Code review
 
 Changes to Gitea must be reviewed before they are accepted—no matter who
@@ -157,22 +163,74 @@ import (
 )
 ```
 
-## Sign-off your work
+## Design guideline
 
-The sign-off is a simple line at the end of the explanation for the
-patch. Your signature certifies that you wrote the patch or otherwise
-have the right to pass it on as an open-source patch. The rules are
-pretty simple: If you can certify [DCO](DCO), then you just add a line
-to every git commit message:
+To maintain understandable code and avoid circular dependencies it is important to have a good structure of the code. The gitea code is divided into the following parts:
+
+- **integration:** Integrations tests
+- **models:** Contains the data structures used by xorm to construct database tables. It also contains supporting functions to query and update the database. Dependecies to other code in Gitea should be avoided although some modules might be needed (for example for logging).
+- **models/fixtures:** Sample model data used in integration tests.
+- **models/migrations:** Handling of database migrations between versions. PRs that changes a database structure shall also have a migration step.
+- **modules:** Different modules to handle specific functionality in Gitea.
+- **public:** Frontend files (javascript, images, css, etc.)
+- **routers:** Handling of server requests. As it uses other Gitea packages to serve the request, other packages (models, modules or services) shall not depend on routers
+- **services:** Support functions for common routing operations. Uses models and modules to handle the request.
+- **templates:** Golang templates for generating the html output.
+- **vendor:** External code that Gitea depends on.
+
+## API v1
+
+The API is documented by [swagger](http://try.gitea.io/api/swagger) and is based on [GitHub API v3](https://developer.github.com/v3/).
+Thus, Gitea´s API should use the same endpoints and fields as GitHub´s API as far as possible, unless there are good reasons to deviate.  
+If Gitea provides functionality that GitHub does not, a new endpoint can be created.  
+If information is provided by Gitea that is not provided by the GitHub API, a new field can be used that doesn't collide with any GitHub fields.
+
+Updating an existing API should not remove existing fields unless there is a really good reason to do so.
+The same applies to status responses. If you notice a problem, feel free to leave a comment in the code for future refactoring to APIv2 (which is currently not planned).
+
+All expected results (errors, success, fail messages) should be documented
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L319-L327)).
+
+All JSON input types must be defined as a struct in `models/structs/`
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L76-L91))
+and referenced in
+[routers/api/v1/swagger/options.go](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/options.go).  
+They can then be used like the following:
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L318)).
+
+All JSON responses must be defined as a struct in `models/structs/`
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/modules/structs/issue.go#L36-L68))
+and referenced in its category in `routers/api/v1/swagger/`
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/swagger/issue.go#L11-L16))  
+They can be used like the following:
+([example](https://github.com/go-gitea/gitea/blob/c620eb5b2d0d874da68ebd734d3864c5224f71f7/routers/api/v1/repo/issue.go#L277-L279))
+
+In general, HTTP methods are chosen as follows:
+ * **GET** endpoints return requested object and status **OK (200)**
+ * **DELETE** endpoints return status **No Content (204)**
+ * **POST** endpoints return status **Created (201)**, used to **create** new objects (e.g. a User)
+ * **PUT** endpoints return status **No Content (204)**, used to **add/assign** existing Obejcts (e.g. User) to something (e.g. Org-Team)
+ * **PATCH** endpoints return changed object and status **OK (200)**, used to **edit/change** an existing object
+
+
+An endpoint which changes/edits an object expects all fields to be optional (except ones to identify the object, which are required).
+
+
+## Developer Certificate of Origin (DCO)
+
+We consider the act of contributing to the code by submitting a Pull
+Request as the "Sign off" or agreement to the certifications and terms
+of the [DCO](DCO) and [MIT license](LICENSE). No further action is required.
+Additionally you could add a line at the end of your commit message.
 
