Changelog 1.18.3 (#22575 )

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Prevent multiple To recipients (#22566 ) (#22569 )
2026-02-05 07:11:51 +00:00 · 2023-01-23 08:42:02 -06:00 · 2023-01-22 11:37:26 -06:00 · 2023-01-20 23:34:52 +08:00 · 2023-01-20 00:18:58 -05:00 · 2023-01-19 17:31:20 -05:00
3346 changed files with 44914 additions and 83178 deletions
@@ -1,114 +0,0 @@
-# Compiled Object files, Static and Dynamic libs (Shared Objects)
-*.o
-*.a
-*.so
-
-# Folders
-_obj
-_test
-
-# IntelliJ
-.idea
-# Goland's output filename can not be set manually
-/go_build_*
-
-# MS VSCode
-.vscode
-__debug_bin
-
-# Architecture specific extensions/prefixes
-*.[568vq]
-[568vq].out
-
-*.cgo1.go
-*.cgo2.c
-_cgo_defun.c
-_cgo_gotypes.go
-_cgo_export.*
-
-_testmain.go
-
-*.exe
-*.test
-*.prof
-
-*coverage.out
-coverage.all
-cpu.out
-
-/modules/migration/bindata.go
-/modules/migration/bindata.go.hash
-/modules/options/bindata.go
-/modules/options/bindata.go.hash
-/modules/public/bindata.go
-/modules/public/bindata.go.hash
-/modules/templates/bindata.go
-/modules/templates/bindata.go.hash
-
-*.db
-*.log
-
-/gitea
-/gitea-vet
-/debug
-/integrations.test
-
-/bin
-/dist
-/custom/*
-!/custom/conf
-/custom/conf/*
-!/custom/conf/app.example.ini
-/data
-/indexers
-/log
-/public/img/avatar
-/tests/integration/gitea-integration-*
-/tests/integration/indexers-*
-/tests/e2e/gitea-e2e-*
-/tests/e2e/indexers-*
-/tests/e2e/reports
-/tests/e2e/test-artifacts
-/tests/e2e/test-snapshots
-/tests/*.ini
-/node_modules
-/yarn.lock
-/yarn-error.log
-/npm-debug.log*
-/public/js
-/public/serviceworker.js
-/public/css
-/public/fonts
-/public/img/webpack
-/vendor
-/web_src/fomantic/node_modules
-/web_src/fomantic/build/*
-!/web_src/fomantic/build/semantic.js
-!/web_src/fomantic/build/semantic.css
-!/web_src/fomantic/build/themes
-/web_src/fomantic/build/themes/*
-!/web_src/fomantic/build/themes/default
-/web_src/fomantic/build/themes/default/assets/*
-!/web_src/fomantic/build/themes/default/assets/fonts
-/web_src/fomantic/build/themes/default/assets/fonts/*
-!/web_src/fomantic/build/themes/default/assets/fonts/icons.woff2
-!/web_src/fomantic/build/themes/default/assets/fonts/outline-icons.woff2
-/VERSION
-/.air
-/.go-licenses
-
-# Snapcraft
-snap/.snapcraft/
-parts/
-stage/
-prime/
-*.snap
-*.snap-build
-*_source.tar.bz2
-.DS_Store
-
-# Make evidence files
-/.make_evidence
-
-# Manpage
-/man
@@ -12,9 +12,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -28,7 +25,7 @@ steps:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@@ -42,8 +39,18 @@ steps:
      - make lint-frontend
    depends_on: [deps-frontend]

+  - name: security-check
+    image: golang:1.19
+    pull: always
+    commands:
+      - make security-check
+    depends_on: [deps-backend]
+    volumes:
+      - name: deps
+        path: /go
+
  - name: lint-backend
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - make lint-backend
@@ -57,7 +64,7 @@ steps:
        path: /go

  - name: lint-backend-windows
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make golangci-lint-windows vet
    environment:
@@ -72,7 +79,7 @@ steps:
        path: /go

  - name: lint-backend-gogit
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    commands:
      - make lint-backend
    environment:
@@ -91,7 +98,7 @@ steps:
    depends_on: [deps-frontend]

  - name: checks-backend
-    image: golang:1.20
+    image: golang:1.19
    commands:
      - make --always-make checks-backend # ensure the 'go-licenses' make target runs
    depends_on: [deps-backend]
@@ -112,9 +119,10 @@ steps:
    depends_on: [deps-frontend]

  - name: build-backend-no-gcc
-    image: golang:1.19 # this step is kept as the lowest version of golang that we support
+    image: golang:1.18 # this step is kept as the lowest version of golang that we support
    pull: always
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
    commands:
      - go build -o gitea_no_gcc # test if build succeeds without the sqlite tag
@@ -124,8 +132,9 @@ steps:
        path: /go

  - name: build-backend-arm64
-    image: golang:1.20
+    image: golang:1.19
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: arm64
@@ -139,8 +148,9 @@ steps:
        path: /go

  - name: build-backend-windows
-    image: golang:1.20
+    image: golang:1.19
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: windows
      GOARCH: amd64
@@ -153,8 +163,9 @@ steps:
        path: /go

  - name: build-backend-386
-    image: golang:1.20
+    image: golang:1.19
    environment:
+      GO111MODULE: on
      GOPROXY: https://goproxy.io
      GOOS: linux
      GOARCH: 386
@@ -182,9 +193,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -232,10 +240,6 @@ services:
      MINIO_ACCESS_KEY: 123456
      MINIO_SECRET_KEY: 12345678

-  - name: smtpimap
-    image: tabascoterrier/docker-imap-devel:latest
-    pull: always
-
 steps:
  - name: fetch-tags
    image: docker:git
@@ -249,7 +253,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@@ -264,13 +268,13 @@ steps:
      - git update-ref refs/heads/tag_test ${DRONE_COMMIT_SHA}

  - name: prepare-test-env
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh

  - name: build
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@@ -285,7 +289,7 @@ steps:
        path: /go

  - name: unit-test
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@@ -301,7 +305,7 @@ steps:
        path: /go

  - name: unit-test-gogit
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make unit-test-coverage test-check
@@ -317,7 +321,7 @@ steps:
        path: /go

  - name: test-mysql
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mysql-migration integration-test-coverage
@@ -334,7 +338,7 @@ steps:
        path: /go

  - name: test-mysql8
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-mysql8-migration test-mysql8
@@ -350,7 +354,7 @@ steps:
        path: /go

  - name: test-mssql
-    image: gitea/test_env:linux-1.19-amd64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-amd64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - make test-mssql-migration test-mssql
@@ -366,7 +370,7 @@ steps:
        path: /go

  - name: generate-coverage
-    image: golang:1.20
+    image: golang:1.19
    commands:
      - make coverage
    environment:
@@ -412,9 +416,6 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    exclude:
-      - docs/**

 volumes:
  - name: deps
@@ -445,7 +446,7 @@ steps:
          - pull_request

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@@ -454,13 +455,13 @@ steps:
        path: /go

  - name: prepare-test-env
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    pull: always
    commands:
      - ./build/test-env-prepare.sh

  - name: build
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - ./build/test-env-check.sh
@@ -475,7 +476,7 @@ steps:
        path: /go

  - name: test-sqlite
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-sqlite-migration test-sqlite
@@ -491,7 +492,7 @@ steps:
        path: /go

  - name: test-pgsql
-    image: gitea/test_env:linux-1.19-arm64  # https://gitea.com/gitea/test-env
+    image: gitea/test_env:linux-arm64  # https://gitea.com/gitea/test-env
    user: gitea
    commands:
      - timeout -s ABRT 50m make test-pgsql-migration test-pgsql
@@ -507,6 +508,78 @@ steps:
      - name: deps
        path: /go

+---
+kind: pipeline
+type: docker
+name: testing-e2e
+
+platform:
+  os: linux
+  arch: amd64
+
+depends_on:
+  - compliance
+
+trigger:
+  event:
+    - pull_request
+
+volumes:
+  - name: deps
+    temp: {}
+
+services:
+  - name: pgsql
+    pull: default
+    image: postgres:10
+    environment:
+      POSTGRES_DB: testgitea-e2e
+      POSTGRES_PASSWORD: postgres
+      POSTGRES_INITDB_ARGS: --encoding=UTF8 --lc-collate='en_US.UTF-8' --lc-ctype='en_US.UTF-8'
+
+steps:
+  - name: deps-frontend
+    image: node:18
+    pull: always
+    commands:
+      - make deps-frontend
+
+  - name: build-frontend
+    image: node:18
+    commands:
+      - make frontend
+    depends_on: [deps-frontend]
+
+  - name: deps-backend
+    image: golang:1.18
+    pull: always
+    commands:
+      - make deps-backend
+    volumes:
+      - name: deps
+        path: /go
+
+  # TODO: We should probably build all dependencies into a test image
+  - name: test-e2e
+    image: mcr.microsoft.com/playwright:v1.27.0-focal
+    commands:
+      - curl -sLO https://go.dev/dl/go1.19.linux-amd64.tar.gz && tar -C /usr/local -xzf go1.19.linux-amd64.tar.gz
+      - groupadd --gid 1001 gitea && useradd -m --gid 1001 --uid 1001 gitea
+      - apt-get -qq update && apt-get -qqy install build-essential
+      - export TEST_PGSQL_SCHEMA=''
+      - ./build/test-env-prepare.sh
+      - su gitea bash -c "export PATH=$PATH:/usr/local/go/bin && timeout -s ABRT 40m make test-e2e-pgsql"
+    environment:
+      GOPROXY: https://goproxy.io
+      GOSUMDB: sum.golang.org
+      USE_REPO_TEST_DIR: 1
+      TEST_PGSQL_DBNAME: 'testgitea-e2e'
+      DEBIAN_FRONTEND: noninteractive
+    depends_on: [build-frontend, deps-backend]
+    volumes:
+      - name: deps
+        path: /go
+
 ---
 kind: pipeline
 name: update_translations
@@ -537,7 +610,7 @@ steps:
        from_secret: crowdin_key

  - name: update
-    image: alpine:3.17
+    image: alpine:3.13
    pull: always
    commands:
      - ./build/update-locales.sh
@@ -589,7 +662,7 @@ trigger:

 steps:
  - name: download
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - timeout -s ABRT 40m make generate-license generate-gitignore
@@ -629,9 +702,6 @@ trigger:
    - "release/*"
  event:
    - push
-  paths:
-    exclude:
-      - docs/**

 depends_on:
  - testing-amd64
@@ -656,7 +726,7 @@ steps:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@@ -665,7 +735,7 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.19.x
    pull: always
    commands:
      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
@@ -699,16 +769,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_BRANCH##release/v}"
@@ -726,16 +790,10 @@ steps:
  - name: release-main
    image: woodpeckerci/plugin-s3:latest
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: /gitea/main
@@ -789,7 +847,7 @@ steps:
      - make deps-frontend

  - name: deps-backend
-    image: golang:1.20
+    image: golang:1.19
    pull: always
    commands:
      - make deps-backend
@@ -798,7 +856,7 @@ steps:
        path: /go

  - name: static
-    image: techknowlogick/xgo:go-1.20.x
+    image: techknowlogick/xgo:go-1.19.x
    pull: always
    commands:
      # Upgrade to node 18 once https://github.com/techknowlogick/xgo/issues/163 is resolved
@@ -834,16 +892,10 @@ steps:
    image: woodpeckerci/plugin-s3:latest
    pull: always
    settings:
-      acl:
-        from_secret: aws_s3_acl
-      region:
-        from_secret: aws_s3_region
-      bucket:
-        from_secret: aws_s3_bucket
-      endpoint:
-        from_secret: aws_s3_endpoint
-      path_style:
-        from_secret: aws_s3_path_style
+      acl: public-read
+      bucket: gitea-artifacts
+      endpoint: https://ams3.digitaloceanspaces.com
+      path_style: true
      source: "dist/release/*"
      strip_prefix: dist/release/
      target: "/gitea/${DRONE_TAG##v}"
@@ -883,22 +935,31 @@ trigger:
    - push
    - tag
    - pull_request
-  paths:
-    include:
-      - docs/**

 steps:
-  - name: lint-docs
-    image: node:18
-    commands:
-      - make deps-frontend
-      - make lint-frontend
-
  - name: build-docs
-    image: golang:1.20
+    image: plugins/hugo:latest
+    pull: always
    commands:
+      # https://github.com/drone-plugins/drone-hugo/issues/36
+      - apk upgrade --no-cache libcurl && apk add --no-cache make bash curl
      - cd docs
-      - bash scripts/trans-copy.sh
+      - make trans-copy clean build
+
+  - name: publish-docs
+    image: techknowlogick/drone-netlify:latest
+    pull: always
+    settings:
+      path: docs/public/
+      site_id: d2260bae-7861-4c02-8646-8f6440b12672
+    environment:
+      NETLIFY_TOKEN:
+        from_secret: netlify_token
+    when:
+      branch:
+        - main
+      event:
+        - push