 ```
 Signed-off-by: Joe Smith <joe.smith@email.com>
 ```
 
-Please use your real name; we really dislike pseudonyms or anonymous
-contributions. We are in the open-source world without secrets. If you
-set your `user.name` and `user.email` git configs, you can sign-off your
-commit automatically with `git commit -s`.
+If you set your `user.name` and `user.email` git configs, you can add the
+line to the end of your commit automatically with `git commit -s`.
+
+We assume in good faith that the information you provide is legally binding.
 
 ## Release Cycle
 
@@ -258,7 +316,12 @@ they served:
 * 2019-01-01 ~ 2019-12-31
   * [Lunny Xiao](https://github.com/lunny) <xiaolunwen@gmail.com>
   * [Lauris Bukšis-Haberkorns](https://github.com/lafriks) <lauris@nix.lv>
-  * [Matti Ranta](https://github.com/techknowlogick) <matti@mdranta.net>
+  * [Matti Ranta](https://github.com/techknowlogick) <techknowlogick@gitea.io>
+
+* 2020-01-01 ~ 2020-12-31
+  * [Lunny Xiao](https://gitea.com/lunny) <xiaolunwen@gmail.com>
+  * [Lauris Bukšis-Haberkorns](https://gitea.com/lafriks) <lauris@nix.lv>
+  * [Matti Ranta](https://gitea.com/techknowlogick) <techknowlogick@gitea.io>
 
 ## Versions
 
@@ -284,7 +347,7 @@ be reviewed by two maintainers and must pass the automatic tests.
 * Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
 * And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
 * If needed send PR for changelog on branch `master`.
-* Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
+* Send PR to [blog repository](https://gitea.com/gitea/blog) announcing the release.
 
 ## Copyright
 

Dockerfile

@@ -1,14 +1,17 @@
 
 ###################################
 #Build stage
-FROM golang:1.12-alpine3.10 AS build-env
+FROM golang:1.13-alpine3.11 AS build-env
+
+ARG GOPROXY
+ENV GOPROXY ${GOPROXY:-direct}
 
 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
 ENV TAGS "bindata $TAGS"
 
 #Build deps
-RUN apk --no-cache add build-base git
+RUN apk --no-cache add build-base git nodejs npm
 
 #Setup repo
 COPY . ${GOPATH}/src/code.gitea.io/gitea
@@ -16,9 +19,9 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 
 #Checkout version if set
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
- && make clean generate build
+ && make clean build
 
-FROM alpine:3.10
+FROM alpine:3.11
 LABEL maintainer="maintainers@gitea.io"
 
 EXPOSE 22 3000

MAINTAINERS

@@ -19,7 +19,7 @@ Lauris Bukšis-Haberkorns <lauris@nix.lv> (@lafriks)
 Jonas Östanbäck <jonas.ostanback@gmail.com> (@cez81)
 David Schneiderbauer <dschneiderbauer@gmail.com> (@daviian)
 Peter Žeby <morlinest@gmail.com> (@morlinest)
-Matti Ranta <matti@mdranta.net> (@techknowlogick)
+Matti Ranta <techknowlogick@gitea.io> (@techknowlogick)
 Jonas Franz <info@jonasfranz.software> (@jonasfranz)
 Alexey Terentyev <axifnx@gmail.com> (@axifive)
 Lanre Adelowo <yo@lanre.wtf> (@adelowo)
@@ -30,3 +30,9 @@ John Olheiser <john.olheiser@gmail.com> (@jolheiser)
 Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
 Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
 silverwind <me@silverwind.io> (@silverwind)
+Gary Kim <gary@garykim.dev> (@gary-kim)
+Guillermo Prandi <gitea.maint@mailfilter.com.ar> (@guillep2k)
+Mura Li <typeless@ctli.io> (@typeless)
+6543 <6543@obermui.de> (@6543)
+jaqra <jaqra@hotmail.com> (@jaqra)
+David Svantesson <davidsvantesson@gmail.com> (@davidsvantesson)

Makefile

@@ -16,16 +16,18 @@ else
 	ifeq ($(UNAME_S),Darwin)
 		SED_INPLACE := sed -i ''
 	endif
+	ifeq ($(UNAME_S),FreeBSD)
+		SED_INPLACE := sed -i ''
+	endif
 endif
 
-BINDATA := modules/{options,public,templates}/bindata.go
 GOFILES := $(shell find . -name "*.go" -type f ! -path "./vendor/*" ! -path "*/bindata.go")
 GOFMT ?= gofmt -s
 
-GOFLAGS := -i -v
+GOFLAGS := -v
 EXTRA_GOFLAGS ?=
 
-MAKE_VERSION := $(shell make -v | head -n 1)
+MAKE_VERSION := $(shell $(MAKE) -v | head -n 1)
 
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
@@ -41,13 +43,25 @@ endif
 
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
 
-PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/)))
-SOURCES ?= $(shell find . -name "*.go" -type f)
+PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell GO111MODULE=on $(GO) list -mod=vendor ./... | grep -v /vendor/)))
+
+GO_SOURCES ?= $(shell find . -name "*.go" -type f)
+JS_SOURCES ?= $(shell find web_src/js web_src/css -type f)
+CSS_SOURCES ?= $(shell find web_src/less -type f)
+
+JS_DEST := public/js/index.js
+CSS_DEST := public/css/index.css
+BINDATA_DEST := modules/public/bindata.go modules/options/bindata.go modules/templates/bindata.go
+
+JS_DEST_DIR := public/js
+CSS_DEST_DIR := public/css
 
 TAGS ?=
 
 TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')
 
+#To update swagger use: GO111MODULE=on go get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.20.1
+SWAGGER := GO111MODULE=on $(GO) run -mod=vendor github.com/go-swagger/go-swagger/cmd/swagger
 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
 SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
 SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
@@ -78,10 +92,57 @@ all: build
 
 include docker/Makefile
 
+.PHONY: help
+help:
+	@echo "Make Routines:"
+	@echo " - \"\"                equivalent to \"build\""
+	@echo " - build             creates the entire project"
+	@echo " - clean             delete integration files and build files but not css and js files"
+	@echo " - clean-all         delete all generated files (integration test, build, css and js files)"
+	@echo " - css               rebuild only css files"
+	@echo " - js                rebuild only js files"
+	@echo " - generate          run \"make css js\" and \"go generate\""
+	@echo " - fmt               format the code"
+	@echo " - generate-swagger  generate the swagger spec from code comments"
+	@echo " - swagger-validate  check if the swagger spec is valide"
+	@echo " - revive            run code linter revive"
+	@echo " - misspell          check if a word is written wrong"
+	@echo " - vet               examines Go source code and reports suspicious constructs"
+	@echo " - test              run unit test"
+	@echo " - test-sqlite       run integration test for sqlite"
+
+.PHONY: go-check
+go-check:
+	$(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell go version | grep -Eo '[0-9]+\.?[0-9]+?\.?[0-9]?\s' | tr '.' ' ');))
+	@if [ "$(GO_VERSION)" -lt "001011000" ]; then \
+		echo "Gitea requires Go 1.11.0 or greater to build. You can get it at https://golang.org/dl/"; \
+		exit 1; \
+	fi
+
+.PHONY: git-check
+git-check:
+	@if git lfs >/dev/null 2>&1 ; then : ; else \
+		echo "Gitea requires git with lfs support to run tests." ; \
+		exit 1; \
+	fi
+
+.PHONY: node-check
+node-check:
+	$(eval NODE_VERSION := $(shell printf "%03d%03d%03d" $(shell node -v | grep -Eo '[0-9]+\.?[0-9]+?\.?[0-9]?' | tr '.' ' ');))
+	$(eval NPM_MISSING := $(shell hash npm > /dev/null 2>&1 || echo 1))
+	@if [ "$(NODE_VERSION)" -lt "010000000" -o "$(NPM_MISSING)" = "1" ]; then \
+		echo "Gitea requires Node.js 10.0.0 or greater and npm to build. You can get it at https://nodejs.org/en/download/"; \
+		exit 1; \
+	fi
+
+.PHONY: clean-all
+clean-all: clean
+	rm -rf $(JS_DEST_DIR) $(CSS_DEST_DIR)
+
 .PHONY: clean
 clean:
 	$(GO) clean -i ./...
-	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA) \
+	rm -rf $(EXECUTABLE) $(DIST) $(BINDATA_DEST) \
 		integrations*.test \
 		integrations/gitea-integration-pgsql/ integrations/gitea-integration-mysql/ integrations/gitea-integration-mysql8/ integrations/gitea-integration-sqlite/ \
 		integrations/gitea-integration-mssql/ integrations/indexers-mysql/ integrations/indexers-mysql8/ integrations/indexers-pgsql integrations/indexers-sqlite \
@@ -96,15 +157,12 @@ vet:
 	$(GO) vet $(PACKAGES)
 
 .PHONY: generate
-generate:
-	GO111MODULE=on $(GO) generate $(PACKAGES)
+generate: js css
+	GO111MODULE=on $(GO) generate -mod=vendor $(PACKAGES)
 
 .PHONY: generate-swagger
 generate-swagger:
-	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		GO111MODULE="on" $(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.19.0; \
-	fi
-	swagger generate spec -o './$(SWAGGER_SPEC)'
+	$(SWAGGER) generate spec -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'
 
@@ -119,11 +177,8 @@ swagger-check: generate-swagger
 
 .PHONY: swagger-validate
 swagger-validate:
-	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
-	fi
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_JSON)' './$(SWAGGER_SPEC)'
-	swagger validate './$(SWAGGER_SPEC)'
+	$(SWAGGER) validate './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
 
 .PHONY: errcheck
@@ -172,6 +227,10 @@ fmt-check:
 test:
 	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' $(PACKAGES)
 
+.PHONY: test\#%
+test\#%:
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' -run $* $(PACKAGES)
+
 .PHONY: coverage
 coverage:
 	@hash gocovmerge > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
@@ -181,7 +240,7 @@ coverage:
 
 .PHONY: unit-test-coverage
 unit-test-coverage:
-	$(GO) test -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' -cover -coverprofile coverage.out $(PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
 
 .PHONY: vendor
 vendor:
@@ -208,59 +267,84 @@ test-sqlite\#%: integrations.sqlite.test
 test-sqlite-migration:  migrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
 
-generate-ini:
+generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
 		-e 's|{{TEST_MYSQL_DBNAME}}|${TEST_MYSQL_DBNAME}|g' \
 		-e 's|{{TEST_MYSQL_USERNAME}}|${TEST_MYSQL_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL_PASSWORD}}|${TEST_MYSQL_PASSWORD}|g' \
 			integrations/mysql.ini.tmpl > integrations/mysql.ini
+
+.PHONY: test-mysql
+test-mysql: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test
+
+.PHONY: test-mysql\#%
+test-mysql\#%: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.run $*
+
+.PHONY: test-mysql-migration
+test-mysql-migration: migrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.mysql.test
+
+
+generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
 		-e 's|{{TEST_MYSQL8_DBNAME}}|${TEST_MYSQL8_DBNAME}|g' \
 		-e 's|{{TEST_MYSQL8_USERNAME}}|${TEST_MYSQL8_USERNAME}|g' \
 		-e 's|{{TEST_MYSQL8_PASSWORD}}|${TEST_MYSQL8_PASSWORD}|g' \
 			integrations/mysql8.ini.tmpl > integrations/mysql8.ini
+
+.PHONY: test-mysql8
+test-mysql8: integrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test
+
+.PHONY: test-mysql8\#%
+test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.mysql8.test -test.run $*
+
+.PHONY: test-mysql8-migration
+test-mysql8-migration: migrations.mysql8.test generate-ini-mysql8
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.mysql8.test
+
+
+generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
 		-e 's|{{TEST_PGSQL_DBNAME}}|${TEST_PGSQL_DBNAME}|g' \
 		-e 's|{{TEST_PGSQL_USERNAME}}|${TEST_PGSQL_USERNAME}|g' \
 		-e 's|{{TEST_PGSQL_PASSWORD}}|${TEST_PGSQL_PASSWORD}|g' \
 			integrations/pgsql.ini.tmpl > integrations/pgsql.ini
+
+.PHONY: test-pgsql
+test-pgsql: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test
+
+.PHONY: test-pgsql\#%
+test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.run $*
+
+.PHONY: test-pgsql-migration
+test-pgsql-migration: migrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.pgsql.test
+
+
+generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
 		-e 's|{{TEST_MSSQL_DBNAME}}|${TEST_MSSQL_DBNAME}|g' \
 		-e 's|{{TEST_MSSQL_USERNAME}}|${TEST_MSSQL_USERNAME}|g' \
 		-e 's|{{TEST_MSSQL_PASSWORD}}|${TEST_MSSQL_PASSWORD}|g' \
 			integrations/mssql.ini.tmpl > integrations/mssql.ini
 
-.PHONY: test-mysql
-test-mysql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test
-
-.PHONY: test-mysql-migration
-test-mysql-migration: migrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./migrations.test
-
-.PHONY: test-mysql8
-test-mysql8: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./integrations.test
-
-.PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql8.ini ./migrations.test
-
-.PHONY: test-pgsql
-test-pgsql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test
-
-.PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./migrations.test
-
 .PHONY: test-mssql
-test-mssql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.test
+test-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test
+
+.PHONY: test-mssql\#%
+test-mssql\#%: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.run $*
 
 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.test
+test-mssql-migration: migrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./migrations.mssql.test
 
 
 .PHONY: bench-sqlite
@@ -268,37 +352,58 @@ bench-sqlite: integrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-mysql
-bench-mysql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+bench-mysql: integrations.mysql.test generate-ini-mysql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.mysql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-mssql
-bench-mssql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+bench-mssql: integrations.mssql.test generate-ini-mssql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mssql.ini ./integrations.mssql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 .PHONY: bench-pgsql
-bench-pgsql: integrations.test generate-ini
-	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
+bench-pgsql: integrations.pgsql.test generate-ini-pgsql
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/pgsql.ini ./integrations.pgsql.test -test.cpuprofile=cpu.out -test.run DontRunTests -test.bench .
 
 
 .PHONY: integration-test-coverage
-integration-test-coverage: integrations.cover.test generate-ini
+integration-test-coverage: integrations.cover.test generate-ini-mysql
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out
 
-integrations.test: $(SOURCES)
-	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.test
+integrations.mysql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql.test
 
-integrations.sqlite.test: $(SOURCES)
+integrations.mysql8.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mysql8.test
+
+integrations.pgsql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.pgsql.test
+
+integrations.mssql.test: $(GO_SOURCES)
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.mssql.test
+
+integrations.sqlite.test: $(GO_SOURCES)
 	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'
 
-integrations.cover.test: $(SOURCES)
+integrations.cover.test: git-check $(GO_SOURCES)
 	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
 
-.PHONY: migrations.test
-migrations.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.test
+.PHONY: migrations.mysql.test
+migrations.mysql.test: $(GO_SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql.test
+
+.PHONY: migrations.mysql8.test
+migrations.mysql8.test: $(GO_SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mysql8.test
+
+.PHONY: migrations.pgsql.test
+migrations.pgsql.test: $(GO_SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.pgsql.test
+
+.PHONY: migrations.mssql.test
+migrations.mssql.test: $(GO_SOURCES)
+	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.mssql.test
 
 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(SOURCES)
+migrations.sqlite.test: $(GO_SOURCES)
 	$(GO) test -c code.gitea.io/gitea/integrations/migration-test -o migrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'
 
 .PHONY: check
@@ -309,13 +414,13 @@ install: $(wildcard *.go)
 	$(GO) install -v -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)'
 
 .PHONY: build
-build: $(EXECUTABLE)
+build: go-check generate $(EXECUTABLE)
 
-$(EXECUTABLE): $(SOURCES)
+$(EXECUTABLE): $(GO_SOURCES)
 	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
 
 .PHONY: release
-release: release-dirs release-windows release-linux release-darwin release-copy release-compress release-check
+release: generate release-dirs release-windows release-linux release-darwin release-copy release-compress release-check
 
 .PHONY: release-dirs
 release-dirs:
@@ -366,43 +471,30 @@ release-compress:
 	fi
 	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;
 
-npm-check:
-	@hash npm > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		echo "Please install Node.js 8.x or greater with npm"; \
-		exit 1; \
-	fi;
-	@hash npx > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		echo "Please install Node.js 8.x or greater with npm"; \
-		exit 1; \
-	fi;
-
-.PHONY: npm
-npm: npm-check
+node_modules: package-lock.json
 	npm install --no-save
 
 .PHONY: npm-update
-npm-update: npm-check
+npm-update: node-check node_modules
 	npx updates -cu
 	rm -rf node_modules package-lock.json
 	npm install --package-lock
 
 .PHONY: js
-js: npm
-	npx eslint public/js
+js: node-check $(JS_DEST)
+
+$(JS_DEST): node_modules $(JS_SOURCES)
+	npx eslint web_src/js webpack.config.js
+	npx webpack
 
 .PHONY: css
-css: npm
-	npx stylelint public/less
-	npx lessc --clean-css="--s0 -b" public/less/index.less public/css/index.css
-	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),npx lessc --clean-css="--s0 -b" public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
-	npx postcss --use autoprefixer --no-map --replace public/css/*
+css: node-check $(CSS_DEST)
 
-	@diff=$$(git diff public/css/*); \
-	if ([ -n "$$CI" ] && [ -n "$$diff" ]); then \
-		echo "Generated files in public/css have changed, please commit the result:"; \
-		echo "$${diff}"; \
-		exit 1; \
-	fi;
+$(CSS_DEST): node_modules $(CSS_SOURCES)
+	npx stylelint web_src/less
+	npx lessc web_src/less/index.less public/css/index.css
+	$(foreach file, $(filter-out web_src/less/themes/_base.less, $(wildcard web_src/less/themes/*)),npx lessc web_src/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
+	npx postcss --use autoprefixer --use cssnano --no-map --replace public/css/*
 
 .PHONY: javascripts
 javascripts:
@@ -473,6 +565,6 @@ pr:
 golangci-lint:
 	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		export BINARY="golangci-lint"; \
-		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.16.0; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.20.0; \
 	fi
-	golangci-lint run
+	golangci-lint run --timeout 5m

README.md

@@ -1,6 +1,6 @@
-[简体中文](https://github.com/go-gitea/gitea/blob/master/README_ZH.md)
+[简体中文](README_ZH.md)
 
-# Gitea - Git with a cup of tea
+<h1> <img src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png" alt="logo" width="30" height="30"> Gitea - Git with a cup of tea</h1>
 
 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
@@ -10,7 +10,9 @@
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
 [![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
-[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 
 ## Purpose
 
@@ -29,7 +31,7 @@ This project has been
 
 From the root of the source tree, run:
 
-    TAGS="bindata" make generate all
+    TAGS="bindata" make build
 
 More info: https://docs.gitea.io/en-us/install-from-source/
 
@@ -103,9 +105,8 @@ for the full license text.
 ## Screenshots
 Looking for an overview of the interface? Check it out!
 
-| | | |
+|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
 |:---:|:---:|:---:|
-|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
-|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
+|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|

README_ZH.md

@@ -1,15 +1,18 @@
-[English](https://github.com/go-gitea/gitea/blob/master/README.md)
+[English](README.md)
 
-# Gitea - Git with a cup of tea
+<h1> <img src="https://raw.githubusercontent.com/go-gitea/gitea/master/public/img/gitea-192.png" alt="logo" width="30" height="30"> Gitea - Git with a cup of tea</h1>
 
 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
-[![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
+[![Join the Discord chat at https://discord.gg/NsatcWJ](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
 [![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
 [![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
-[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backer/badge.svg?label=backer&color=brightgreen)](https://opencollective.com/gitea)
+[![Help Contribute to Open Source](https://www.codetriage.com/go-gitea/gitea/badges/users.svg)](https://www.codetriage.com/go-gitea/gitea)
+[![Become a backer/sponsor of gitea](https://opencollective.com/gitea/tiers/backers/badge.svg?label=backers&color=brightgreen)](https://opencollective.com/gitea)
+[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+[![Crowdin](https://badges.crowdin.net/gitea/localized.svg)](https://crowdin.com/project/gitea)
 
 ## 目标
 
@@ -25,7 +28,7 @@ Gitea 的首要目标是创建一个极易安装，运行非常快速，安装
 
 ## 文档
 
-关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/NsatcWJ) 和 QQ群 328432459 来和我们交流。
+关于如何安装请访问我们的 [文档站](https://docs.gitea.io/zh-cn/)，如果没有找到对应的文档，你也可以通过 [Discord - 英文](https://discord.gg/gitea) 和 QQ群 328432459 来和我们交流。
 
 ## 贡献流程
 
@@ -43,9 +46,8 @@ Fork -> Patch -> Push -> Pull Request
 
 ## 截图
 
-| | | |
+|![Dashboard](https://dl.gitea.io/screenshots/home_timeline.png)|![User Profile](https://dl.gitea.io/screenshots/user_profile.png)|![Global Issues](https://dl.gitea.io/screenshots/global_issues.png)|
 |:---:|:---:|:---:|
-|![Dashboard](https://image.ibb.co/dms6DG/1.png)|![Repository](https://image.ibb.co/m6MSLw/2.png)|![Commits History](https://image.ibb.co/cjrSLw/3.png)|
-|![Branches](https://image.ibb.co/e6vbDG/4.png)|![Issues](https://image.ibb.co/bJTJSb/5.png)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)|
-|![Releases](https://image.ibb.co/cUzgfw/7.png)|![Activity](https://image.ibb.co/eZgGDG/8.png)|![Wiki](https://image.ibb.co/dYV9YG/9.png)|
-|![Diff](https://image.ibb.co/ewA9YG/10.png)|![Organization](https://image.ibb.co/ceOwDG/11.png)|![Profile](https://image.ibb.co/c44Q7b/12.png)|
+|![Branches](https://dl.gitea.io/screenshots/branches.png)|![Web Editor](https://dl.gitea.io/screenshots/web_editor.png)|![Activity](https://dl.gitea.io/screenshots/activity.png)|
+|![New Migration](https://dl.gitea.io/screenshots/migration.png)|![Migrating](https://dl.gitea.io/screenshots/migration.gif)|![Pull Request View](https://image.ibb.co/e02dSb/6.png)
+![Pull Request Dark](https://dl.gitea.io/screenshots/pull_requests_dark.png)|![Diff Review Dark](https://dl.gitea.io/screenshots/review_dark.png)|![Diff Dark](https://dl.gitea.io/screenshots/diff_dark.png)|

cmd/admin.go

@@ -13,9 +13,10 @@ import (
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth/oauth2"
-	"code.gitea.io/gitea/modules/generate"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
+	pwd "code.gitea.io/gitea/modules/password"
+	"code.gitea.io/gitea/modules/repository"
 	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/urfave/cli"
@@ -66,7 +67,7 @@ var (
 			},
 			cli.BoolFlag{
 				Name:  "must-change-password",
-				Usage: "Force the user to change his/her password after initial login",
+				Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
 			},
 			cli.IntFlag{
 				Name:  "random-password-length",
@@ -154,6 +155,7 @@ var (
 	microcmdAuthDelete = cli.Command{
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
+		Flags:  []cli.Flag{idFlag},
 		Action: runDeleteAuth,
 	}
 
@@ -233,7 +235,9 @@ func runChangePassword(c *cli.Context) error {
 	if err := initDB(); err != nil {
 		return err
 	}
-
+	if !pwd.IsComplexEnough(c.String("password")) {
+		return errors.New("Password does not meet complexity requirements")
+	}
 	uname := c.String("username")
 	user, err := models.GetUserByName(uname)
 	if err != nil {
@@ -243,6 +247,7 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}
 	user.HashPassword(c.String("password"))
+
 	if err := models.UpdateUserCols(user, "passwd", "salt"); err != nil {
 		return err
 	}
@@ -275,26 +280,24 @@ func runCreateUser(c *cli.Context) error {
 		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
 	}
 
-	var password string
+	if err := initDB(); err != nil {
+		return err
+	}
 
+	var password string
 	if c.IsSet("password") {
 		password = c.String("password")
 	} else if c.IsSet("random-password") {
 		var err error
-		password, err = generate.GetRandomString(c.Int("random-password-length"))
+		password, err = pwd.Generate(c.Int("random-password-length"))
 		if err != nil {
 			return err
 		}
-
 		fmt.Printf("generated random password is '%s'\n", password)
 	} else {
 		return errors.New("must set either password or random-password flag")
 	}
 
-	if err := initDB(); err != nil {
-		return err
-	}
-
 	// always default to true
 	var changePassword = true
 
@@ -372,19 +375,22 @@ func runRepoSyncReleases(c *cli.Context) error {
 			}
 			log.Trace(" currentNumReleases is %d, running SyncReleasesWithTags", oldnum)
 
-			if err = models.SyncReleasesWithTags(repo, gitRepo); err != nil {
+			if err = repository.SyncReleasesWithTags(repo, gitRepo); err != nil {
 				log.Warn(" SyncReleasesWithTags: %v", err)
+				gitRepo.Close()
 				continue
 			}
 
 			count, err = getReleaseCount(repo.ID)
 			if err != nil {
 				log.Warn(" GetReleaseCountByRepoID: %v", err)
+				gitRepo.Close()
 				continue
 			}
 
 			log.Trace(" repo %s releases synchronized to tags: from %d to %d",
 				repo.FullName(), oldnum, count)
+			gitRepo.Close()
 		}
 	}
 
@@ -528,9 +534,9 @@ func runListAuth(c *cli.Context) error {
 
 	// loop through each source and print
 	w := tabwriter.NewWriter(os.Stdout, 0, 0, 1, ' ', tabwriter.AlignRight)
-	fmt.Fprintf(w, "ID\tName\tType\tEnabled")
+	fmt.Fprintf(w, "ID\tName\tType\tEnabled\n")
 	for _, source := range loginSources {
-		fmt.Fprintf(w, "%d\t%s\t%s\t%t", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
+		fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", source.ID, source.Name, models.LoginNames[source.Type], source.IsActived)
 	}
 	w.Flush()
 

cmd/admin_auth_ldap.go

@@ -61,6 +61,10 @@ var (
 			Name:  "admin-filter",
 			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
 		},
+		cli.BoolFlag{
+			Name:  "allow-deactivate-all",
+			Usage: "Allow empty search results to deactivate all users.",
+		},
 		cli.StringFlag{
 			Name:  "username-attribute",
 			Usage: "The attribute of the user’s LDAP record containing the user name.",
@@ -231,6 +235,9 @@ func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
 	if c.IsSet("admin-filter") {
 		config.Source.AdminFilter = c.String("admin-filter")
 	}
+	if c.IsSet("allow-deactivate-all") {
+		config.Source.AllowDeactivateAll = c.Bool("allow-deactivate-all")
+	}
 	return nil
 }
 

cmd/cmd.go

@@ -38,7 +38,7 @@ func initDB() error {
 
 func initDBDisableConsole(disableConsole bool) error {
 	setting.NewContext()
-	models.LoadConfigs()
+	setting.InitDBConfig()
 
 	setting.NewXORMLogService(disableConsole)
 	if err := models.SetEngine(); err != nil {

cmd/convert.go

@@ -31,9 +31,9 @@ func runConvert(ctx *cli.Context) error {
 	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
 	log.Trace("Custom path: %s", setting.CustomPath)
 	log.Trace("Log path: %s", setting.LogRootPath)
-	models.LoadConfigs()
+	setting.InitDBConfig()
 
-	if models.DbCfg.Type != "mysql" {
+	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")
 		return nil
 	}

cmd/dump.go

@@ -8,17 +8,17 @@ package cmd
 import (
 	"fmt"
 	"io/ioutil"
-	"log"
 	"os"
 	"path"
 	"path/filepath"
 	"time"
 
 	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 
-	"github.com/Unknwon/cae/zip"
-	"github.com/Unknwon/com"
+	"github.com/unknwon/cae/zip"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )
 
@@ -55,10 +55,14 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 	},
 }
 
+func fatal(format string, args ...interface{}) {
+	fmt.Fprintf(os.Stderr, format+"\n", args...)
+	log.Fatal(format, args...)
+}
+
 func runDump(ctx *cli.Context) error {
 	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise
-	models.LoadConfigs()
 
 	err := models.SetEngine()
 	if err != nil {
@@ -67,13 +71,13 @@ func runDump(ctx *cli.Context) error {
 
 	tmpDir := ctx.String("tempdir")
 	if _, err := os.Stat(tmpDir); os.IsNotExist(err) {
-		log.Fatalf("Path does not exist: %s", tmpDir)
+		fatal("Path does not exist: %s", tmpDir)
 	}
 	tmpWorkDir, err := ioutil.TempDir(tmpDir, "gitea-dump-")
 	if err != nil {
-		log.Fatalf("Failed to create tmp work directory: %v", err)
+		fatal("Failed to create tmp work directory: %v", err)
 	}
-	log.Printf("Creating tmp work dir: %s", tmpWorkDir)
+	log.Info("Creating tmp work dir: %s", tmpWorkDir)
 
 	// work-around #1103
 	if os.Getenv("TMPDIR") == "" {
@@ -83,88 +87,91 @@ func runDump(ctx *cli.Context) error {
 	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")
 
 	fileName := ctx.String("file")
-	log.Printf("Packing dump files...")
+	log.Info("Packing dump files...")
 	z, err := zip.Create(fileName)
 	if err != nil {
-		log.Fatalf("Failed to create %s: %v", fileName, err)
+		fatal("Failed to create %s: %v", fileName, err)
 	}
+
 	zip.Verbose = ctx.Bool("verbose")
 
 	if ctx.IsSet("skip-repository") {
-		log.Printf("Skip dumping local repositories")
+		log.Info("Skip dumping local repositories")
 	} else {
-		log.Printf("Dumping local repositories...%s", setting.RepoRootPath)
+		log.Info("Dumping local repositories...%s", setting.RepoRootPath)
 		reposDump := path.Join(tmpWorkDir, "gitea-repo.zip")
 		if err := zip.PackTo(setting.RepoRootPath, reposDump, true); err != nil {
-			log.Fatalf("Failed to dump local repositories: %v", err)
+			fatal("Failed to dump local repositories: %v", err)
 		}
 		if err := z.AddFile("gitea-repo.zip", reposDump); err != nil {
-			log.Fatalf("Failed to include gitea-repo.zip: %v", err)
+			fatal("Failed to include gitea-repo.zip: %v", err)
 		}
 	}
 
 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != models.DbCfg.Type {
-		log.Printf("Dumping database %s => %s...", models.DbCfg.Type, targetDBType)
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
+		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
-		log.Printf("Dumping database...")
+		log.Info("Dumping database...")
 	}
 
 	if err := models.DumpDatabase(dbDump, targetDBType); err != nil {
-		log.Fatalf("Failed to dump database: %v", err)
+		fatal("Failed to dump database: %v", err)
 	}
 
 	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
-		log.Fatalf("Failed to include gitea-db.sql: %v", err)
+		fatal("Failed to include gitea-db.sql: %v", err)
 	}
 
 	if len(setting.CustomConf) > 0 {
-		log.Printf("Adding custom configuration file from %s", setting.CustomConf)
+		log.Info("Adding custom configuration file from %s", setting.CustomConf)
 		if err := z.AddFile("app.ini", setting.CustomConf); err != nil {
-			log.Fatalf("Failed to include specified app.ini: %v", err)
+			fatal("Failed to include specified app.ini: %v", err)
 		}
 	}
 
 	customDir, err := os.Stat(setting.CustomPath)
 	if err == nil && customDir.IsDir() {
 		if err := z.AddDir("custom", setting.CustomPath); err != nil {
-			log.Fatalf("Failed to include custom: %v", err)
+			fatal("Failed to include custom: %v", err)
 		}
 	} else {
-		log.Printf("Custom dir %s doesn't exist, skipped", setting.CustomPath)
+		log.Info("Custom dir %s doesn't exist, skipped", setting.CustomPath)
 	}
 
 	if com.IsExist(setting.AppDataPath) {
-		log.Printf("Packing data directory...%s", setting.AppDataPath)
+		log.Info("Packing data directory...%s", setting.AppDataPath)
 
 		var sessionAbsPath string
 		if setting.SessionConfig.Provider == "file" {
 			sessionAbsPath = setting.SessionConfig.ProviderConfig
 		}
 		if err := zipAddDirectoryExclude(z, "data", setting.AppDataPath, sessionAbsPath); err != nil {
-			log.Fatalf("Failed to include data directory: %v", err)
+			fatal("Failed to include data directory: %v", err)
 		}
 	}
 
-	if err := z.AddDir("log", setting.LogRootPath); err != nil {
-		log.Fatalf("Failed to include log: %v", err)
+	if com.IsExist(setting.LogRootPath) {
+		if err := z.AddDir("log", setting.LogRootPath); err != nil {
+			fatal("Failed to include log: %v", err)
+		}
 	}
 
 	if err = z.Close(); err != nil {
 		_ = os.Remove(fileName)
-		log.Fatalf("Failed to save %s: %v", fileName, err)
+		fatal("Failed to save %s: %v", fileName, err)
 	}
 
 	if err := os.Chmod(fileName, 0600); err != nil {
-		log.Printf("Can't change file access permissions mask to 0600: %v", err)
+		log.Info("Can't change file access permissions mask to 0600: %v", err)
 	}
 
-	log.Printf("Removing tmp work dir: %s", tmpWorkDir)
+	log.Info("Removing tmp work dir: %s", tmpWorkDir)
 
 	if err := os.RemoveAll(tmpWorkDir); err != nil {
-		log.Fatalf("Failed to remove %s: %v", tmpWorkDir, err)
+		fatal("Failed to remove %s: %v", tmpWorkDir, err)
 	}
-	log.Printf("Finish dumping in file %s", fileName)
+	log.Info("Finish dumping in file %s", fileName)
 
 	return nil
 }

cmd/hook.go

@@ -8,18 +8,25 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"io"
 	"net/http"
 	"os"
 	"strconv"
 	"strings"
+	"time"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
+	"code.gitea.io/gitea/modules/setting"
 
 	"github.com/urfave/cli"
 )
 
+const (
+	hookBatchSize = 30
+)
+
 var (
 	// CmdHook represents the available hooks sub-command.
 	CmdHook = cli.Command{
@@ -53,12 +60,101 @@ var (
 	}
 )
 
+type delayWriter struct {
+	internal io.Writer
+	buf      *bytes.Buffer
+	timer    *time.Timer
+}
+
+func newDelayWriter(internal io.Writer, delay time.Duration) *delayWriter {
+	timer := time.NewTimer(delay)
+	return &delayWriter{
+		internal: internal,
+		buf:      &bytes.Buffer{},
+		timer:    timer,
+	}
+}
+
+func (d *delayWriter) Write(p []byte) (n int, err error) {
+	if d.buf != nil {
+		select {
+		case <-d.timer.C:
+			_, err := d.internal.Write(d.buf.Bytes())
+			if err != nil {
+				return 0, err
+			}
+			d.buf = nil
+			return d.internal.Write(p)
+		default:
+			return d.buf.Write(p)
+		}
+	}
+	return d.internal.Write(p)
+}
+
+func (d *delayWriter) WriteString(s string) (n int, err error) {
+	if d.buf != nil {
+		select {
+		case <-d.timer.C:
+			_, err := d.internal.Write(d.buf.Bytes())
+			if err != nil {
+				return 0, err
+			}
+			d.buf = nil
+			return d.internal.Write([]byte(s))
+		default:
+			return d.buf.WriteString(s)
+		}
+	}
+	return d.internal.Write([]byte(s))
+}
+
+func (d *delayWriter) Close() error {
+	if d == nil {
+		return nil
+	}
+	stopped := d.timer.Stop()
+	if stopped {
+		return nil
+	}
+	select {
+	case <-d.timer.C:
+	default:
+	}
+	if d.buf == nil {
+		return nil
+	}
+	_, err := d.internal.Write(d.buf.Bytes())
+	d.buf = nil
+	return err
+}
+
+type nilWriter struct{}
+
+func (n *nilWriter) Write(p []byte) (int, error) {
+	return len(p), nil
+}
+
+func (n *nilWriter) WriteString(s string) (int, error) {
+	return len(s), nil
+}
+
 func runHookPreReceive(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 
-	setup("hooks/pre-receive.log")
+	setup("hooks/pre-receive.log", false)
+
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
+			fail(`Rejecting changes as Gitea environment not set.
+If you are pushing over SSH you must push with a key managed by
+Gitea or set your environment appropriately.`, "")
+		} else {
+			return nil
+		}
+	}
 
 	// the environment setted on serv command
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
@@ -66,13 +162,39 @@ func runHookPreReceive(c *cli.Context) error {
 	reponame := os.Getenv(models.EnvRepoName)
 	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)
+	isDeployKey, _ := strconv.ParseBool(os.Getenv(models.EnvIsDeployKey))
+
+	hookOptions := private.HookOptions{
+		UserID:                          userID,
+		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
+		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
+		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
+		ProtectedBranchID:               prID,
+		IsDeployKey:                     isDeployKey,
+	}
 
-	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
-	for scanner.Scan() {
-		buf.Write(scanner.Bytes())
-		buf.WriteByte('\n')
 
+	oldCommitIDs := make([]string, hookBatchSize)
+	newCommitIDs := make([]string, hookBatchSize)
+	refFullNames := make([]string, hookBatchSize)
+	count := 0
+	total := 0
+	lastline := 0
+
+	var out io.Writer
+	out = &nilWriter{}
+	if setting.Git.VerbosePush {
+		if setting.Git.VerbosePushDelay > 0 {
+			dWriter := newDelayWriter(os.Stdout, setting.Git.VerbosePushDelay)
+			defer dWriter.Close()
+			out = dWriter
+		} else {
+			out = os.Stdout
+		}
+	}
+
+	for scanner.Scan() {
 		// TODO: support news feeds for wiki
 		if isWiki {
 			continue
@@ -86,47 +208,101 @@ func runHookPreReceive(c *cli.Context) error {
 		oldCommitID := string(fields[0])
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])
+		total++
+		lastline++
 
 		// If the ref is a branch, check if it's protected
 		if strings.HasPrefix(refFullName, git.BranchPrefix) {
-			statusCode, msg := private.HookPreReceive(username, reponame, private.HookOptions{
-				OldCommitID:                     oldCommitID,
-				NewCommitID:                     newCommitID,
-				RefFullName:                     refFullName,
-				UserID:                          userID,
-				GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
-				GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
-				GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
-				ProtectedBranchID:               prID,
-			})
-			switch statusCode {
-			case http.StatusInternalServerError:
-				fail("Internal Server Error", msg)
-			case http.StatusForbidden:
-				fail(msg, "")
+			oldCommitIDs[count] = oldCommitID
+			newCommitIDs[count] = newCommitID
+			refFullNames[count] = refFullName
+			count++
+			fmt.Fprintf(out, "*")
+
+			if count >= hookBatchSize {
+				fmt.Fprintf(out, " Checking %d branches\n", count)
+
+				hookOptions.OldCommitIDs = oldCommitIDs
+				hookOptions.NewCommitIDs = newCommitIDs
+				hookOptions.RefFullNames = refFullNames
+				statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
+				switch statusCode {
+				case http.StatusOK:
+					// no-op
+				case http.StatusInternalServerError:
+					fail("Internal Server Error", msg)
+				default:
+					fail(msg, "")
+				}
+				count = 0
+				lastline = 0
 			}
+		} else {
+			fmt.Fprintf(out, ".")
+		}
+		if lastline >= hookBatchSize {
+			fmt.Fprintf(out, "\n")
+			lastline = 0
 		}
 	}
 
+	if count > 0 {
+		hookOptions.OldCommitIDs = oldCommitIDs[:count]
+		hookOptions.NewCommitIDs = newCommitIDs[:count]
+		hookOptions.RefFullNames = refFullNames[:count]
+
+		fmt.Fprintf(out, " Checking %d branches\n", count)
+
+		statusCode, msg := private.HookPreReceive(username, reponame, hookOptions)
+		switch statusCode {
+		case http.StatusInternalServerError:
+			fail("Internal Server Error", msg)
+		case http.StatusForbidden:
+			fail(msg, "")
+		}
+	} else if lastline > 0 {
+		fmt.Fprintf(out, "\n")
+		lastline = 0
+	}
+
+	fmt.Fprintf(out, "Checked %d references in total\n", total)
 	return nil
 }
 
 func runHookUpdate(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
-		return nil
-	}
-
-	setup("hooks/update.log")
-
+	// Update is empty and is kept only for backwards compatibility
 	return nil
 }
 
 func runHookPostReceive(c *cli.Context) error {
-	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+	if os.Getenv(models.EnvIsInternal) == "true" {
 		return nil
 	}
 
-	setup("hooks/post-receive.log")
+	setup("hooks/post-receive.log", false)
+
+	if len(os.Getenv("SSH_ORIGINAL_COMMAND")) == 0 {
+		if setting.OnlyAllowPushIfGiteaEnvironmentSet {
+			fail(`Rejecting changes as Gitea environment not set.
+If you are pushing over SSH you must push with a key managed by
+Gitea or set your environment appropriately.`, "")
+		} else {
+			return nil
+		}
+	}
+
+	var out io.Writer
+	var dWriter *delayWriter
+	out = &nilWriter{}
+	if setting.Git.VerbosePush {
+		if setting.Git.VerbosePushDelay > 0 {
+			dWriter = newDelayWriter(os.Stdout, setting.Git.VerbosePushDelay)
+			defer dWriter.Close()
+			out = dWriter
+		} else {
+			out = os.Stdout
+		}
+	}
 
 	// the environment setted on serv command
 	repoUser := os.Getenv(models.EnvRepoUsername)
@@ -135,12 +311,24 @@ func runHookPostReceive(c *cli.Context) error {
 	pusherID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
 	pusherName := os.Getenv(models.EnvPusherName)
 
-	buf := bytes.NewBuffer(nil)
+	hookOptions := private.HookOptions{
+		UserName:                        pusherName,
+		UserID:                          pusherID,
+		GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
+		GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
+		GitQuarantinePath:               os.Getenv(private.GitQuarantinePath),
+	}
+	oldCommitIDs := make([]string, hookBatchSize)
+	newCommitIDs := make([]string, hookBatchSize)
+	refFullNames := make([]string, hookBatchSize)
+	count := 0
+	total := 0
+	wasEmpty := false
+	masterPushed := false
+	results := make([]private.HookPostReceiveBranchResult, 0)
+
 	scanner := bufio.NewScanner(os.Stdin)
 	for scanner.Scan() {
-		buf.Write(scanner.Bytes())
-		buf.WriteByte('\n')
-
 		// TODO: support news feeds for wiki
 		if isWiki {
 			continue
@@ -151,36 +339,93 @@ func runHookPostReceive(c *cli.Context) error {
 			continue
 		}
 
-		oldCommitID := string(fields[0])
-		newCommitID := string(fields[1])
-		refFullName := string(fields[2])
-
-		res, err := private.HookPostReceive(repoUser, repoName, private.HookOptions{
-			OldCommitID: oldCommitID,
-			NewCommitID: newCommitID,
-			RefFullName: refFullName,
-			UserID:      pusherID,
-			UserName:    pusherName,
-		})
-
-		if res == nil {
-			fail("Internal Server Error", err)
+		fmt.Fprintf(out, ".")
+		oldCommitIDs[count] = string(fields[0])
+		newCommitIDs[count] = string(fields[1])
+		refFullNames[count] = string(fields[2])
+		if refFullNames[count] == git.BranchPrefix+"master" && newCommitIDs[count] != git.EmptySHA && count == total {
+			masterPushed = true
 		}
+		count++
+		total++
 
-		if res["message"] == false {
+		if count >= hookBatchSize {
+			fmt.Fprintf(out, " Processing %d references\n", count)
+			hookOptions.OldCommitIDs = oldCommitIDs
+			hookOptions.NewCommitIDs = newCommitIDs
+			hookOptions.RefFullNames = refFullNames
+			resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
+			if resp == nil {
+				_ = dWriter.Close()
+				hookPrintResults(results)
+				fail("Internal Server Error", err)
+			}
+			wasEmpty = wasEmpty || resp.RepoWasEmpty
+			results = append(results, resp.Results...)
+			count = 0
+		}
+	}
+
+	if count == 0 {
+		if wasEmpty && masterPushed {
+			// We need to tell the repo to reset the default branch to master
+			err := private.SetDefaultBranch(repoUser, repoName, "master")
+			if err != nil {
+				fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
+			}
+		}
+		fmt.Fprintf(out, "Processed %d references in total\n", total)
+
+		_ = dWriter.Close()
+		hookPrintResults(results)
+		return nil
+	}
+
+	hookOptions.OldCommitIDs = oldCommitIDs[:count]
+	hookOptions.NewCommitIDs = newCommitIDs[:count]
+	hookOptions.RefFullNames = refFullNames[:count]
+
+	fmt.Fprintf(out, " Processing %d references\n", count)
+
+	resp, err := private.HookPostReceive(repoUser, repoName, hookOptions)
+	if resp == nil {
+		_ = dWriter.Close()
+		hookPrintResults(results)
+		fail("Internal Server Error", err)
+	}
+	wasEmpty = wasEmpty || resp.RepoWasEmpty
+	results = append(results, resp.Results...)
+
+	fmt.Fprintf(out, "Processed %d references in total\n", total)
+
+	if wasEmpty && masterPushed {
+		// We need to tell the repo to reset the default branch to master
+		err := private.SetDefaultBranch(repoUser, repoName, "master")
+		if err != nil {
+			fail("Internal Server Error", "SetDefaultBranch failed with Error: %v", err)
+		}
+	}
+	_ = dWriter.Close()
+	hookPrintResults(results)
+
+	return nil
+}
+
+func hookPrintResults(results []private.HookPostReceiveBranchResult) {
+	for _, res := range results {
+		if !res.Message {
 			continue
 		}
 
 		fmt.Fprintln(os.Stderr, "")
-		if res["create"] == true {
-			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res["branch"])
-			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		if res.Create {
+			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res.Branch)
+			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		} else {
 			fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
-			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+			fmt.Fprintf(os.Stderr, "  %s\n", res.URL)
 		}
 		fmt.Fprintln(os.Stderr, "")
+		os.Stderr.Sync()
 	}
-
-	return nil
 }

cmd/keys.go

@@ -9,7 +9,7 @@ import (
 	"fmt"
 	"strings"
 
-	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/private"
 
 	"github.com/urfave/cli"
 )
@@ -62,14 +62,12 @@ func runKeys(c *cli.Context) error {
 		return errors.New("No key type and content provided")
 	}
 
-	if err := initDBDisableConsole(true); err != nil {
-		return err
-	}
+	setup("keys.log", false)
 
-	publicKey, err := models.SearchPublicKeyByContent(content)
+	authorizedString, err := private.AuthorizedPublicKeyByContent(content)
 	if err != nil {
 		return err
 	}
-	fmt.Println(publicKey.AuthorizedString())
+	fmt.Println(strings.TrimSpace(authorizedString))
 	return nil
 }

cmd/migrate.go

@@ -5,6 +5,8 @@
 package cmd
 
 import (
+	"context"
+
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/migrations"
 	"code.gitea.io/gitea/modules/log"
@@ -30,9 +32,9 @@ func runMigrate(ctx *cli.Context) error {
 	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
 	log.Trace("Custom path: %s", setting.CustomPath)
 	log.Trace("Log path: %s", setting.LogRootPath)
-	models.LoadConfigs()
+	setting.InitDBConfig()
 
-	if err := models.NewEngine(migrations.Migrate); err != nil {
+	if err := models.NewEngine(context.Background(), migrations.Migrate); err != nil {
 		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}

cmd/serv.go

@@ -12,6 +12,7 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
+	"regexp"
 	"strconv"
 	"strings"
 	"time"
@@ -22,8 +23,8 @@ import (
 	"code.gitea.io/gitea/modules/private"
 	"code.gitea.io/gitea/modules/setting"
 
-	"github.com/Unknwon/com"
 	"github.com/dgrijalva/jwt-go"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 )
 
@@ -41,12 +42,20 @@ var CmdServ = cli.Command{
 		cli.BoolFlag{
 			Name: "enable-pprof",
 		},
+		cli.BoolFlag{
+			Name: "debug",
+		},
 	},
 }
 
-func setup(logPath string) {
-	_ = log.DelLogger("console")
+func setup(logPath string, debug bool) {
+	if !debug {
+		_ = log.DelLogger("console")
+	}
 	setting.NewContext()
+	if debug {
+		setting.ProdMode = false
+	}
 }
 
 func parseCmd(cmd string) (string, string) {
@@ -64,6 +73,7 @@ var (
 		"git-receive-pack":   models.AccessModeWrite,
 		lfsAuthenticateVerb:  models.AccessModeNone,
 	}
+	alphaDashDotPattern = regexp.MustCompile(`[^\w-\.]`)
 )
 
 func fail(userMessage, logMessage string, args ...interface{}) {
@@ -80,7 +90,7 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 
 func runServ(c *cli.Context) error {
 	// FIXME: This needs to internationalised
-	setup("serv.log")
+	setup("serv.log", c.Bool("debug"))
 
 	if setting.SSH.Disabled {
 		println("Gitea: SSH has been disabled")
@@ -109,7 +119,7 @@ func runServ(c *cli.Context) error {
 		if key.Type == models.KeyTypeDeploy {
 			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
 		} else {
-			println("Hi there: " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+			println("Hi there, " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
 		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
@@ -139,6 +149,10 @@ func runServ(c *cli.Context) error {
 	username := strings.ToLower(rr[0])
 	reponame := strings.ToLower(strings.TrimSuffix(rr[1], ".git"))
 
+	if alphaDashDotPattern.MatchString(reponame) {
+		fail("Invalid repo name", "Invalid repo name: %s", reponame)
+	}
+
 	if setting.EnablePprof || c.Bool("enable-pprof") {
 		if err := os.MkdirAll(setting.PprofDataPath, os.ModePerm); err != nil {
 			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
@@ -191,6 +205,8 @@ func runServ(c *cli.Context) error {
 	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
 	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
 	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))
+	os.Setenv(models.EnvIsDeployKey, fmt.Sprintf("%t", results.IsDeployKey))
+	os.Setenv(models.EnvKeyID, fmt.Sprintf("%d", results.KeyID))
 
 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {

cmd/web.go

@@ -5,21 +5,21 @@
 package cmd
 
 import (
+	"context"
 	"fmt"
-	"net"
 	"net/http"
-	"net/http/fcgi"
 	_ "net/http/pprof" // Used for debugging if enabled and a web server is running
 	"os"
 	"strings"
 
+	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
 
-	"github.com/Unknwon/com"
 	context2 "github.com/gorilla/context"
+	"github.com/unknwon/com"
 	"github.com/urfave/cli"
 	"golang.org/x/crypto/acme/autocert"
 	ini "gopkg.in/ini.v1"
@@ -59,7 +59,7 @@ func runHTTPRedirector() {
 		http.Redirect(w, r, target, http.StatusTemporaryRedirect)
 	})
 
-	var err = runHTTP(source, context2.ClearHandler(handler))
+	var err = runHTTP("tcp", source, context2.ClearHandler(handler))
 
 	if err != nil {
 		log.Fatal("Failed to start port redirection: %v", err)
@@ -75,17 +75,13 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	}
 	go func() {
 		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
-		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		// all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
+		var err = runHTTP("tcp", setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler)))
 		if err != nil {
 			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 		}
 	}()
-	server := &http.Server{
-		Addr:      listenAddr,
-		Handler:   m,
-		TLSConfig: certManager.TLSConfig(),
-	}
-	return server.ListenAndServeTLS("", "")
+	return runHTTPSWithTLSConfig("tcp", listenAddr, certManager.TLSConfig(), context2.ClearHandler(m))
 }
 
 func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
@@ -101,12 +97,25 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 }
 
 func runWeb(ctx *cli.Context) error {
+	managerCtx, cancel := context.WithCancel(context.Background())
+	graceful.InitManager(managerCtx)
+	defer cancel()
+
+	if os.Getppid() > 1 && len(os.Getenv("LISTEN_FDS")) > 0 {
+		log.Info("Restarting Gitea on PID: %d from parent PID: %d", os.Getpid(), os.Getppid())
+	} else {
+		log.Info("Starting Gitea on PID: %d", os.Getpid())
+	}
+
+	// Set pid file setting
 	if ctx.IsSet("pid") {
 		setting.CustomPID = ctx.String("pid")
 	}
 
-	routers.GlobalInit()
+	// Perform global initialization
+	routers.GlobalInit(graceful.GetManager().HammerContext())
 
+	// Set up Macaron
 	m := routes.NewMacaron()
 	routes.RegisterRoutes(m)
 
@@ -118,6 +127,7 @@ func runWeb(ctx *cli.Context) error {
 		switch setting.Protocol {
 		case setting.UnixSocket:
 		case setting.FCGI:
+		case setting.FCGIUnix:
 		default:
 			// Save LOCAL_ROOT_URL if port changed
 			cfg := ini.Empty()
@@ -145,7 +155,7 @@ func runWeb(ctx *cli.Context) error {
 	}
 
 	listenAddr := setting.HTTPAddr
-	if setting.Protocol != setting.UnixSocket {
+	if setting.Protocol != setting.UnixSocket && setting.Protocol != setting.FCGIUnix {
 		listenAddr += ":" + setting.HTTPPort
 	}
 	log.Info("Listen: %v://%s%s", setting.Protocol, listenAddr, setting.AppSubURL)
@@ -164,7 +174,8 @@ func runWeb(ctx *cli.Context) error {
 	var err error
 	switch setting.Protocol {
 	case setting.HTTP:
-		err = runHTTP(listenAddr, context2.ClearHandler(m))
+		NoHTTPRedirector()
+		err = runHTTP("tcp", listenAddr, context2.ClearHandler(m))
 	case setting.HTTPS:
 		if setting.EnableLetsEncrypt {
 			err = runLetsEncrypt(listenAddr, setting.Domain, setting.LetsEncryptDirectory, setting.LetsEncryptEmail, context2.ClearHandler(m))
@@ -172,43 +183,29 @@ func runWeb(ctx *cli.Context) error {
 		}
 		if setting.RedirectOtherPort {
 			go runHTTPRedirector()
+		} else {
+			NoHTTPRedirector()
 		}
-		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
+		err = runHTTPS("tcp", listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		var listener net.Listener
-		listener, err = net.Listen("tcp", listenAddr)
-		if err != nil {
-			log.Fatal("Failed to bind %s: %v", listenAddr, err)
-		}
-		defer func() {
-			if err := listener.Close(); err != nil {
-				log.Fatal("Failed to stop server: %v", err)
-			}
-		}()
-		err = fcgi.Serve(listener, context2.ClearHandler(m))
+		NoHTTPRedirector()
+		err = runFCGI("tcp", listenAddr, context2.ClearHandler(m))
 	case setting.UnixSocket:
-		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
-			log.Fatal("Failed to remove unix socket directory %s: %v", listenAddr, err)
-		}
-		var listener *net.UnixListener
-		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
-		if err != nil {
-			break // Handle error after switch
-		}
-
-		// FIXME: add proper implementation of signal capture on all protocols
-		// execute this on SIGTERM or SIGINT: listener.Close()
-		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
-			log.Fatal("Failed to set permission of unix socket: %v", err)
-		}
-		err = http.Serve(listener, context2.ClearHandler(m))
+		NoHTTPRedirector()
+		err = runHTTP("unix", listenAddr, context2.ClearHandler(m))
+	case setting.FCGIUnix:
+		NoHTTPRedirector()
+		err = runFCGI("unix", listenAddr, context2.ClearHandler(m))
 	default:
 		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}
 
 	if err != nil {
-		log.Fatal("Failed to start server: %v", err)
+		log.Critical("Failed to start server: %v", err)
 	}
-
+	log.Info("HTTP Listener: %s Closed", listenAddr)
+	<-graceful.GetManager().Done()
+	log.Info("PID: %d Gitea Web Finished", os.Getpid())
+	log.Close()
 	return nil
 }

cmd/web_graceful.go

@@ -1,5 +1,3 @@
-// +build !windows
-
 // Copyright 2016 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.
@@ -8,38 +6,47 @@ package cmd
 
 import (
 	"crypto/tls"
+	"net"
 	"net/http"
+	"net/http/fcgi"
 
+	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
-
-	"github.com/facebookgo/grace/gracehttp"
 )
 
-func runHTTP(listenAddr string, m http.Handler) error {
-	return gracehttp.Serve(&http.Server{
-		Addr:    listenAddr,
-		Handler: m,
-	})
+func runHTTP(network, listenAddr string, m http.Handler) error {
+	return graceful.HTTPListenAndServe(network, listenAddr, m)
 }
 
-func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
-	config := &tls.Config{
-		MinVersion: tls.VersionTLS10,
-	}
-	if config.NextProtos == nil {
-		config.NextProtos = []string{"http/1.1"}
-	}
+func runHTTPS(network, listenAddr, certFile, keyFile string, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLS(network, listenAddr, certFile, keyFile, m)
+}
 
-	config.Certificates = make([]tls.Certificate, 1)
-	var err error
-	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
+func runHTTPSWithTLSConfig(network, listenAddr string, tlsConfig *tls.Config, m http.Handler) error {
+	return graceful.HTTPListenAndServeTLSConfig(network, listenAddr, tlsConfig, m)
+}
+
+// NoHTTPRedirector tells our cleanup routine that we will not be using a fallback http redirector
+func NoHTTPRedirector() {
+	graceful.GetManager().InformCleanup()
+}
+
+// NoMainListener tells our cleanup routine that we will not be using a possibly provided listener
+// for our main HTTP/HTTPS service
+func NoMainListener() {
+	graceful.GetManager().InformCleanup()
+}
+
+func runFCGI(network, listenAddr string, m http.Handler) error {
+	// This needs to handle stdin as fcgi point
+	fcgiServer := graceful.NewServer(network, listenAddr)
+
+	err := fcgiServer.ListenAndServe(func(listener net.Listener) error {
+		return fcgi.Serve(listener, m)
+	})
 	if err != nil {
-		log.Fatal("Failed to load https cert file %s: %v", listenAddr, err)
+		log.Fatal("Failed to start FCGI main server: %v", err)
 	}
-
-	return gracehttp.Serve(&http.Server{
-		Addr:      listenAddr,
-		Handler:   m,
-		TLSConfig: config,
-	})
+	log.Info("FCGI Listener: %s Closed", listenAddr)
+	return err
 }

cmd/web_windows.go

@@ -1,19 +0,0 @@
-// +build windows
-
-// Copyright 2016 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package cmd
-
-import (
-	"net/http"
-)
-
-func runHTTP(listenAddr string, m http.Handler) error {
-	return http.ListenAndServe(listenAddr, m)
-}
-
-func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
-	return http.ListenAndServeTLS(listenAddr, certFile, keyFile, m)
-}

contrib/environment-to-ini/README

@@ -0,0 +1,66 @@
+Environment To Ini
+==================
+
+Multiple docker users have requested that the Gitea docker is changed
+to permit arbitrary configuration via environment variables.
+
+Gitea needs to use an ini file for configuration because the running
+environment that starts the docker may not be the same as that used
+by the hooks. An ini file also gives a good default and means that
+users do not have to completely provide a full environment.
+
+With those caveats above, this command provides a generic way of
+converting suitably structured environment variables into any ini
+value.
+
+To use the command is very simple just run it and the default gitea
+app.ini will be rewritten to take account of the variables provided,
+however there are various options to give slightly different
+behavior and these can be interrogated with the `-h` option.
+
+The environment variables should be of the form:
+
+	GITEA__SECTION_NAME__KEY_NAME
+
+Environment variables are usually restricted to a reduced character
+set "0-9A-Z_" - in order to allow the setting of sections with
+characters outside of that set, they should be escaped as following:
+"_0X2E_" for ".". The entire section and key names can be escaped as
+a UTF8 byte string if necessary. E.g. to configure:
+
+	"""
+	...
+	[log.console]
+	COLORIZE=false
+	STDERR=true
+	...
+	"""
+
+You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
+and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
+on the configuration cheat sheet.
+
+To plug this command in to the docker, you simply compile the provided go file using:
+
+	go build environment-to-ini.go
+
+And copy the resulting `environment-to-ini` command to /app/gitea in the docker.
+
+Apply the below patch to /etc/s6/gitea.setup to wire this in.
+
+If you find this useful please comment on #7287
+
+
+diff --git a/docker/root/etc/s6/gitea/setup b/docker/root/etc/s6/gitea/setup
+index f87ce9115..565bfcba9 100755
+--- a/docker/root/etc/s6/gitea/setup
++++ b/docker/root/etc/s6/gitea/setup
+@@ -44,6 +44,8 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+     SECRET_KEY=${SECRET_KEY:-""} \
+     envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
++    /app/gitea/environment-to-ini -c ${GITEA_CUSTOM}/conf/app.ini
++
+     chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
+ fi
+

contrib/environment-to-ini/environment-to-ini.go

@@ -0,0 +1,224 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package main
+
+import (
+	"os"
+	"regexp"
+	"strconv"
+	"strings"
+
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/unknwon/com"
+	"github.com/urfave/cli"
+	ini "gopkg.in/ini.v1"
+)
+
+// EnvironmentPrefix environment variables prefixed with this represent ini values to write
+const EnvironmentPrefix = "GITEA"
+
+func main() {
+	app := cli.NewApp()
+	app.Name = "environment-to-ini"
+	app.Usage = "Use provided environment to update configuration ini"
+	app.Description = `As a helper to allow docker users to update the gitea configuration
+	through the environment, this command allows environment variables to
+	be mapped to values in the ini.
+
+	Environment variables of the form "GITEA__SECTION_NAME__KEY_NAME"
+	will be mapped to the ini section "[section_name]" and the key
+	"KEY_NAME" with the value as provided.
+
+	Environment variables are usually restricted to a reduced character
+	set "0-9A-Z_" - in order to allow the setting of sections with
+	characters outside of that set, they should be escaped as following:
+	"_0X2E_" for ".". The entire section and key names can be escaped as
+	a UTF8 byte string if necessary. E.g. to configure:
+
+		"""
+		...
+		[log.console]
+		COLORIZE=false
+		STDERR=true
+		...
+		"""
+
+	You would set the environment variables: "GITEA__LOG_0x2E_CONSOLE__COLORIZE=false"
+	and "GITEA__LOG_0x2E_CONSOLE__STDERR=false". Other examples can be found
+	on the configuration cheat sheet.`
+	app.Flags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "custom-path, C",
+			Value: setting.CustomPath,
+			Usage: "Custom path file path",
+		},
+		cli.StringFlag{
+			Name:  "config, c",
+			Value: setting.CustomConf,
+			Usage: "Custom configuration file path",
+		},
+		cli.StringFlag{
+			Name:  "work-path, w",
+			Value: setting.AppWorkPath,
+			Usage: "Set the gitea working path",
+		},
+		cli.StringFlag{
+			Name:  "out, o",
+			Value: "",
+			Usage: "Destination file to write to",
+		},
+		cli.BoolFlag{
+			Name:  "clear",
+			Usage: "Clears the matched variables from the environment",
+		},
+		cli.StringFlag{
+			Name:  "prefix, p",
+			Value: EnvironmentPrefix,
+			Usage: "Environment prefix to look for - will be suffixed by __ (2 underscores)",
+		},
+	}
+	app.Action = runEnvironmentToIni
+	setting.SetCustomPathAndConf("", "", "")
+
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Fatal("Failed to run app with %s: %v", os.Args, err)
+	}
+}
+
+func runEnvironmentToIni(c *cli.Context) error {
+	providedCustom := c.String("custom-path")
+	providedConf := c.String("config")
+	providedWorkPath := c.String("work-path")
+	setting.SetCustomPathAndConf(providedCustom, providedConf, providedWorkPath)
+
+	cfg := ini.Empty()
+	if com.IsFile(setting.CustomConf) {
+		if err := cfg.Append(setting.CustomConf); err != nil {
+			log.Fatal("Failed to load custom conf '%s': %v", setting.CustomConf, err)
+		}
+	} else {
+		log.Warn("Custom config '%s' not found, ignore this if you're running first time", setting.CustomConf)
+	}
+	cfg.NameMapper = ini.SnackCase
+
+	prefix := c.String("prefix") + "__"
+
+	for _, kv := range os.Environ() {
+		idx := strings.IndexByte(kv, '=')
+		if idx < 0 {
+			continue
+		}
+		eKey := kv[:idx]
+		value := kv[idx+1:]
+		if !strings.HasPrefix(eKey, prefix) {
+			continue
+		}
+		eKey = eKey[len(prefix):]
+		sectionName, keyName := DecodeSectionKey(eKey)
+		if len(keyName) == 0 {
+			continue
+		}
+		section, err := cfg.GetSection(sectionName)
+		if err != nil {
+			section, err = cfg.NewSection(sectionName)
+			if err != nil {
+				log.Error("Error creating section: %s : %v", sectionName, err)
+				continue
+			}
+		}
+		key := section.Key(keyName)
+		if key == nil {
+			key, err = section.NewKey(keyName, value)
+			if err != nil {
+				log.Error("Error creating key: %s in section: %s with value: %s : %v", keyName, sectionName, value, err)
+				continue
+			}
+		}
+		key.SetValue(value)
+	}
+	destination := c.String("out")
+	if len(destination) == 0 {
+		destination = setting.CustomConf
+	}
+	err := cfg.SaveTo(destination)
+	if err != nil {
+		return err
+	}
+	if c.Bool("clear") {
+		for _, kv := range os.Environ() {
+			idx := strings.IndexByte(kv, '=')
+			if idx < 0 {
+				continue
+			}
+			eKey := kv[:idx]
+			if strings.HasPrefix(eKey, prefix) {
+				_ = os.Unsetenv(eKey)
+			}
+		}
+	}
+	return nil
+}
+
+const escapeRegexpString = "_0[xX](([0-9a-fA-F][0-9a-fA-F])+)_"
+
+var escapeRegex = regexp.MustCompile(escapeRegexpString)
+
+// DecodeSectionKey will decode a portable string encoded Section__Key pair
+// Portable strings are considered to be of the form [A-Z0-9_]*
+// We will encode a disallowed value as the UTF8 byte string preceded by _0X and
+// followed by _. E.g. _0X2C_ for a '-' and _0X2E_ for '.'
+// Section and Key are separated by a plain '__'.
+// The entire section can be encoded as a UTF8 byte string
+func DecodeSectionKey(encoded string) (string, string) {
+	section := ""
+	key := ""
+
+	inKey := false
+	last := 0
+	escapeStringIndices := escapeRegex.FindAllStringIndex(encoded, -1)
+	for _, unescapeIdx := range escapeStringIndices {
+		preceding := encoded[last:unescapeIdx[0]]
+		if !inKey {
+			if splitter := strings.Index(preceding, "__"); splitter > -1 {
+				section += preceding[:splitter]
+				inKey = true
+				key += preceding[splitter+2:]
+			} else {
+				section += preceding
+			}
+		} else {
+			key += preceding
+		}
+		toDecode := encoded[unescapeIdx[0]+3 : unescapeIdx[1]-1]
+		decodedBytes := make([]byte, len(toDecode)/2)
+		for i := 0; i < len(toDecode)/2; i++ {
+			// Can ignore error here as we know these should be hexadecimal from the regexp
+			byteInt, _ := strconv.ParseInt(toDecode[2*i:2*i+2], 16, 0)
+			decodedBytes[i] = byte(byteInt)
+		}
+		if inKey {
+			key += string(decodedBytes)
+		} else {
+			section += string(decodedBytes)
+		}
+		last = unescapeIdx[1]
+	}
+	remaining := encoded[last:]
+	if !inKey {
+		if splitter := strings.Index(remaining, "__"); splitter > -1 {
+			section += remaining[:splitter]
+			inKey = true
+			key += remaining[splitter+2:]
+		} else {
+			section += remaining
+		}
+	} else {
+		key += remaining
+	}
+	return section, key
+}

contrib/pr/checkout.go

@@ -5,6 +5,7 @@ Checkout a PR and load the tests data into sqlite database
 */
 
 import (
+	"context"
 	"flag"
 	"fmt"
 	"io/ioutil"
@@ -27,13 +28,13 @@ import (
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
 
-	"github.com/Unknwon/com"
-	"github.com/go-xorm/xorm"
 	context2 "github.com/gorilla/context"
+	"github.com/unknwon/com"
 	"gopkg.in/src-d/go-git.v4"
 	"gopkg.in/src-d/go-git.v4/config"
 	"gopkg.in/src-d/go-git.v4/plumbing"
 	"gopkg.in/testfixtures.v2"
+	"xorm.io/xorm"
 )
 
 var codeFilePath = "contrib/pr/checkout.go"
@@ -79,20 +80,20 @@ func runPR() {
 	setting.CheckLFSVersion()
 	//models.LoadConfigs()
 	/*
-		models.DbCfg.Type = "sqlite3"
-		models.DbCfg.Path = ":memory:"
-		models.DbCfg.Timeout = 500
+		setting.Database.Type = "sqlite3"
+		setting.Database.Path = ":memory:"
+		setting.Database.Timeout = 500
 	*/
 	db := setting.Cfg.Section("database")
 	db.NewKey("DB_TYPE", "sqlite3")
 	db.NewKey("PATH", ":memory:")
-	setting.LogSQL = true
-	models.LoadConfigs()
+
 	routers.NewServices()
+	setting.Database.LogSQL = true
 	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")
 
 	var helper testfixtures.Helper = &testfixtures.SQLite{}
-	models.NewEngine(func(_ *xorm.Engine) error {
+	models.NewEngine(context.Background(), func(_ *xorm.Engine) error {
 		return nil
 	})
 	models.HasEngine = true

contrib/systemd/gitea.service

@@ -2,11 +2,42 @@
 Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
+###
+# Don't forget to add the database service requirements
+###
+#
 #Requires=mysql.service
 #Requires=mariadb.service
 #Requires=postgresql.service
 #Requires=memcached.service
 #Requires=redis.service
+#
+###
+# If using socket activation for main http/s
+###
+#
+#After=gitea.main.socket
+#Requires=gitea.main.socket
+#
+###
+# (You can also provide gitea an http fallback and/or ssh socket too)
+#
+# An example of /etc/systemd/system/gitea.main.socket
+###
+##
+## [Unit]
+## Description=Gitea Web Socket
+## PartOf=gitea.service
+##
+## [Socket]
+## Service=gitea.service
+## ListenStream=<some_port>
+## NoDelay=true
+##
+## [Install]
+## WantedBy=sockets.target
+##
+###
 
 [Service]
 # Modify these two values and uncomment them if you have
@@ -20,14 +51,18 @@ Type=simple
 User=git
 Group=git
 WorkingDirectory=/var/lib/gitea/
-ExecStart=/usr/local/bin/gitea web -c /etc/gitea/app.ini
+# If using Unix socket: tells systemd to create the /run/gitea folder, which will contain the gitea.sock file
+# (manually creating /run/gitea doesn't work, because it would not persist across reboots)
+#RuntimeDirectory=gitea
+ExecStart=/usr/local/bin/gitea web --config /etc/gitea/app.ini
 Restart=always
 Environment=USER=git HOME=/home/git GITEA_WORK_DIR=/var/lib/gitea
-# If you want to bind Gitea to a port below 1024 uncomment
-# the two values below
+# If you want to bind Gitea to a port below 1024, uncomment
+# the two values below, or use socket activation to pass Gitea its ports as above
 ###
 #CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
+###
 
 [Install]
 WantedBy=multi-user.target

custom/conf/app.ini.sample

@@ -39,6 +39,9 @@ ACCESS_CONTROL_ALLOW_ORIGIN =
 USE_COMPAT_SSH_URI = false
 ; Close issues as long as a commit on any branch marks it as fixed
 DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH = false
+; Allow users to push local repositories to Gitea and have them automatically created for a user or an org
+ENABLE_PUSH_CREATE_USER = false
+ENABLE_PUSH_CREATE_ORG = false
 
 [repository.editor]
 ; List of file extensions for which lines should be wrapped in the CodeMirror editor
@@ -69,11 +72,57 @@ MAX_FILES = 5
 [repository.pull-request]
 ; List of prefixes used in Pull Request title to mark them as Work In Progress
 WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
+; List of keywords used in Pull Request comments to automatically close a related issue
+CLOSE_KEYWORDS=close,closes,closed,fix,fixes,fixed,resolve,resolves,resolved
+; List of keywords used in Pull Request comments to automatically reopen a related issue
+REOPEN_KEYWORDS=reopen,reopens,reopened
+; In the default merge message for squash commits include at most this many commits
+DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT=50
+; In the default merge message for squash commits limit the size of the commit messages to this
+DEFAULT_MERGE_MESSAGE_SIZE=5120
+; In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
+DEFAULT_MERGE_MESSAGE_ALL_AUTHORS=false
+; In default merge messages limit the number of approvers listed as Reviewed-by: to this many
+DEFAULT_MERGE_MESSAGE_MAX_APPROVERS=10
+; In default merge messages only include approvers who are official
+DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY=true
 
 [repository.issue]
 ; List of reasons why a Pull Request or Issue can be locked
 LOCK_REASONS=Too heated,Off-topic,Resolved,Spam
 
+[repository.signing]
+; GPG key to use to sign commits, Defaults to the default - that is the value of git config --get user.signingkey
+; run in the context of the RUN_USER
+; Switch to none to stop signing completely
+SIGNING_KEY = default
+; If a SIGNING_KEY ID is provided and is not set to default, use the provided Name and Email address as the signer.
+; These should match a publicized name and email address for the key. (When SIGNING_KEY is default these are set to
+; the results of git config --get user.name and git config --get user.email respectively and can only be overrided
+; by setting the SIGNING_KEY ID to the correct ID.)
+SIGNING_NAME =
+SIGNING_EMAIL =
+; Determines when gitea should sign the initial commit when creating a repository
+; Either:
+; - never
+; - pubkey: only sign if the user has a pubkey
+; - twofa: only sign if the user has logged in with twofa
+; - always
+; options other than none and always can be combined as comma separated list
+INITIAL_COMMIT = always
+; Determines when to sign for CRUD actions
+; - as above
+; - parentsigned: requires that the parent commit is signed.
+CRUD_ACTIONS = pubkey, twofa, parentsigned
+; Determines when to sign Wiki commits
+; - as above
+WIKI = never
+; Determines when to sign on merges
+; - basesigned: require that the parent of commit on the base repo is signed.
+; - commitssigned: require that all the commits in the head branch are signed.
+; - approved: only sign when merging an approved pr to a protected branch
+MERGES = pubkey, twofa, basesigned, commitssigned
+
 [cors]
 ; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
 ; enable cors headers (disabled by default)
@@ -114,8 +163,15 @@ SHOW_USER_EMAIL = true
 DEFAULT_THEME = gitea
 ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
 THEMES = gitea,arc-green
+; All available reactions. Allow users react with different emoji's
+; For the whole list look at https://gitea.com/gitea/gitea.com/issues/8
+REACTIONS = +1, -1, laugh, hooray, confused, heart, rocket, eyes
 ; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
 DEFAULT_SHOW_FULL_NAME = false
+; Whether to search within description at repository search on explore page.
+SEARCH_REPO_DESCRIPTION = true
+; Whether to enable a Service Worker to cache frontend assets
+USE_SERVICE_WORKER = true
 
 [ui.admin]
 ; Number of users that are displayed on one page
@@ -139,8 +195,9 @@ KEYWORDS = go,git,self-hosted,gitea
 [markdown]
 ; Enable hard line break extension
 ENABLE_HARD_LINE_BREAK = false
-; List of custom URL-Schemes that are allowed as links when rendering Markdown
-; for example git,magnet
+; Comma separated list of custom URL-Schemes that are allowed as links when rendering Markdown
+; for example git,magnet,ftp (more at https://en.wikipedia.org/wiki/List_of_URI_schemes)
+; URLs starting with http and https are always displayed, whatever is put in this entry.
 CUSTOM_URL_SCHEMES =
 ; List of file extensions that should be rendered/edited as Markdown
 ; Separate the extensions with a comma. To render files without any extension as markdown, just put a comma
@@ -151,6 +208,8 @@ FILE_EXTENSIONS = .md,.markdown,.mdown,.mkd
 PROTOCOL = http
 DOMAIN = localhost
 ROOT_URL = %(PROTOCOL)s://%(DOMAIN)s:%(HTTP_PORT)s/
+; when STATIC_URL_PREFIX is empty it will follow APP_URL
+STATIC_URL_PREFIX =
 ; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
 HTTP_ADDR = 0.0.0.0
 HTTP_PORT = 3000
@@ -216,8 +275,9 @@ DISABLE_ROUTER_LOG = false
 ; not forget to export the private key):
 ; $ openssl pkcs12 -in cert.pfx -out cert.pem -nokeys
 ; $ openssl pkcs12 -in cert.pfx -out key.pem -nocerts -nodes
-CERT_FILE = custom/https/cert.pem
-KEY_FILE = custom/https/key.pem
+; Paths are relative to CUSTOM_PATH
+CERT_FILE = https/cert.pem
+KEY_FILE = https/key.pem
 ; Root directory containing templates and static files.
 ; default is the path where Gitea is executed
 STATIC_ROOT_PATH =
@@ -231,7 +291,8 @@ ENABLE_GZIP = false
 ENABLE_PPROF = false
 ; PPROF_DATA_PATH, use an absolute path when you start gitea as service
 PPROF_DATA_PATH = data/tmp/pprof
-; Landing page, can be "home", "explore", or "organizations"
+; Landing page, can be "home", "explore", "organizations" or "login"
+; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
 LANDING_PAGE = home
 ; Enables git-lfs support. true or false, default is false.
 LFS_START_SERVER = false
@@ -241,6 +302,17 @@ LFS_CONTENT_PATH = data/lfs
 LFS_JWT_SECRET =
 ; LFS authentication validity period (in time.Duration), pushes taking longer than this may fail.
 LFS_HTTP_AUTH_EXPIRY = 20m
+; Allow graceful restarts using SIGHUP to fork
+ALLOW_GRACEFUL_RESTARTS = true
+; After a restart the parent will finish ongoing requests before
+; shutting down. Force shutdown if this process takes longer than this delay.
+; set to a negative value to disable
+GRACEFUL_HAMMER_TIME = 60s
+; Allows the setting of a startup timeout and waithint for Windows as SVC service
+; 0 disables this.
+STARTUP_TIMEOUT = 0
+; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h
+STATIC_CACHE_TIME = 6h
 
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)
 [ssh.minimum_key_sizes]
@@ -275,13 +347,19 @@ LOG_SQL = true
 DB_RETRIES = 10
 ; Backoff time per DB retry (time.Duration)
 DB_RETRY_BACKOFF = 3s
+; Max idle database connections on connnection pool, default is 2
+MAX_IDLE_CONNS = 2
+; Database connection max life time, default is 0 or 3s mysql (See #6804 & #7071 for reasoning)
+CONN_MAX_LIFETIME = 3s
+; Database maximum number of open connections, default is 0 meaning no maximum
+MAX_OPEN_CONNS = 0
 
 [indexer]
 ; Issue indexer type, currently support: bleve or db, default is bleve
 ISSUE_INDEXER_TYPE = bleve
 ; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
 ISSUE_INDEXER_PATH = indexers/issues.bleve
-; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
+; Issue indexer queue, currently support: channel, levelqueue or redis, default is levelqueue
 ISSUE_INDEXER_QUEUE_TYPE = levelqueue
 ; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
 ; default is indexers/issues.queue
@@ -290,23 +368,66 @@ ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
 ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
 ; Batch queue number, default is 20
 ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20
+; Timeout the indexer if it takes longer than this to start.
+; Set to zero to disable timeout.
+STARTUP_TIMEOUT=30s
 
 ; repo indexer by default disabled, since it uses a lot of disk space
 REPO_INDEXER_ENABLED = false
 REPO_INDEXER_PATH = indexers/repos.bleve
 UPDATE_BUFFER_LEN = 20
 MAX_FILE_SIZE = 1048576
+; A comma separated list of glob patterns (see https://github.com/gobwas/glob) to include
+; in the index; default is empty
+REPO_INDEXER_INCLUDE =
+; A comma separated list of glob patterns to exclude from the index; ; default is empty
+REPO_INDEXER_EXCLUDE =
+
+[queue]
+; Specific queues can be individually configured with [queue.name]. [queue] provides defaults
+;
+; General queue queue type, currently support: persistable-channel, channel, level, redis, dummy
+; default to persistable-channel
+TYPE = persistable-channel
+; data-dir for storing persistable queues and level queues, individual queues will be named by their type
+DATADIR = queues/
+; Default queue length before a channel queue will block
+LENGTH = 20
+; Batch size to send for batched queues
+BATCH_LENGTH = 20
+; Connection string for redis queues this will store the redis connection string.
+CONN_STR = "addrs=127.0.0.1:6379 db=0"
+; Provide the suffix of the default redis queue name - specific queues can be overriden within in their [queue.name] sections.
+QUEUE_NAME = "_queue"
+; If the queue cannot be created at startup - level queues may need a timeout at startup - wrap the queue:
+WRAP_IF_NECESSARY = true
+; Attempt to create the wrapped queue at max
+MAX_ATTEMPTS = 10
+; Timeout queue creation
+TIMEOUT = 15m30s
+; Create a pool with this many workers
+WORKERS = 1
+; Dynamically scale the worker pool to at this many workers
+MAX_WORKERS = 10
+; Add boost workers when the queue blocks for BLOCK_TIMEOUT
+BLOCK_TIMEOUT = 1s
+; Remove the boost workers after BOOST_TIMEOUT
+BOOST_TIMEOUT = 5m
+; During a boost add BOOST_WORKERS
+BOOST_WORKERS = 5
 
 [admin]
 ; Disallow regular (non-admin) users from creating organizations.
 DISABLE_REGULAR_ORG_CREATION = false
+; Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
+DEFAULT_EMAIL_NOTIFICATIONS = enabled
 
 [security]
 ; Whether the installer is disabled
 INSTALL_LOCK = false
 ; !!CHANGE THIS TO KEEP YOUR USER DATA SAFE!!
 SECRET_KEY = !#@FDEWREWR&*(
-; How long to remember that an user is logged in before requiring relogin (in days)
+; How long to remember that a user is logged in before requiring relogin (in days)
 LOGIN_REMEMBER_DAYS = 7
 COOKIE_USERNAME = gitea_awesome
 COOKIE_REMEMBER_NAME = gitea_incredible
@@ -319,6 +440,16 @@ MIN_PASSWORD_LENGTH = 6
 IMPORT_LOCAL_PATHS = false
 ; Set to true to prevent all users (including admin) from creating custom git hooks
 DISABLE_GIT_HOOKS = false
+; Set to false to allow pushes to gitea repositories despite having an incomplete environment - NOT RECOMMENDED
+ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET = true
+;Comma separated list of character classes required to pass minimum complexity.
+;If left empty or no valid values are specified, the default values ("lower,upper,digit,spec") will be used.
+;Use "off" to disable checking.
+PASSWORD_COMPLEXITY = lower,upper,digit,spec
+; Password Hash algorithm, either "pbkdf2", "argon2", "scrypt" or "bcrypt"
+PASSWORD_HASH_ALGO = pbkdf2
+; Set false to allow JavaScript to read CSRF cookie
+CSRF_COOKIE_HTTP_ONLY = true
 
 [openid]
 ;
@@ -372,6 +503,10 @@ ALLOW_ONLY_EXTERNAL_REGISTRATION = false
 REQUIRE_SIGNIN_VIEW = false
 ; Mail notification
 ENABLE_NOTIFY_MAIL = false
+; This setting enables gitea to be signed in with HTTP BASIC Authentication using the user's password
+; If you set this to false you will not be able to access the tokens endpoints on the API with your password
+; Please note that setting this to false will not disable OAuth Basic or Basic authentication using a token
+ENABLE_BASIC_AUTHENTICATION = true
 ; More detail: https://github.com/gogits/gogs/issues/165
 ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false
@@ -397,9 +532,14 @@ DEFAULT_ALLOW_CREATE_ORGANIZATION = true
 ; Private is only for member of the organization
 ; Public is for everyone
 DEFAULT_ORG_VISIBILITY = public
+; Default value for DefaultOrgMemberVisible
+; True will make the membership of the users visible when added to the organisation
+DEFAULT_ORG_MEMBER_VISIBLE = false
 ; Default value for EnableDependencies
 ; Repositories will use dependencies by default depending on this setting
 DEFAULT_ENABLE_DEPENDENCIES = true
+; Dependencies can be added from any repository where the user is granted access or only from the current repository depending on this setting.
+ALLOW_CROSS_REPOSITORY_DEPENDENCIES = true
 ; Enable heatmap on users profiles.
 ENABLE_USER_HEATMAP = true
 ; Enable Timetracking
@@ -413,13 +553,18 @@ DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = true
 ; Default value for the domain part of the user's email address in the git log
 ; if he has set KeepEmailPrivate to true. The user's email will be replaced with a
 ; concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
-NO_REPLY_ADDRESS = noreply.example.org
+NO_REPLY_ADDRESS = noreply.%(DOMAIN)s
 ; Show Registration button
 SHOW_REGISTRATION_BUTTON = true
+; Show milestones dashboard page - a view of all the user's milestones
+SHOW_MILESTONES_DASHBOARD_PAGE = true
 ; Default value for AutoWatchNewRepos
 ; When adding a repo to a team or creating a new repo all team members will watch the
 ; repo automatically if enabled
 AUTO_WATCH_NEW_REPOS = true
+; Default value for AutoWatchOnChanges
+; Make the user watch a repository When they commit for the first time
+AUTO_WATCH_ON_CHANGES = false
 
 [webhook]
 ; Hook task queue length, increase if webhook shooting starts hanging
@@ -430,6 +575,10 @@ DELIVER_TIMEOUT = 5
 SKIP_TLS_VERIFY = false
 ; Number of history information in each page
 PAGING_NUM = 10
+; Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+PROXY_URL =
+; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
+PROXY_HOSTS =
 
 [mailer]
 ENABLED = false
@@ -543,6 +692,9 @@ MAX_FILES = 5
 ; Special supported values are ANSIC, UnixDate, RubyDate, RFC822, RFC822Z, RFC850, RFC1123, RFC1123Z, RFC3339, RFC3339Nano, Kitchen, Stamp, StampMilli, StampMicro and StampNano
 ; For more information about the format see http://golang.org/pkg/time/#pkg-constants
 FORMAT =
+; Location the UI time display i.e. Asia/Shanghai
+; Empty means server's location setting
+DEFAULT_UI_LOCATION =
 
 [log]
 ROOT_PATH =
@@ -667,7 +819,14 @@ SCHEDULE = @every 24h
 ;   or only create new users if UPDATE_EXISTING is set to false
 UPDATE_EXISTING = true
 
+; Update migrated repositories' issues and comments' posterid, it will always attempt synchronization when the instance starts.
+[cron.update_migration_post_id]
+; Interval as a duration between each synchronization. (default every 24h)
+SCHEDULE = @every 24h
+
 [git]
+; The path of git executable. If empty, Gitea searches through the PATH environment.
+PATH =
 ; Disables highlight of added and removed changes
 DISABLE_DIFF_HIGHLIGHT = false
 ; Max number of lines allowed in a single file in diff view
@@ -718,7 +877,7 @@ ACCESS_TOKEN_EXPIRATION_TIME=3600
 REFRESH_TOKEN_EXPIRATION_TIME=730
 ; Check if refresh token got already used
 INVALIDATE_REFRESH_TOKENS=false
-; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
+; OAuth2 authentication secret for access and refresh tokens, change this to a unique string.
 JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU
 
 [i18n]
@@ -769,6 +928,12 @@ SHOW_FOOTER_VERSION = true
 ; Show template execution time in the footer
 SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
 
+[markup.sanitizer]
+; The following keys can be used multiple times to define sanitation policy rules.
+;ELEMENT = span
+;ALLOW_ATTR = class
+;REGEXP = ^(info|warning|error)$
+
 [markup.asciidoc]
 ENABLED = false
 ; List of file extensions that should be rendered by an external command
@@ -783,3 +948,18 @@ IS_INPUT_FILE = false
 ENABLED = false
 ; If you want to add authorization, specify a token here
 TOKEN =
+
+[task]
+; Task queue type, could be `channel` or `redis`.
+QUEUE_TYPE = channel
+; Task queue length, available only when `QUEUE_TYPE` is `channel`.
+QUEUE_LENGTH = 1000
+; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
+; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
+
+[migrations]
+; Max attempts per http/https request on migrations.
+MAX_ATTEMPTS = 3
+; Backoff time per http/https request retry (seconds)
+RETRY_BACKOFF = 3

docker/Makefile

@@ -11,4 +11,4 @@ docker:
 
 .PHONY: docker-build
 docker-build:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" webhippie/golang:edge make clean generate build
+	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" webhippie/golang:edge make clean build

docker/manifest.tmpl

@@ -0,0 +1,19 @@
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}latest{{/if}}
+{{#if build.tags}}
+tags:
+{{#each build.tags}}
+  - {{this}}
+{{/each}}
+{{/if}}
+manifests:
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-amd64
+    platform:
+      architecture: amd64
+      os: linux
+  -
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}-{{/if}}linux-arm64
+    platform:
+      architecture: arm64
+      os: linux
+      variant: v8

docker/root/etc/s6/gitea/finish

@@ -1,2 +1,2 @@
 #!/bin/bash
-exit 0
+s6-svscanctl -t /etc/s6/

docker/root/etc/s6/gitea/setup

@@ -31,6 +31,7 @@ if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
     ROOT_URL=${ROOT_URL:-""} \
     DISABLE_SSH=${DISABLE_SSH:-"false"} \
     SSH_PORT=${SSH_PORT:-"22"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
     LFS_START_SERVER=${LFS_START_SERVER:-"false"} \
     DB_TYPE=${DB_TYPE:-"sqlite3"} \
     DB_HOST=${DB_HOST:-"localhost:3306"} \

docker/root/etc/s6/openssh/setup

@@ -24,6 +24,14 @@ if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
     ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
 fi
 
+if [ -d /etc/ssh ]; then
+    SSH_PORT=${SSH_PORT:-"22"} \
+    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
+    envsubst < /etc/templates/sshd_config > /etc/ssh/sshd_config
+
+    chmod 0644 /etc/ssh/sshd_config
+fi
+
 chown root:root /data/ssh/*
 chmod 0700 /data/ssh
 chmod 0600 /data/ssh/*

docker/root/etc/templates/app.ini

@@ -17,6 +17,7 @@ HTTP_PORT        = $HTTP_PORT
 ROOT_URL         = $ROOT_URL
 DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
+SSH_LISTEN_PORT  = $SSH_LISTEN_PORT
 LFS_START_SERVER = $LFS_START_SERVER
 LFS_CONTENT_PATH = /data/git/lfs
 

docker/root/etc/templates/sshd_config

@@ -1,4 +1,4 @@
-Port 22
+Port ${SSH_LISTEN_PORT}
 Protocol 2
 
 AddressFamily any
@@ -25,9 +25,9 @@ ChallengeResponseAuthentication no
 PasswordAuthentication no
 PermitEmptyPasswords no
 
-AllowUsers git
+AllowUsers ${USER}
 
 Banner none
 Subsystem sftp /usr/lib/ssh/sftp-server
 
-AcceptEnv GIT_PROTOCOL
+AcceptEnv GIT_PROTOCOL

docker/root/usr/bin/entrypoint

@@ -3,8 +3,6 @@
 if [ "${USER}" != "git" ]; then
     # rename user
     sed -i -e "s/^git\:/${USER}\:/g" /etc/passwd
-    # switch sshd config to different user
-    sed -i -e "s/AllowUsers git$/AllowUsers ${USER}/g" /etc/ssh/sshd_config
 fi
 
 if [ -z "${USER_GID}" ]; then

docs/.gitignore

@@ -1,3 +1,4 @@
 public/
 templates/swagger/v1_json.tmpl
 themes/
+resources/

docs/assets/js/search.js

@@ -0,0 +1,176 @@
+function ready(fn) {
+    if (document.readyState != 'loading') {
+        fn();
+    } else {
+        document.addEventListener('DOMContentLoaded', fn);
+    }
+}
+
+ready(doSearch);
+
+const summaryInclude = 60;
+const fuseOptions = {
+    shouldSort: true,
+    includeMatches: true,
+    matchAllTokens: true,
+    threshold: 0.0, // for parsing diacritics
+    tokenize: true,
+    location: 0,
+    distance: 100,
+    maxPatternLength: 32,
+    minMatchCharLength: 1,
+    keys: [{
+        name: "title",
+        weight: 0.8
+    },
+        {
+            name: "contents",
+            weight: 0.5
+        },
+        {
+            name: "tags",
+            weight: 0.3
+        },
+        {
+            name: "categories",
+            weight: 0.3
+        }
+    ]
+};
+
+function param(name) {
+    return decodeURIComponent((location.search.split(name + '=')[1] || '').split('&')[0]).replace(/\+/g, ' ');
+}
+
+let searchQuery = param("s");
+
+function doSearch() {
+    if (searchQuery) {
+        document.getElementById("search-query").value = searchQuery;
+        executeSearch(searchQuery);
+    } else {
+        const para = document.createElement("P");
+        para.innerText = "Please enter a word or phrase above";
+        document.getElementById("search-results").appendChild(para);
+    }
+}
+
+function getJSON(url, fn) {
+    const request = new XMLHttpRequest();
+    request.open('GET', url, true);
+    request.onload = function () {
+        if (request.status >= 200 && request.status < 400) {
+            const data = JSON.parse(request.responseText);
+            fn(data);
+        } else {
+            console.log("Target reached on " + url + " with error " + request.status);
+        }
+    };
+    request.onerror = function () {
+        console.log("Connection error " + request.status);
+    };
+    request.send();
+}
+
+function executeSearch(searchQuery) {
+    getJSON("/" + document.LANG + "/index.json", function (data) {
+        const pages = data;
+        const fuse = new Fuse(pages, fuseOptions);
+        const result = fuse.search(searchQuery);
+        console.log({
+            "matches": result
+        });
+        document.getElementById("search-results").innerHTML = "";
+        if (result.length > 0) {
+            populateResults(result);
+        } else {
+            const para = document.createElement("P");
+            para.innerText = "No matches found";
+            document.getElementById("search-results").appendChild(para);
+        }
+    });
+}
+
+function populateResults(result) {
+    result.forEach(function (value, key) {
+        const content = value.item.contents;
+        let snippet = "";
+        const snippetHighlights = [];
+        if (fuseOptions.tokenize) {
+            snippetHighlights.push(searchQuery);
+            value.matches.forEach(function (mvalue) {
+                if (mvalue.key === "tags" || mvalue.key === "categories") {
+                    snippetHighlights.push(mvalue.value);
+                } else if (mvalue.key === "contents") {
+                    const ind = content.toLowerCase().indexOf(searchQuery.toLowerCase());
+                    const start = ind - summaryInclude > 0 ? ind - summaryInclude : 0;
+                    const end = ind + searchQuery.length + summaryInclude < content.length ? ind + searchQuery.length + summaryInclude : content.length;
+                    snippet += content.substring(start, end);
+                    if (ind > -1) {
+                        snippetHighlights.push(content.substring(ind, ind + searchQuery.length))
+                    } else {
+                        snippetHighlights.push(mvalue.value.substring(mvalue.indices[0][0], mvalue.indices[0][1] - mvalue.indices[0][0] + 1));
+                    }
+                }
+            });
+        }
+
+        if (snippet.length < 1) {
+            snippet += content.substring(0, summaryInclude * 2);
+        }
+        //pull template from hugo templarte definition
+        const templateDefinition = document.getElementById("search-result-template").innerHTML;
+        //replace values
+        const output = render(templateDefinition, {
+            key: key,
+            title: value.item.title,
+            link: value.item.permalink,
+            tags: value.item.tags,
+            categories: value.item.categories,
+            snippet: snippet
+        });
+        document.getElementById("search-results").appendChild(htmlToElement(output));
+
+        snippetHighlights.forEach(function (snipvalue) {
+            new Mark(document.getElementById("summary-" + key)).mark(snipvalue);
+        });
+
+    });
+}
+
+function render(templateString, data) {
+    let conditionalMatches, copy;
+    const conditionalPattern = /\$\{\s*isset ([a-zA-Z]*) \s*\}(.*)\$\{\s*end\s*}/g;
+    //since loop below depends on re.lastInxdex, we use a copy to capture any manipulations whilst inside the loop
+    copy = templateString;
+    while ((conditionalMatches = conditionalPattern.exec(templateString)) !== null) {
+        if (data[conditionalMatches[1]]) {
+            //valid key, remove conditionals, leave content.
+            copy = copy.replace(conditionalMatches[0], conditionalMatches[2]);
+        } else {
+            //not valid, remove entire section
+            copy = copy.replace(conditionalMatches[0], '');
+        }
+    }
+    templateString = copy;
+    //now any conditionals removed we can do simple substitution
+    let key, find, re;
+    for (key in data) {
+        find = '\\$\\{\\s*' + key + '\\s*\\}';
+        re = new RegExp(find, 'g');
+        templateString = templateString.replace(re, data[key]);
+    }
+    return templateString;
+}
+
+/**
+ * By Mark Amery: https://stackoverflow.com/a/35385518
+ * @param {String} HTML representing a single element
+ * @return {Element}
+ */
+function htmlToElement(html) {
+    const template = document.createElement('template');
+    html = html.trim(); // Never return a text node of whitespace as the result
+    template.innerHTML = html;
+    return template.content.firstChild;
+}

docs/config.yaml

@@ -18,6 +18,13 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
+  version: 1.11.0
+
+outputs:
+  home:
+    - HTML
+    - RSS
+    - JSON
 
 menu:
   page:

docs/content/doc/advanced/api-usage.en-us.md

@@ -68,6 +68,14 @@ curl -X POST "http://localhost:4000/api/v1/repos/test1/test1/issues" \
 As mentioned above, the token used is the same one you would use in
 the `token=` string in a GET request.
 
+## API Guide:
+
+API Reference guide is auto-generated by swagger and available on: 
+    `https://gitea.your.host/api/swagger`
+    or on 
+    [gitea demo instance](https://try.gitea.io/api/swagger)
+
+
 ## Listing your issued tokens via the API
 
 As mentioned in

docs/content/doc/advanced/ci-cd.en-us.md

@@ -0,0 +1,34 @@
+---
+date: "2019-08-27:00:00+02:00"
+title: "CI/CD Usage"
+slug: "ci-cd"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "CI/CD Usage"
+    weight: 40
+    identifier: "ci-cd"
+---
+
+# Gitea and CI/CD
+
+**NOTE:** These tools are not endorsed by Gitea. They are listed here for convenience only.
+
+## Listing
+
+CI/CD solutions that have integration with Gitea. Following list is not complete,
+the purpose is to give a starting point to integrate a CI/CD process with your Gitea instance.
+
+ - [Drone](https://drone.io) with [Gitea documentation](https://docs.drone.io/installation/providers/gitea/)
+ - [Jenkins](https://jenkins.io/) with [Gitea plugin](https://plugins.jenkins.io/gitea)
+ - [Agola](https://agola.io)
+ - [Buildkite](https://buildkite.com) with [Gitea connector](https://github.com/techknowlogick/gitea-buildkite-connector)
+ - [AppVeyor](https://www.appveyor.com) with [built-in Gitea support](https://www.appveyor.com/blog/2019/09/05/gitea-receives-first-class-support-in-appveyor/)
+ - [Buildbot](https://www.buildbot.net/) with [Gitea plugin](https://github.com/lab132/buildbot-gitea)
+ 
+
+Others CI/CD solutions that partially can be integrated with Gitea:
+ - [Concourse](https://www.concourse-ci.org), see more information at [Concourse community forum](https://discuss.concourse-ci.org/t/concourse-ci-and-gitea-oauth/1475)

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -66,16 +66,47 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    default is not to present. **WARNING**: This maybe harmful to you website if you do not
    give it a right value.
 - `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.
+- `ENABLE_PUSH_CREATE_USER`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for a user.
+- `ENABLE_PUSH_CREATE_ORG`:  **false**: Allow users to push local repositories to Gitea and have them automatically created for an org.
 
 ### Repository - Pull Request (`repository.pull-request`)
 
 - `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
  title to mark them as Work In Progress
+- `CLOSE_KEYWORDS`: **close**, **closes**, **closed**, **fix**, **fixes**, **fixed**, **resolve**, **resolves**, **resolved**: List of
+ keywords used in Pull Request comments to automatically close a related issue
+- `REOPEN_KEYWORDS`: **reopen**, **reopens**, **reopened**: List of keywords used in Pull Request comments to automatically reopen
+ a related issue
+- `DEFAULT_MERGE_MESSAGE_COMMITS_LIMIT`: **50**: In the default merge message for squash commits include at most this many commits. Set to `-1` to include all commits
+- `DEFAULT_MERGE_MESSAGE_SIZE`: **5120**: In the default merge message for squash commits limit the size of the commit messages. Set to `-1` to have no limit.
+- `DEFAULT_MERGE_MESSAGE_ALL_AUTHORS`: **false**: In the default merge message for squash commits walk all commits to include all authors in the Co-authored-by otherwise just use those in the limited list
+- `DEFAULT_MERGE_MESSAGE_MAX_APPROVERS`: **10**: In default merge messages limit the number of approvers listed as `Reviewed-by:`. Set to `-1` to include all.
+- `DEFAULT_MERGE_MESSAGE_OFFICIAL_APPROVERS_ONLY`: **true**: In default merge messages only include approvers who are officially allowed to review.
 
 ### Repository - Issue (`repository.issue`)
 
 - `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked
 
+### Repository - Signing (`repository.signing`)
+
+- `SIGNING_KEY`: **default**: \[none, KEYID, default \]: Key to sign with.
+- `SIGNING_NAME` & `SIGNING_EMAIL`: if a KEYID is provided as the `SIGNING_KEY`, use these as the Name and Email address of the signer. These should match publicized name and email address for the key.
+- `INITIAL_COMMIT`: **always**: \[never, pubkey, twofa, always\]: Sign initial commit.
+  - `never`: Never sign
+  - `pubkey`: Only sign if the user has a public key
+  - `twofa`: Only sign if the user is logged in with twofa
+  - `always`: Always sign
+  - Options other than `never` and `always` can be combined as a comma separated list.
+- `WIKI`: **never**: \[never, pubkey, twofa, always, parentsigned\]: Sign commits to wiki.
+- `CRUD_ACTIONS`: **pubkey, twofa, parentsigned**: \[never, pubkey, twofa, parentsigned, always\]: Sign CRUD actions.
+  - Options as above, with the addition of:
+  - `parentsigned`: Only sign if the parent commit is signed.
+- `MERGES`: **pubkey, twofa, basesigned, commitssigned**: \[never, pubkey, twofa, approved, basesigned, commitssigned, always\]: Sign merges.
+  - `approved`: Only sign approved merges to a protected branch.
+  - `basesigned`: Only sign if the parent commit in the base repo is signed.
+  - `headsigned`: Only sign if the head commit in the head branch is signed.
+  - `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
+
 ## CORS (`cors`)
 
 - `ENABLED`: **false**: enable cors headers (disabled by default)
@@ -90,12 +121,16 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 
 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
 - `ISSUE_PAGING_NUM`: **10**: Number of issues that are shown in one page (for all pages that list issues).
+- `MEMBERS_PAGING_NUM`: **20**: Number of members that are shown in organization members.
 - `FEED_MAX_COMMIT_NUM`: **5**: Number of maximum commits shown in one activity feed.
 - `GRAPH_MAX_COMMIT_NUM`: **100**: Number of maximum commits shown in the commit graph.
 - `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
 - `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes
   regardless of the value of `DEFAULT_THEME`.
-- `DEFAULT_SHOW_FULL_NAME`: false: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+- `REACTIONS`: All available reactions. Allow users react with different emoji's.
+- `DEFAULT_SHOW_FULL_NAME`: **false**: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+- `SEARCH_REPO_DESCRIPTION`: **true**: Whether to search within description at repository search on explore page.
+- `USE_SERVICE_WORKER`: **true**: Whether to enable a Service Worker to cache frontend assets.
 
 ### UI - Admin (`ui.admin`)
 
@@ -107,18 +142,28 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Markdown (`markdown`)
 
 - `ENABLE_HARD_LINE_BREAK`: **false**: Enable Markdown's hard line break extension.
+- `CUSTOM_URL_SCHEMES`: Use a comma separated list (ftp,git,svn) to indicate additional
+  URL hyperlinks to be rendered in Markdown. URLs beginning in http and https are
+  always displayed
 
 ## Server (`server`)
 
-- `PROTOCOL`: **http**: \[http, https, fcgi, unix\]
+- `PROTOCOL`: **http**: \[http, https, fcgi, unix, fcgi+unix\]
 - `DOMAIN`: **localhost**: Domain name of this server.
 - `ROOT_URL`: **%(PROTOCOL)s://%(DOMAIN)s:%(HTTP\_PORT)s/**:
    Overwrite the automatically generated public URL.
    This is useful if the internal and the external URL don't match (e.g. in Docker).
+- `STATIC_URL_PREFIX`: **\<empty\>**:
+   Overwrite this option to request static resources from a different URL.
+   This includes CSS files, images, JS files and web fonts.
+   Avatar images are dynamic resources and still served by gitea.
+   The option can be just a different path, as in `/static`, or another domain, as in `https://cdn.example.com`.
+   Requests are then made as `%(ROOT_URL)s/static/css/index.css` and `https://cdn.example.com/css/index.css` respective.
+   The static files are located in the `public/` directory of the gitea source repository.
 - `HTTP_ADDR`: **0.0.0.0**: HTTP listen address.
    - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
      defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
-   - If `PROTOCOL` is set to `unix`, this should be the name of the Unix socket file to use.
+   - If `PROTOCOL` is set to `unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
 - `HTTP_PORT`: **3000**: HTTP listen port.
    - If `PROTOCOL` is set to `fcgi`, Gitea will listen for FastCGI requests on TCP socket
      defined by `HTTP_ADDR` and `HTTP_PORT` configuration settings.
@@ -132,14 +177,16 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `START_SSH_SERVER`: **false**: When enabled, use the built-in SSH server.
 - `SSH_DOMAIN`: **%(DOMAIN)s**: Domain name of this server, used for displayed clone URL.
 - `SSH_PORT`: **22**: SSH port displayed in clone URL.
+- `SSH_LISTEN_HOST`: **0.0.0.0**: Listen address for the built-in SSH server.
 - `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
 - `OFFLINE_MODE`: **false**: Disables use of CDN for static files and Gravatar for profile pictures.
 - `DISABLE_ROUTER_LOG`: **false**: Mute printing of the router log.
-- `CERT_FILE`: **custom/https/cert.pem**: Cert file path used for HTTPS.
-- `KEY_FILE`: **custom/https/key.pem**: Key file path used for HTTPS.
+- `CERT_FILE`: **https/cert.pem**: Cert file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
+- `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
+- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.
 - `ENABLE_GZIP`: **false**: Enables application-level GZIP support.
-- `LANDING_PAGE`: **home**: Landing page for unauthenticated users  \[home, explore\].
+- `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login\].
 - `LFS_START_SERVER`: **false**: Enables git-lfs support.
 - `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
 - `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
@@ -151,11 +198,14 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.
 - `LETSENCRYPT_DIRECTORY`: **https**: Directory that Letsencrypt will use to cache information such as certs and private keys.
 - `LETSENCRYPT_EMAIL`: **email@example.com**: Email used by Letsencrypt to notify about problems with issued certificates. (No default)
+- `ALLOW_GRACEFUL_RESTARTS`: **true**: Perform a graceful restart on SIGHUP
+- `GRACEFUL_HAMMER_TIME`: **60s**: After a restart the parent process will stop accepting new connections and will allow requests to finish before stopping. Shutdown will be forced if it takes longer than this time.
+- `STARTUP_TIMEOUT`: **0**: Shutsdown the server if startup takes longer than the provided time. On Windows setting this sends a waithint to the SVC host to tell the SVC host startup may take some time. Please note startup is determined by the opening of the listeners - HTTP/HTTPS/SSH. Indexers may take longer to startup and can have their own timeouts.
 
 ## Database (`database`)
 
 - `DB_TYPE`: **mysql**: The database type in use \[mysql, postgres, mssql, sqlite3\].
-- `HOST`: **127.0.0.1:3306**: Database host address and port.
+- `HOST`: **127.0.0.1:3306**: Database host address and port or absolute path for unix socket \[mysql, postgres\] (ex: /var/run/mysqld/mysqld.sock).
 - `NAME`: **gitea**: Database name.
 - `USER`: **root**: Database username.
 - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
@@ -165,11 +215,18 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `LOG_SQL`: **true**: Log the executed SQL.
 - `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
 - `DB_RETRY_BACKOFF`: **3s**: time.Duration to wait before trying another ORM init / DB connect attempt, if failure occured.
+- `MAX_OPEN_CONNS` **0**: Database maximum open connections - default is 0, meaning there is no limit.
+- `MAX_IDLE_CONNS` **2**: Max idle database connections on connnection pool, default is 2 - this will be capped to `MAX_OPEN_CONNS`.
+- `CONN_MAX_LIFETIME` **0 or 3s**: Sets the maximum amount of time a DB connection may be reused - default is 0, meaning there is no limit (except on MySQL where it is 3s - see #6804 & #7071).
+  
+Please see #8540 & #8273 for further discussion of the appropriate values for `MAX_OPEN_CONNS`, `MAX_IDLE_CONNS` & `CONN_MAX_LIFETIME` and their
+relation to port exhaustion.
 
 ## Indexer (`indexer`)
 
 - `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently support: bleve or db, if it's db, below issue indexer item will be invalid.
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search.
+- The next 4 configuration values are deprecated and should be set in `queue.issue_indexer` however are kept for backwards compatibility:
 - `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
 - `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
 - `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
@@ -177,8 +234,32 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 
 - `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
+- `REPO_INDEXER_INCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **include** in the index. Use `**.txt` to match any files with .txt extension. An empty list means include all files.
+- `REPO_INDEXER_EXCLUDE`: **empty**: A comma separated list of glob patterns (see https://github.com/gobwas/glob) to **exclude** from the index. Files that match this list will not be indexed, even if they match in `REPO_INDEXER_INCLUDE`.
 - `UPDATE_BUFFER_LEN`: **20**: Buffer length of index request.
 - `MAX_FILE_SIZE`: **1048576**: Maximum size in bytes of files to be indexed.
+- `STARTUP_TIMEOUT`: **30s**: If the indexer takes longer than this timeout to start - fail. (This timeout will be added to the hammer time above for child processes - as bleve will not start until the previous parent is shutdown.) Set to zero to never timeout.
+
+## Queue (`queue` and `queue.*`)
+
+- `TYPE`: **persistable-channel**: General queue type, currently support: `persistable-channel`, `channel`, `level`, `redis`, `dummy`
+- `DATADIR`: **queues/**: Base DataDir for storing persistent and level queues. `DATADIR` for inidividual queues can be set in `queue.name` sections but will default to `DATADIR/`**`name`**.
+- `LENGTH`: **20**: Maximal queue size before channel queues block
+- `BATCH_LENGTH`: **20**: Batch data before passing to the handler
+- `CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Connection string for the redis queue type.
+- `QUEUE_NAME`: **_queue**: The suffix for default redis queue name. Individual queues will default to **`name`**`QUEUE_NAME` but can be overriden in the specific `queue.name` section.
+- `WRAP_IF_NECESSARY`: **true**: Will wrap queues with a timeoutable queue if the selected queue is not ready to be created - (Only relevant for the level queue.)
+- `MAX_ATTEMPTS`: **10**: Maximum number of attempts to create the wrapped queue
+- `TIMEOUT`: **GRACEFUL_HAMMER_TIME + 30s**: Timeout the creation of the wrapped queue if it takes longer than this to create.
+- Queues by default come with a dynamically scaling worker pool. The following settings configure this:
+- `WORKERS`: **1**: Number of initial workers for the queue.
+- `MAX_WORKERS`: **10**: Maximum number of worker go-routines for the queue.
+- `BLOCK_TIMEOUT`: **1s**: If the queue blocks for this time, boost the number of workers - the `BLOCK_TIMEOUT` will then be doubled before boosting again whilst the boost is ongoing.
+- `BOOST_TIMEOUT`: **5m**: Boost workers will timeout after this long.
+- `BOOST_WORKERS`: **5**: This many workers will be added to the worker pool if there is a boost.
+
+## Admin (`admin`)
+- `DEFAULT_EMAIL_NOTIFICATIONS`: **enabled**: Default configuration for email notifications for users (user configurable). Options: enabled, onmention, disabled
 
 ## Security (`security`)
 
@@ -194,9 +275,18 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
    authentication provided email.
 - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
    git hooks.
+- `ONLY_ALLOW_PUSH_IF_GITEA_ENVIRONMENT_SET`: **true**: Set to `false` to allow local users to push to gitea-repositories without setting up the Gitea environment. This is not recommended and if you want local users to push to gitea repositories you should set the environment appropriately.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
 - `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
 - `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)
+- `PASSWORD_HASH_ALGO`: **pbkdf2**: The hash algorithm to use \[pbkdf2, argon2, scrypt, bcrypt\].
+- `CSRF_COOKIE_HTTP_ONLY`: **true**: Set false to allow JavaScript to read CSRF cookie.
+- `PASSWORD_COMPLEXITY`: **lower,upper,digit,spec**: Comma separated list of character classes required to pass minimum complexity. If left empty or no valid values are specified, the default values will be used. Possible values are: 
+    - lower - use one or more lower latin characters
+    - upper - use one or more upper latin characters
+    - digit - use one or more digits
+    - spec - use one or more special characters as ``!"#$%&'()*+,-./:;<=>?@[\\]^_`{|}~``
+    - off - do not check password complexity
 
 ## OpenID (`openid`)
 
@@ -222,6 +312,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
 - `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
    something happens, like creating issues. Requires `Mailer` to be enabled.
+- `ENABLE_BASIC_AUTHENTICATION`: **true**: Disable this to disallow authenticaton using HTTP
+   BASIC and the user's password. Please note if you disable this you will not be able to access the
+   tokens API endpoints using a password. Further, this only disables BASIC authentication using the
+   password - not tokens or OAuth Basic.
 - `ENABLE_REVERSE_PROXY_AUTHENTICATION`: **false**: Enable this to allow reverse proxy authentication.
 - `ENABLE_REVERSE_PROXY_AUTO_REGISTRATION`: **false**: Enable this to allow auto-registration
    for reverse authentication.
@@ -235,12 +329,19 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
 - `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
 - `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
+- `ALLOW_CROSS_REPOSITORY_DEPENDENCIES` : **true** Enable this to allow dependencies on issues from any repository where the user is granted access.
 - `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
 - `EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
   on this instance.
 - `SHOW_REGISTRATION_BUTTON`: **! DISABLE\_REGISTRATION**: Show Registration Button
+- `SHOW_MILESTONES_DASHBOARD_PAGE`: **true** Enable this to show the milestones dashboard page - a view of all the user's milestones
 - `AUTO_WATCH_NEW_REPOS`: **true**: Enable this to let all organisation users watch new repos when they are created
+- `AUTO_WATCH_ON_CHANGES`: **false**: Enable this to make users watch a repository after their first commit to it
 - `DEFAULT_ORG_VISIBILITY`: **public**: Set default visibility mode for organisations, either "public", "limited" or "private".
+- `DEFAULT_ORG_MEMBER_VISIBLE`: **false** True will make the membership of the users visible when added to the organisation.
+- `ALLOW_ONLY_EXTERNAL_REGISTRATION`: **false** Set to true to force registration only using third-party services.
+- `NO_REPLY_ADDRESS`: **DOMAIN** Default value for the domain part of the user's email address in the git log if he has set KeepEmailPrivate to true. 
+  The user's email will be replaced with a concatenation of the user name in lower case, "@" and NO_REPLY_ADDRESS.
 
 ## Webhook (`webhook`)
 
@@ -248,6 +349,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DELIVER_TIMEOUT`: **5**: Delivery timeout (sec) for shooting webhooks.
 - `SKIP_TLS_VERIFY`: **false**: Allow insecure certification.
 - `PAGING_NUM`: **10**: Number of webhook history events that are shown in one page.
+- `PROXY_URL`: ****: Proxy server URL, support http://, https//, socks://, blank will follow environment http_proxy/https_proxy
+- `PROXY_HOSTS`: ****: Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 
 ## Mailer (`mailer`)
 
@@ -280,7 +383,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `INTERVAL`: **60**: Garbage Collection interval (sec), for memory cache only.
 - `HOST`: **\<empty\>**: Connection string for `redis` and `memcache`.
    - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
-   - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+   - Memcache: `127.0.0.1:9090;127.0.0.1:9091`
+- `ITEM_TTL`: **16h**: Time to keep items in cache if not used, Setting it to 0 disables caching.
 
 ## Session (`session`)
 
@@ -330,7 +434,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
 - `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
 - `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
-- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
+- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
   - The following variables are available:
   - `Ctx`: the `macaron.Context` of the request.
   - `Identity`: the SignedUserName or `"-"` if not logged in.
@@ -406,13 +510,20 @@ NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false`
 - `RUN_AT_START`: **true**: Run repository statistics check at start time.
 - `SCHEDULE`: **@every 24h**: Cron syntax for scheduling repository statistics check.
 
+### Cron - Update Migration Poster ID (`cron.update_migration_post_id`)
+
+- `SCHEDULE`: **@every 24h** : Interval as a duration between each synchronization, it will always attempt synchronization when the instance starts.
+
 ## Git (`git`)
 
+- `PATH`: **""**: The path of git executable. If empty, Gitea searches through the PATH environment.
 - `MAX_GIT_DIFF_LINES`: **100**: Max number of lines allowed of a single file in diff view.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
 - `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
 - `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+- `VERBOSE_PUSH`: **true**: Print status information about pushes as they are being processed.
+- `VERBOSE_PUSH_DELAY`: **5s**: Only print verbose information if push takes longer than this delay.
 
 ## Git - Timeout settings (`git.timeout`)
 - `DEFAUlT`: **360**: Git operations default timeout seconds.
@@ -483,13 +594,13 @@ Gitea can support Markup using external tools. The example below will add a mark
 