 ---
 kind: pipeline
@@ -915,10 +976,7 @@ depends_on:

 trigger:
  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
+  - "refs/tags/**"
  event:
    exclude:
    - cron
@@ -932,7 +990,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: true
@@ -944,17 +1002,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@@ -966,80 +1020,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-        - pull_request
---
-
-kind: pipeline
-type: docker
-name: docker-linux-amd64-release-candidate-version
-
-platform:
-  os: linux
-  arch: amd64
-
-depends_on:
-  - testing-amd64
-  - testing-arm64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  event:
-    exclude:
-    - cron
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git config --global --add safe.directory /drone/src
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-amd64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-        - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-amd64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1074,11 +1054,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: nightly-linux-amd64
+      tags: dev-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1086,21 +1066,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: nightly-linux-amd64-rootless
+      tags: dev-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1108,10 +1084,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1145,11 +1117,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-nightly-linux-amd64
+      tags: ${DRONE_BRANCH##release/v}-dev-linux-amd64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1157,21 +1129,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-nightlf-linux-amd64-rootless
+      tags: ${DRONE_BRANCH##release/v}-dev-linux-amd64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1179,10 +1147,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1191,7 +1155,7 @@ steps:
 ---
 kind: pipeline
 type: docker
-name: docker-linux-amd64-dry-run
+name: docker-linux-arm64-dry-run

 platform:
  os: linux
@@ -1203,13 +1167,10 @@ depends_on:
 trigger:
  ref:
  - "refs/pull/**"
-  paths:
-    exclude:
-      - docs/**

 steps:
  - name: dryrun
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      dry_run: true
@@ -1220,7 +1181,6 @@ steps:
    environment:
      PLUGIN_MIRROR:
        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        - pull_request
@@ -1240,10 +1200,7 @@ depends_on:

 trigger:
  ref:
-    include:
-      - "refs/tags/**"
-    exclude:
-      - "refs/tags/**-rc*"
+  - "refs/tags/**"
  event:
    exclude:
    - cron
@@ -1257,7 +1214,7 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: true
@@ -1269,17 +1226,13 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: true
@@ -1291,80 +1244,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-        - pull_request
-
---
-kind: pipeline
-type: docker
-name: docker-linux-arm64-release-candidate-version
-
-platform:
-  os: linux
-  arch: arm64
-
-depends_on:
-  - testing-amd64
-  - testing-arm64
-
-trigger:
-  ref:
-    - "refs/tags/**-rc*"
-  event:
-    exclude:
-    - cron
-
-steps:
-  - name: fetch-tags
-    image: docker:git
-    pull: always
-    commands:
-      - git config --global --add safe.directory /drone/src
-      - git fetch --tags --force
-
-  - name: publish
-    image: plugins/docker:latest
-    pull: always
-    settings:
-      tags: ${DRONE_TAG##v}-linux-arm64
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
-    when:
-      event:
-        exclude:
-        - pull_request
-
-  - name: publish-rootless
-    image: plugins/docker:latest
-    settings:
-      dockerfile: Dockerfile.rootless
-      tags: ${DRONE_TAG##v}-linux-arm64-rootless
-      repo: gitea/gitea
-      build_args:
-        - GOPROXY=https://goproxy.io
-      password:
-        from_secret: docker_password
-      username:
-        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1399,11 +1278,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: nightly-linux-arm64
+      tags: dev-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1411,21 +1290,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: nightly-linux-arm64-rootless
+      tags: dev-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1433,10 +1308,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1470,11 +1341,11 @@ steps:
      - git fetch --tags --force

  - name: publish
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    pull: always
    settings:
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-nightly-linux-arm64
+      tags: ${DRONE_BRANCH##release/v}-dev-linux-arm64
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1482,21 +1353,17 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
        - pull_request

  - name: publish-rootless
-    image: plugins/docker:latest
+    image: techknowlogick/drone-docker:latest
    settings:
      dockerfile: Dockerfile.rootless
      auto_tag: false
-      tags: ${DRONE_BRANCH##release/v}-nightly-linux-arm64-rootless
+      tags: ${DRONE_BRANCH##release/v}-dev-linux-arm64-rootless
      repo: gitea/gitea
      build_args:
        - GOPROXY=https://goproxy.io
@@ -1504,10 +1371,6 @@ steps:
        from_secret: docker_password
      username:
        from_secret: docker_username
-    environment:
-      PLUGIN_MIRROR:
-        from_secret: plugin_mirror
-      DOCKER_BUILDKIT: 1
    when:
      event:
        exclude:
@@ -1555,9 +1418,7 @@ trigger:

 depends_on:
  - docker-linux-amd64-release-version
-  - docker-linux-amd64-release-candidate-version
  - docker-linux-arm64-release-version
-  - docker-linux-arm64-release-candidate-version

 ---
 kind: pipeline
@@ -1639,8 +1500,6 @@ depends_on:
  - docker-linux-arm64-release
  - docker-linux-amd64-release-version
  - docker-linux-arm64-release-version
-  - docker-linux-amd64-release-candidate-version
-  - docker-linux-arm64-release-candidate-version
  - docker-linux-amd64-release-branch
  - docker-linux-arm64-release-branch
  - docker-manifest
@@ -84,7 +84,6 @@ rules:
  id-length: [0]
  id-match: [0]
  implicit-arrow-linebreak: [0]
-  import/consistent-type-specifier-style: [0]
  import/default: [0]
  import/dynamic-import-chunkname: [0]
  import/export: [2]
@@ -104,7 +103,6 @@ rules:
  import/no-default-export: [0]
  import/no-deprecated: [0]
  import/no-dynamic-require: [0]
-  import/no-empty-named-blocks: [2]
  import/no-extraneous-dependencies: [2]
  import/no-import-module-exports: [0]
  import/no-internal-modules: [0]
@@ -149,7 +147,7 @@ rules:
  jquery/no-global-eval: [2]
  jquery/no-grep: [2]
  jquery/no-has: [2]
-  jquery/no-hide: [2]
+  jquery/no-hide: [0]
  jquery/no-html: [0]
  jquery/no-in-array: [2]
  jquery/no-is-array: [2]
@@ -166,13 +164,13 @@ rules:
  jquery/no-proxy: [2]
  jquery/no-ready: [0]
  jquery/no-serialize: [2]
-  jquery/no-show: [2]
+  jquery/no-show: [0]
  jquery/no-size: [2]
  jquery/no-sizzle: [0]
  jquery/no-slide: [0]
  jquery/no-submit: [0]
  jquery/no-text: [0]
-  jquery/no-toggle: [2]
+  jquery/no-toggle: [0]
  jquery/no-trigger: [0]
  jquery/no-trim: [2]
  jquery/no-val: [0]
@@ -201,7 +199,7 @@ rules:
  newline-per-chained-call: [0]
  no-alert: [0]
  no-array-constructor: [2]
-  no-async-promise-executor: [0]
+  no-async-promise-executor: [2]
  no-await-in-loop: [0]
  no-bitwise: [0]
  no-buffer-constructor: [0]
@@ -231,7 +229,6 @@ rules:
  no-empty-character-class: [2]
  no-empty-function: [0]
  no-empty-pattern: [2]
-  no-empty-static-block: [2]
  no-empty: [2, {allowEmptyCatch: true}]
  no-eq-null: [2]
  no-eval: [2]
@@ -257,7 +254,7 @@ rules:
  no-irregular-whitespace: [2]
  no-iterator: [2]
  no-label-var: [2]
-  no-labels: [0] # handled by no-restricted-syntax
+  no-labels: [2]
  no-lone-blocks: [2]
  no-lonely-if: [0]
  no-loop-func: [0]
@@ -272,7 +269,6 @@ rules:
  no-negated-condition: [0]
  no-nested-ternary: [0]
  no-new-func: [2]
-  no-new-native-nonconstructor: [2]
  no-new-object: [2]
  no-new-symbol: [2]
  no-new-wrappers: [2]
@@ -337,7 +333,7 @@ rules:
  no-void: [2]
  no-warning-comments: [0]
  no-whitespace-before-property: [2]
-  no-with: [0] # handled by no-restricted-syntax
+  no-with: [2]
  nonblock-statement-body-position: [2]
  object-curly-newline: [0]
  object-curly-spacing: [2, never]
@@ -382,11 +378,11 @@ rules:
  sonarjs/no-duplicated-branches: [0]
  sonarjs/no-element-overwrite: [2]
  sonarjs/no-empty-collection: [2]
-  sonarjs/no-extra-arguments: [2]
+  sonarjs/no-extra-arguments: [0]
  sonarjs/no-gratuitous-expressions: [2]
  sonarjs/no-identical-conditions: [2]
-  sonarjs/no-identical-expressions: [2]
-  sonarjs/no-identical-functions: [2, 5]
+  sonarjs/no-identical-expressions: [0]
+  sonarjs/no-identical-functions: [0]
  sonarjs/no-ignored-return: [2]
  sonarjs/no-inverted-boolean-check: [2]
  sonarjs/no-nested-switch: [0]
@@ -398,7 +394,7 @@ rules:
  sonarjs/no-small-switch: [0]
  sonarjs/no-unused-collection: [2]
  sonarjs/no-use-of-empty-return-value: [2]
-  sonarjs/no-useless-catch: [2]
+  sonarjs/no-useless-catch: [0]
  sonarjs/non-existent-operator: [2]
  sonarjs/prefer-immediate-return: [0]
  sonarjs/prefer-object-literal: [0]
@@ -447,7 +443,6 @@ rules:
  unicorn/no-invalid-remove-event-listener: [2]
  unicorn/no-keyword-prefix: [0]
  unicorn/no-lonely-if: [2]
-  unicorn/no-negated-condition: [0]
  unicorn/no-nested-ternary: [0]
  unicorn/no-new-array: [0]
  unicorn/no-new-buffer: [0]
@@ -458,7 +453,6 @@ rules:
  unicorn/no-static-only-class: [2]
  unicorn/no-thenable: [2]
  unicorn/no-this-assignment: [2]
-  unicorn/no-typeof-undefined: [2]
  unicorn/no-unnecessary-await: [2]
  unicorn/no-unreadable-array-destructuring: [0]
  unicorn/no-unreadable-iife: [2]
@@ -497,7 +491,7 @@ rules:
  unicorn/prefer-native-coercion-functions: [2]
  unicorn/prefer-negative-index: [2]
  unicorn/prefer-node-append: [0]
-  unicorn/prefer-node-protocol: [2]
+  unicorn/prefer-node-protocol: [0]
  unicorn/prefer-node-remove: [0]
  unicorn/prefer-number-properties: [0]
  unicorn/prefer-object-from-entries: [2]
@@ -509,7 +503,6 @@ rules:
  unicorn/prefer-regexp-test: [2]
  unicorn/prefer-replace-all: [0]
  unicorn/prefer-set-has: [0]
-  unicorn/prefer-set-size: [2]
  unicorn/prefer-spread: [0]
  unicorn/prefer-starts-ends-with: [2]
  unicorn/prefer-string-slice: [0]
@@ -1,9 +1,9 @@
-<!-- start tips --> 
+<!--
+
 Please check the following:
-1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for backports.
-2. Make sure you have read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md .
-3. Describe what your pull request does and which issue you're targeting (if any).
-4. It is recommended to enable "Allow edits by maintainers", so maintainers can help more easily.
-5. Your input here will be included in the commit message when this PR has been merged. If you don't want some content to be included, please separate them with a line like `---`.
-6. Delete all these tips before posting.
-<!-- end tips -->
+
+1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes.
+2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
+3. Describe what your pull request does and which issue you're targeting (if any)
+
+-->  
@@ -7,6 +7,10 @@ tasks:
    command: |
      gp sync-done setup
      exit 0
+  - name: Run frontend
+    command: |
+      gp sync-await setup
+      make watch-frontend
  - name: Run backend
    command: |
      gp sync-await setup
@@ -15,15 +19,9 @@ tasks:
      echo -e "\n[database]\nDB_TYPE = sqlite3\nPATH = $GITPOD_REPO_ROOT/data/gitea.db" >> custom/conf/app.ini
      export TAGS="sqlite sqlite_unlock_notify"
      make watch-backend
-  - name: Run frontend
-    command: |
-      gp sync-await setup
-      make watch-frontend
-    openMode: split-right
  - name: Run docs
    before: sudo bash -c "$(grep 'https://github.com/gohugoio/hugo/releases/download' Makefile | tr -d '\')" # install hugo
    command: cd docs && make clean update && hugo server -D -F --baseUrl $(gp url 1313) --liveReloadPort=443 --appendPort=false --bind=0.0.0.0
-    openMode: split-right

 vscode:
  extensions:
@@ -1,34 +1,34 @@
 linters:
  enable:
-    - bidichk
-    # - deadcode # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - depguard
-    - dupl
-    - errcheck
-    - gocritic
-    # - gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
-    - gofmt
-    - gofumpt
    - gosimple
-    - govet
-    - ineffassign
-    - nakedret
-    - nolintlint
-    - revive
-    - staticcheck
-    # - structcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    - stylecheck
+    - deadcode
    - typecheck
-    - unconvert
+    - govet
+    - errcheck
+    - staticcheck
    - unused
-    # - varcheck # deprecated - https://github.com/golangci/golangci-lint/issues/1841
-    # - wastedassign # disabled - https://github.com/golangci/golangci-lint/issues/2649
+    - structcheck
+    - varcheck
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - gocritic
+    - bidichk
+    - ineffassign
+    - revive
+    - gofumpt
+    - depguard
+    - nakedret
+    - unconvert
+    - wastedassign
+    - nolintlint
+    - stylecheck
  enable-all: false
  disable-all: true
  fast: false

 run:
-  go: "1.20"
+  go: 1.19
  timeout: 10m
  skip-dirs:
    - node_modules
@@ -74,17 +74,15 @@ linters-settings:
      - name: modifies-value-receiver
  gofumpt:
    extra-rules: true
-    lang-version: "1.20"
+    lang-version: "1.19"
  depguard:
+    # TODO: use depguard to replace import checks in gitea-vet
    list-type: denylist
    # Check the list against standard lib.
    include-go-root: true
    packages-with-error-message:
      - encoding/json: "use gitea's modules/json instead of encoding/json"
      - github.com/unknwon/com: "use gitea's util and replacements"
-      - io/ioutil: "use os or io instead"
-      - golang.org/x/exp: "it's experimental and unreliable."
-      - code.gitea.io/gitea/modules/git/internal: "do not use the internal package, use AddXxx function instead"

 issues:
  max-issues-per-linter: 0
@@ -1,137 +1,32 @@
-plugins:
-  - stylelint-declaration-strict-value
-
-ignoreFiles:
-  - "**/*.go"
+extends: stylelint-config-standard

 overrides:
-  - files: ["**/chroma/*", "**/codemirror/*", "**/standalone/*", "**/console/*"]
-    rules:
-      scale-unlimited/declaration-strict-value: null
-  - files: ["**/chroma/*", "**/codemirror/*"]
-    rules:
-      block-no-empty: null
+  - files: ["**/*.less"]
+    customSyntax: postcss-less