 ```ini
 [markup.asciidoc]
-ENABLED = false
+ENABLED = true
 FILE_EXTENSIONS = .adoc,.asciidoc
 RENDER_COMMAND = "asciidoc --out-file=- -"
 IS_INPUT_FILE = false
 ```
 
-- ENABLED: **false** Enable markup support.
+- ENABLED: **false** Enable markup support; set to **true** to enable this renderer.
 - FILE\_EXTENSIONS: **\<empty\>** List of file extensions that should be rendered by an external
    command. Multiple extentions needs a comma as splitter.
 - RENDER\_COMMAND: External command to render all matching extensions.
@@ -499,6 +610,41 @@ Two special environment variables are passed to the render command:
 - `GITEA_PREFIX_SRC`, which contains the current URL prefix in the `src` path tree. To be used as prefix for links.
 - `GITEA_PREFIX_RAW`, which contains the current URL prefix in the `raw` path tree. To be used as prefix for image paths.
 
+
+Gitea supports customizing the sanitization policy for rendered HTML. The example below will support KaTeX output from pandoc.
+
+```ini
+[markup.sanitizer]
+; Pandoc renders TeX segments as <span>s with the "math" class, optionally
+; with "inline" or "display" classes depending on context.
+ELEMENT = span
+ALLOW_ATTR = class
+REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
+```
+
+ - `ELEMENT`: The element this policy applies to. Must be non-empty.
+ - `ALLOW_ATTR`: The attribute this policy allows. Must be non-empty.
+ - `REGEXP`: A regex to match the contents of the attribute against. Must be present but may be empty for unconditional whitelisting of this attribute.
+
+You may redefine `ELEMENT`, `ALLOW_ATTR`, and `REGEXP` multiple times; each time all three are defined is a single policy entry.
+
+## Time (`time`)
+
+- `FORMAT`: Time format to diplay on UI. i.e. RFC1123 or 2006-01-02 15:04:05
+- `DEFAULT_UI_LOCATION`: Default location of time on the UI, so that we can display correct user's time on UI. i.e. Shanghai/Asia
+
+## Task (`task`)
+
+-  Task queue configuration has been moved to `queue.task` however, the below configuration values are kept for backwards compatibilityx:
+- `QUEUE_TYPE`: **channel**: Task queue type, could be `channel` or `redis`.
+- `QUEUE_LENGTH`: **1000**: Task queue length, available only when `QUEUE_TYPE` is `channel`.
+- `QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: Task queue connection string, available only when `QUEUE_TYPE` is `redis`. If there redis needs a password, use `addrs=127.0.0.1:6379 password=123 db=0`.
+
+## Migrations (`migrations`)
+
+- `MAX_ATTEMPTS`: **3**: Max attempts per http/https request on migrations.
+- `RETRY_BACKOFF`: **3**: Backoff time per http/https request retry (seconds)
+
 ## Other (`other`)
 
 - `SHOW_FOOTER_BRANDING`: **false**: Show Gitea branding in the footer.

docs/content/doc/advanced/config-cheat-sheet.zh-cn.md

@@ -37,7 +37,8 @@ menu:
 
 - `EXPLORE_PAGING_NUM`: 探索页面每页显示的仓库数量。
 - `ISSUE_PAGING_NUM`: 工单页面每页显示的工单数量。
-- `FEED_MAX_COMMIT_NUM`: 活动流页面显示的最大提交树木。
+- `MEMBERS_PAGING_NUM`: **20**: 组织成员页面每页显示的成员数量。
+- `FEED_MAX_COMMIT_NUM`: 活动流页面显示的最大提交数量。
 
 ### UI - Admin (`ui.admin`)
 
@@ -65,6 +66,7 @@ menu:
 - `CERT_FILE`: 启用HTTPS的证书文件。
 - `KEY_FILE`: 启用HTTPS的密钥文件。
 - `STATIC_ROOT_PATH`: 存放模板和静态文件的根目录，默认是 Gitea 的根目录。
+- `STATIC_CACHE_TIME`: **6h**: 静态资源文件，包括 `custom/`, `public/` 和所有上传的头像的浏览器缓存时间。
 - `ENABLE_GZIP`: 启用应用级别的 GZIP 压缩。
 - `LANDING_PAGE`: 未登录用户的默认页面，可选 `home` 或 `explore`。
 - `LFS_START_SERVER`: 是否启用 git-lfs 支持. 可以为 `true` 或 `false`， 默认是 `false`。
@@ -82,6 +84,8 @@ menu:
 - `CHARSET`: **utf8**: 仅当数据库为 MySQL 时有效, 可以为 "utf8" 或 "utf8mb4"。注意：如果使用 "utf8mb4"，你的 MySQL InnoDB 版本必须在 5.6 以上。
 - `PATH`: Tidb 或者 SQLite3 数据文件存放路径。
 - `LOG_SQL`: **true**: 显示生成的SQL，默认为真。
+- `MAX_IDLE_CONNS` **0**: 最大空闲数据库连接
+- `CONN_MAX_LIFETIME` **3s**: 数据库连接最大存活时间
 
 ## Indexer (`indexer`)
 
@@ -108,7 +112,7 @@ menu:
 
 ## Service (`service`)
 
-- `ACTIVE_CODE_LIVE_MINUTES`: 登陆验证码失效时间，单位分钟。
+- `ACTIVE_CODE_LIVE_MINUTES`: 登录验证码失效时间，单位分钟。
 - `RESET_PASSWD_CODE_LIVE_MINUTES`: 重置密码失效时间，单位分钟。
 - `REGISTER_EMAIL_CONFIRM`: 启用注册邮件激活，前提是 `Mailer` 已经启用。
 - `DISABLE_REGISTRATION`: 禁用注册，启用后只能用管理员添加用户。
@@ -126,6 +130,8 @@ menu:
 - `DELIVER_TIMEOUT`: 请求webhooks的超时时间，单位秒。
 - `SKIP_TLS_VERIFY`: 是否允许不安全的证书。
 - `PAGING_NUM`: 每页显示的Webhook 历史数量。
+- `PROXY_URL`: ****: 代理服务器网址，支持 http://, https//, socks://, 为空将使用环境变量中的 http_proxy/https_proxy 设置。
+- `PROXY_HOSTS`: ****: 逗号分隔的需要代理的域名或IP地址。支持 * 号匹配符，使用 ** 匹配所有域名和IP地址。
 
 ## Mailer (`mailer`)
 
@@ -142,11 +148,12 @@ menu:
 
 ## Cache (`cache`)
 
-- `ADAPTER`: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
-- `INTERVAL`: 只对内存缓存有效，GC间隔，单位秒。
-- `HOST`: 针对redis和memcache有效，主机地址和端口。
+- `ADAPTER`: **memory**: 缓存引擎，可以为 `memory`, `redis` 或 `memcache`。
+- `INTERVAL`: **60**: 只对内存缓存有效，GC间隔，单位秒。
+- `HOST`: **\<empty\>**: 针对redis和memcache有效，主机地址和端口。
     - Redis: `network=tcp,addr=127.0.0.1:6379,password=macaron,db=0,pool_size=100,idle_timeout=180`
     - Memache: `127.0.0.1:9090;127.0.0.1:9091`
+- `ITEM_TTL`: **16h**: 缓存项目失效时间，设置为 0 则禁用缓存。
 
 ## Session (`session`)
 
@@ -169,6 +176,20 @@ menu:
 - `MAX_SIZE`: 附件最大限制，单位 MB，比如： `4`。
 - `MAX_FILES`: 一次最多上传的附件数量，比如： `5`。
 
+关于 `ALLOWED_TYPES`， 在 (*)unix 系统中可以使用`file -I <filename>` 来快速获得对应的 `MIME type`。
+
+```shell
+$ file -I test00.tar.xz
+test00.tar.xz: application/x-xz; charset=binary
+
+$ file --mime test00.xlsx
+test00.xlsx: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet; charset=binary
+
+file -I test01.xls
+test01.xls: application/vnd.ms-excel; charset=binary
+```
+
+
 ## Log (`log`)
 
 - `ROOT_PATH`: 日志文件根目录。
@@ -193,7 +214,11 @@ menu:
 ### Cron - Repository Statistics Check (`cron.check_repo_stats`)
 
 - `RUN_AT_START`: 是否启动时自动运行仓库统计。
-- `SCHEDULE`: 藏亏统计时的Cron 语法，比如：`@every 24h`.
+- `SCHEDULE`: 仓库统计时的Cron 语法，比如：`@every 24h`.
+
+### Cron - Update Migration Poster ID (`cron.update_migration_post_id`)
+
+- `SCHEDULE`: **@every 24h** : 每次同步的间隔时间。此任务总是在启动时自动进行。
 
 ## Git (`git`)
 
@@ -237,7 +262,21 @@ IS_INPUT_FILE = false
 - RENDER_COMMAND: 工具的命令行命令及参数。
 - IS_INPUT_FILE: 输入方式是最后一个参数为文件路径还是从标准输入读取。
 
+## Time (`time`)
 
+- `FORMAT`: 显示在界面上的时间格式。比如： RFC1123 或者 2006-01-02 15:04:05
+- `DEFAULT_UI_LOCATION`: 默认显示在界面上的时区，默认为本地时区。比如： Asia/Shanghai
+
+## Task (`task`)
+
+- `QUEUE_TYPE`: **channel**: 任务队列类型，可以为 `channel` 或 `redis`。
+- `QUEUE_LENGTH`: **1000**: 任务队列长度，当 `QUEUE_TYPE` 为 `channel` 时有效。
+- `QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 任务队列连接字符串，当 `QUEUE_TYPE` 为 `redis` 时有效。如果redis有密码，则可以 `addrs=127.0.0.1:6379 password=123 db=0`。
+
+## Migrations (`migrations`)
+
+- `MAX_ATTEMPTS`: **3**: 在迁移过程中的 http/https 请求重试次数。
+- `RETRY_BACKOFF`: **3**: 等待下一次重试的时间，单位秒。
 
 ## Other (`other`)
 

docs/content/doc/advanced/customizing-gitea.en-us.md

@@ -44,12 +44,6 @@ environment variable; this can be used to override the default path to something
 
 **Note:** Gitea must perform a full restart to see configuration changes.
 
-## Customizing /robots.txt
-
-To make Gitea serve a custom `/robots.txt` (default: empty 404), create a file called
-`robots.txt` in the `custom` folder (or `CustomPath`) with
-[expected contents](http://www.robotstxt.org/).
-
 ## Serving custom public files
 
 To make Gitea serve custom public files (like pages and images), use the folder
@@ -60,24 +54,30 @@ the url `http://gitea.domain.tld/image.png`.
 
 ## Changing the default avatar
 
-Place the png image at the following path: `custom/public/img/avatar\_default.png`
+Place the png image at the following path: `custom/public/img/avatar_default.png`
 
 ## Customizing Gitea pages
 
 The `custom/templates` folder allows changing every single page of Gitea. Templates
-to override can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source. Override by
+to override can be found in the [`templates`](https://github.com/go-gitea/gitea/tree/master/templates) directory of Gitea source (Note: the example link is from `master` branch. Make sure to copy templates from same release you are using). Override by
 making a copy of the file under `custom/templates` using a full path structure
 matching source.
 
 Any statement contained inside `{{` and `}}` are Gitea's template syntax and
 shouldn't be touched without fully understanding these components.
 
+### Customizing startpage / homepage
+
+Copy [`home.tmpl`](https://github.com/go-gitea/gitea/blob/master/templates/home.tmpl) for your version of Gitea from `templates` to `custom/templates`.
+Edit as you wish.
+Dont forget to restart your gitea to apply the changes.
+
 ### Adding links and tabs
 
-If all you want is to add extra links to the top navigation bar, or extra tabs to the repository view, you can put them in `extra_links.tmpl` and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
+If all you want is to add extra links to the top navigation bar or footer, or extra tabs to the repository view, you can put them in `extra_links.tmpl` (links added to the navbar), `extra_links_footer.tmpl` (links added to the left side of footer), and `extra_tabs.tmpl` inside your `custom/templates/custom/` directory.
 
 For instance, let's say you are in Germany and must add the famously legally-required "Impressum"/about page, listing who is responsible for the site's content:
-just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in `custom/templates/custom/extra_links.tmpl`.
+just place it under your "custom/public/" directory (for instance `custom/public/impressum.html`) and put a link to it in either `custom/templates/custom/extra_links.tmpl` or `custom/templates/custom/extra_links_footer.tmpl`.
 
 To match the current style, the link should have the class name "item", and you can use `{{AppSubUrl}}` to get the base URL:
 `<a class="item" href="{{AppSubUrl}}/impressum.html">Impressum</a>`
@@ -98,6 +98,20 @@ Apart from `extra_links.tmpl` and `extra_tabs.tmpl`, there are other useful temp
 - `body_outer_post.tmpl`, before the bottom `<footer>` element.
 - `footer.tmpl`, right before the end of the `<body>` tag, a good place for additional Javascript.
 
+## Customizing Gitea mails
+
+The `custom/templates/mail` folder allows changing the body of every mail of Gitea.
+Templates to override can be found in the
+[`templates/mail`](https://github.com/go-gitea/gitea/tree/master/templates/mail)
+directory of Gitea source.
+Override by making a copy of the file under `custom/templates/mail` using a
+full path structure matching source.
+
+Any statement contained inside `{{` and `}}` are Gitea's template
+syntax and shouldn't be touched without fully understanding these components.
+
+
+
 ## Adding Analytics to Gitea
 
 Google Analytics, Matomo (previously Piwik), and other analytics services can be added to Gitea. To add the tracking code, refer to the `Other additions to the page` section of this document, and add the JavaScript to the `custom/templates/custom/header.tmpl` file.
@@ -126,7 +140,7 @@ To add a custom license, add a file with the license text to `custom/options/lic
 Locales are managed via our [crowdin](https://crowdin.com/project/gitea).  
 You can override a locale by placing an altered locale file in `custom/options/locale`.  
 Gitea's default locale files can be found in  the [`options/locale`](https://github.com/go-gitea/gitea/tree/master/options/locale) source folder and these should be used as examples for your changes.  
-  
+
 To add a completely new locale, as well as placing the file in the above location, you will need to add the new lang and name to the `[i18n]` section in your `app.ini`. Keep in mind that Gitea will use those settings as **overrides**, so if you want to keep the other languages as well you will need to copy/paste the default values and add your own to them.
 