 rules:
  alpha-value-notation: null
-  annotation-no-unknown: true
-  at-rule-allowed-list: null
-  at-rule-disallowed-list: null
  at-rule-empty-line-before: null
-  at-rule-no-unknown: true
-  at-rule-no-vendor-prefix: true
-  at-rule-property-required-list: null
-  block-no-empty: true
+  block-closing-brace-empty-line-before: null
  color-function-notation: null
-  color-hex-alpha: null
  color-hex-length: null
-  color-named: null
-  color-no-hex: null
-  color-no-invalid-hex: true
  comment-empty-line-before: null
-  comment-no-empty: true
-  comment-pattern: null
-  comment-whitespace-inside: null
-  comment-word-disallowed-list: null
-  custom-media-pattern: null
-  custom-property-empty-line-before: null
-  custom-property-no-missing-var-function: true
-  custom-property-pattern: null
-  declaration-block-no-duplicate-custom-properties: true
-  declaration-block-no-duplicate-properties: [true, {ignore: [consecutive-duplicates-with-different-values]}]
  declaration-block-no-redundant-longhand-properties: null
-  declaration-block-no-shorthand-property-overrides: null
  declaration-block-single-line-max-declarations: null
  declaration-empty-line-before: null
-  declaration-no-important: null
-  declaration-property-max-values: null
-  declaration-property-unit-allowed-list: null
-  declaration-property-unit-disallowed-list: null
-  declaration-property-value-allowed-list: null
-  declaration-property-value-disallowed-list: null
-  declaration-property-value-no-unknown: true
-  font-family-name-quotes: always-where-recommended
-  font-family-no-duplicate-names: true
-  font-family-no-missing-generic-family-keyword: true
-  font-weight-notation: null
-  function-allowed-list: null
-  function-calc-no-unspaced-operator: true
-  function-disallowed-list: null
-  function-linear-gradient-no-nonstandard-direction: true
-  function-name-case: lower
  function-no-unknown: null
-  function-url-no-scheme-relative: null
-  function-url-quotes: always
-  function-url-scheme-allowed-list: null
-  function-url-scheme-disallowed-list: null
  hue-degree-notation: null
-  import-notation: string
-  keyframe-block-no-duplicate-selectors: true
-  keyframe-declaration-no-important: true
-  keyframe-selector-notation: null
-  keyframes-name-pattern: null
-  length-zero-no-unit: true
-  max-nesting-depth: null
-  media-feature-name-allowed-list: null
-  media-feature-name-disallowed-list: null
-  media-feature-name-no-unknown: true
-  media-feature-name-no-vendor-prefix: true
-  media-feature-name-unit-allowed-list: null
-  media-feature-name-value-allowed-list: null
-  media-feature-range-notation: null
-  named-grid-areas-no-invalid: true
+  indentation: 2
+  max-line-length: null
  no-descending-specificity: null
-  no-duplicate-at-import-rules: true
-  no-duplicate-selectors: true
-  no-empty-source: true
-  no-invalid-double-slash-comments: true
  no-invalid-position-at-import-rule: null
-  no-irregular-whitespace: true
-  no-unknown-animations: null
+  number-leading-zero: never
  number-max-precision: null
-  property-allowed-list: null
-  property-disallowed-list: null
-  property-no-unknown: true
  property-no-vendor-prefix: null
  rule-empty-line-before: null
-  rule-selector-property-disallowed-list: null
-  scale-unlimited/declaration-strict-value: [color, {ignoreValues: /^(inherit|transparent|unset|initial|currentcolor)$/}]
-  selector-attribute-name-disallowed-list: null
-  selector-attribute-operator-allowed-list: null
-  selector-attribute-operator-disallowed-list: null
-  selector-attribute-quotes: always
  selector-class-pattern: null
-  selector-combinator-allowed-list: null
-  selector-combinator-disallowed-list: null
-  selector-disallowed-list: null
  selector-id-pattern: null
-  selector-max-attribute: null
-  selector-max-class: null
-  selector-max-combinators: null
-  selector-max-compound-selectors: null
-  selector-max-id: null
-  selector-max-pseudo-class: null
-  selector-max-specificity: null
-  selector-max-type: null
-  selector-max-universal: null
-  selector-nested-pattern: null
-  selector-no-qualifying-type: null
-  selector-no-vendor-prefix: true
-  selector-not-notation: null
-  selector-pseudo-class-allowed-list: null
-  selector-pseudo-class-disallowed-list: null
-  selector-pseudo-class-no-unknown: true
-  selector-pseudo-element-allowed-list: null
  selector-pseudo-element-colon-notation: double
-  selector-pseudo-element-disallowed-list: null
-  selector-pseudo-element-no-unknown: true
-  selector-type-case: lower
-  selector-type-no-unknown: [true, {ignore: [custom-elements]}]
  shorthand-property-no-redundant-values: true
-  string-no-newline: true
-  time-min-milliseconds: null
-  unit-allowed-list: null
-  unit-disallowed-list: null
-  unit-no-unknown: true
-  value-keyword-case: null
-  value-no-vendor-prefix: [true, {ignoreValues: [box, inline-box]}]
+  string-quotes: null
+  value-no-vendor-prefix: null
@@ -4,603 +4,6 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.19.4](https://github.com/go-gitea/gitea/releases/tag/v1.19.4) - 2023-07-04
-
-* SECURITY
-  * Fix open redirect check for more cases (#25143) (#25155)
-* API
-  * Return `404` in the API if the requested webhooks were not found (#24823) (#24830)
-  * Fix `organization` field being `null` in `GET /api/v1/teams/{id}` (#24694) (#24696)
-* ENHANCEMENTS
-  * Set `--font-weight-bold` to 600 (#24840)
-  * Make mailer SMTP check have timed context (#24751) (#24759)
-  * Do not select line numbers when selecting text from the action run logs (#24594) (#24596)
-* BUGFIXES
-  * Fix bug when change user name (#25637) (#25645)
-  * Fix task list checkbox toggle to work with YAML front matter (#25184) (#25236)
-  * Hide limited users if viewed by anonymous ghost (#25214) (#25224)
-  * Add `WithPullRequest` for `actionsNotifier` (#25144) (#25196)
-  * Fix parallelly generating index failure with Mysql (#24567) (#25081)
-  * GitLab migration: Sanitize response for reaction list (#25054) (#25059)
-  * Fix users cannot visit issue attachment bug (#25019) (#25027)
-  * Fix missing reference prefix of commits when sync mirror repository (#24994)
-  * Only validate changed columns when update user (#24867) (#24903)
-  * Make DeleteIssue use correct context (#24885)
-  * Fix topics deleted via API not being deleted in org page (#24825) (#24829)
-  * Fix Actions being enabled accidentally (#24802) (#24810)
-  * Fix missed table name on iterate lfs meta objects (#24768) (#24774)
-  * Fix safari cookie session bug (#24772)
-  * Respect original content when creating secrets (#24745) (#24746)
-  * Fix Pull Mirror out-of-sync bugs (#24732) (#24733)
-  * Fix run list broken when trigger user deleted (#24706) (#24709)
-  * Fix issues list page multiple selection update milestones (#24660) (#24663)
-  * Fix: release page for empty or non-existing target (#24659)
-  * Fix close org projects (#24588) (#24591)
-  * Refresh the refernce of the closed PR when reopening (#24231) (#24587)
-  * Fix the permission of team's `Actions` unit issue (#24536) (#24545)
-  * Bump go.etcd.io/bbolt and blevesearch deps (#23062) (#24519)
-  * Fix new wiki page mirror (#24518)
-  * Match unqualified references when syncing pulls as well (#23070)
-* DOCS
-  * Change branch name from master to main in some documents' links (#25126) (#25139)
-  * Remove unnecessary content on docs (#24976) (#25001)
-  * Unify doc links to use paths relative to doc folder (#24979) (#25000)
-  * Fix docs documenting invalid `@every` for `OLDER_THAN` cron settings (#24695) (#24698)
-* MISC
-  * Merge different languages for language stats (#24900) (#24921)
-  * Hiding Secrets options when Actions feature is disabled (#24792)
-  * Improve decryption failure message (#24573) (#24575)
-  * Makefile: Use portable !, not GNUish -not, with find(1). (#24565) (#24572)
-
-## [1.19.3](https://github.com/go-gitea/gitea/releases/tag/1.19.3) - 2023-05-03
-
-* SECURITY
-  * Use golang 1.20.4 to fix CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400
-* ENHANCEMENTS
-  * Enable whitespace rendering on selection in Monaco (#24444) (#24485)
-  * Improve milestone filter on issues page (#22423) (#24440)
-* BUGFIXES
-  * Fix api error message if fork exists (#24487) (#24493)
-  * Fix user-cards format (#24428) (#24431)
-  * Fix incorrect CurrentUser check for docker rootless (#24435)
-  * Getting the tag list does not require being signed in (#24413) (#24416)
-
-## [1.19.2](https://github.com/go-gitea/gitea/releases/tag/1.19.2) - 2023-04-26
-
-* SECURITY
-  * Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
-  * Only delete secrets belonging to its owner (#24284) (#24286)
-* API
-  * Fix typo in API route (#24310) (#24332)
-  * Fix access token issue on some public endpoints (#24194) (#24259)
-* ENHANCEMENTS
-  * Fix broken clone script on an empty archived repo (#24339) (#24348)
-  * Fix Monaco IOS keyboard button (#24341) (#24347)
-  * Don't set meta `theme-color` by default (#24340) (#24346)
-  * Wrap too long push mirror addresses (#21120) (#24334)
-  * Add --font-weight-bold and set previous bold to 601 (#24307) (#24331)
-  * Unify nightly naming across binaries and docker images (#24116) (#24308)
-  * Fix footer display (#24251) (#24269)
-  * Fix label color, fix divider in dropdown (#24215) (#24244)
-  * Vertical widths of containers removed (#24184) (#24211)
-  * Use correct locale key for forks page (#24172) (#24175)
-  * Sort repo topic labels by name (#24123) (#24153)
-  * Highlight selected file in the PR file tree (#23947) (#24126)
-* BUGFIXES
-  * Fix auth check bug (#24382) (#24387)
-  * Add tags list for repos whose release setting is disabled (#23465) (#24369)
-  * Fix wrong error info in RepoRefForAPI (#24344) (#24351)
-  * Fix no edit/close/delete button in org repo project view page (#24349)
-  * Respect the REGISTER_MANUAL_CONFIRM setting when registering via OIDC (#24035) (#24333)
-  * Remove org users who belong to no teams (#24247) (#24313)
-  * Fix bug when deleting wiki with no code write permission (#24274) (#24295)
-  * Handle canceled workflow as a warning instead of a fail (#24282) (#24292)
-  * Load reviewer for comments when dismissing a review (#24281) (#24288)
-  * Show commit history for closed/merged PRs (#24238) (#24261)
-  * Fix owner team access mode value in team_unit table (#24224)
-  * Fix issue attachment handling (#24202) (#24221)
-  * Fix incorrect CORS default values (#24206) (#24217)
-  * Fix template error in pull request with deleted head repo (#24192) (#24216)
-  * Don't list root repository on compare page if pulls not allowed (#24183) (#24210)
-  * Fix calReleaseNumCommitsBehind (#24148) (#24197)
-  * Fix Org edit page bugs: renaming detection, maxlength (#24161) (#24171)
-  * Update redis library to support redis v7 (#24114) (#24156)
-  * Use 1.18's aria role for dropdown menus (#24144) (#24155)
-  * Fix 2-dot direct compare to use the right base commit (#24133) (#24150)
-  * Fix incorrect server error content in RunnersList (#24118) (#24121)
-  * Fix mismatch between hook events and github event types (#24048) (#24091)
-* BUILD
-  * Support converting varchar to nvarchar for mssql database (#24105) (#24168)
-
-## [1.19.1](https://github.com/go-gitea/gitea/releases/tag/v1.19.1) - 2023-04-12
-
-* BREAKING
-  * Rename actions unit to `repo.actions` and add docs for it (#23733) (#23881)
-* ENHANCEMENTS
-  * Add card type to org/user level project on creation, edit and view (#24043) (#24066)
-  * Refactor commit status for Actions jobs (#23786) (#24060)
-  * Show errors for KaTeX and mermaid on the preview tab (#24009) (#24019)
-  * Show protected branch rule names again (#23907) (#24018)
-  * Adjust sticky PR header to cover background (#23956) (#23999)
-  * Discolor pull request tab labels (#23950) (#23987)
-  * Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
-  * Left-align review comments (#23937)
-  * Fix image border-radius (#23886) (#23930)
-  * Scroll collapsed file into view (#23702) (#23929)
-  * Fix code view (diff) broken layout (#23096) (#23918)
-  * Org pages style fixes (#23901) (#23914)
-  * Fix user profile description rendering (#23882) (#23902)
-  * Fix review box viewport overflow issue (#23800) (#23898)
-  * Prefill input values in OAuth settings as intended (#23829) (#23871)
-  * CSS color tweaks (#23828) (#23842)
-  * Fix incorrect visibility dropdown list in add/edit user page (#23804) (#23833)
-  * Add CSS rules for basic colored labels (#23774) (#23777)
-  * Add creation time in tag list page (#23693) (#23773)
-  * Fix br display for packages curls (#23737) (#23764)
-  * Fix issue due date edit toggle bug (#23723) (#23758)
-  * Improve commit graph page UI alignment (#23751) (#23754)
-  * Use GitHub Actions compatible globbing for `branches`, `tag`, `path` filter (#22804) (#23740)
-  * Redirect to project again after editing it (#23326) (#23739)
-  * Remove row clicking from notification table (#22695) (#23706)
-  * Remove conflicting CSS rules on notifications, improve notifications table (#23565) (#23621)
-  * Fix diff tree height and adjust target file style (#23616)
-* BUGFIXES
-  * Improve error logging for LFS (#24072) (#24082)
-  * Fix custom mailer template on Windows platform (#24081)
-  * Update the value of `diffEnd` when clicking the `Show More` button in the DiffFileTree (#24069) (#24078)
-  * Make label templates have consistent behavior and priority (#23749)
-  * Fix accidental overwriting of LDAP team memberships (#24050) (#24065)
-  * Fix branch protection priority (#24045) (#24061)
-  * Use actions job link as commit status URL instead of run link (#24023) (#24032)
-  * Add actions support to package auth verification (#23729) (#24028)
-  * Fix protected branch for API (#24013) (#24027)
-  * Do not escape space between PyPI repository URL and package name… (#23981) (#24008)
-  * Fix redirect bug when creating issue from a project (#23971) (#23997)
-  * Set `ref` to fully-formed of the tag when trigger event is `release` (#23944) (#23989)
-  * Use Get/Set instead of Rename when regenerating session ID (#23975) (#23983)
-  * Ensure RSS icon is present on all repo tabs (#23904) (#23973)
-  * Remove `Repository.getFilesChanged` to fix Actions `paths` and `paths-ignore` filter (#23920) (#23969)
-  * Delete deleted release attachments immediately from storage (#23913) (#23958)
-  * Use ghost user if package creator does not exist (#23822) (#23915)
-  * User/Org Feed render description as per web (#23887) (#23906)
-  * Fix `cases.Title` crash for concurrency (#23885) (#23903)
-  * Convert .Source.SkipVerify to $cfg.SkipVerify (#23839) (#23899)
-  * Support "." char as user name for User/Orgs in RSS/ATOM/GPG/KEYS path ... (#23874) (#23878)
-  * Fix JS error when changing PR's target branch (#23862) (#23864)
-  * Fix 500 error if there is a name conflict when editing authentication source (#23832) (#23852)
-  * Fix closed PR also triggers Webhooks and actions (#23782) (#23834)
-  * Fix checks for `needs` in Actions (#23789) (#23831)
-  * Fix "Updating branch by merge" bug in "update_branch_by_merge.tmpl" (#23790) (#23825)
-  * Fix cancel button in the page of project edit not work (#23655) (#23813)
-  * Don't apply the group filter when listing LDAP group membership if it is empty (#23745) (#23788)
-  * Fix profile page email display, respect settings (#23747) (#23756)
-  * Fix project card preview select and template select (#23684) (#23731)
-  * Check LFS/Packages settings in dump and doctor command (#23631) (#23730)
-  * Add git dashes separator to some "log" and "diff" commands (#23606) (#23720)
-  * Create commit status when event is `pull_request_sync` (#23683) (#23691)
-  * Fix incorrect `HookEventType` of pull request review comments (#23650) (#23678)
-  * Fix incorrect `show-modal` and `show-panel` class (#23660) (#23663)
-  * Improve workflow event triggers (#23613) (#23648)
-  * Introduce path Clean/Join helper functions, partially backport&refactor (#23495) (#23607)
-  * Fix pagination on `/notifications/watching` (#23564) (#23603)
-  * Fix submodule is nil panic (#23588) (#23601)
-  * Polyfill the window.customElements (#23592) (#23595)
-  * Avoid too long names for actions (#23162) (#23190)
-* TRANSLATION
-  * Backport locales (with manual fixes) (#23808, #23634, #24083)
-* BUILD
-  * Hardcode the path to docker images (#23955) (#23968)
-* DOCS
-  * Update documentation to explain which projects allow Gitea to host static pages (#23993) (#24058)
-  * Merge `push to create`, `open PR from push`, and `push options` docs articles into one (#23744) (#23959)
-  * Fix code blocks in the cheat sheet (#23664) (#23669)
-* MISC
-  * Do not crash when parsing an invalid workflow file (#23972) (#23976)
-  * Remove assertion debug code for show/hide refactoring (#23576) (#23868)
-  * Add ONLY_SHOW_RELEVANT_REPOS back, fix explore page bug, make code more strict (#23766) (#23791)
-  * Make minio package support legacy MD5 checksum (#23768) (#23770)
-  * Improve template error reporting (#23396) (#23600)
-
-## [1.19.0](https://github.com/go-gitea/gitea/releases/tag/v1.19.0) - 2023-03-19
-
-* BREAKING
-  * Add loading yaml label template files (#22976) (#23232)
-  * Make issue and code search support camel case for Bleve (#22829)
-  * Repositories: by default disable all units except code and pulls on forks (#22541)
-  * Support template for merge message description (#22248)
-  * Remove ONLY_SHOW_RELEVANT_REPOS setting (#21962)
-  * Implement actions (#21937)
-  * Remove deprecated DSA host key from Docker Container (#21522)
-  * Improve valid user name check (#20136)
-* SECURITY
-  * Return 404 instead of 403 if user can not access the repo (#23155) (#23158)
-  * Support scoped access tokens (#20908)
-* FEATURES
-  * Add support for commit cross references (#22645)
-  * Scoped labels (#22585)
-  * Add Chef package registry (#22554)
-  * Support asciicast files as new markup (#22448)
-  * cgo cross-compile for freebsd (#22397)
-  * Add cron method to gc LFS MetaObjects (#22385)
-  * Add new captcha: cloudflare turnstile (#22369)
-  * Enable `@<user>`- completion popup on the release description textarea (#22359)
-  * make /{username}.png redirect to user/org avatar (#22356)
-  * Add Conda package registry (#22262)
-  * Support org/user level projects (#22235)
-  * Add Mermaid copy button (#22225)
-  * Add user secrets (#22191)
-  * Secrets storage with SecretKey encrypted (#22142)
-  * Preview images for Issue cards in Project Board view (#22112)
-  * Add support for incoming emails (#22056)
-  * Add Cargo package registry (#21888)
-  * Add option to prohibit fork if user reached maximum limit of repositories (#21848)
-  * Add attention blocks within quote blocks for `Note` and `Warning` (#21711)
-  * Add Feed for Releases and Tags (#21696)
-  * Add package registry cleanup rules (#21658)
-  * Add "Copy" button to file view of raw text (#21629)
-  * Allow disable sitemap (#21617)
-  * Add package registry quota limits (#21584)
-  * Map OIDC groups to Orgs/Teams (#21441)
-  * Keep languages defined in .gitattributes (#21403)
-  * Add Webhook authorization header (#20926)
-  * Supports wildcard protected branch (#20825)
-  * Copy citation file content, in APA and BibTex format, on repo home page (#19999)
-* API
-  * Match api migration behavior to web behavior (#23552) (#23573)
-  * Purge API comment (#23451) (#23452)
-  * User creation API: allow custom "created" timestamps (#22549)
-  * Add `updated_at` field to PullReview API object (#21812)
-  * Add API management for issue/pull and comment attachments (#21783)
-  * Add API endpoint to get latest release (#21267)
-  * Support system hook API (#14537)
-* ENHANCEMENTS
-  * Add `.patch` to `attachment.ALLOWED_TYPES` (#23580) (#23582)
-  * Fix sticky header in diff view (#23554) (#23568)
-  * Refactor merge/update git command calls (#23366) (#23544)
-  * Fix review comment context menu clipped bug (#23523) (#23543)
-  * Imrove scroll behavior to hash issuecomment(scroll position, auto expand if file is folded, and on refreshing) (#23513) (#23540)
-  * Increase horizontal page padding (#23507) (#23537)
-  * Use octicon-verified for gpg signatures (#23529) (#23536)
-  * Make time tooltips interactive (#23526) (#23527)
-  * Replace Less with CSS (#23508)
-  * Fix 'View File' button in code search (#23478) (#23483)
-  * Convert GitHub event on actions and fix some pull_request events. (#23037) (#23471)
-  * Support reflogs (#22451) (#23438)
-  * Fix actions frontend bugs (pagination, long name alignment) and small simplify (#23370) (#23436)
-  * Scoped label display and documentation tweaks (#23430) (#23433)
-  * Add missing tabs to org projects page (#22705) (#23412)
-  * Fix and move "Use this template" button (#23398) (#23408)
-  * Handle OpenID discovery URL errors a little nicer when creating/editing sources (#23397) (#23403)
-  * Rename `canWriteUnit` to `canWriteProjects` (#23386) (#23399)
-  * Refactor and tidy-up the merge/update branch code (#22568) (#23365)
-  * Refactor `setting.Database.UseXXX` to methods (#23354) (#23356)
-  * Fix incorrect project links and use symlink icon for org-wide projects (#23325) (#23336)
-  * Fix PR view misalignment caused by long name file (#23321) (#23335)
-  * Scoped labels: don't require holding alt key to remove (#23303) (#23331)
-  * Add context when rendering labels or emojis (#23281) (#23319)
-  * Change interactiveBorder to fix popup preview  (#23169) (#23314)
-  * Scoped labels: set aria-disabled on muted Exclusive option for a11y (#23306) (#23311)
-  * update to mermaid v10 (#23178) (#23299)
-  * Fix code wrap for unbroken lines (#23268) (#23293)
-  * Use async await to fix empty quote reply at first time (#23168) (#23256)
-  * Fix switched citation format (#23250) (#23253)
-  * Allow `<video>` in MarkDown (#22892) (#23236)
-  * Order pull request conflict checking by recently updated, for each push (#23220) (#23225)
-  * Fix Fomantic UI's `touchstart` fastclick, always use `click` for click events (#23065) (#23195)
-  * Add word-break to sidebar-item-link (#23146) (#23180)
-  * Add InsecureSkipVerify to Minio Client for Storage (#23166) (#23177)
-  * Fix height for sticky head on large screen on PR page (#23111) (#23123)
-  * Change style to improve whitespaces trimming inside inline markdown code (#23093) (#23120)
-  * Avoid warning for system setting when start up (#23054) (#23116)
-  * Add accessibility to the menu on the navbar (#23059) (#23095)
-  * Improve accessibility for issue comments (#22612) (#23083)
-  * Remove delete button for review comment (#23036)
-  * Remove dashes between organization member avatars on hover (#23034)
-  * Use `gt-relative` class instead of the ambiguous `gt-pr` class  (#23008)
-  * handle deprecated settings (#22992)
-  * Add scopes to API to create token and display them (#22989)
-  * Improve PR Review Box UI (#22986)
-  * Improve issues.LoadProject (#22982)
-  * Add all units to the units permission list in org team members sidebar (#22971)
-  * Rename `GetUnits` to `LoadUnits` (#22970)
-  * Rename `repo.GetOwner` to `repo.LoadOwner` (#22967)
-  * Rename "People" to "Members" in organization page and use a better icon (#22960)
-  * Fix avatar misalignment (#22955)
-  * Sort issues and pulls by recently updated in user and organization home (#22925)
-  * Add `title` to PR file tree items (#22918)
-  * First step to refactor the `.hide` to `.gt-hidden` (#22916)
-  * Add tooltip to issue reference (#22913)
-  * Always show the `command line instructions` button even if there are conflicts (#22909)
-  * Fix dark-colored description text in arc-green theme (#22908)
-  * Remove Fomantic-UI's `.hidden` CSS class for menu elements (#22895)
-  * Move helpers to be prefixed with `gt-` (#22879)
-  * Move `IsReadmeFile*` from `modules/markup/` to `modules/util` (#22877)
-  * Highlight focused diff file (#22870)
-  * Add some headings to repo views (#22869)
-  * Fix milestone title font problem (#22863)
-  * Pull Requests: setting to allow edits by maintainers by default, tweak UI (#22862)
-  * Introduce customized HTML elements, fix incorrect AppUrl usages in templates (#22861)
-  * Add `/$count` endpoints for NuGet v2 (#22855)
-  * Remove Fomantic-UI's `.hidden` CSS class for checkbox elements (#22851)
-  * Fix notification and stopwatch empty states (#22845)
-  * Always go full width in PR view (#22844)
-  * Improve AppUrl/ROOT_URL checking (#22836)
-  * Fix style of actions rerun button (#22835)
-  * Fix more HTMLURL in templates (#22831)
-  * Fix inconsistent Filter Project name in issue list (#22827)
-  * include build info in Prometheus metrics (#22819)
-  * Make clone URL use current page's host (#22808)
-  * Refactor legacy strange git operations (#22756)
-  * Improve error report when user passes a private key (#22726)
-  * set user dashboard org visibility to basic (#22706)
-  * Fix diff UI for unexpandable items (#22700)
-  * Remove 'primary' class from tab counter labels (#22687)
-  * Add more events details supports for actions (#22680)
-  * Refactor git command package to improve security and maintainability (#22678)
-  * Use relative url in actions view (#22675)
-  * set user visibility class to basic (#22674)
-  * Add repository setting to enable/disable releases unit (#22671)
-  * Remove label color from global issue filters (#22660)
-  * Fix poor alignment of organization description on organization home page (#22656)
-  * Small refactor for loading PRs (#22652)
-  * Allow setting access token scope by CLI (#22648)
-  * Improve accessibility of navigation bar and footer (#22635)
-  * Fixes accessibility behavior of Watching, Staring and Fork buttons (#22634)
-  * Fixes accessibility of empty repository commit status (#22632)
-  * Pull request yaml template support for including commit body in a field (#22629)
-  * Show migration validation error (#22619)
-  * set org visibility class to basic in header (#22605)
-  * Fix cache-control header clearing comment text when editing issue (#22604)
-  * Add ARIA support for Fomantic UI checkboxes (#22599)
-  * Add templates to customize text when creating and migrating repositories (#22597)
-  * Allow setting `redirect_to` cookie on OAuth login (#22594)
-  * Improve checkbox accessibility a bit by adding the title attribute (#22593)
-  * Allow issue templates to not render title (#22589)
-  * Webhooks: for issue close/reopen action, add commit ID that caused it (#22583)
-  * Fix missing title and filter in issue sidebar project menu (#22557)
-  * Issues: support setting issue template field values with query (#22545)
-  * Issues: add Project filter to issues list and search (#22544)
-  * Pull Requests: add color to approved/reject icon in pull requests list (#22543)
-  * Mute all links in issue timeline (#22533)
-  * Dropzone: Add "Copy link" button for new uploads (#22517)
-  * Support importing comment types (#22510)
-  * Load asciicast css async (#22502)
-  * Move delete user to service (#22478)
-  * Change use of Walk to WalkDir to improve disk performance (#22462)
-  * Add reply hint to mail text (#22459)
-  * fix wrong theme class when logged out if default theme is changed (#22408)
-  * Refactor the setting to make unit test easier (#22405)
-  * Improve utils of slices (#22379)
-  * Use context parameter in models/git (#22367)
-  * Always reuse transaction (#22362)
-  * Fix unstable emoji sort (#22346)
-  * Add context cache as a request level cache (#22294)
-  * Reminder for no more logs to console (#22282)
-  * Support estimated count with multiple schemas (#22276)
-  * Move `convert` package to services (#22264)
-  * Use dynamic package type list (#22263)
-  * Hide file borders on sticky diff box (#22217)
-  * Improve notification and stopwatch styles (#22169)
-  * Fixed Project view .board-column height for tall screens. (#22108)
-  * Use multi reader instead to concat strings (#22099)
-  * Use git command instead of exec.Cmd in blame (#22098)
-  * Fix autofilled text visibility in dark mode (#22088)
-  * Rename almost all Ctx functions (#22071)
-  * Rename actions to operations on UI (#22067)
-  * refactor bind functions based on generics (#22055)
-  * Support disabling database auto migration (#22053)
-  * remove duplicated read file code (#22042)
-  * Use link in UI which returned a relative url but not html_url which contains an absolute url (#21986)
-  * Skip initing disabled storages (#21985)
-  * Add doctor command for full GC of LFS (#21978)
-  * Util type to parse ref name (#21969)
-  * Replace fmt.Sprintf with hex.EncodeToString (#21960)
-  * Use random bytes to generate access token (#21959)
-  * Add index for access_token (#21908)
-  * Move all remaining colors into CSS variables (#21903)
-  * Webhook list enhancements (#21893)
-  * Embed Matrix icon as SVG (#21890)
-  * Remove useless "Cancel" buttons (#21872)
-  * fix(web): keep the pages of the navigation in the center (#21867)
-  * fix(web): reduce page jitter on browsers that support overlay scrollbar (#21850)
-  * Improvements for Content Copy (#21842)
-  * Tweak katex options (#21828)
-  * Show syntax lexer name in file view/blame (#21814)
-  * Remove `href="javascript:;"` in "save topics (Done)" button (#21813)
-  * Render number of commits in repo page in a user friendly way (#21786)
-  * Adjust clone timeout error to suggest increasing timeout (#21769)
-  * Update message of reach_limit_of_creation (#21757)
-  * Allow detect whether it's in a database transaction for a context.Context (#21756)
-  * Add configuration for CORS allowed headers (#21747)
-  * Move svg html render to modules/svg (#21716)
-  * Release and Tag List tweaks (#21712)
-  * Remove template previewer (#21701)
-  * Clean up formatting on install page (#21668)
-  * Configure update checker on installation page (#21655)
-  * Merge db.Iterate and IterateObjects (#21641)
-  * Add option to enable CAPTCHA validation for login (#21638)
-  * Allow disable RSS/Atom feed (#21622)
-  * Use CSS color-scheme instead of invert (#21616)
-  * Localize time units on activity heatmap (#21570)
-  * Fix UI column width, button overflow Fomantic's grid (#21559)
-  * feat: notify doers of a merge when automerging (#21553)
-  * Split migrations folder (#21549)
-  * feat: add button to quickly clear merge message (#21548)
-  * Add `context.Context` to more methods (#21546)
-  * Add index for hook_task table (#21545)
-  * Allow disable code tab (#20805)
-* BUGFIXES
-  * Fix template error when reference Project (#23584)
-  * Fix dropdown icon misalignment when using fomantic icon (#23558) (#23577)
-  * Fix diff detail buttons wrapping, use tippy for review box (#23271) (#23546)
-  * Handle missing `README` in create repos API (#23387) (#23510)
-  * Disable sending email after push a commit to a closed PR (#23462) (#23492)
-  * Fix aria.js bugs: incorrect role element problem, mobile focus problem, tippy problem (#23450) (#23486)
-  * Fix due date being wrong on issue list (#23475) (#23477)
-  * Remove wrongly added column on migration test fixtures (#23456) (#23470)
-  * Make branches list page operations remember current page (#23420) (#23460)
-  * Fix missing commit status in PR which from forked repo (#23351) (#23453)
-  * Show edit/close/delete button on organization wide repositories (#23388) (#23429)
-  * Preserve file size when creating attachments (#23406) (#23426)
-  * Fix broken Chroma CSS styles (#23174) (#23402)
-  * Fix incorrect NotFound conditions in org/projects.go (#23384) (#23395)
-  * Set `X-Gitea-Debug` header once (#23361) (#23381)
-  * Pass context to avatar for projects view (#23359) (#23378)
-  * Fix panic when getting notes by ref (#23372) (#23377)
-  * Do not recognize text files as audio (#23355) (#23368)
-  * Fix adding of empty class name (#23352) (#23360)
-  * Fix various ImageDiff/SVG bugs (#23312) (#23358)
-  * Fix incorrect display for comment context menu (#23343) (#23344)
-  * Remove unnecessary space on link (#23334) (#23340)
-  * Fix incorrect redirect link of delete org project (#23327) (#23339)
-  * Fix cannot reopen after pushing commits to a closed PR (#23189) (#23324)
-  * Fix broken code editor diff preview (#23307) (#23320)
-  * Support sanitising the URL by removing extra slashes in the URL (#21333) (#23300)
-  * Avoid panic caused by broken payload when creating commit status (#23216) (#23294)
-  * Fill head commit to in payload when notifying push commits for mirroring (#23215) (#23292)
-  * Fix various bugs for "install" page (#23194) (#23286)
-  * Fix GetFilesChangedBetween if the file name may be escaped (#23272) (#23279)
-  * Revert relative links to absolute links in mail templates (#23267) (#23269)
-  * Fix commit retrieval by tag (#21804) (#23266)
-  * Use correct README link to render the README (#23152) (#23264)
-  * Close the temp file when dumping database to make the temp file can be deleted on Windows (#23249) (#23251)
-  * Use the correct selector to hide the checkmark of selected labels on clear (#23224) (#23228)
-  * Fix incorrect checkbox behaviors in the dashboard repolist's filter (#23147) (#23205)
-  * Properly flush unique queues on startup (#23154) (#23201)
-  * Pass `--global` when calling `git config --get`, for consistency with `git config --set` (#23157) (#23199)
-  * Make `gitea serv` respect git binary home (#23138) (#23197)
-  * Change button text for commenting and closing an issue at the same time (#23135) (#23182)
-  * Fix DBConsistency checks on MSSQL (#23132) (#23134)
-  * Show empty repos in Admin Repository Management page (#23114) (#23130)
-  * Redirect to the commit page after applying patch (#23056) (#23127)
-  * Fix nil context in RenderMarkdownToHtml (#23092) (#23108)
-  * Make issue meta dropdown support Enter, confirm before reloading (#23014) (#23102)
-  * Fix SyncOnCommit always return false in API of push_mirrors (#23088) (#23100)
-  * Fix commit name in Apply Patch page (#23086) (#23099)
-  * Fix some more hidden problems (#23074) (#23075)
-  * Bump golang.org/x/net from 0.4.0 to 0.7.0 (#22980)
-  * Get rules by id when editing branch protection rule (#22932)
-  * Fix panic when call api (/repos/{owner}/{repo}/pulls/{index}/files) (#22921)
-  * Increase Content field size of gpg_import_key to MEDIUMTEXT (#22897)
-  * Fix hidden commit status on multiple checks (#22889)
-  * Fix update by rebase being wrongly disabled by protected base branch (#22825)
-  * Make issue title edit buttons focusable and fix incorrect ajax requests (#22807)
-  * Fix rerun button of Actions (#22798)
-  * remove update language in ProfilePost (#22748)
-  * Do not overwrite empty DefaultBranch (#22708)
-  * Fix ref to trigger Actions (#22679)
-  * Fix time to NotifyPullRequestSynchronized (#22650)
-  * Show all projects, not just repo projects and open/closed projects  (#22640)
-  * Project links should use parent link methods (#22587)
-  * Fix group filter for ldap source sync (#22506)
-  * Check quota limits for container uploads (#22450)
-  * Fix halfCommitter and WithTx (#22366)
-  * Attempt to fix TestExportUserGPGKeys (#22159)
-  * Fix heatmap first color being unused (#22157)
-  * Fix scroll over mermaid frame (#21925)
-  * Move migration test fixtures to the correct directories (#21901)
-  * fix(web): add `alt` for logo in home page (#21887)
-  * Fix webhook attachment text is not set in review comment (#21763)
-  * Alter package_version.metadata_json to LONGTEXT (#21667)
-  * Ensure that Webhook tasks are not double delivered (#21558)
-* TESTING
-  * Make CI use a dummy password hasher for all tests (#22983)
-  * Disable test for incoming email (#22686)
-  * Move fuzz tests into tests/fuzz (#22376)
-  * Test views of LFS files (#22196)
-  * Specify ID in `TestAPITeam` (#22192)
-  * verify nodeinfo response by schema  (#22137)
-  * Skip GitHub migration tests if the API token is undefined (#21824)
-  * Add a simple test for external renderer (#20033)
-* TRANSLATION
-  * Use "Title Case" for text "Reference in new issue" (#22936)
-* BUILD
-  * Wrap unless-check in docker manifests (#23079) (#23081)
-  * Adjust manifest to prevent tagging latest on rcs (#22811)
-  * update to build with go1.20 (#22732)
-  * Add Bash and Zsh completion scripts (#22646)
-  * Add Contributed backport command (#22643)
-  * Remove deprecated packages & staticcheck fixes (#22012)
-  * Update to Alpine 3.17 (#21904)
-  * Fix webpack license warning (#21815)
-* DOCS
-  * Update documentation for the new YAML label file format  (#23020) (#23341)
-  * Update hacking-on-gitea-zh_cn documentation (#23315) (#23323)
-  * Add basic documentation for labels, including scoped labels (#23304) (#23309)
-  * Re-add accidentally removed `hacking-on-gitea.zh-cn.md` (#23297) (#23305)
-  * Fix secrets overview page missing from docs sidebar (#23143) (#23145)
-  * Add some guidelines for refactoring (#22880)
-  * Explain that the no-access team unit does not affect public repositories (#22661)
-  * Fix incorrect Redis URL snippets in the example app.ini (#22573)
-  * docs: add swagger.json file location to FAQ (#22489)
-  * Update index.de-de.md (#22363)
-  * Update Gmail mailer configuration (#22291)
-  * Add missed reverse proxy authentication documentation (#22250)
-  * Add plural definitions for German translations (#21802)
-  * Attempt clarify AppWorkPath etc. (#21656)
-  * Add some documentation to packages (#21648)
-* MISC
-  * Use `<nav>` instead of `<div>` in the global navbar (#23125) (#23533)
-  * Do not create commit graph for temporary repos (#23219) (#23229)
-  * Update button is shown when a Pull Request is marked WIP - Issue #21740 (#22683)
-  * Add main landmark to templates and adjust titles (#22670)
-  * Fix error on account activation with wrong passwd (#22609)
-  * Update JS dependencies (#22538)
-  * Display unreferenced packages total size in package admin panel (#22498)
-  * Mobile fix for Project view: Add delay to Sortable.js on mobile, to ensure scrolling is possible. (#22152)
-  * Update chroma to v2.4.0 (#22000)
-  * Hide collapse icon in diff with no lines (#21094)
-
-## [1.18.5](https://github.com/go-gitea/gitea/releases/tag/v1.18.5) - 2023-02-21
-
-* ENHANCEMENTS
-  * Hide 2FA status from other members in organization members list (#22999) (#23023)
-* BUGFIXES
-  * Add force_merge to merge request and fix checking mergable (#23010) (#23032)
-  * Use `--message=%s` for git commit message (#23028) (#23029)
-  * Render access log template as text instead of HTML (#23013) (#23025)
-  * Fix the Manually Merged form (#23015) (#23017)
-  * Use beforeCommit instead of baseCommit (#22949) (#22996)
-  * Display attachments of review comment when comment content is blank (#23035) (#23046)
-  * Return empty url for submodule tree entries (#23043) (#23048)
-
-## [1.18.4](https://github.com/go-gitea/gitea/releases/tag/1.18.4) - 2023-02-20
-
-* SECURITY
-  * Provide the ability to set password hash algorithm parameters (#22942) (#22943)
-  * Add command to bulk set must-change-password (#22823) (#22928)
-* ENHANCEMENTS
-  * Use import of OCI structs (#22765) (#22805)
-  * Fix color of tertiary button on dark theme (#22739) (#22744)
-  * Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
-* BUGFIXES
-  * Notify on container image create (#22806) (#22965)
-  * Fix blame view missing lines (#22826) (#22929)
-  * Fix incorrect role labels for migrated issues and comments (#22914) (#22923)
-  * Fix PR file tree folders no longer collapsing (#22864) (#22872)
-  * Escape filename when assemble URL (#22850) (#22871)
-  * Fix isAllowed of escapeStreamer (#22814) (#22837)
-  * Load issue before accessing index in merge message (#22822) (#22830)
-  * Improve trace logging for pulls and processes (#22633) (#22812)
-  * Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794)
-  * Add default user visibility to cli command "admin user create" (#22750) (#22760)
-  * Escape path for the file list (#22741) (#22757)
-  * Fix bugs with WebAuthn preventing sign in and registration. (#22651) (#22721)
-  * Add missing close bracket in imagediff (#22710) (#22712)
-  * Move code comments to a standalone file and fix the bug when adding a reply to an outdated review appears to not post(#20821) (#22707)
-  * Fix line spacing for plaintext previews (#22699) (#22701)
-  * Fix wrong hint when deleting a branch successfully from pull request UI (#22673) (#22698)
-  * Fix README TOC links (#22577) (#22677)
-  * Fix missing message in git hook when pull requests disabled on fork (#22625) (#22658)
-  * Improve checkIfPRContentChanged (#22611) (#22644)
-  * Prevent duplicate labels when importing more than 99 (#22591) (#22598)
-  * Don't return duplicated users who can create org repo (#22560) (#22562)
-* BUILD
-  * Upgrade golangcilint to v1.51.0 (#22764)
-* MISC
-  * Use proxy for pull mirror (#22771) (#22772)
-  * Use `--index-url` in PyPi description (#22620) (#22636)
-
 ## [1.18.3](https://github.com/go-gitea/gitea/releases/tag/v1.18.3) - 2023-01-23