 ```
@@ -141,6 +155,15 @@ Locales may change between versions, so keeping track of your customized locales
 
 To add a custom Readme, add a markdown formatted file (without an `.md` extension) to `custom/options/readme`
 
+### Reactions
+
+To change reaction emoji's you can set allowed reactions at app.ini
+```
+[ui]
+REACTIONS = +1, -1, laugh, confused, heart, hooray, eyes
+```
+A full list of supported emoji's is at [emoji list](https://gitea.com/gitea/gitea.com/issues/8)
+
 ## Customizing the look of Gitea
 
 As of version 1.6.0 Gitea has built-in themes. The two built-in themes are, the default theme `gitea`, and a dark theme `arc-green`. To change the look of your Gitea install change the value of `DEFAULT_THEME` in the [ui](https://docs.gitea.io/en-us/config-cheat-sheet/#ui-ui) section of `app.ini` to another one of the available options.  

docs/content/doc/advanced/external-renderers.en-us.md

@@ -17,6 +17,7 @@ menu:
 
 Gitea supports custom file renderings (i.e., Jupyter notebooks, asciidoc, etc.) through external binaries, 
 it is just a matter of:
+
 * installing external binaries
 * add some configuration to your `app.ini` file
 * restart your Gitea instance
@@ -27,13 +28,13 @@ In order to get file rendering through external binaries, their associated packa
 If you're using a Docker image, your `Dockerfile` should contain something along this lines:
 
 ```
-FROM gitea/gitea:1.6.0
+FROM gitea/gitea:{{< version >}}
 [...]
 
 COPY custom/app.ini /data/gitea/conf/app.ini
 [...]
 
-RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng python-dev py-pip python3-dev py3-pip
+RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng python-dev py-pip python3-dev py3-pip py3-zmq
 # install any other package you need for your external renderers
 
 RUN pip3 install --upgrade pip
@@ -50,7 +51,7 @@ add one `[markup.XXXXX]` section per external renderer on your custom `app.ini`:
 [markup.asciidoc]
 ENABLED = true
 FILE_EXTENSIONS = .adoc,.asciidoc
-RENDER_COMMAND = "asciidoctor --out-file=- -"
+RENDER_COMMAND = "asciidoctor -e -a leveloffset=-1 --out-file=- -"
 ; Input is not a standard input but a file
 IS_INPUT_FILE = false
 
@@ -67,4 +68,22 @@ RENDER_COMMAND = rst2html.py
 IS_INPUT_FILE = false
 ```
 
+If your external markup relies on additional classes and attributes on the generated HTML elements, you might need to enable custom sanitizer policies. Gitea uses the [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) package as our HTML sanitizier. The example below will support [KaTeX](https://katex.org/) output from [`pandoc`](https://pandoc.org/).
+
+```ini
+[markup.sanitizer]
+; Pandoc renders TeX segments as <span>s with the "math" class, optionally
+; with "inline" or "display" classes depending on context.
+ELEMENT = span
+ALLOW_ATTR = class
+REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
+
+[markup.markdown]
+ENABLED         = true
+FILE_EXTENSIONS = .md,.markdown
+RENDER_COMMAND  = pandoc -f markdown -t html --katex
+```
+
+You may redefine `ELEMENT`, `ALLOW_ATTR`, and `REGEXP` multiple times; each time all three are defined is a single policy entry. All three must be defined, but `REGEXP` may be blank to allow unconditional whitelisting of that attribute.
+
 Once your configuration changes have been made, restart Gitea to have changes take effect.

docs/content/doc/advanced/hacking-on-gitea.en-us.md

@@ -23,6 +23,10 @@ environment variable and to add the go bin directory or directories
 `${GOPATH//://bin:}/bin` to the `$PATH`. See the Go wiki entry for
 [GOPATH](https://github.com/golang/go/wiki/GOPATH).
 
+Next, [install Node.js with npm](https://nodejs.org/en/download/) which is
+required to build the JavaScript and CSS files. The minimum supported Node.js
+version is 10 and the latest LTS version is recommended.
+
 You will also need make.
 <a href='{{< relref "doc/advanced/make.en-us.md" >}}'>(See here how to get Make)</a>
 
@@ -32,7 +36,7 @@ necessary. To be able to use these you must have the `"$GOPATH"/bin` directory
 on the executable path. If you don't add the go bin directory to the
 executable path you will have to manage this yourself.
 
-**Note 2**: Go version 1.9 or higher is required; however, it is important
+**Note 2**: Go version 1.11 or higher is required; however, it is important
 to note that our continuous integration will check that the formatting of the
 source code is not changed by `gofmt` using `make fmt-check`. Unfortunately,
 the results of `gofmt` can differ by the version of `go`. It is therefore
@@ -98,7 +102,7 @@ from source</a>.
 The simplest recommended way to build from source is:
 
 ```bash
-TAGS="bindata sqlite sqlite_unlock_notify" make generate build
+TAGS="bindata sqlite sqlite_unlock_notify" make build
 ```
 
 However, there are a number of additional make tasks you should be aware of.
@@ -108,10 +112,10 @@ and look at our
 [`.drone.yml`](https://github.com/go-gitea/gitea/blob/master/.drone.yml) to see
 how our continuous integration works.
 
-### Formatting, linting, vetting and spell-check
+### Formatting, code analysis and spell check
 
 Our continous integration will reject PRs that are not properly formatted, fail
-linting, vet or spell-check.
+code analysis or spell check.
 
 You should format your code with `go fmt` using:
 
@@ -130,30 +134,30 @@ You should run the same version of go that is on the continuous integration
 server as mentioned above. `make fmt-check` will only check if your `go` would
 format differently - this may be different from the CI server version.
 