 * SECURITY
@@ -612,6 +15,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
 ## [1.18.2](https://github.com/go-gitea/gitea/releases/tag/v1.18.2) - 2023-01-19

 * BUGFIXES
+  * When updating by rebase we need to set the environment for head repo (#22535) (#22536)
  * Fix issue not auto-closing when it includes a reference to a branch (#22514) (#22521)
  * Fix invalid issue branch reference if not specified in template (#22513) (#22520)
  * Fix 500 error viewing pull request when fork has pull requests disabled (#22512) (#22515)
@@ -661,7 +65,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Restore previous official review when an official review is deleted (#22449) (#22460)
  * Log STDERR of external renderer when it fails (#22442) (#22444)

-## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/v1.18.0) - 2022-12-29
+## [1.18.0](https://github.com/go-gitea/gitea/releases/tag/1.18.0) - 2022-12-22

 * SECURITY
  * Remove ReverseProxy authentication from the API (#22219) (#22251)
@@ -857,7 +261,7 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Update JS dependencies, adjust eslint (#20659)
  * Add more linters to improve code readability (#19989)

-## [1.17.4](https://github.com/go-gitea/gitea/releases/tag/v1.17.4) - 2022-12-21
+## [1.17.4](https://github.com/go-gitea/gitea/releases/tag/1.17.4) - 2022-12-21

 * SECURITY
  * Do not allow Ghost access to limited visible user/org (#21849) (#21875)
@@ -108,7 +108,7 @@ You can find more information on how to get started with it on the [Modules Wiki

 We do all translation work inside [Crowdin](https://crowdin.com/project/gitea).
 The only translation that is maintained in this Git repository is
-[`en_US.ini`](https://github.com/go-gitea/gitea/blob/main/options/locale/locale_en-US.ini)
+[`en_US.ini`](https://github.com/go-gitea/gitea/blob/master/options/locale/locale_en-US.ini)
 and is synced regularly to Crowdin. Once a translation has reached
 A SATISFACTORY PERCENTAGE it will be synced back into this repo and
 included in the next released version.
@@ -190,8 +190,6 @@ To maintain understandable code and avoid circular dependencies it is important
 - **templates:** Golang templates for generating the html output.
 - **tests/e2e:** End to end tests
 - **tests/integration:** Integration tests
- **tests/gitea-repositories-meta:** Sample repos used in integration tests. Adding a new repo requires editing `models/fixtures/repositories.yml` and `models/fixtures/repo_unit.yml` to match.
- **tests/gitea-lfs-meta:** Sample LFS objects used in integration tests. Adding a new object requires editing `models/fixtures/lfs_meta_object.yml` to match.
 - **vendor:** External code that Gitea depends on.