-You should lint, vet and spell-check with:
+You should run revive, vet and spell-check on the code with:
 
 ```bash
-make vet lint misspell-check
+make revive vet misspell-check
 ```
 
-### Updating CSS
+### Working on CSS
 
-To generate the CSS, you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our CSS. Do **not** edit the files in `public/css` directly, as they are generated from `lessc` from the files in `public/less`.
-
-Edit files in `public/less`, run the linter, regenerate the CSS and commit all changed files:
+Edit files in `web_src/less` and run the linter and build the CSS files via:
 
 ```bash
 make css
 ```
 
-### Updating JS
+### Working on JS
 
-To run the JavaScript linter you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. Edit files in `public/js` and run the linter:
+Edit files in `web_src/js`, run the linter and build the JS files via:
 
 ```bash
 make js
 ```
 
+Note: When working on frontend code, it is advisable to set `USE_SERVICE_WORKER` to `false` in `app.ini` which will prevent undesirable caching of frontend assets.
+
 ### Updating the API
 
 When creating new API routes or modifying existing API routes, you **MUST**
@@ -178,7 +182,7 @@ make generate-swagger
 You should validate your generated Swagger file and spell-check it with:
 
 ```bash
-make swagger-validate mispell-check
+make swagger-validate misspell-check
 ```
 
 You should commit the changed swagger JSON file. The continous integration
@@ -233,7 +237,7 @@ Unit tests will not and cannot completely test Gitea alone. Therefore, we
 have written integration tests; however, these are database dependent.
 
 ```bash
-TAGS="bindata sqlite sqlite_unlock_notify" make generate build test-sqlite
+TAGS="bindata sqlite sqlite_unlock_notify" make build test-sqlite
 ```
 
 will run the integration tests in an sqlite environment. Other database tests

docs/content/doc/advanced/logging-documentation.en-us.md

@@ -143,7 +143,7 @@ log using the value: `ACCESS = ,`
 
 This value represent a go template. It's default value is:
 
-`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
+`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
 
 The template is passed following options:
 

docs/content/doc/advanced/mail-templates-us.md

@@ -0,0 +1,276 @@
+---
+date: "2019-10-23T17:00:00-03:00"
+title: "Mail templates"
+slug: "mail-templates"
+weight: 45
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Mail templates"
+    weight: 45
+    identifier: "mail-templates"
+---
+
+# Mail templates
+
+To craft the e-mail subject and contents for certain operations, Gitea can be customized by using templates. The templates
+for these functions are located under the [`custom` directory](https://docs.gitea.io/en-us/customizing-gitea/).
+Gitea has an internal template that serves as default in case there's no custom alternative.
+
+Custom templates are loaded when Gitea starts. Changes made to them are not recognized until Gitea is restarted again.
+
+## Mail notifications supporting templates
+
+Currently, the following notification events make use of templates:
+
+| Action name   | Usage                                                                                                        |
+|---------------|--------------------------------------------------------------------------------------------------------------|
+| `new`         | A new issue or pull request was created.                                                                     |
+| `comment`     | A new comment was created in an existing issue or pull request.                                              |
+| `close`       | An issue or pull request was closed.                                                                         |
+| `reopen`      | An issue or pull request was reopened.                                                                       |
+| `review`      | The head comment of a review in a pull request.                                                              |
+| `approve`     | The head comment of a approving review for a pull request.                                                   |
+| `reject`      | The head comment of a review requesting changes for a pull request.                                          |
+| `code`        | A single comment on the code of a pull request.                                                              |
+| `assigned`    | Used was assigned to an issue or pull request.                                                               |
+| `default`     | Any action not included in the above categories, or when the corresponding category template is not present. |
+
+The path for the template of a particular message type is:
+
+```
+custom/templates/mail/{action type}/{action name}.tmpl
+```
+
+Where `{action type}` is one of `issue` or `pull` (for pull requests), and `{action name}` is one of the names listed above.
+
+For example, the specific template for a mail regarding a comment in a pull request is:
+```
+custom/templates/mail/pull/comment.tmpl
+```
+
+However, creating templates for each and every action type/name combination is not required.
+A fallback system is used to choose the appropriate template for an event. The _first existing_
+template on this list is used:
+
+* The specific template for the desired **action type** and **action name**.
+* The template for action type `issue` and the desired **action name**.
+* The template for the desired **action type**, action name `default`.
+* The template for action type `issue`, action name `default`.
+
+The only mandatory template is action type `issue`, action name `default`, which is already embedded in Gitea
+unless it's overridden by the user in the `custom` directory.
+
+## Template syntax
+
+Mail templates are UTF-8 encoded text files that need to follow one of the following formats:
+
+```
+Text and macros for the subject line
+------------
+Text and macros for the mail body
+```
+
+or
+
+```
+Text and macros for the mail body
+```
+
+Specifying a _subject_ section is optional (and therefore also the dash line separator). When used, the separator between
+_subject_ and _mail body_ templates requires at least three dashes; no other characters are allowed in the separator line.
+
+
+_Subject_ and _mail body_ are parsed by [Golang's template engine](https://golang.org/pkg/text/template/) and
+are provided with a _metadata context_ assembled for each notification. The context contains the following elements:
+
+| Name               | Type             | Available     | Usage                                                                                                                                                |
+|--------------------|------------------|---------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `.FallbackSubject` | string           | Always        | A default subject line. See Below.                                                                                                                   |
+| `.Subject`         | string           | Only in body  | The _subject_, once resolved.                                                                                                                        |
+| `.Body`            | string           | Always        | The message of the issue, pull request or comment, parsed from Markdown into HTML and sanitized. Do not confuse with the _mail body_.                |
+| `.Link`            | string           | Always        | The address of the originating issue, pull request or comment.                                                                                       |
+| `.Issue`           | models.Issue     | Always        | The issue (or pull request) originating the notification. To get data specific to a pull request (e.g. `HasMerged`), `.Issue.PullRequest` can be used, but care should be taken as this field will be `nil` if the issue is *not* a pull request. |
+| `.Comment`         | models.Comment   | If applicable | If the notification is from a comment added to an issue or pull request, this will contain the information about the comment.                        |
+| `.IsPull`          | bool             | Always        | `true` if the mail notification is associated with a pull request (i.e. `.Issue.PullRequest` is not `nil`).                                          |
+| `.Repo`            | string           | Always        | Name of the repository, including owner name (e.g. `mike/stuff`)                                                                                     |
+| `.User`            | models.User      | Always        | Owner of the repository from which the event originated. To get the user name (e.g. `mike`),`.User.Name` can be used.                                |
+| `.Doer`            | models.User      | Always        | User that executed the action triggering the notification event. To get the user name (e.g. `rhonda`), `.Doer.Name` can be used.                     |
+| `.IsMention`       | bool             | Always        | `true` if this notification was only generated because the user was mentioned in the comment, while not being subscribed to the source. It will be `false` if the recipient was subscribed to the issue or repository. |
+| `.SubjectPrefix`   | string           | Always        | `Re: ` if the notification is about other than issue or pull request creation; otherwise an empty string.                                            |
+| `.ActionType`      | string           | Always        | `"issue"` or `"pull"`. Will correspond to the actual _action type_ independently of which template was selected.                                     |
+| `.ActionName`      | string           | Always        | It will be one of the action types described above (`new`, `comment`, etc.), and will correspond to the actual _action name_ independently of which template was selected. |
+| `.ReviewComments`  | []models.Comment | Always        | List of code comments in a review. The comment text will be in `.RenderedContent` and the referenced code will be in `.Patch`.                       |
+
+All names are case sensitive.
+
+### The _subject_ part of the template
+
+The template engine used for the mail _subject_ is golang's [`text/template`](https://golang.org/pkg/text/template/).
+Please refer to the linked documentation for details about its syntax.
+
+The _subject_ is built using the following steps:
+
+* A template is selected according to the type of notification and to what templates are present.
+* The template is parsed and resolved (e.g. `{{.Issue.Index}}` is converted to the number of the issue
+  or pull request).
+* All space-like characters (e.g. `TAB`, `LF`, etc.) are converted to normal spaces.
+* All leading, trailing and redundant spaces are removed.
+* The string is truncated to its first 256 runes (characters).
+
+If the end result is an empty string, **or** no subject template was available (i.e. the selected template
+did not include a subject part), Gitea's **internal default** will be used.
+
+The internal default (fallback) subject is the equivalent of:
+
+```
+{{.SubjectPrefix}}[{{.Repo}}] {{.Issue.Title}} (#.Issue.Index)
+```
+
+For example: `Re: [mike/stuff] New color palette (#38)`
+
+Gitea's default subject can also be found in the template _metadata_ as `.FallbackSubject` from any of
+the two templates, even if a valid subject template is present.
+
+### The _mail body_ part of the template
+
+The template engine used for the _mail body_ is golang's [`html/template`](https://golang.org/pkg/html/template/).
+Please refer to the linked documentation for details about its syntax.
+
+The _mail body_ is parsed after the mail subject, so there is an additional _metadata_ field which is
+the actual rendered subject, after all considerations.
+
+The expected result is HTML (including structural elements like`<html>`, `<body>`, etc.). Styling
+through `<style>` blocks, `class` and `style` attributes is possible. However, `html/template`
+does some [automatic escaping](https://golang.org/pkg/html/template/#hdr-Contexts) that should be considered.
+
+Attachments (such as images or external style sheets) are not supported. However, other templates can
+be referenced too, for example to provide the contents of a `<style>` element in a centralized fashion.
+The external template must be placed under `custom/mail` and referenced relative to that directory.
+For example, `custom/mail/styles/base.tmpl` can be included using `{{template styles/base}}`.
+
+The mail is sent with `Content-Type: multipart/alternative`, so the body is sent in both HTML
+and text formats. The latter is obtained by stripping the HTML markup.
+
+## Troubleshooting
+
+How a mail is rendered is directly dependent on the capabilities of the mail application. Many mail
+clients don't even support HTML, so they show the text version included in the generated mail.
+
+If the template fails to render, it will be noticed only at the moment the mail is sent.
+A default subject is used if the subject template fails, and whatever was rendered successfully
+from the the _mail body_ is used, disregarding the rest.
+
+Please check [Gitea's logs](https://docs.gitea.io/en-us/logging-configuration/) for error messages in case of trouble.
+
+## Example
+
+`custom/templates/mail/issue/default.tmpl`:
+
+```
+[{{.Repo}}] @{{.Doer.Name}}
+{{if eq .ActionName "new"}}
+    created
+{{else if eq .ActionName "comment"}}
+    commented on
+{{else if eq .ActionName "close"}}
+    closed
+{{else if eq .ActionName "reopen"}}
+    reopened
+{{else}}
+    updated
+{{end}}
+{{if eq .ActionType "issue"}}
+    issue
+{{else}}
+    pull request
+{{end}}
+#{{.Issue.Index}}: {{.Issue.Title}}
+------------
+<!DOCTYPE html>
+<html>
+<head>
+    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+    <title>{{.Subject}}</title>
+</head>
+
+<body>
+    {{if .IsMention}}
+    <p>
+        You are receiving this because @{{.Doer.Name}} mentioned you.
+    </p>
+    {{end}}
+    <p>
+        <p>
+        <a href="{{AppURL}}/{{.Doer.LowerName}}">@{{.Doer.Name}}</a>
+        {{if not (eq .Doer.FullName "")}}
+            ({{.Doer.FullName}})
+        {{end}}
+        {{if eq .ActionName "new"}}
+            created
+        {{else if eq .ActionName "close"}}
+            closed
+        {{else if eq .ActionName "reopen"}}
+            reopened
+        {{else}}
+            updated
+        {{end}}
+        <a href="{{.Link}}">{{.Repo}}#{{.Issue.Index}}</a>.
+        </p>
+        {{if not (eq .Body "")}}
+            <h3>Message content:</h3>
+            <hr>
+            {{.Body | Str2html}}
+        {{end}}
+    </p>
+    <hr>
+    <p>
+        <a href="{{.Link}}">View it on Gitea</a>.
+    </p>
+</body>
+</html>
+```
+
+This template produces something along these lines:
+
+#### Subject
+
+> [mike/stuff] @rhonda commented on pull request #38: New color palette
+
+#### Mail body
+
+> [@rhonda](#) (Rhonda Myers) updated [mike/stuff#38](#).
+>
+> #### Message content:
+>
+> \__________________________________________________________________
+>
+> Mike, I think we should tone down the blues a little.  
+> \__________________________________________________________________
+> 
+> [View it on Gitea](#).
+
+## Advanced
+
+The template system contains several functions that can be used to further process and format
+the messages. Here's a list of some of them:
+
+| Name                 | Parameters  | Available | Usage                                                                        |
+|----------------------|-------------|-----------|------------------------------------------------------------------------------|
+| `AppUrl`             | -           | Any       | Gitea's URL                                                                  |
+| `AppName`            | -           | Any       | Set from `app.ini`, usually "Gitea"                                          |
+| `AppDomain`          | -           | Any       | Gitea's host name                                                            |
+| `EllipsisString`     | string, int | Any       | Truncates a string to the specified length; adds ellipsis as needed          |
+| `Str2html`           | string      | Body only | Sanitizes text by removing any HTML tags from it.                            |
+| `Safe`               | string      | Body only | Takes the input as HTML; can be used for `.ReviewComments.RenderedContent`.  |
+
+These are _functions_, not metadata, so they have to be used:
+
+```
+Like this:         {{Str2html "Escape<my>text"}}
+Or this:           {{"Escape<my>text" | Str2html}}
+Or this:           {{AppUrl}}
+But not like this: {{.AppUrl}}
+```

docs/content/doc/advanced/migrations.en-us.md

@@ -34,6 +34,7 @@ create a Downloader.
 ```Go
 type Downloader interface {
 	GetRepoInfo() (*Repository, error)
+	GetTopics() ([]string, error)
 	GetMilestones() ([]*Milestone, error)
 	GetReleases() ([]*Release, error)
 	GetLabels() ([]*Label, error)
@@ -67,6 +68,7 @@ type Uploader interface {
 	CreateComment(issueNumber int64, comment *Comment) error
 	CreatePullRequest(pr *PullRequest) error
 	Rollback() error
+	Close()
 }
 
-```
+```

docs/content/doc/advanced/repo-indexer.en-us.md

@@ -0,0 +1,58 @@
+---
+date: "2019-09-06T01:35:00-03:00"
+title: "Repository indexer"
+slug: "repo-indexer"
+weight: 45
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Repository indexer"
+    weight: 45
+    identifier: "repo-indexer"
+---
+
+# Repository indexer
+
+## Setting up the repository indexer
+
+Gitea can search through the files of the repositories by enabling this function in your [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/):
+
+```
+[indexer]
+; ...
+REPO_INDEXER_ENABLED = true
+REPO_INDEXER_PATH = indexers/repos.bleve
+UPDATE_BUFFER_LEN = 20
+MAX_FILE_SIZE = 1048576
+REPO_INDEXER_INCLUDE =
+REPO_INDEXER_EXCLUDE = resources/bin/**
+```
+
+Please bear in mind that indexing the contents can consume a lot of system resources, especially when the index is created for the first time or globally updated (e.g. after upgrading Gitea).
+
+### Choosing the files for indexing by size
+
+The `MAX_FILE_SIZE` option will make the indexer skip all files larger than the specified value.
+
+### Choosing the files for indexing by path
+
+Gitea applies glob pattern matching from the [`gobwas/glob` library](https://github.com/gobwas/glob) to choose which files will be included in the index.
+
+Limiting the list of files prevents the indexes from becoming polluted with derived or irrelevant files (e.g. lss, sym, map, etc.), so the search results are more relevant. It can also help reduce the index size.
+
+`REPO_INDEXER_INCLUDE` (default: empty) is a comma separated list of glob patterns to **include** in the index. An empty list means "_include all files_".
+`REPO_INDEXER_EXCLUDE` (default: empty) is a comma separated list of glob patterns to **exclude** from the index. Files that match this list will not be indexed. `REPO_INDEXER_EXCLUDE` takes precedence over `REPO_INDEXER_INCLUDE`.
+
+Pattern matching works as follows:
+
+* To match all files with a `.txt` extension no matter what directory, use `**.txt`.
+* To match all files with a `.txt` extension _only at the root level of the repository_, use `*.txt`.
+* To match all files inside `resources/bin` and below, use `resources/bin/**`.
+* To match all files _immediately inside_ `resources/bin`, use `resources/bin/*`.
+* To match all files named `Makefile`, use `**Makefile`.
+* Matching a directory has no effect; the pattern `resources/bin` will not include/exclude files inside that directory; `resources/bin/**` will.
+* All files and patterns are normalized to lower case, so `**Makefile`, `**makefile` and `**MAKEFILE` are equivalent.
+
+

docs/content/doc/advanced/search-engines-indexation.en-us.md

@@ -0,0 +1,39 @@
+---
+date: "2019-12-31T13:55:00+05:00"
+title: "Advanced: Search Engines Indexation"
+slug: "search-engines-indexation"
+weight: 30
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Search Engines Indexation"
+    weight: 60
+    identifier: "search-engines-indexation"
+---
+
+# Search engines indexation of your Gitea installation
+
+By default your Gitea installation will be indexed by search engines.
+If you don't want your repository to be visible for search engines read further.
+
+## Block search engines indexation using robots.txt
+
+To make Gitea serve a custom `robots.txt` (default: empty 404) for top level installations,
+create a file called `robots.txt` in the [`custom` folder or `CustomPath`]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}})
+
+Examples on how to configure the `robots.txt` can be found at [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt).
+
+
+```txt
+User-agent: *
+Disallow: /
+```
+
+If you installed Gitea in a subdirectory, you will need to create or edit the `robots.txt` in the top level directory.
+
+```txt
+User-agent: *
+Disallow: /gitea/
+```

docs/content/doc/advanced/signing.en-us.md

@@ -0,0 +1,163 @@
+---
+date: "2019-08-17T10:20:00+01:00"
+title: "GPG Commit Signatures"
+slug: "signing"
+weight: 20
+toc: false
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "GPG Commit Signatures"
+    weight: 20
+    identifier: "signing"
+---
+
+# GPG Commit Signatures
+
+Gitea will verify GPG commit signatures in the provided tree by
+checking if the commits are signed by a key within the gitea database,
+or if the commit matches the default key for git.
+
+Keys are not checked to determine if they have expired or revoked.
+Keys are also not checked with keyservers.
+
+A commit will be marked with a grey unlocked icon if no key can be
+found to verify it. If a commit is marked with a red unlocked icon,
+it is reported to be signed with a key with an id.
+
+Please note: The signer of a commit does not have to be an author or
+committer of a commit.
+
+This functionality requires git >= 1.7.9 but for full functionality
+this requires git >= 2.0.0.
+
+## Automatic Signing
+
+There are a number of places where Gitea will generate commits itself:
+
+* Repository Initialisation
+* Wiki Changes
+* CRUD actions using the editor or the API
+* Merges from Pull Requests
+
+Depending on configuration and server trust you may want Gitea to
+sign these commits.
+
+## General Configuration
+
+Gitea's configuration for signing can be found with the
+`[repository.signing]` section of `app.ini`:
+
+```ini
+...
+[repository.signing]
+SIGNING_KEY = default
+SIGNING_NAME =
+SIGNING_EMAIL =
+INITIAL_COMMIT = always
+CRUD_ACTIONS = pubkey, twofa, parentsigned
+WIKI = never
+MERGES = pubkey, twofa, basesigned, commitssigned
+
+...
+```
+
+### `SIGNING_KEY`
+
+The first option to discuss is the `SIGNING_KEY`. There are three main
+options:
+
+* `none` - this prevents Gitea from signing any commits
+* `default` - Gitea will default to the key configured within
+`git config`
+* `KEYID` - Gitea will sign commits with the gpg key with the ID
+`KEYID`. In this case you should provide a `SIGNING_NAME` and
+`SIGNING_EMAIL` to be displayed for this key.
+
+The `default` option will interrogate `git config` for
+`commit.gpgsign` option - if this is set, then it will use the results
+of the `user.signingkey`, `user.name` and `user.email` as appropriate.
+
+Please note: by adjusting git's `config` file within Gitea's
+repositories, `SIGNING_KEY=default` could be used to provide different
+signing keys on a per-repository basis. However, this is cleary not an
+ideal UI and therefore subject to change.
+
+### `INITIAL_COMMIT`
+
+This option determines whether Gitea should sign the initial commit
+when creating a repository. The possible values are:
+
+* `never`: Never sign
+* `pubkey`: Only sign if the user has a public key
+* `twofa`: Only sign if the user logs in with two factor authentication
+* `always`: Always sign
+
+Options other than `never` and `always` can be combined as a comma
+separated list.
+
+### `WIKI`
+
+This options determines if Gitea should sign commits to the Wiki.
+The possible values are:
+
+* `never`: Never sign
+* `pubkey`: Only sign if the user has a public key
+* `twofa`: Only sign if the user logs in with two factor authentication
+* `parentsigned`: Only sign if the parent commit is signed.
+* `always`: Always sign
+
+Options other than `never` and `always` can be combined as a comma
+separated list.
+
+### `CRUD_ACTIONS`
+
+This option determines if Gitea should sign commits from the web
+editor or API CRUD actions. The possible values are:
+
+* `never`: Never sign
+* `pubkey`: Only sign if the user has a public key
+* `twofa`: Only sign if the user logs in with two factor authentication
+* `parentsigned`: Only sign if the parent commit is signed.
+* `always`: Always sign
+
+Options other than `never` and `always` can be combined as a comma
+separated list.
+
+### `MERGES`
+
+This option determines if Gitea should sign merge commits from PRs.
+The possible options are:
+
+* `never`: Never sign
+* `pubkey`: Only sign if the user has a public key
+* `twofa`: Only sign if the user logs in with two factor authentication
+* `basesigned`: Only sign if the parent commit in the base repo is signed.
+* `headsigned`: Only sign if the head commit in the head branch is signed.
+* `commitssigned`: Only sign if all the commits in the head branch to the merge point are signed.
+* `approved`: Only sign approved merges to a protected branch.
+* `always`: Always sign
+
+Options other than `never` and `always` can be combined as a comma
+separated list.
+
+## Installing and generating a GPG key for Gitea
+
+It is up to a server administrator to determine how best to install
+a signing key. Gitea generates all its commits using the server `git`
+command at present - and therefore the server `gpg` will be used for
+signing (if configured.) Administrators should review best-practices
+for gpg - in particular it is probably advisable to only install a
+signing secret subkey without the master signing and certifying secret
+key.
+
+## Obtaining the Public Key of the Signing Key
+
+The public key used to sign Gitea's commits can be obtained from the API at:
+
+```/api/v1/signing-key.gpg```
+
+In cases where there is a repository specific key this can be obtained from:
+
+```/api/v1/repos/:username/:reponame/signing-key.gpg```

docs/content/doc/advanced/third-party-tools.en-us.md

@@ -19,10 +19,11 @@ menu:
 *This is by no means a complete list, so feel free to ask about adding more!*
 
 ### Continuous Integration
-[BuildKite Connector](https://github.com/techknowlogick/gitea-buildkite-connector)  
-[Jenkins Plugin](https://github.com/jenkinsci/gitea-plugin)  
-[Using Gitea with Drone](https://docs.drone.io/installation/gitea/)
 
+Check our [CI/CD page]({{< relref "doc/advanced/ci-cd.en-us.md" >}})
+
+### Internationalization 
+[Weblate](https://docs.weblate.org/en/latest/admin/continuous.html#gitea-setup)
 
 ### Migrating
 [Installation script for Gitea](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
@@ -34,3 +35,6 @@ menu:
 
 ###  Editor Extensions
  - [Gitea Extension for Visual Studio](https://github.com/maikebing/Gitea.VisualStudio)   Download from   [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio)
+ 
+ ### Project Management
+ - [YouTrack by JetBrains](https://blog.jetbrains.com/youtrack/2019/12/whats-new-in-youtrack-2019-3/)

docs/content/doc/advanced/third-party-tools.zh-cn.md

@@ -0,0 +1,36 @@
+---
+date: "2019-03-11T21:45:00+00:00"
+title: "高级: 第三方工具"
+slug: "third-party-tools"
+weight: 50
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "第三方工具"
+    weight: 50
+    identifier: "third-party-tools"
+---
+
+# 第三方工具列表
+**注意:** 这些工具并没有经过Gitea的检验，在这里列出它们只是为了便捷.
+
+*此列表并不是完整的列表，可以随时咨询如何添加!*
+
+### 持续集成
+[BuildKite 连接器](https://github.com/techknowlogick/gitea-buildkite-connector)  
+[Jenkins 插件](https://github.com/jenkinsci/gitea-plugin)  
+[Gitea搭配Drone](https://docs.drone.io/installation/gitea)
+
+
+### 迁移
+[Gitea安装脚本](https://git.coolaj86.com/coolaj86/gitea-installer.sh)  
+[GitHub迁移](https://gitea.com/gitea/migrator)
+
+
+### 移动端
+[安卓客户端GitNex](https://gitlab.com/mmarif4u/gitnex)
+
+###  编辑器扩展
+ - [Gitea的Visual Studio扩展](https://github.com/maikebing/Gitea.VisualStudio)    从   [Visual Studio 扩展市场](https://marketplace.visualstudio.com/items?itemName=MysticBoy.GiteaExtensionforVisualStudio) 下载

docs/content/doc/features/authentication.en-us.md

@@ -216,3 +216,42 @@ configure this, set the fields below:
 
 - Log in to Gitea as an Administrator and click on "Authentication" under Admin Panel.
   Then click `Add New Source` and fill in the details, changing all where appropriate.
+
+## SPNEGO with SSPI (Kerberos/NTLM, for Windows only)
+
+Gitea supports SPNEGO single sign-on authentication (the scheme defined by RFC4559) for the web part of the server via the Security Support Provider Interface (SSPI) built in Windows. SSPI works only in Windows environments - when both the server and the clients are running Windows.
+
+Before activating SSPI single sign-on authentication (SSO) you have to prepare your environment:
+
+- Create a separate user account in active directory, under which the `gitea.exe` process will be running (eg. `user` under domain `domain.local`):
+
+- Create a service principal name for the host where `gitea.exe` is running with class `HTTP`:
+  - Start `Command Prompt` or `PowerShell` as a priviledged domain user (eg. Domain Administrator)
+  - Run the command below, replacing `host.domain.local` with the fully qualified domain name (FQDN) of the server where the web application will be running, and `domain\user` with the name of the account created in the previous step:
+  ```
+    setspn -A HTTP/host.domain.local domain\user
+  ```
+
+- Sign in (*sign out if you were already signed in*) with the user created
+
+- Make sure that `ROOT_URL` in the `[server]` section of `custom/conf/app.ini` is the fully qualified domain name of the server where the web application will be running - the same you used when creating the service principal name (eg. `host.domain.local`)
+
+- Start the web server (`gitea.exe web`)
+
+- Enable SSPI authentication by adding an `SPNEGO with SSPI` authentication source in `Site Administration -> Authentication Sources`
+
+- Sign in to a client computer in the same domain with any domain user (client computer, different from the server running `gitea.exe`)
+
+- If you are using Chrome, Edge or Internet Explorer, add the URL of the web app to the Local intranet sites (`Internet Options -> Security -> Local intranet -> Sites`)
+
+- Start Chrome, Edge or Internet Explorer and navigate to the FQDN URL of gitea (eg. `http://host.domain.local:3000`)
+
+- Click the `Sign In` button on the dashboard and choose SSPI to be automatically logged in with the same user that is currently logged on to the computer
+
+- If it does not work, make sure that:
+  - You are not running the web browser on the same server where gitea is running. You should be running the web browser on a domain joined computer (client) that is different from the server. If both the client and server are runnning on the same computer NTLM will be prefered over Kerberos.
+  - There is only one `HTTP/...` SPN for the host
+  - The SPN contains only the hostname, without the port
+  - You have added the URL of the web app to the `Local intranet zone`
+  - The clocks of the server and client should not differ with more than 5 minutes (depends on group policy)
+  - `Integrated Windows Authentication` should be enabled in Internet Explorer (under `Advanced settings`)

docs/content/doc/features/comparison.en-us.md

@@ -62,12 +62,13 @@ _Symbols used in table:_
 | Granular user roles (Code, Issues, Wiki etc) | ✓ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Verified Committer | ✘ | ✘ | ? | ✓ | ✓ | ✓ | ✘ |
 | GPG Signed Commits | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
-| Reject unsigned commits | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ | ✓ |
+| Reject unsigned commits | [✘](https://github.com/go-gitea/gitea/issues/2770) | ✘ | ✓ | ✓ | ✓ | ✘ | ✓ |
 | Repository Activity page | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Branch manager | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Create new branches | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Web code editor | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Commit graph | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
+| Template Repositories | [✓](https://github.com/go-gitea/gitea/pull/8768) | ✘ | ✓ | ✘ | ✓ | ✓ | ✘ |
 
 #### Issue Tracker
 
@@ -105,6 +106,7 @@ _Symbols used in table:_
 | Revert specific commits or a merge request | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Pull/Merge requests templates | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Cherry-picking changes | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Download Patch | ✓ | ✘ | ✓ | ✓ | ✓ | [/](https://jira.atlassian.com/plugins/servlet/mobile#issue/BCLOUD-8323) | ✘ |
 
 
 #### 3rd-party integrations

docs/content/doc/features/gitea-directory.md

@@ -0,0 +1,56 @@
+---
+date: "2019-11-28:00:00+02:00"
+title: "The .gitea Directory"
+slug: "gitea-directory"
+weight: 40
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "features"
+    name: "The .gitea Directory"
+    weight: 50
+    identifier: "gitea-directory"
+---
+
+# The .gitea directory
+Gitea repositories can include a `.gitea` directory at their base which will store settings/configurations for certain features.
+
+## Templates
+Gitea includes template repositories, and one feature implemented with them is auto-expansion of specific variables within your template files.  
+To tell Gitea which files to expand, you must include a `template` file inside the `.gitea` directory of the template repository.  
+Gitea uses [gobwas/glob](https://github.com/gobwas/glob) for its glob syntax. It closely resembles a traditional `.gitignore`, however there may be slight differences.
+
+### Example `.gitea/template` file  
+All paths are relative to the base of the repository
+```gitignore
+# All .go files, anywhere in the repository
+**.go
+
+# All text files in the text directory
+text/*.txt
+
+# A specific file
+a/b/c/d.json
+
+# Batch files in both upper or lower case can be matched
+**.[bB][aA][tT]
+```
+**NOTE:** The `template` file will be removed from the `.gitea` directory when a repository is generated from the template.
+
+### Variable Expansion
+In any file matched by the above globs, certain variables will be expanded.  
+All variables must be of the form `$VAR` or `${VAR}`. To escape an expansion, use a double `$$`, such as `$$VAR` or `$${VAR}`
+
+| Variable             | Expands To                                          |
+|----------------------|-----------------------------------------------------|
+| REPO_NAME            | The name of the generated repository                |
+| TEMPLATE_NAME        | The name of the template repository                 |
+| REPO_DESCRIPTION     | The description of the generated repository         |
+| TEMPLATE_DESCRIPTION | The description of the template repository          |
+| REPO_LINK            | The URL to the generated repository                 |
+| TEMPLATE_LINK        | The URL to the template repository                  |
+| REPO_HTTPS_URL       | The HTTP(S) clone link for the generated repository |
+| TEMPLATE_HTTPS_URL   | The HTTP(S) clone link for the template repository  |
+| REPO_SSH_URL         | The SSH clone link for the generated repository     |
+| TEMPLATE_SSH_URL     | The SSH clone link for the template repository      |

docs/content/doc/features/webhooks.en-us.md

@@ -17,7 +17,15 @@ menu:
 
 Gitea supports web hooks for repository events. This can be found in the settings
 page `/:username/:reponame/settings/hooks`. All event pushes are POST requests.
-The two methods currently supported are Gitea and Slack.
+The methods currently supported are:
+
+- Gitea
+- Gogs
+- Slack
+- Discord
+- Dingtalk
+- Telegram
+- Microsoft Teams
 
 ### Event information
 
@@ -104,3 +112,75 @@ X-Gitea-Event: push
   }
 }
 ```
+
+### Example
+
+This is an example of how to use webhooks to run a php script upon push requests to the repository.
+In your repository Settings, under Webhooks, Setup a Gitea webhook as follows:
+
+- Target URL: http://mydomain.com/webhook.php
+- HTTP Method: POST
+- POST Content Type: application/json
+- Secret: 123
+- Trigger On: Push Events
+- Active: Checked
+
+Now on your server create the php file webhook.php
+
+```
+<?php
+
+$secret_key = '123';
+
+// check for POST request
+if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+    error_log('FAILED - not POST - '. $_SERVER['REQUEST_METHOD']);
+    exit();
+}
+
+// get content type
+$content_type = isset($_SERVER['CONTENT_TYPE']) ? strtolower(trim($_SERVER['CONTENT_TYPE'])) : '';
+
+if ($content_type != 'application/json') {
+    error_log('FAILED - not application/json - '. $content_type);
+    exit();
+}
+
+// get payload
+$payload = trim(file_get_contents("php://input"));
+
+if (empty($payload)) {
+    error_log('FAILED - no payload');
+    exit();
+}
+
+// get header signature
+$header_signature = isset($_SERVER['HTTP_X_GITEA_SIGNATURE']) ? $_SERVER['HTTP_X_GITEA_SIGNATURE'] : '';
+
+if (empty($header_signature)) {
+    error_log('FAILED - header signature missing');
+    exit();
+}
+
+// calculate payload signature
+$payload_signature = hash_hmac('sha256', $payload, $secret_key, false);
+
+// check payload signature against header signature
+if ($header_signature != $payload_signature) {
+    error_log('FAILED - payload signature');
+    exit();
+}
+
+// convert json to array
+$decoded = json_decode($payload, true);
+
+// check for json decode errors
+if (json_last_error() !== JSON_ERROR_NONE) {
+    error_log('FAILED - json decode - '. json_last_error());
+    exit();
+}
+
+// success, do something
+```
+
+There is a Test Delivery button in the webhook settings that allows to test the configuration as well as a list of the most Recent Deliveries.