 ## Documentation
@@ -267,10 +265,26 @@ with the rest of the summary matching the original PR. Similarly for frontports

 ---

-A command to help create backports can be found in `contrib/backport` and can be installed (from inside the gitea repo root directory) using:
+The below is a script that may be helpful in creating backports. YMMV.

 ```bash
-go install contrib/backport/backport.go
+#!/bin/sh
+PR="$1"
+SHA="$2"
+VERSION="$3"
+
+if [ -z "$SHA" ]; then
+    SHA=$(gh api /repos/go-gitea/gitea/pulls/$PR -q '.merge_commit_sha')
+fi
+
+if [ -z "$VERSION" ]; then
+    VERSION="v1.16"
+fi
+
+echo git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git checkout origin/release/"$VERSION" -b backport-$PR-$VERSION
+git cherry-pick $SHA && git commit --amend && git push zeripath backport-$PR-$VERSION && xdg-open https://github.com/go-gitea/gitea/compare/release/"$VERSION"...zeripath:backport-$PR-$VERSION
+
 ```

 ## Developer Certificate of Origin (DCO)
@@ -299,7 +313,9 @@ known as the release freeze. All the feature pull requests should be
 merged before feature freeze. And, during the frozen period, a corresponding
 release branch is open for fixes backported from main branch. Release candidates
 are made during this period for user testing to
-obtain a final version that is maintained in this branch.
+obtain a final version that is maintained in this branch. A release is
+maintained by issuing patch releases to only correct critical problems
+such as crashes or security issues.

 Major release cycles are seasonal. They always begin on the 25th and end on
 the 24th (i.e., the 25th of December to March 24th).
@@ -309,16 +325,6 @@ for the previous version. For example, if the latest, published release is
 v1.2, then minor changes for the previous release—e.g., v1.1.0 -> v1.1.1—are
 still possible.

-The previous release gets fixes for:
-
- Security issues
- Critical bugs
- Regressions
- Build issues
- Necessary enhancements (including necessary UI/UX fixes)
-
-The backported fixes should avoid breaking downgrade between minor releases as much as possible.
-
 ## Maintainers

 To make sure every PR is checked, we have [team
@@ -433,9 +439,9 @@ be reviewed by two maintainers and must pass the automatic tests.
 Code that you contribute should use the standard copyright header:

 ```
-// Copyright <year> The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
 ```

 Files in the repository contain copyright from the year they are added
@@ -2,6 +2,8 @@ Developer Certificate of Origin
 Version 1.1

 Copyright (C) 2004, 2006 The Linux Foundation and its contributors.
+660 York Street, Suite 102,
+San Francisco, CA 94110 USA

 Everyone is permitted to copy and distribute verbatim copies of this
 license document, but changing it is not allowed.
@@ -31,4 +33,4 @@ By making a contribution to this project, I certify that:
    are public and that a record of the contribution (including all
    personal information I submit with it, including my sign-off) is
    maintained indefinitely and may be redistributed consistent with
-    this project or the open source license(s) involved.
+    this project or the open source license(s) involved.
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.17 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -64,7 +64,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh
@@ -1,5 +1,5 @@
 #Build stage
-FROM docker.io/library/golang:1.20-alpine3.17 AS build-env
+FROM golang:1.19-alpine3.16 AS build-env

 ARG GOPROXY
 ENV GOPROXY ${GOPROXY:-direct}
@@ -23,7 +23,7 @@ RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 # Begin env-to-ini build
 RUN go build contrib/environment-to-ini/environment-to-ini.go

-FROM docker.io/library/alpine:3.17
+FROM alpine:3.16
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 2222 3000
@@ -54,9 +54,7 @@ RUN chown git:git /var/lib/gitea /etc/gitea
 COPY docker/rootless /
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-COPY --from=build-env /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete /etc/profile.d/gitea_bash_autocomplete.sh
 RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
-RUN chmod 644 /etc/profile.d/gitea_bash_autocomplete.sh

 #git:git
 USER 1000:1000
@@ -6,6 +6,7 @@ Kim Carlbäcker <kim.carlbacker@gmail.com> (@bkcsoft)
 LefsFlare <nobody@nobody.tld> (@LefsFlarey)
 Lunny Xiao <xiaolunwen@gmail.com> (@lunny)
 Matthias Loibl <mail@matthiasloibl.com> (@metalmatze)
+Morgan Bazalgette <the@howl.moe> (@thehowl)
 Rachid Zarouali <nobody@nobody.tld> (@xinity)
 Rémy Boulanouar <admin@dblk.org> (@DblK)
 Sandro Santilli <strk@kbt.io> (@strk)
@@ -43,10 +44,9 @@ Janis Estelmann <admin@oldschoolhack.me> (@KN4CK3R)
 Steven Kriegler <sk.bunsenbrenner@gmail.com> (@justusbunsi)
 Jimmy Praet <jimmy.praet@telenet.be> (@jpraet)
 Leon Hofmeister <dev.lh@web.de> (@delvh) 
+Gusted <williamzijl7@hotmail.com) (@Gusted)
+silentcode <silentcode@senga.org> (@silentcodeg)
 Wim <wim@42.be> (@42wim)
-Xinyu Zhou <i@sourcehut.net> (@xin-u)
+xinyu <xinyu@nerv.org.cn> (@penlinux)
 Jason Song <i@wolfogre.com> (@wolfogre)
 Yarden Shoham <hrsi88@gmail.com> (@yardenshoham)
-Yu Tian <zettat123@gmail.com> (@Zettat123)
-Eddie Yang <576951401@qq.com> (@yp05327)
-Dong Ge <gedong_1994@163.com> (@sillyguodong)
@@ -23,18 +23,18 @@ SHASUM ?= shasum -a 256
 HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" )
 COMMA := ,

-XGO_VERSION := go-1.20.x
+XGO_VERSION := go-1.19.x

 AIR_PACKAGE ?= github.com/cosmtrek/air@v1.40.4
-EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.6.0
-ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.2
-GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.4.0
-GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.51.0
+EDITORCONFIG_CHECKER_PACKAGE ?= github.com/editorconfig-checker/editorconfig-checker/cmd/editorconfig-checker@2.5.0
+ERRCHECK_PACKAGE ?= github.com/kisielk/errcheck@v1.6.1
+GOFUMPT_PACKAGE ?= mvdan.cc/gofumpt@v0.3.1
+GOLANGCI_LINT_PACKAGE ?= github.com/golangci/golangci-lint/cmd/golangci-lint@v1.47.0
 GXZ_PAGAGE ?= github.com/ulikunitz/xz/cmd/gxz@v0.5.10
 MISSPELL_PACKAGE ?= github.com/client9/misspell/cmd/misspell@v0.3.4
-SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.3
+SWAGGER_PACKAGE ?= github.com/go-swagger/go-swagger/cmd/swagger@v0.30.0
 XGO_PACKAGE ?= src.techknowlogick.com/xgo@latest
-GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.5.0
+GO_LICENSES_PACKAGE ?= github.com/google/go-licenses@v1.3.0
 GOVULNCHECK_PACKAGE ?= golang.org/x/vuln/cmd/govulncheck@latest

 DOCKER_IMAGE ?= gitea/gitea
@@ -77,7 +77,6 @@ ifeq ($(RACE_ENABLED),true)
 endif

 STORED_VERSION_FILE := VERSION
-HUGO_VERSION ?= 0.111.3

 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
@@ -97,21 +96,15 @@ else
 	endif
 endif

-# if version = "main" then update version to "nightly"
-ifeq ($(VERSION),main)
-	VERSION := main-nightly
-endif
-
 LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"

 LINUX_ARCHS ?= linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64

-GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
-GO_TEST_PACKAGES ?= $(filter-out $(shell $(GO) list code.gitea.io/gitea/models/migrations/...) code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))
+GO_PACKAGES ?= $(filter-out code.gitea.io/gitea/models/migrations code.gitea.io/gitea/tests/integration/migration-test code.gitea.io/gitea/tests code.gitea.io/gitea/tests/integration code.gitea.io/gitea/tests/e2e,$(shell $(GO) list ./... | grep -v /vendor/))

 FOMANTIC_WORK_DIR := web_src/fomantic

-WEBPACK_SOURCES := $(shell find web_src/js web_src/css -type f)
+WEBPACK_SOURCES := $(shell find web_src/js web_src/less -type f)
 WEBPACK_CONFIGS := webpack.config.js
 WEBPACK_DEST := public/js/index.js public/css/index.css
 WEBPACK_DEST_ENTRIES := public/js public/css public/fonts public/img/webpack public/serviceworker.js
@@ -137,10 +130,10 @@ TEST_TAGS ?= sqlite sqlite_unlock_notify
 TAR_EXCLUDES := .git data indexers queues log node_modules $(EXECUTABLE) $(FOMANTIC_WORK_DIR)/node_modules $(DIST) $(MAKE_EVIDENCE_DIR) $(AIR_TMP_DIR) $(GO_LICENSE_TMP_DIR)

 GO_DIRS := cmd tests models modules routers build services tools
-WEB_DIRS := web_src/js web_src/css
+WEB_DIRS := web_src/js web_src/less

 GO_SOURCES := $(wildcard *.go)
-GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" ! -path modules/options/bindata.go ! -path modules/public/bindata.go ! -path modules/templates/bindata.go)
+GO_SOURCES += $(shell find $(GO_DIRS) -type f -name "*.go" -not -path modules/options/bindata.go -not -path modules/public/bindata.go -not -path modules/templates/bindata.go)
 GO_SOURCES += $(GENERATED_GO_DEST)
 GO_SOURCES_NO_BINDATA := $(GO_SOURCES)

@@ -339,15 +332,15 @@ checks: checks-frontend checks-backend
 checks-frontend: lockfile-check svg-check

 .PHONY: checks-backend
-checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate security-check
+checks-backend: tidy-check swagger-check fmt-check misspell-check swagger-validate

 .PHONY: lint
 lint: lint-frontend lint-backend

 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js tests/e2e
-	npx stylelint --color --max-warnings=0 web_src/css
+	npx eslint --color --max-warnings=0 --ext js,vue web_src/js build *.config.js docs/assets/js tests/e2e
+	npx stylelint --color --max-warnings=0 web_src/less
 	npx spectral lint -q -F hint $(SWAGGER_SPEC)
 	npx markdownlint docs *.md

@@ -373,7 +366,7 @@ test: test-frontend test-backend
 .PHONY: test-backend
 test-backend:
 	@echo "Running go test with $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(GO_PACKAGES)

 .PHONY: test-frontend
 test-frontend: node_modules
@@ -394,7 +387,7 @@ test-check:
 .PHONY: test\#%
 test\#%:
 	@echo "Running go test with -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_TEST_PACKAGES)
+	@$(GO) test $(GOTESTFLAGS) -tags='$(TEST_TAGS)' -run $(subst .,/,$*) $(GO_PACKAGES)

 .PHONY: coverage
 coverage:
@@ -405,7 +398,7 @@ coverage:
 .PHONY: unit-test-coverage
 unit-test-coverage:
 	@echo "Running unit-test-coverage $(GOTESTFLAGS) -tags '$(TEST_TAGS)'..."
-	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_TEST_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1
+	@$(GO) test $(GOTESTFLAGS) -timeout=20m -tags='$(TEST_TAGS)' -cover -coverprofile coverage.out $(GO_PACKAGES) && echo "\n==>\033[32m Ok\033[m\n" || exit 1

 .PHONY: tidy
 tidy:
@@ -449,7 +442,14 @@ test-sqlite\#%: integrations.sqlite.test generate-ini-sqlite
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./integrations.sqlite.test -test.run $(subst .,/,$*)

 .PHONY: test-sqlite-migration
-test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test
+test-sqlite-migration:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test
+
+.PHONY: test-sqlite-migration\#%
+test-sqlite-migration\#%:  migrations.sqlite.test migrations.individual.sqlite.test generate-ini-sqlite
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.individual.sqlite.test -test.run $(subst .,/,$*)
+

 generate-ini-mysql:
 	sed -e 's|{{TEST_MYSQL_HOST}}|${TEST_MYSQL_HOST}|g' \
@@ -470,7 +470,9 @@ test-mysql\#%: integrations.mysql.test generate-ini-mysql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./integrations.mysql.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql-migration
-test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test
+test-mysql-migration: migrations.mysql.test migrations.individual.mysql.test generate-ini-mysql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.individual.mysql.test

 generate-ini-mysql8:
 	sed -e 's|{{TEST_MYSQL8_HOST}}|${TEST_MYSQL8_HOST}|g' \
@@ -491,7 +493,9 @@ test-mysql8\#%: integrations.mysql8.test generate-ini-mysql8
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./integrations.mysql8.test -test.run $(subst .,/,$*)

 .PHONY: test-mysql8-migration
-test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test
+test-mysql8-migration: migrations.mysql8.test migrations.individual.mysql8.test generate-ini-mysql8
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.individual.mysql8.test

 generate-ini-pgsql:
 	sed -e 's|{{TEST_PGSQL_HOST}}|${TEST_PGSQL_HOST}|g' \
@@ -513,7 +517,9 @@ test-pgsql\#%: integrations.pgsql.test generate-ini-pgsql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./integrations.pgsql.test -test.run $(subst .,/,$*)