docs/content/doc/help.en-us.md

@@ -2,12 +2,12 @@
 date: "2017-01-20T15:00:00+08:00"
 title: "Help"
 slug: "help"
-weight: 50
+weight: 5
 toc: false
 draft: false
 menu:
   sidebar:
     name: "Help"
-    weight: 50
+    weight: 5
     identifier: "help"
 ---

docs/content/doc/help.fr-fr.md

@@ -0,0 +1,13 @@
+---
+date: "2017-01-20T15:00:00+08:00"
+title: "Aide"
+slug: "help"
+weight: 5
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "Aide"
+    weight: 5
+    identifier: "help"
+---

docs/content/doc/help.zh-cn.md

@@ -2,12 +2,12 @@
 date: "2017-01-20T15:00:00+08:00"
 title: "帮助"
 slug: "help"
-weight: 50
+weight: 5
 toc: false
 draft: false
 menu:
   sidebar:
     name: "帮助"
-    weight: 50
+    weight: 5
     identifier: "help"
 ---

docs/content/doc/help.zh-tw.md

@@ -0,0 +1,13 @@
+---
+date: "2017-01-20T15:00:00+08:00"
+title: "救命"
+slug: "help"
+weight: 5
+toc: false
+draft: false
+menu:
+  sidebar:
+    name: "救命"
+    weight: 5
+    identifier: "help"
+---

docs/content/doc/help/faq.en-us.md

@@ -28,7 +28,8 @@ Also see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}})
 * [What is Swagger?](#what-is-swagger)
 * [Adjusting your server for public/private use](#adjusting-your-server-for-public-private-use)
   * [Preventing spammers](#preventing-spammers)
-  * [Only allow/block certain email domains](#only-allow-block-certain-email-domains)
+  * [Only allow certain email domains](#only-allow-certain-email-domains)
+  * [Only allow/block certain OpenID providers](#only-allow-block-certain-openid-providers)
   * [Issue only users](#issue-only-users)
   * [Enable Fail2ban](#enable-fail2ban)
 * [Adding custom themes](#how-to-add-use-custom-themes)
@@ -41,6 +42,9 @@ Also see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}})
   * [SSH Common Errors](#ssh-common-errors)
 * [Missing releases after migration repository with tags](#missing-releases-after-migrating-repository-with-tags)
 * [LFS Issues](#lfs-issues)
+* [How can I create users before starting Gitea](#how-can-i-create-users-before-starting-gitea)
+* [How can I enable password reset](#how-can-i-enable-password-reset)
+* [How can a user's password be changed](#how-can-a-user-s-password-be-changed)
 
 
 ## Difference between 1.x and 1.x.x downloads
@@ -133,8 +137,11 @@ There are multiple things you can combine to prevent spammers.
 2. Setting `ENABLE_CAPTCHA` to `true` in your `app.ini` and properly configuring `RECAPTCHA_SECRET` and `RECAPTCHA_SITEKEY`
 3. Settings `DISABLE_REGISTRATION` to `true` and creating new users via the [CLI]({{< relref "doc/usage/command-line.en-us.md" >}}), [API]({{< relref "doc/advanced/api-usage.en-us.md" >}}), or Gitea's Admin UI  
 
-### Only allow/block certain email domains
-If using OpenID, you can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` in your `app.ini`  
+### Only allow certain email domains
+You can configure `EMAIL_DOMAIN_WHITELIST` in your app.ini under `[service]`
+
+### Only allow/block certain OpenID providers
+You can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` under `[openid]` in your `app.ini`  
 **NOTE:** whitelisted takes precedence, so if it is non-blank then blacklisted is ignored
 
 ### Issue only users
@@ -268,3 +275,19 @@ Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.
 By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit. 
 
 You may want to set this value to `60m` or `120m`.
+
+## How can I create users before starting Gitea
+Gitea provides a sub-command `gitea migrate` to initialize the database, after which you can use the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}) to add users like normal.
+
+## How can I enable password reset
+There is no setting for password resets. It is enabled when a [mail service]({{< relref "doc/usage/email-setup.en-us.md" >}}) is configured, and disabled otherwise.
+
+## How can a user's password be changed
+- As an **admin**, you can change any user's password (and optionally force them to change it on next login)...
+  - By navigating to your `Site Administration -> User Accounts` page and editing a user.  
+  - By using the [admin CLI commands]({{< relref "doc/usage/command-line.en-us.md#admin" >}}).  
+  Keep in mind most commands will also need a [global flag]({{< relref "doc/usage/command-line.en-us.md#global-options" >}}) to point the CLI at the correct configuration.
+- As a **user** you can change it... 
+  - In your account `Settings -> Account` page (this method **requires** you to know your current password).
+  - By using the `Forgot Password` link.  
+   If the `Forgot Password/Account Recovery` page is disabled, please contact your administrator to configure a [mail service]({{< relref "doc/usage/email-setup.en-us.md" >}}).

docs/content/doc/help/search.en-us.md

@@ -0,0 +1,25 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "Search"
+slug: "search"
+weight: 4
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "Search"
+    weight: 4
+    identifier: "search"
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
+

docs/content/doc/help/search.fr-fr.md

@@ -0,0 +1,25 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "Chercher"
+slug: "search"
+weight: 4
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "Chercher"
+    weight: 4
+    identifier: "search"
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
+

docs/content/doc/help/search.zh-cn.md

@@ -0,0 +1,25 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "搜索"
+slug: "search"
+weight: 4
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "搜索"
+    weight: 4
+    identifier: "search"
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
+

docs/content/doc/help/search.zh-tw.md

@@ -0,0 +1,25 @@
+---
+date: "2019-11-12T16:00:00+02:00"
+title: "搜索"
+slug: "search"
+weight: 4
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "搜索"
+    weight: 4
+    identifier: "search"
+sitemap:
+  priority : 0.1
+layout: "search"
+---
+
+
+This file exists solely to respond to /search URL with the related `search` layout template.
+
+No content shown here is rendered, all content is based in the template layouts/doc/search.html
+
+Setting a very low sitemap priority will tell search engines this is not important content.
+

docs/content/doc/help/seek-help.en-us.md

@@ -33,4 +33,4 @@ If you found a bug, please create an [issue on GitHub](https://github.com/go-git
 
 ## Chinese Support
 
-Support for the Chinese language is provided at [gocn.io](https://gocn.io/topic/Gitea).
+Support for the Chinese language is provided at [gocn.vip](https://gocn.vip/topic/gitea).

docs/content/doc/help/seek-help.zh-cn.md

@@ -18,6 +18,6 @@ menu:
 如果您在使用或者开发过程中遇到问题，请到以下渠道咨询：
 
 - 到[Github issue](https://github.com/go-gitea/gitea/issues)提问(因为项目维护人员来自世界各地，为保证沟通顺畅，请使用英文提问)
-- 中文问题到[gocn.io](https://gocn.io/topic/Gitea)提问
+- 中文问题到[gocn.vip](https://gocn.vip/topic/gitea)提问
 - 访问 [Discord server - 英文](https://discord.gg/NsatcWJ)
 - 加入 QQ群 328432459 获得进一步的支持

docs/content/doc/installation/from-binary.en-us.md

@@ -21,7 +21,7 @@ the destination platform from the [downloads page](https://dl.gitea.io/gitea/),
 the URL and replace the URL within the commands below:
 
 ```sh
-wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```
 
@@ -30,7 +30,7 @@ Gitea signs all binaries with a [GPG key](https://pgp.mit.edu/pks/lookup?op=vind
 
 ```sh
 gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
-gpg --verify gitea-1.8.3-linux-amd64.asc gitea-1.8.3-linux-amd64
+gpg --verify gitea-{{< version >}}-linux-amd64.asc gitea-{{< version >}}-linux-amd64
 ```
 
 ## Test
@@ -44,7 +44,7 @@ location. When launched manually, Gitea can be killed using `Ctrl+C`.
 
 ## Recommended server configuration
 
-**NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/specific-variables.en-us.md" >}}) as well!  
+**NOTE:** Many of the following directories can be configured using [Environment Variables]({{< relref "doc/advanced/specific-variables.en-us.md" >}}) as well!
 Of note, configuring `GITEA_WORK_DIR` will tell Gitea where to base its working directory, as well as ease installation.
 
 ### Prepare environment
@@ -80,7 +80,7 @@ chmod 770 /etc/gitea
 **NOTE:** `/etc/gitea` is temporary set with write rights for user `git` so that Web installer could write configuration file. After installation is done, it is recommended to set rights to read-only using:
 ```
 chmod 750 /etc/gitea
-chmod 644 /etc/gitea/app.ini
+chmod 640 /etc/gitea/app.ini
 ```
 If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group `root:root`, mode `0660`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.
 
@@ -113,16 +113,16 @@ GITEA_WORK_DIR=/var/lib/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
 
 ## Updating to a new version
 
-You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance. 
-The binary file name should not be changed during the update to avoid problems 
-in existing repositories. 
+You can update to a new version of Gitea by stopping Gitea, replacing the binary at `/usr/local/bin/gitea` and restarting the instance.
+The binary file name should not be changed during the update to avoid problems
+in existing repositories.
 
 It is recommended you do a [backup]({{< relref "doc/usage/backup-and-restore.en-us.md" >}}) before updating your installation.
 
-If you have carried out the installation steps as described above, the binary should 
-have the generic name `gitea`. Do not change this, i.e. to include the version number. 
+If you have carried out the installation steps as described above, the binary should
+have the generic name `gitea`. Do not change this, i.e. to include the version number.
 
-See below for troubleshooting instructions to repair broken repositories after 
+See below for troubleshooting instructions to repair broken repositories after
 an update of your Gitea version.
 
 ## Troubleshooting
@@ -145,7 +145,7 @@ is already running.
 
 ### Running Gitea on Raspbian
 
-As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices. 
+As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices.
 
 It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
 
@@ -154,18 +154,18 @@ please remove after fixing the arm7 bug
 --->
 ### Git error after updating to a new version of Gitea
 
-If the binary file name has been changed during the update to a new version of Gitea, 
-git hooks in existing repositories will not work any more. In that case, a git 
+If the binary file name has been changed during the update to a new version of Gitea,
+git hooks in existing repositories will not work any more. In that case, a git
 error will be displayed when pushing to the repository.
 
 ```
 remote: ./hooks/pre-receive.d/gitea: line 2: [...]: No such file or directory
 ```
 
-The `[...]` part of the error message will contain the path to your previous Gitea 
+The `[...]` part of the error message will contain the path to your previous Gitea
 binary.
 
-To solve this, go to the admin options and run the task `Resynchronize pre-receive, 
+To solve this, go to the admin options and run the task `Resynchronize pre-receive,
 update and post-receive hooks of all repositories` to update all hooks to contain
 the new binary path. Please note that this overwrite all git hooks including ones
 with customizations made.

docs/content/doc/installation/from-binary.fr-fr.md

@@ -18,7 +18,7 @@ menu:
 Tous les binaires sont livrés avec le support de SQLite, MySQL et PostgreSQL, et sont construits avec les ressources incorporées. Gardez à l'esprit que cela peut être différent pour les versions antérieures. L'installation basée sur nos binaires est assez simple, il suffit de choisir le fichier correspondant à votre plateforme à partir de la [page de téléchargement](https://dl.gitea.io/gitea). Copiez l'URL et remplacer l'URL dans les commandes suivantes par la nouvelle:
 
 ```
-wget -O gitea https://dl.gitea.io/gitea/1.3.2/gitea-1.3.2-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```
 

docs/content/doc/installation/from-binary.zh-cn.md

@@ -18,7 +18,7 @@ menu:
 所有下载均包括 SQLite, MySQL 和 PostgreSQL 的支持，同时所有资源均已嵌入到可执行程序中，这一点和老版本有所不同。 基于二进制的安装非常简单，只要从 [下载页面](https://dl.gitea.io/gitea) 选择对应平台，拷贝下载URL，执行以下命令即可（以Linux为例）：
 
 ```
-wget -O gitea https://dl.gitea.io/gitea/1.3.2/gitea-1.3.2-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```
 

docs/content/doc/installation/from-binary.zh-tw.md

@@ -18,7 +18,7 @@ menu:
 所有的執行檔皆支援 SQLite, MySQL and PostgreSQL，且所有檔案都已經包在執行檔內，這一點跟之前的版本有所不同。關於執行檔的安裝方式非常簡單，只要從[下載頁面](https://dl.gitea.io/gitea)選擇相對應平台，複製下載連結，使用底下指令就可以完成了:
 
 ```
-wget -O gitea https://dl.gitea.io/gitea/1.3.2/gitea-1.3.2-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/{{< version >}}/gitea-{{< version >}}-linux-amd64
 chmod +x gitea
 ```
 

docs/content/doc/installation/from-source.en-us.md

@@ -21,13 +21,17 @@ environment variable and to add the go bin directory or directories
 `${GOPATH//://bin:}/bin` to the `$PATH`. See the Go wiki entry for
 [GOPATH](https://github.com/golang/go/wiki/GOPATH).
 
+Next, [install Node.js with npm](https://nodejs.org/en/download/) which is
+required to build the JavaScript and CSS files. The minimum supported Node.js
+version is 10 and the latest LTS version is recommended.
+
 **Note**: When executing make tasks that require external tools, like
 `make misspell-check`, Gitea will automatically download and build these as
 necessary. To be able to use these, you must have the `"$GOPATH/bin"` directory
 on the executable path. If you don't add the go bin directory to the
 executable path, you will have to manage this yourself.
 
-**Note 2**: Go version 1.9 or higher is required. However, it is recommended to
+**Note 2**: Go version 1.11 or higher is required. However, it is recommended to
 obtain the same version as our continuous integration, see the advice given in
 <a href='{{< relref "doc/advanced/hacking-on-gitea.en-us.md" >}}'>Hacking on
 Gitea</a>
@@ -53,7 +57,7 @@ To work with tagged releases, the following commands can be used:
 
 ```bash
 git branch -a
-git checkout v1.0
+git checkout v{{< version >}}
 ```
 
 To validate a Pull Request, first enable the new branch (`xyz` is the PR id;
@@ -63,21 +67,24 @@ for example `2663` for [#2663](https://github.com/go-gitea/gitea/pull/2663)):
 git fetch origin pull/xyz/head:pr-xyz
 ```
 
-To build Gitea from source at a specific tagged release (like v1.0.0), list the
+To build Gitea from source at a specific tagged release (like v{{< version >}}), list the
 available tags and check out the specific tag.
 
 List available tags with the following.
 
 ```bash
 git tag -l
-git checkout v1.0.0  # or git checkout pr-xyz
+git checkout v{{< version >}}  # or git checkout pr-xyz
 ```
 
 ## Build
 
-Since all required libraries are already bundled in the Gitea source, it's
-possible to build Gitea with no additional downloads apart from Make
-<a href='{{< relref "doc/advanced/make.en-us.md" >}}'>(See here how to get Make)</a>.
+To build from source, the following programs must be present on the system:
+
+- `go` 1.11.0 or higher, see [here](https://golang.org/dl/)
+- `node` 10.0.0 or higher with `npm`, see [here](https://nodejs.org/en/download/)
+- `make`, see <a href='{{< relref "doc/advanced/make.en-us.md" >}}'>here</a>
+
 Various [make tasks](https://github.com/go-gitea/gitea/blob/master/Makefile)
 are provided to keep the build process as simple as possible.
 
@@ -93,11 +100,10 @@ Depending on requirements, the following build tags can be included.
 
 Bundling assets into the binary using the `bindata` build tag can make
 development and testing easier, but is not ideal for a production deployment.
-To include assets, they must be built separately using the `generate` make
-task e.g.:
+To include assets, add the `bindata` tag:
 
 ```bash
-TAGS="bindata" make generate build
+TAGS="bindata" make build
 ```
 
 In the default release build of our continuous integration system, the build
@@ -105,7 +111,7 @@ tags are: `TAGS="bindata sqlite sqlite_unlock_notify"`. The simplest
 recommended way to build from source is therefore:
 
 ```bash
-TAGS="bindata sqlite sqlite_unlock_notify" make generate build
+TAGS="bindata sqlite sqlite_unlock_notify" make build
 ```
 
 ## Test
@@ -118,12 +124,12 @@ launched manually from command line, it can be killed by pressing `Ctrl + C`.
 ./gitea web
 ```
 
-## Changing the default CustomPath, CustomConf and AppWorkDir
+## Changing the default CustomPath, CustomConf and AppWorkPath
 
 Gitea will search for a number of things from the `CustomPath`. By default this is
 the `custom/` directory in the current working directory when running Gitea. It will also
 look for its configuration file `CustomConf` in `$CustomPath/conf/app.ini`, and will use the
-current working directory as the relative base path `AppWorkDir` for a number configurable
+current working directory as the relative base path `AppWorkPath` for a number configurable
 values.
 
 These values, although useful when developing, may conflict with downstream users preferences.
@@ -134,7 +140,7 @@ using the `LDFLAGS` environment variable for `make`. The appropriate settings ar
 
 * To set the `CustomPath` use `LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=custom-path\""`
 * For `CustomConf` you should use `-X \"code.gitea.io/gitea/modules/setting.CustomConf=conf.ini\"`
-* For `AppWorkDir` you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkDir=working-directory\"`
+* For `AppWorkPath` you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkPath=working-path\"`
 
 Add as many of the strings with their preceding `-X` to the `LDFLAGS` variable and run `make build`
 with the appropriate `TAGS` as above.

docs/content/doc/installation/from-source.fr-fr.md

@@ -35,7 +35,7 @@ Si vous souhaitez compiler la dernière version stable, utilisez les étiquettes
 
 ```
 git branch -a
-git checkout v1.0
+git checkout v{{< version >}}
 ```
 
 Si vous souhaitez valider une demande d'ajout (_Pull request_), vous devez activer cette branche en premier : 
@@ -44,11 +44,11 @@ Si vous souhaitez valider une demande d'ajout (_Pull request_), vous devez activ
 git fetch origin pull/xyz/head:pr-xyz  # xyz is PR value
 ```
 
-Enfin, vous pouvez directement utiliser les versions étiquettées (ex : `v1.0.0`). Pour utiliser les étiquettes, vous devez lister les étiquettes disponibles et choisir une étiquette spécifique avec les commandes suivantes :
+Enfin, vous pouvez directement utiliser les versions étiquettées (ex : `v{{< version >}}`). Pour utiliser les étiquettes, vous devez lister les étiquettes disponibles et choisir une étiquette spécifique avec les commandes suivantes :
 
 ```
 git tag -l
-git checkout v1.0.0
+git checkout v{{< version >}}
 git checkout pr-xyz
 ```
 
@@ -60,10 +60,10 @@ Comme nous regroupons déjà toutes les bibliothèques requises pour compiler Gi
 * `sqlite sqlite_unlock_notify`: Active la prise en charge d'une base de données [SQLite3](https://sqlite.org/), ceci n'est recommandé que pour les petites installations de Gitea.
 * `pam`: Active la prise en charge de PAM (mLinux Pluggable Authentication Modules), très utile si vos utilisateurs doivent être authentifiés avec les comptes du système.
 
-Il est temps de compiler le binaire, nous suggérons d'intégrer les ressources avec l'option de compilation `bindata`. Pour inclure les ressources, vous devrez également exécuter la tâche Make `generate`. Dans le cas échéant, les ressources ne pourront pas être intégrées:
+Il est temps de compiler le binaire, nous suggérons d'intégrer les ressources avec l'option de compilation `bindata`:
 
 ```
-TAGS="bindata" make generate build
+TAGS="bindata" make build
 ```
 
 ## Test

docs/content/doc/installation/from-source.zh-cn.md

@@ -32,42 +32,44 @@ cd $GOPATH/src/code.gitea.io/gitea
 
 ```
 git branch -a
-git checkout v1.0
+git checkout v{{< version >}}
 ```
 
-最后，你也可以直接使用标签版本如 `v1.0.0`。你可以执行以下命令列出可用的版本并选择某个版本签出：
+最后，你也可以直接使用标签版本如 `v{{< version >}}`。你可以执行以下命令列出可用的版本并选择某个版本签出：
 
 ```
 git tag -l
-git checkout v1.0.0
+git checkout v{{< version >}}
 ```
 
 ## 编译
 
-我们已经将所有的依赖项拷贝到本工程，我们提供了一些 [编译选项](https://github.com/go-gitea/gitea/blob/master/Makefile) 来让编译更简单。你可以按照你的需求来设置编译开关，可用编译选项如下：
+要从源代码进行编译，以下依赖程序必须事先安装好：
+
+- `go` 1.11.0 或以上版本, 详见 [here](https://golang.org/dl/)
+- `node` 10.0.0 或以上版本，并且安装 `npm`, 详见 [here](https://nodejs.org/en/download/)
+- `make`, 详见 <a href='{{< relref "make.zh-cn.md" >}}'>这里</a>
+
+各种可用的 [make 任务](https://github.com/go-gitea/gitea/blob/master/Makefile)
+可以用来使编译过程更方便。
+
+按照您的编译需求，以下 tags 可以使用：
 
 * `bindata`: 这个编译选项将会把运行Gitea所需的所有外部资源都打包到可执行文件中，这样部署将非常简单因为除了可执行程序将不再需要任何其他文件。
 * `sqlite sqlite_unlock_notify`: 这个编译选项将启用SQLite3数据库的支持，建议只在少数人使用时使用这个模式。
 * `pam`: 这个编译选项将会启用 PAM (Linux Pluggable Authentication Modules) 认证，如果你使用这一认证模式的话需要开启这个选项。
 
-我们支持两种方式进行编译，Make 工具 和 Go 工具。不过我们推荐使用 Make工具，因为他将会给出更多的编译选项。
+使用 bindata 可以打包资源文件到二进制可以使开发和测试更容易，你可以根据自己的需求决定是否打包资源文件。
+要包含资源文件，请使用 `bindata` tag：
 
-**Note**: We recommend the Go version 1.6 or higher because we are using vendoring and we don't set the required env variable for 1.5 anywhere.
-
-* Make 工具
-
-这个编译方式要求你先安装Make工具，关于Make工具的安装你可以参考Make相关资料。同样如果要使用bindata选项，你可能需要先执行make generate：
-
-```
-TAGS="bindata" make generate build
+```bash
+TAGS="bindata" make build
 ```
 
-* Go 工具
+默认的发布版本中的编译选项是： `TAGS="bindata sqlite sqlite_unlock_notify"`。以下为推荐的编译方式：
 
-使用 Go 工具编译需要你至少安装了Go 1.5以上版本并且将 govendor 的支持打开。执行命令如下：
-
-```
-go build
+```bash
+TAGS="bindata sqlite sqlite_unlock_notify" make build
 ```
 
 ## 测试

docs/content/doc/installation/from-source.zh-tw.md

@@ -32,14 +32,14 @@ cd $GOPATH/src/code.gitea.io/gitea
 
 ```
 git branch -a
-git checkout v1.0
+git checkout v{{< version >}}
 ```
 
-最後您也可以直接編譯最新的標籤版本像是 `v1.0.0`，假如您想要從原始碼編譯，這方法是最合適的，在編譯標籤版本前，您需要列出當下所有標籤，並且直接切換到標籤版本，請使用底下指令：:
+最後您也可以直接編譯最新的標籤版本像是 `v{{< version >}}`，假如您想要從原始碼編譯，這方法是最合適的，在編譯標籤版本前，您需要列出當下所有標籤，並且直接切換到標籤版本，請使用底下指令：:
 
 ```
 git tag -l
-git checkout v1.0.0
+git checkout v{{< version >}}
 ```
 