 .PHONY: test-pgsql-migration
-test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test
+test-pgsql-migration: migrations.pgsql.test migrations.individual.pgsql.test generate-ini-pgsql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.individual.pgsql.test

 generate-ini-mssql:
 	sed -e 's|{{TEST_MSSQL_HOST}}|${TEST_MSSQL_HOST}|g' \
@@ -534,7 +540,9 @@ test-mssql\#%: integrations.mssql.test generate-ini-mssql
 	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./integrations.mssql.test -test.run $(subst .,/,$*)

 .PHONY: test-mssql-migration
-test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test
+test-mssql-migration: migrations.mssql.test migrations.individual.mssql.test generate-ini-mssql
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test -test.failfast
+	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.individual.mssql.test -test.failfast

 .PHONY: playwright
 playwright: $(PLAYWRIGHT_DIR)
@@ -629,82 +637,50 @@ integrations.sqlite.test: git-check $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -o integrations.sqlite.test -tags '$(TEST_TAGS)'

 integrations.cover.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.test

 integrations.cover.sqlite.test: git-check $(GO_SOURCES)
-	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_TEST_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration -coverpkg $(shell echo $(GO_PACKAGES) | tr ' ' ',') -o integrations.cover.sqlite.test -tags '$(TEST_TAGS)'

 .PHONY: migrations.mysql.test
-migrations.mysql.test: $(GO_SOURCES) generate-ini-mysql
+migrations.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini ./migrations.mysql.test

 .PHONY: migrations.mysql8.test
-migrations.mysql8.test: $(GO_SOURCES) generate-ini-mysql8
+migrations.mysql8.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mysql8.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini ./migrations.mysql8.test

 .PHONY: migrations.pgsql.test
-migrations.pgsql.test: $(GO_SOURCES) generate-ini-pgsql
+migrations.pgsql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.pgsql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini ./migrations.pgsql.test

 .PHONY: migrations.mssql.test
-migrations.mssql.test: $(GO_SOURCES) generate-ini-mssql
+migrations.mssql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.mssql.test
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini ./migrations.mssql.test

 .PHONY: migrations.sqlite.test
-migrations.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
+migrations.sqlite.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/integration/migration-test -o migrations.sqlite.test -tags '$(TEST_TAGS)'
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini ./migrations.sqlite.test

 .PHONY: migrations.individual.mysql.test
 migrations.individual.mysql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql.test

 .PHONY: migrations.individual.mysql8.test
 migrations.individual.mysql8.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql8.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.mysql8.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mysql8.test

 .PHONY: migrations.individual.pgsql.test
 migrations.individual.pgsql.test: $(GO_SOURCES)
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.pgsql.test\#%
-migrations.individual.pgsql.test\#%: $(GO_SOURCES) generate-ini-pgsql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/pgsql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
-
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.pgsql.test

 .PHONY: migrations.individual.mssql.test
-migrations.individual.mssql.test: $(GO_SOURCES) generate-ini-mssql
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg -test.failfast; \
-	done
-
-.PHONY: migrations.individual.mssql.test\#%
-migrations.individual.mssql.test\#%: $(GO_SOURCES) generate-ini-mssql
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mssql.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+migrations.individual.mssql.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.mssql.test

 .PHONY: migrations.individual.sqlite.test
-migrations.individual.sqlite.test: $(GO_SOURCES) generate-ini-sqlite
-	for pkg in $(shell $(GO) list code.gitea.io/gitea/models/migrations/...); do \
-		GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
-	done
-
-.PHONY: migrations.individual.sqlite.test\#%
-migrations.individual.sqlite.test\#%: $(GO_SOURCES) generate-ini-sqlite
-	GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/sqlite.ini $(GO) test $(GOTESTFLAGS) -tags '$(TEST_TAGS)' code.gitea.io/gitea/models/migrations/$*
+migrations.individual.sqlite.test: $(GO_SOURCES)
+	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/models/migrations -o migrations.individual.sqlite.test -tags '$(TEST_TAGS)'

 e2e.mysql.test: $(GO_SOURCES)
 	$(GO) test $(GOTESTFLAGS) -c code.gitea.io/gitea/tests/e2e -o e2e.mysql.test
@@ -751,7 +727,7 @@ generate-go: $(TAGS_PREREQ)

 .PHONY: security-check
 security-check:
-	go run $(GOVULNCHECK_PACKAGE) ./...
+	govulncheck -v ./...

 $(EXECUTABLE): $(GO_SOURCES) $(TAGS_PREREQ)
 	CGO_CFLAGS="$(CGO_CFLAGS)" $(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
@@ -817,11 +793,14 @@ release-sources: | $(DIST_DIRS)

 .PHONY: release-docs
 release-docs: | $(DIST_DIRS) docs
-	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs .
+	tar -czf $(DIST)/release/gitea-docs-$(VERSION).tar.gz -C ./docs/public .

 .PHONY: docs
 docs:
-	cd docs; bash scripts/trans-copy.sh;
+	@hash hugo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		curl -sL https://github.com/gohugoio/hugo/releases/download/v0.74.3/hugo_0.74.3_Linux-64bit.tar.gz | tar zxf - -C /tmp && mv /tmp/hugo /usr/bin/hugo && chmod +x /usr/bin/hugo; \
+	fi
+	cd docs; make trans-copy clean build-offline;

 .PHONY: deps
 deps: deps-frontend deps-backend
@@ -862,8 +841,6 @@ fomantic:
 	cp -f $(FOMANTIC_WORK_DIR)/theme.config.less $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/theme.config
 	cp -rf $(FOMANTIC_WORK_DIR)/_site $(FOMANTIC_WORK_DIR)/node_modules/fomantic-ui/src/
 	cd $(FOMANTIC_WORK_DIR) && npx gulp -f node_modules/fomantic-ui/gulpfile.js build
-	# fomantic uses "touchstart" as click event for some browsers, it's not ideal, so we force fomantic to always use "click" as click event
-	$(SED_INPLACE) -e 's/clickEvent[ \t]*=/clickEvent = "click", unstableClickEvent =/g' $(FOMANTIC_WORK_DIR)/build/semantic.js
 	$(SED_INPLACE) -e 's/\r//g' $(FOMANTIC_WORK_DIR)/build/semantic.css $(FOMANTIC_WORK_DIR)/build/semantic.js
 	rm -f $(FOMANTIC_WORK_DIR)/build/*.min.*

@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -45,7 +45,7 @@
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://www.bountysource.com/teams/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
@@ -12,14 +12,14 @@
  <a href="https://discord.gg/Gitea" title="Join the Discord chat at https://discord.gg/Gitea">
    <img src="https://img.shields.io/discord/322538954119184384.svg">
  </a>
-  <a href="https://app.codecov.io/gh/go-gitea/gitea" title="Codecov">
+  <a href="https://codecov.io/gh/go-gitea/gitea" title="Codecov">
    <img src="https://codecov.io/gh/go-gitea/gitea/branch/main/graph/badge.svg">
  </a>
  <a href="https://goreportcard.com/report/code.gitea.io/gitea" title="Go Report Card">
    <img src="https://goreportcard.com/badge/code.gitea.io/gitea">
  </a>
-  <a href="https://pkg.go.dev/code.gitea.io/gitea" title="GoDoc">
-    <img src="https://pkg.go.dev/badge/code.gitea.io/gitea?status.svg">
+  <a href="https://godoc.org/code.gitea.io/gitea" title="GoDoc">
+    <img src="https://godoc.org/code.gitea.io/gitea?status.svg">
  </a>
  <a href="https://github.com/go-gitea/gitea/releases/latest" title="GitHub release">
    <img src="https://img.shields.io/github/release/go-gitea/gitea.svg">
@@ -45,7 +45,7 @@
  <a href="https://www.tickgit.com/browse?repo=github.com/go-gitea/gitea&branch=main" title="TODOs">
    <img src="https://badgen.net/https/api.tickgit.com/badgen/github.com/go-gitea/gitea/main">
  </a>
-  <a href="https://app.bountysource.com/teams/gitea" title="Bountysource">
+  <a href="https://img.shields.io/bountysource/team/gitea" title="Bountysource">
    <img src="https://img.shields.io/bountysource/team/gitea/activity">
  </a>
 </p>
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build vendor

@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package codeformat

@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -32,15 +33,11 @@ func needsUpdate(dir, filename string) (bool, []byte) {

 	hasher := sha1.New()

-	err = filepath.WalkDir(dir, func(path string, d os.DirEntry, err error) error {
+	err = filepath.Walk(dir, func(path string, info os.FileInfo, err error) error {
 		if err != nil {
 			return err
 		}
-		info, err := d.Info()
-		if err != nil {
-			return err
-		}
-		_, _ = hasher.Write([]byte(d.Name()))
+		_, _ = hasher.Write([]byte(info.Name()))
 		_, _ = hasher.Write([]byte(info.ModTime().String()))
 		_, _ = hasher.Write([]byte(strconv.FormatInt(info.Size(), 16)))
 		return nil
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright 2015 Kenneth Shaw
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -189,10 +190,6 @@ func generate() ([]byte, error) {
 		}
 	}

-	sort.Slice(data, func(i, j int) bool {
-		return data[i].Aliases[0] < data[j].Aliases[0]
-	})
-
 	// add header
 	str := replacer.Replace(fmt.Sprintf(hdr, gemojiURL, data))

@@ -212,8 +209,8 @@ func generate() ([]byte, error) {

 const hdr = `
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package emoji

@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build ignore

@@ -9,7 +10,6 @@ import (
 	"encoding/json"
 	"io/fs"
 	"os"
-	goPath "path"
 	"path/filepath"
 	"regexp"
 	"sort"
@@ -48,15 +48,13 @@ func main() {

 	entries := []LicenseEntry{}
 	for _, path := range paths {
-		path := filepath.ToSlash(path)
-
 		licenseText, err := os.ReadFile(path)
 		if err != nil {
 			panic(err)
 		}

-		path = strings.Replace(path, base+"/", "", 1)
-		name := goPath.Dir(path)
+		path := strings.Replace(path, base+string(os.PathSeparator), "", 1)
+		name := filepath.Dir(path)

 		// There might be a bug somewhere in go-licenses that sometimes interprets the
 		// root package as "." and sometimes as "code.gitea.io/gitea". Workaround by
@@ -2,7 +2,7 @@
 import imageminZopfli from 'imagemin-zopfli';
 import {optimize} from 'svgo';
 import {fabric} from 'fabric';
-import {readFile, writeFile} from 'node:fs/promises';
+import {readFile, writeFile} from 'fs/promises';

 function exit(err) {
  if (err) console.error(err);
@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import fastGlob from 'fast-glob';
 import {optimize} from 'svgo';
-import {parse} from 'node:path';
-import {readFile, writeFile, mkdir} from 'node:fs/promises';
-import {fileURLToPath} from 'node:url';
+import {parse} from 'path';
+import {readFile, writeFile, mkdir} from 'fs/promises';
+import {fileURLToPath} from 'url';

 const glob = (pattern) => fastGlob.sync(pattern, {
  cwd: fileURLToPath(new URL('..', import.meta.url)),
@@ -1,6 +1,7 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
 // Copyright (c) 2015, Wade Simmons
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // gocovmerge takes the results from multiple `go test -coverprofile` runs and
 // merges them into one profile
@@ -1,13 +1,14 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

 import (
+	"context"
 	"errors"
 	"fmt"
-	"net/url"
 	"os"
 	"strings"
 	"text/tabwriter"
@@ -16,15 +17,20 @@ import (
 	auth_model "code.gitea.io/gitea/models/auth"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
+	pwd "code.gitea.io/gitea/modules/password"
 	repo_module "code.gitea.io/gitea/modules/repository"
+	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/storage"
 	"code.gitea.io/gitea/modules/util"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
 	"code.gitea.io/gitea/services/auth/source/smtp"
 	repo_service "code.gitea.io/gitea/services/repository"
+	user_service "code.gitea.io/gitea/services/user"

 	"github.com/urfave/cli"
 )
@@ -43,6 +49,142 @@ var (
 		},
 	}

+	subcmdUser = cli.Command{
+		Name:  "user",
+		Usage: "Modify users",
+		Subcommands: []cli.Command{
+			microcmdUserCreate,
+			microcmdUserList,
+			microcmdUserChangePassword,
+			microcmdUserDelete,
+			microcmdUserGenerateAccessToken,
+		},
+	}
+
+	microcmdUserList = cli.Command{
+		Name:   "list",
+		Usage:  "List users",
+		Action: runListUsers,
+		Flags: []cli.Flag{
+			cli.BoolFlag{
+				Name:  "admin",
+				Usage: "List only admin users",
+			},
+		},
+	}
+
+	microcmdUserCreate = cli.Command{
+		Name:   "create",
+		Usage:  "Create a new user in database",
+		Action: runCreateUser,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "name",
+				Usage: "Username. DEPRECATED: use username instead",
+			},
+			cli.StringFlag{
+				Name:  "username",
+				Usage: "Username",
+			},
+			cli.StringFlag{
+				Name:  "password",
+				Usage: "User password",
+			},
+			cli.StringFlag{
+				Name:  "email",
+				Usage: "User email address",
+			},
+			cli.BoolFlag{
+				Name:  "admin",
+				Usage: "User is an admin",
+			},
+			cli.BoolFlag{
+				Name:  "random-password",
+				Usage: "Generate a random password for the user",
+			},
+			cli.BoolFlag{
+				Name:  "must-change-password",
+				Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
+			},
+			cli.IntFlag{
+				Name:  "random-password-length",
+				Usage: "Length of the random password to be generated",
+				Value: 12,
+			},
+			cli.BoolFlag{
+				Name:  "access-token",
+				Usage: "Generate access token for the user",
+			},
+			cli.BoolFlag{
+				Name:  "restricted",
+				Usage: "Make a restricted user account",
+			},
+		},
+	}
+
+	microcmdUserChangePassword = cli.Command{
+		Name:   "change-password",
+		Usage:  "Change a user's password",
+		Action: runChangePassword,
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Value: "",
+				Usage: "The user to change password for",
+			},
+			cli.StringFlag{
+				Name:  "password,p",
+				Value: "",
+				Usage: "New password to set for user",
+			},
+		},
+	}
+
+	microcmdUserDelete = cli.Command{
+		Name:  "delete",
+		Usage: "Delete specific user by id, name or email",
+		Flags: []cli.Flag{
+			cli.Int64Flag{
+				Name:  "id",
+				Usage: "ID of user of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username of the user to delete",
+			},
+			cli.StringFlag{
+				Name:  "email,e",
+				Usage: "Email of the user to delete",
+			},
+			cli.BoolFlag{
+				Name:  "purge",
+				Usage: "Purge user, all their repositories, organizations and comments",
+			},
+		},
+		Action: runDeleteUser,
+	}
+
+	microcmdUserGenerateAccessToken = cli.Command{
+		Name:  "generate-access-token",
+		Usage: "Generate a access token for a specific user",
+		Flags: []cli.Flag{
+			cli.StringFlag{
+				Name:  "username,u",
+				Usage: "Username",
+			},
+			cli.StringFlag{
+				Name:  "token-name,t",
+				Usage: "Token name",
+				Value: "gitea-admin",
+			},
+			cli.BoolFlag{
+				Name:  "raw",
+				Usage: "Display only the token value",
+			},
+		},
+		Action: runGenerateAccessToken,
+	}
+
 	subcmdRepoSyncReleases = cli.Command{
 		Name:   "repo-sync-releases",
 		Usage:  "Synchronize repository releases with tags",
@@ -162,11 +304,6 @@ var (
 			Value: "false",
 			Usage: "Use custom URLs for GitLab/GitHub OAuth endpoints",
 		},
-		cli.StringFlag{
-			Name:  "custom-tenant-id",
-			Value: "",
-			Usage: "Use custom Tenant ID for OAuth endpoints",
-		},
 		cli.StringFlag{
 			Name:  "custom-auth-url",
 			Value: "",
@@ -226,15 +363,6 @@ var (
 			Value: "",
 			Usage: "Group Claim value for restricted users",
 		},
-		cli.StringFlag{
-			Name:  "group-team-map",
-			Value: "",
-			Usage: "JSON mapping between groups and org teams",
-		},
-		cli.BoolFlag{
-			Name:  "group-team-map-removal",
-			Usage: "Activate automatic team membership removal depending on groups",
-		},
 	}