 ## 編譯
@@ -50,10 +50,10 @@ git checkout v1.0.0
 * `sqlite sqlite_unlock_notify`: 使用此標籤來啟用 [SQLite3](https://sqlite.org/) 資料庫，建議只有少數人時才使用此模式。
 * `pam`: 使用此標籤來啟用 PAM (Linux Pluggable Authentication Modules) 認證，對於系統使用者來說，此方式最方便了。
 
-現在您可以開始編譯執行檔了，我們建議使用 `bindata` 編譯選項，使用 `bindata` 選項前，您必須執行 `generate` 任務將所有資源都一起編譯進去，否則相關資源都不會被編譯進執行檔:
+現在您可以開始編譯執行檔了，我們建議使用 `bindata` 編譯選項:
 
 ```
-TAGS="bindata" make generate build
+TAGS="bindata" make build
 ```
 
 **注意**: 因為使用了套件管理工具，我們建議 Go 環境版本為 1.6 或者是更高，這樣不用在 Go 1.5 版本設定全域變數 `GO15VENDOREXPERIMENT`。

docs/content/doc/installation/windows-service.en-us.md

@@ -40,7 +40,7 @@ To register Gitea as a Windows service, open a command prompt (cmd) as an Admini
 then run the following command:
 
 ```
-sc create gitea start= auto binPath= ""C:\gitea\gitea.exe" web --config "C:\gitea\custom\conf\app.ini""
+sc.exe create gitea start= auto binPath= "\"C:\gitea\gitea.exe\" web --config \"C:\gitea\custom\conf\app.ini\""
 ```
 
 Do not forget to replace `C:\gitea` with the correct Gitea directory.
@@ -54,5 +54,5 @@ that was configured).
 To unregister Gitea as a service, open a command prompt (cmd) as an Administrator and run:
 
 ```
-sc delete gitea
+sc.exe delete gitea
 ```

docs/content/doc/installation/windows-service.fr-fr.md

@@ -18,7 +18,7 @@ menu:
 Pour activer le service Windows Gitea, ouvrez une `cmd` en tant qu'Administrateur puis utilisez la commande suivante :
 
 ```
-sc create gitea start= auto binPath= ""C:\gitea\gitea.exe" web --config "C:\gitea\custom\conf\app.ini""
+sc create gitea start= auto binPath= "\"C:\gitea\gitea.exe\" web --config \"C:\gitea\custom\conf\app.ini\""
 ```
 
 N'oubliez pas de remplacer `C:\gitea` par le chemin que vous avez utilisez pour votre installation.

docs/content/doc/installation/windows-service.zh-cn.md

@@ -18,7 +18,7 @@ menu:
 要注册为Windows服务，首先以Administrator身份运行 `cmd`，然后执行以下命令：
 
 ```
-sc create gitea start= auto binPath= ""C:\gitea\gitea.exe" web --config "C:\gitea\custom\conf\app.ini""
+sc create gitea start= auto binPath= "\"C:\gitea\gitea.exe\" web --config \"C:\gitea\custom\conf\app.ini\""
 ```
 
 别忘了将 `C:\gitea` 替换成你的 Gitea 安装目录。

docs/content/doc/installation/windows-service.zh-tw.md

@@ -18,7 +18,7 @@ menu:
 要註冊為 Windows 服務，首先要以管理者身份執行 `cmd`，跳出命令列視窗後執行底下指令：
 
 ```
-sc create gitea start= auto binPath= ""C:\gitea\gitea.exe" web --config "C:\gitea\custom\conf\app.ini""
+sc create gitea start= auto binPath= "\"C:\gitea\gitea.exe\" web --config \"C:\gitea\custom\conf\app.ini\""
 ```
 
 別忘記將 `C:\gitea` 取代為您的 Gitea 安裝路徑。

docs/content/doc/installation/with-docker.en-us.md

@@ -31,7 +31,7 @@ Create a directory like `gitea` and paste the following content into a file name
 Note that the volume should be owned by the user/group with the UID/GID specified in the config file.
 If you don't give the volume correct permissions, the container may not start.
 Also be aware that the tag `:latest` will install the current development version.
-For a stable release you can use `:1` or specify a certain release like `:1.5.1`.
+For a stable release you can use `:1` or specify a certain release like `:{{< version >}}`.
 
 ```yaml
 version: "2"
@@ -51,6 +51,8 @@ services:
       - gitea
     volumes:
       - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
       - "3000:3000"
       - "222:22"
@@ -80,6 +82,8 @@ services:
       - gitea
     volumes:
       - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
 -      - "3000:3000"
 -      - "222:22"
@@ -115,6 +119,8 @@ services:
       - gitea
     volumes:
       - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
      ports:
        - "3000:3000"
        - "222:22"
@@ -163,6 +169,8 @@ services:
       - gitea
     volumes:
       - ./gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
       - "3000:3000"
       - "222:22"
@@ -209,6 +217,8 @@ services:
     volumes:
 -      - ./gitea:/data
 +      - gitea:/data
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
     ports:
       - "3000:3000"
       - "222:22"
@@ -245,6 +255,7 @@ You can configure some of Gitea's settings via environment variables:
 * `RUN_MODE`: **dev**: For performance and other purposes, change this to `prod` when deployed to a production environment.
 * `SSH_DOMAIN`: **localhost**: Domain name of this server, used for the displayed clone URL in Gitea's UI.
 * `SSH_PORT`: **22**: SSH port displayed in clone URL.
+* `SSH_LISTEN_PORT`: **%(SSH\_PORT)s**: Port for the built-in SSH server.
 * `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 * `HTTP_PORT`: **3000**: HTTP listen port.
 * `ROOT_URL`: **""**: Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match (e.g. in Docker).
@@ -305,6 +316,8 @@ UID/GID as the container values `USER_UID`/`USER_GID`. You should also create th
         - gitea
       volumes:
         - /var/lib/gitea:/data
+        - /etc/timezone:/etc/timezone:ro
+        - /etc/localtime:/etc/localtime:ro
       ports:
         - "3000:3000"
         - "127.0.0.1:2222:22"

docs/content/doc/upgrade/from-gogs.en-us.md

@@ -21,7 +21,7 @@ There are some basic steps to follow. On a Linux system run as the Gogs user:
 
 * Create a Gogs backup with `gogs backup`. This creates `gogs-backup-[timestamp].zip` file
   containing all important Gogs data. You would need it if you wanted to move to the `gogs` back later.
-* Download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea).
+* Download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea/).
  It should be `1.0.x` version. Migrating from `gogs` to any other version is impossible.
 * Put the binary at the desired install location.
 * Copy `gogs/custom/conf/app.ini` to `gitea/custom/conf/app.ini`.
@@ -74,6 +74,11 @@ After successful migration from `gogs` to `gitea 1.0.x`, it is possible to upgra
 Simply download the file matching the destination platform from the [downloads page](https://dl.gitea.io/gitea)
 and replace the binary.
 
+## Upgrading from a more recent version of Gogs
+
+Upgrading from a more recent version of Gogs is also possible, but requires a bit more work. 
+See [#4286](https://github.com/go-gitea/gitea/issues/4286).
+
 ## Troubleshooting
 
 * If errors are encountered relating to custom templates in the `gitea/custom/templates`

docs/content/doc/upgrade/from-gogs.zh-cn.md

@@ -23,4 +23,4 @@ menu:
 * 如果你还有更多的自定义内容，比如templates和localization文件，你需要手工合并你的修改到 Gitea 的 Options 下对应目录。
 * 拷贝 Gogs 的数据目录 `data/` 到 Gitea 相应位置。这个目录包含附件和头像文件。
 * 运行 Gitea
-* 登陆 Gitea 并进入 管理面板, 运行 `重新生成 '.ssh/authorized_keys' 文件（警告：不是 Gitea 的密钥也会被删除）` 和 `重新生成所有仓库的 Update 钩子（用于自定义配置文件被修改）`。
+* 登录 Gitea 并进入 管理面板, 运行 `重新生成 '.ssh/authorized_keys' 文件（警告：不是 Gitea 的密钥也会被删除）` 和 `重新生成所有仓库的 Update 钩子（用于自定义配置文件被修改）`。

docs/content/doc/usage/backup-and-restore.en-us.md

@@ -79,3 +79,9 @@ mysql -u$USER -p$PASS $DATABASE <gitea-db.sql
 # or  sqlite3 $DATABASE_PATH <gitea-db.sql
 service gitea restart
 ```
+
+Repository git-hooks should be regenerated if installation method is changed (eg. binary -> Docker), or if Gitea is installed to a different directory than the previous installation.
+
+With Gitea running, and from the directory Gitea's binary is located, execute: `./gitea admin regenerate hooks`
+
+This ensures that application and configuration file paths in repository git-hooks are consistent and applicable to the current installation. If these paths are not updated, repository `push` actions will fail.

docs/content/doc/usage/command-line.en-us.md

@@ -46,7 +46,7 @@ Starts the server:
     - `gitea web --port 80`
     - `gitea web --config /etc/gitea.ini --pid /var/run/gitea.pid`
 - Notes:
-    - Gitea should not be run as root. To bind to a port below 1000, you can use setcap on
+    - Gitea should not be run as root. To bind to a port below 1024, you can use setcap on
       Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be
       redone every time you update Gitea.
 
@@ -281,3 +281,11 @@ provided key. You should also set the value
 NB: opensshd requires the gitea program to be owned by root and not
 writable by group or others. The program must be specified by an absolute
 path.
+NB: Gitea must be running for this command to succeed.
+
+#### migrate
+Migrates the database. This command can be used to run other commands before starting the server for the first time.  
+This command is idempotent.
+
+#### convert
+Converts an existing MySQL database from utf8 to utf8mb4.

docs/content/doc/usage/email-setup.en-us.md

@@ -0,0 +1,33 @@
+---
+date: "2019-10-15T10:10:00+05:00"
+title: "Usage: Email setup"
+slug: "email-setup"
+weight: 12
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Email setup"
+    weight: 12
+    identifier: "email-setup"
+---
+
+# Email setup
+
+- To use Gitea's built-in Email support, update the `app.ini` config file [mailer] section:
+
+```ini
+[mailer]
+ENABLED = true
+HOST    = mail.mydomain.com:587
+FROM    = gitea@mydomain.com
+USER    = gitea@mydomain.com
+PASSWD  = `password`
+```
+
+- Restart Gitea for the configuration changes to take effect.
+
+- To send a test email to validate the settings, go to Gitea > Site Administration > Configuration > SMTP Mailer Configuration.
+
+For the full list of options check the [Config Cheat Sheet]({{< relref "doc/advanced/config-cheat-sheet.en-us.md" >}})

docs/content/doc/usage/fail2ban-setup.md

@@ -13,7 +13,7 @@ menu:
     identifier: "fail2ban-setup"
 ---
 
-# Fail2ban setup to block users after failed login attemts
+# Fail2ban setup to block users after failed login attempts
 
 **Remember that fail2ban is powerful and can cause lots of issues if you do it incorrectly, so make 
 sure to test this before relying on it so you don't lock yourself out.**
@@ -26,7 +26,7 @@ on a bad authentication:
 2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx
 ```
 
-So we set our filter in `/etc/fail2ban/filter.d/gitea.conf`:
+Add our filter in `/etc/fail2ban/filter.d/gitea.conf`:
 
 ```ini
 # gitea.conf
@@ -35,12 +35,11 @@ failregex =  .*Failed authentication attempt for .* from <HOST>
 ignoreregex =
 ```
 
-And configure it in `/etc/fail2ban/jail.d/jail.local`:
+Add our jail in `/etc/fail2ban/jail.d/gitea.conf`:
 
 ```ini
 [gitea]
 enabled = true
-port = http,https
 filter = gitea
 logpath = /home/git/gitea/log/gitea.log
 maxretry = 10
@@ -49,6 +48,23 @@ bantime = 900
 action = iptables-allports
 ```
 
+If you're using Docker, you'll also need to add an additional jail to handle the **FORWARD** 
+chain in **iptables**. Configure it in `/etc/fail2ban/jail.d/gitea-docker.conf`:
+
+```ini
+[gitea-docker]
+enabled = true
+filter = gitea
+logpath = /home/git/gitea/log/gitea.log
+maxretry = 10
+findtime = 3600
+bantime = 900
+action = iptables-allports[chain="FORWARD"]
+```
+
+Then simply run `service fail2ban restart` to apply your changes. You can check to see if 
+fail2ban has accepted your configuration using `service fail2ban status`.
+
 Make sure and read up on fail2ban and configure it to your needs, this bans someone 
 for **15 minutes** (from all ports) when they fail authentication 10 times in an hour.
 

docs/content/doc/usage/git-lfs-support.md

@@ -0,0 +1,26 @@
+---
+date: "2019-10-06T08:00:00+05:00"
+title: "Usage: Git LFS setup"
+slug: "git-lfs-setup"
+weight: 12
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Git LFS setup"
+    weight: 12
+    identifier: "git-lfs-setup"
+---
+
+# Git Large File Storage setup
+
+To use Gitea's built-in LFS support, you must update the `app.ini` file:
+
+```ini
+[server]
+; Enables git-lfs support. true or false, default is false.
+LFS_START_SERVER = true
+; Where your lfs files reside, default is data/lfs.
+LFS_CONTENT_PATH = /home/gitea/data/lfs
+```

docs/content/doc/usage/https-support.md

@@ -20,15 +20,17 @@ menu:
 Before you enable HTTPS, make sure that you have valid SSL/TLS certificates.
 You could use self-generated certificates for evaluation and testing. Please run `gitea cert --host [HOST]` to generate a self signed certificate.
 
+If you are using Apache or nginx on the server, it's recommended to check the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}}).
+
 To use Gitea's built-in HTTPS support, you must change your `app.ini` file:
 
 ```ini
 [server]
-PROTOCOL=https
-ROOT_URL = `https://git.example.com:3000/`
+PROTOCOL  = https
+ROOT_URL  = https://git.example.com:3000/
 HTTP_PORT = 3000
 CERT_FILE = cert.pem
-KEY_FILE = key.pem
+KEY_FILE  = key.pem
 ```
 
 To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
@@ -74,5 +76,4 @@ After that, enable HTTPS by following one of these guides:
 * [apache2/httpd](https://httpd.apache.org/docs/2.4/ssl/ssl_howto.html)
 * [caddy](https://caddyserver.com/docs/tls)
 
-Note: Your connection between your reverse proxy and Gitea might be unencrypted. To encrypt it too, follow the [built-in server guide](#using-built-in-server) and change
-the proxy url to `https://[URL]`.
+Note: Enabling HTTPS only at the proxy level is referred as [TLS Termination Proxy](https://en.wikipedia.org/wiki/TLS_termination_proxy). The proxy server accepted incoming TLS connections, decrypts the contents, and pass the now unencrypted contents to Gitea. This is normally fine as long as both the proxy and Gitea instances are either on the same machine, or on different machines within private network (with the proxy is exposed to outside network. If your Gitea instance is separated from your proxy over a public network, or if you want full end-to-end encryption, you can also [enable HTTPS support directly in Gitea using built-in server](#using-the-built-in-server) and forward the connections over HTTPS instead.

docs/content/doc/usage/linked-references.en-us.md

@@ -0,0 +1,174 @@
+---
+date: "2019-11-21T17:00:00-03:00"
+title: "Usage: Automatically Linked References"
+slug: "automatically-linked-references"
+weight: 15
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Automatically Linked References"
+    weight: 15
+    identifier: "automatically-linked-references"
+---
+
+# Automatically Linked References in Issues, Pull Requests and Commit Messages
+
+When an issue, pull request or comment is posted, the text description is parsed
+in search for references. These references will be shown as links in the Issue View
+and, in some cases, produce certain _actions_.
+
+Likewise, commit messages are parsed when they are listed, and _actions_
+are can be triggered when they are pushed to the main branch.
+
+To prevent the creation of unintended references, there are certain rules
+for them to be recognized. For example, they should not be included inside code
+text. They should also be reasonably cleared from their surrounding text
+(for example, using spaces).
+
+## User, Team and Organization Mentions
+
+When a text in the form `@username` is found and `username` matches the name
+of an existing user, a _mention_ reference is created. This will be shown
+by changing the text into a link to said user's profile, and possibly create
+a notification for the mentioned user depending on whether they have
+the necessary permission to access the contents.
+
+Example:
+
+> [@John](#), can you give this a look?
+
+This is also valid for teams and organizations:
+
+> [@Documenters](#), we need to plan for this.
+
+> [@CoolCompanyInc](#), this issue concerns us all!
+
+Teams will receive mail notifications when appropriate, but whole organizations won't.
+
+Commit messages do not produce user notifications.
+
+## Commits
+
+Commits can be referenced using their SHA1 hash, or a portion of it of
+at least seven characters. They will be shown as a link to the corresponding
+commit.
+
+Example:
+
+> This bug was introduced in [e59ff077](#)
+
+## Issues and Pull Requests
+
+A reference to another issue or pull request can be created using the simple
+notation `#1234`, where _1234_ is the number of an issue or pull request
+in the same repository. These references will be shown as links to the
+referenced content.
+
+The effect of creating this type of reference is that a _notice_ will be
+created in the referenced document, provided the creator of the reference
+has reading permissions on it.
+
+Example:
+
+> This seems related to [#1234](#)
+
+Issues and pull requests in other repositories can be referred to as well
+using the form `owner/repository#1234`:
+
+> This seems related to [mike/compiler#1234](#)
+
+Alternatively, the `!1234` notation can be used as well. Even when in Gitea
+a pull request is a form of issue, the `#1234` form will always link to
+an issue; if the linked entry happens to be a pull request instead, Gitea
+will redirect as appropriate. With the `!1234` notation, a pull request
+link will be created, which will be redirected to an issue if required.
+However, this distinction could be important if an external tracker is
+used, where links to issues and pull requests are not interchangeable.
+
+## Actionable References in Pull Requests and Commit Messages
+
+Sometimes a commit or pull request may fix or bring back a problem documented
+in a particular issue. Gitea supports closing and reopening the referenced
+issues by preceding the reference with a particular _keyword_. Common keywords
+include "closes", "fixes", "reopens", etc. This list can be
+[customized]({{< ref "/doc/advanced/config-cheat-sheet.en-us.md" >}}) by the
+site administrator.
+
+Example:
+
+> This PR _closes_ [#1234](#)
+
+If the actionable reference is accepted, this will create a notice on the
+referenced issue announcing that it will be closed when the referencing PR
+is merged.
+
+For an actionable reference to be accepted, _at least one_ of the following
+conditions must be met:
+
+* The commenter has permissions to close or reopen the issue at the moment
+of creating the reference.
+* The reference is inside a commit message.
+* The reference is posted as part of the pull request description.
+
+In the last case, the issue will be closed or reopened only if the merger
+of the pull request has permissions to do so.
+
+Additionally, only pull requests and commit messages can create an action,
+and only issues can be closed or reopened this way.
+
+The default _keywords_ are:
+
+* **Closing**: close, closes, closed, fix, fixes, fixed, resolve, resolves, resolved
+* **Reopening**: reopen, reopens, reopened
+
+## External Trackers
+
+Gitea supports the use of external issue trackers, and references to issues
+hosted externally can be created in pull requests. However, if the external
+tracker uses numbers to identify issues, they will be indistinguishable from
+the pull requests hosted in Gitea. To address this, Gitea allows the use of
+the `!` marker to identify pull requests. For example:
+
+> This is issue [#1234](#), and links to the external tracker.
+
+> This is pull request [!1234](#), and links to a pull request in Gitea.
+
+The `!` and `#` can be used interchangeably for issues and pull request _except_
+for this case, where a distinction is required. If the repository uses external
+tracker, commit message for squash merge will use `!` as reference by default.
+
+## Issues and Pull Requests References Summary
+
+This table illustrates the different kinds of cross-reference for issues and pull requests.
+In the examples, `User1/Repo1` refers to the repository where the reference is used, while
+`UserZ/RepoZ` indicates a different repository.
+
+| Reference in User1/Repo1  | Repo1 issues are external | RepoZ issues are external | Should render                    |
+|---------------------------|:-------------------------:|:-------------------------:|----------------------------------|
+| `#1234`                   |     no                    |    N/A                    | A link to issue/pull 1234 in `User1/Repo1` |
+| `!1234`                   |     no                    |    N/A                    | A link to issue/pull 1234 in `User1/Repo1` |
+| `#1234`                   |    yes                    |    N/A                    | A link to _external issue_ 1234 for `User1/Repo1` |
+| `!1234`                   |    yes                    |    N/A                    | A link to _PR_ 1234 for `User1/Repo1` |
+| `User1/Repo1#1234`        |     no                    |    N/A                    | A link to issue/pull 1234 in `User1/Repo1` |
+| `User1/Repo1!1234`        |     no                    |    N/A                    | A link to issue/pull 1234 in `User1/Repo1` |
+| `User1/Repo1#1234`        |    yes                    |    N/A                    | A link to _external issue_ 1234 for `User1/Repo1` |
+| `User1/Repo1!1234`        |    yes                    |    N/A                    | A link to _PR_ 1234 for `User1/Repo1` |
+| `UserZ/RepoZ#1234`        |    N/A                    |     no                    | A link to issue/pull 1234 in `UserZ/RepoZ` |
+| `UserZ/RepoZ!1234`        |    N/A                    |     no                    | A link to issue/pull 1234 in `UserZ/RepoZ` |
+| `UserZ/RepoZ#1234`        |    N/A                    |    yes                    | A link to _external issue_ 1234 for `UserZ/RepoZ` |
+| `UserZ/RepoZ!1234`        |    N/A                    |    yes                    | A link to _PR_ 1234 for `UserZ/RepoZ` |
+| **Alphanumeric issue IDs:** | -                       | -                         | - |
+| `AAA-1234`                |    yes                    |    N/A                    | A link to _external issue_ `AAA-1234` for `User1/Repo1` |
+| `!1234`                   |    yes                    |    N/A                    | A link to _PR_ 1234 for `User1/Repo1` |
+| `User1/Repo1!1234`        |    yes                    |    N/A                    | A link to _PR_ 1234 for `User1/Repo1` |
+| _Not supported_           |    N/A                    |    yes                    | A link to _external issue_ `AAA-1234` for `UserZ/RepoZ` |
+| `UserZ/RepoZ!1234`        |    N/A                    |    yes                    | A link to _PR_ 1234 in `UserZ/RepoZ` |
+
+_The last section is for repositories with external issue trackers that use alphanumeric format._
+
+_**N/A**: not applicable._
+
+Note: automatic references between repositories with different types of issues (external vs. internal) are not fully supported
+and may render invalid links.

docs/content/doc/usage/reverse-proxies.en-us.md

@@ -14,7 +14,7 @@ menu:
 ---
 
 ##  Using Nginx as a reverse proxy
-If you want Nginx to serve your Gitea instance, you can the following `server` section inside the `http` section of `nginx.conf`:
+If you want Nginx to serve your Gitea instance, add the following `server` section to the `http` section of `nginx.conf`:
 
 ```
 server {
@@ -44,6 +44,74 @@ server {
 
 Then set `[server] ROOT_URL = http://git.example.com/git/` in your configuration.
 
+##  Using Nginx as a reverse proxy and serve static resources directly
+We can tune the performance in splitting requests into categories static and dynamic. 
+
+CSS files, JavaScript files, images and web fonts are static content.
+The front page, a repository view or issue list is dynamic content.
+
+Nginx can serve static resources directly and proxy only the dynamic requests to gitea.
+Nginx is optimized for serving static content, while the proxying of large responses might be the opposite of that
+ (see https://serverfault.com/q/587386).
+
+Download a snap shot of the gitea source repository to `/path/to/gitea/`.
+
+We are only interested in the `public/` directory and you can delete the rest.
+
+Depending on the scale of your user base, you might want to split the traffic to two distinct servers,
+ or use a cdn for the static files.
+
+### using a single node and a single domain
+
+Set `[server] STATIC_URL_PREFIX = /_/static` in your configuration.
+
+```
+server {
+    listen 80;
+    server_name git.example.com;
+
+    location /_/static {
+        alias /path/to/gitea/public;
+    }
+
+    location / {
+        proxy_pass http://localhost:3000;
+    }
+}
+```
+
+### using two nodes and two domains
+
+Set `[server] STATIC_URL_PREFIX = http://cdn.example.com/gitea` in your configuration.
+
+```
+# application server running gitea
+server {
+    listen 80;
+    server_name git.example.com;
+
+    location / {
+        proxy_pass http://localhost:3000;
+    }
+}
+```
+
+```
+# static content delivery server
+server {
+    listen 80;
+    server_name cdn.example.com;
+
+    location /gitea {
+        alias /path/to/gitea/public;
+    }
+
+    location / {
+        return 404;
+    }
+}
+```
+
 ## Using Apache HTTPD as a reverse proxy
 
 If you want Apache HTTPD to serve your Gitea instance, you can add the following to your Apache HTTPD configuration (usually located at `/etc/apache2/httpd.conf` in Ubuntu):
@@ -53,13 +121,16 @@ If you want Apache HTTPD to serve your Gitea instance, you can add the following
     ...
     ProxyPreserveHost On
     ProxyRequests off
-    ProxyPass / http://localhost:3000/
+    AllowEncodedSlashes NoDecode
+    ProxyPass / http://localhost:3000/ nocanon
     ProxyPassReverse / http://localhost:3000/
 </VirtualHost>
 ```
 
 Note: The following Apache HTTPD mods must be enabled: `proxy`, `proxy_http`
 
+If you wish to use Let's Encrypt with webroot validation, add the line `ProxyPass /.well-known !` before `ProxyPass` to disable proxying these requests to Gitea.
+
 ## Using Apache HTTPD with a sub-path as a reverse proxy
 
 In case you already have a site, and you want Gitea to share the domain name, you can setup Apache HTTPD to serve Gitea under a sub-path by adding the following to you Apache HTTPD configuration (usually located at `/etc/apache2/httpd.conf` in Ubuntu):
@@ -71,9 +142,10 @@ In case you already have a site, and you want Gitea to share the domain name, yo
          Order allow,deny
          Allow from all
     </Proxy>
-
-    ProxyPass /git http://localhost:3000 # Note: no trailing slash after either /git or port
-    ProxyPassReverse /git http://localhost:3000 # Note: no trailing slash after either /git or port
+    AllowEncodedSlashes NoDecode
+    # Note: no trailing slash after either /git or port
+    ProxyPass /git http://localhost:3000 nocanon
+    ProxyPassReverse /git http://localhost:3000
 </VirtualHost>
 ```
 

docs/content/doc/usage/reverse-proxies.zh-cn.md

@@ -54,7 +54,8 @@ server {
     ...
     ProxyPreserveHost On
     ProxyRequests off
-    ProxyPass / http://localhost:3000/
+    AllowEncodedSlashes NoDecode
+    ProxyPass / http://localhost:3000/ nocanon
     ProxyPassReverse / http://localhost:3000/
 </VirtualHost>
 ```
@@ -72,9 +73,10 @@ server {
          Order allow,deny
          Allow from all
     </Proxy>
-
-    ProxyPass /git http://localhost:3000 # Note: no trailing slash after either /git or port
-    ProxyPassReverse /git http://localhost:3000 # Note: no trailing slash after either /git or port
+    AllowEncodedSlashes NoDecode
+    # Note: no trailing slash after either /git or port
+    ProxyPass /git http://localhost:3000 nocanon
+    ProxyPassReverse /git http://localhost:3000
 </VirtualHost>
 ```
 

docs/content/page/index.en-us.md

@@ -255,6 +255,9 @@ Windows, on architectures like amd64, i386, ARM, PowerPC, and others.
 - 2 CPU cores and 1GB RAM is typically sufficient for small teams/projects.
 - Gitea should be run with a dedicated non-root system account on UNIX-type systems.
    - Note: Gitea manages the `~/.ssh/authorized_keys` file. Running Gitea as a regular user could break that user's ability to log in.
+- [Git](https://git-scm.com/) version 1.7.2 or later is required. Version 1.9.0 or later is recommended. Also please note:
+   - Git [large file storage](https://git-lfs.github.com/) will be available if enabled when git >= 2.1.2.
+   - Git commit-graph rendering will be enabled automatically when git >= 2.18.
 
 ## Browser Support
 

docs/layouts/_default/index.json

@@ -0,0 +1,5 @@
+{{- $.Scratch.Add "index" slice -}}
+{{- range .Site.RegularPages -}}
+{{- $.Scratch.Add "index" (dict "title" .Title "tags" .Params.tags "categories" .Params.categories "contents" .Plain "permalink" .Permalink) -}}
+{{- end -}}
+{{- $.Scratch.Get "index" | jsonify -}}