 	microcmdAuthUpdateOauth = cli.Command{
@@ -340,6 +468,255 @@ var (
 	}
 )

+func runChangePassword(c *cli.Context) error {
+	if err := argsSet(c, "username", "password"); err != nil {
+		return err
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+	if len(c.String("password")) < setting.MinPasswordLength {
+		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
+	}
+
+	if !pwd.IsComplexEnough(c.String("password")) {
+		return errors.New("Password does not meet complexity requirements")
+	}
+	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
+	if err != nil {
+		return err
+	}
+	if pwned {
+		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
+	}
+	uname := c.String("username")
+	user, err := user_model.GetUserByName(ctx, uname)
+	if err != nil {
+		return err
+	}
+	if err = user.SetPassword(c.String("password")); err != nil {
+		return err
+	}
+
+	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+		return err
+	}
+
+	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
+	return nil
+}
+
+func runCreateUser(c *cli.Context) error {
+	if err := argsSet(c, "email"); err != nil {
+		return err
+	}
+
+	if c.IsSet("name") && c.IsSet("username") {
+		return errors.New("Cannot set both --name and --username flags")
+	}
+	if !c.IsSet("name") && !c.IsSet("username") {
+		return errors.New("One of --name or --username flags must be set")
+	}
+
+	if c.IsSet("password") && c.IsSet("random-password") {
+		return errors.New("cannot set both -random-password and -password flags")
+	}
+
+	var username string
+	if c.IsSet("username") {
+		username = c.String("username")
+	} else {
+		username = c.String("name")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	var password string
+	if c.IsSet("password") {
+		password = c.String("password")
+	} else if c.IsSet("random-password") {
+		var err error
+		password, err = pwd.Generate(c.Int("random-password-length"))
+		if err != nil {
+			return err
+		}
+		fmt.Printf("generated random password is '%s'\n", password)
+	} else {
+		return errors.New("must set either password or random-password flag")
+	}
+
+	// always default to true
+	changePassword := true
+
+	// If this is the first user being created.
+	// Take it as the admin and don't force a password update.
+	if n := user_model.CountUsers(nil); n == 0 {
+		changePassword = false
+	}
+
+	if c.IsSet("must-change-password") {
+		changePassword = c.Bool("must-change-password")
+	}
+
+	restricted := util.OptionalBoolNone
+
+	if c.IsSet("restricted") {
+		restricted = util.OptionalBoolOf(c.Bool("restricted"))
+	}
+
+	u := &user_model.User{
+		Name:               username,
+		Email:              c.String("email"),
+		Passwd:             password,
+		IsAdmin:            c.Bool("admin"),
+		MustChangePassword: changePassword,
+	}
+
+	overwriteDefault := &user_model.CreateUserOverwriteOptions{
+		IsActive:     util.OptionalBoolTrue,
+		IsRestricted: restricted,
+	}
+
+	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
+		return fmt.Errorf("CreateUser: %w", err)
+	}
+
+	if c.Bool("access-token") {
+		t := &auth_model.AccessToken{
+			Name: "gitea-admin",
+			UID:  u.ID,
+		}
+
+		if err := auth_model.NewAccessToken(t); err != nil {
+			return err
+		}
+
+		fmt.Printf("Access token was successfully created... %s\n", t.Token)
+	}
+
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
+	return nil
+}
+
+func runListUsers(c *cli.Context) error {
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	users, err := user_model.GetAllUsers()
+	if err != nil {
+		return err
+	}
+
+	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
+
+	if c.IsSet("admin") {
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
+		for _, u := range users {
+			if u.IsAdmin {
+				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
+			}
+		}
+	} else {
+		twofa := user_model.UserList(users).GetTwoFaStatus()
+		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
+		for _, u := range users {
+			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
+		}
+
+	}
+
+	w.Flush()
+	return nil
+}
+
+func runDeleteUser(c *cli.Context) error {
+	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
+		return fmt.Errorf("You must provide the id, username or email of a user to delete")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	if err := storage.Init(); err != nil {
+		return err
+	}
+
+	var err error
+	var user *user_model.User
+	if c.IsSet("email") {
+		user, err = user_model.GetUserByEmail(c.String("email"))
+	} else if c.IsSet("username") {
+		user, err = user_model.GetUserByName(ctx, c.String("username"))
+	} else {
+		user, err = user_model.GetUserByID(c.Int64("id"))
+	}
+	if err != nil {
+		return err
+	}
+	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
+		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
+	}
+
+	if c.IsSet("id") && user.ID != c.Int64("id") {
+		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
+	}
+
+	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
+}
+
+func runGenerateAccessToken(c *cli.Context) error {
+	if !c.IsSet("username") {
+		return fmt.Errorf("You must provide the username to generate a token for them")
+	}
+
+	ctx, cancel := installSignals()
+	defer cancel()
+
+	if err := initDB(ctx); err != nil {
+		return err
+	}
+
+	user, err := user_model.GetUserByName(ctx, c.String("username"))
+	if err != nil {
+		return err
+	}
+
+	t := &auth_model.AccessToken{
+		Name: c.String("token-name"),
+		UID:  user.ID,
+	}
+
+	if err := auth_model.NewAccessToken(t); err != nil {
+		return err
+	}
+
+	if c.Bool("raw") {
+		fmt.Printf("%s\n", t.Token)
+	} else {
+		fmt.Printf("Access token was successfully created: %s\n", t.Token)
+	}
+
+	return nil
+}
+
 func runRepoSyncReleases(_ *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()
@@ -350,7 +727,7 @@ func runRepoSyncReleases(_ *cli.Context) error {

 	log.Trace("Synchronizing repository releases (this may take a while)")
 	for page := 1; ; page++ {
-		repos, count, err := repo_model.SearchRepositoryByName(ctx, &repo_model.SearchRepoOptions{
+		repos, count, err := repo_model.SearchRepositoryByName(&repo_model.SearchRepoOptions{
 			ListOptions: db.ListOptions{
 				PageSize: repo_model.RepositoryListDefaultPageSize,
 				Page:     page,
@@ -402,7 +779,6 @@ func runRepoSyncReleases(_ *cli.Context) error {

 func getReleaseCount(id int64) (int64, error) {
 	return repo_model.GetReleaseCountByRepoID(
-		db.DefaultContext,
 		id,
 		repo_model.FindReleasesOptions{
 			IncludeTags: true,
@@ -438,7 +814,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 			AuthURL:    c.String("custom-auth-url"),
 			ProfileURL: c.String("custom-profile-url"),
 			EmailURL:   c.String("custom-email-url"),
-			Tenant:     c.String("custom-tenant-id"),
 		}
 	} else {
 		customURLMapping = nil
@@ -457,8 +832,6 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 		GroupClaimName:                c.String("group-claim-name"),
 		AdminGroup:                    c.String("admin-group"),
 		RestrictedGroup:               c.String("restricted-group"),
-		GroupTeamMap:                  c.String("group-team-map"),
-		GroupTeamMapRemoval:           c.Bool("group-team-map-removal"),
 	}
 }

@@ -470,19 +843,11 @@ func runAddOauth(c *cli.Context) error {
 		return err
 	}

-	config := parseOAuth2Config(c)
-	if config.Provider == "openidConnect" {
-		discoveryURL, err := url.Parse(config.OpenIDConnectAutoDiscoveryURL)
-		if err != nil || (discoveryURL.Scheme != "http" && discoveryURL.Scheme != "https") {
-			return fmt.Errorf("invalid Auto Discovery URL: %s (this must be a valid URL starting with http:// or https://)", config.OpenIDConnectAutoDiscoveryURL)
-		}
-	}
-
 	return auth_model.CreateSource(&auth_model.Source{
 		Type:     auth_model.OAuth2,
 		Name:     c.String("name"),
 		IsActive: true,
-		Cfg:      config,
+		Cfg:      parseOAuth2Config(c),
 	})
 }

@@ -549,12 +914,6 @@ func runUpdateOauth(c *cli.Context) error {
 	if c.IsSet("restricted-group") {
 		oAuth2Config.RestrictedGroup = c.String("restricted-group")
 	}
-	if c.IsSet("group-team-map") {
-		oAuth2Config.GroupTeamMap = c.String("group-team-map")
-	}
-	if c.IsSet("group-team-map-removal") {
-		oAuth2Config.GroupTeamMapRemoval = c.Bool("group-team-map-removal")
-	}

 	// update custom URL mapping
 	customURLMapping := &oauth2.CustomURLMapping{}
@@ -564,7 +923,6 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.AuthURL = oAuth2Config.CustomURLMapping.AuthURL
 		customURLMapping.ProfileURL = oAuth2Config.CustomURLMapping.ProfileURL
 		customURLMapping.EmailURL = oAuth2Config.CustomURLMapping.EmailURL
-		customURLMapping.Tenant = oAuth2Config.CustomURLMapping.Tenant
 	}
 	if c.IsSet("use-custom-urls") && c.IsSet("custom-token-url") {
 		customURLMapping.TokenURL = c.String("custom-token-url")
@@ -582,10 +940,6 @@ func runUpdateOauth(c *cli.Context) error {
 		customURLMapping.EmailURL = c.String("custom-email-url")
 	}

-	if c.IsSet("use-custom-urls") && c.IsSet("custom-tenant-id") {
-		customURLMapping.Tenant = c.String("custom-tenant-id")
-	}
-
 	oAuth2Config.CustomURLMapping = customURLMapping
 	source.Cfg = oAuth2Config

@@ -596,7 +950,7 @@ func parseSMTPConfig(c *cli.Context, conf *smtp.Source) error {
 	if c.IsSet("auth-type") {
 		conf.Auth = c.String("auth-type")
 		validAuthTypes := []string{"PLAIN", "LOGIN", "CRAM-MD5"}
-		if !util.SliceContainsString(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
+		if !contains(validAuthTypes, strings.ToUpper(c.String("auth-type"))) {
 			return errors.New("Auth must be one of PLAIN/LOGIN/CRAM-MD5")
 		}
 		conf.Auth = c.String("auth-type")
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,21 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"github.com/urfave/cli"
-)
-
-var subcmdUser = cli.Command{
-	Name:  "user",
-	Usage: "Modify users",
-	Subcommands: []cli.Command{
-		microcmdUserCreate,
-		microcmdUserList,
-		microcmdUserChangePassword,
-		microcmdUserDelete,
-		microcmdUserGenerateAccessToken,
-		microcmdUserMustChangePassword,
-	},
-}
@@ -1,76 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"context"
-	"errors"
-	"fmt"
-
-	user_model "code.gitea.io/gitea/models/user"
-	pwd "code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/setting"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserChangePassword = cli.Command{
-	Name:   "change-password",
-	Usage:  "Change a user's password",
-	Action: runChangePassword,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "username,u",
-			Value: "",
-			Usage: "The user to change password for",
-		},
-		cli.StringFlag{
-			Name:  "password,p",
-			Value: "",
-			Usage: "New password to set for user",
-		},
-	},
-}
-
-func runChangePassword(c *cli.Context) error {
-	if err := argsSet(c, "username", "password"); err != nil {
-		return err
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-	if len(c.String("password")) < setting.MinPasswordLength {
-		return fmt.Errorf("Password is not long enough. Needs to be at least %d", setting.MinPasswordLength)
-	}
-
-	if !pwd.IsComplexEnough(c.String("password")) {
-		return errors.New("Password does not meet complexity requirements")
-	}
-	pwned, err := pwd.IsPwned(context.Background(), c.String("password"))
-	if err != nil {
-		return err
-	}
-	if pwned {
-		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
-	}
-	uname := c.String("username")
-	user, err := user_model.GetUserByName(ctx, uname)
-	if err != nil {
-		return err
-	}
-	if err = user.SetPassword(c.String("password")); err != nil {
-		return err
-	}
-
-	if err = user_model.UpdateUserCols(ctx, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
-		return err
-	}
-
-	fmt.Printf("%s's password has been successfully updated!\n", user.Name)
-	return nil
-}
@@ -1,169 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"errors"
-	"fmt"
-	"os"
-
-	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "code.gitea.io/gitea/models/user"
-	pwd "code.gitea.io/gitea/modules/auth/password"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserCreate = cli.Command{
-	Name:   "create",
-	Usage:  "Create a new user in database",
-	Action: runCreateUser,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "name",
-			Usage: "Username. DEPRECATED: use username instead",
-		},
-		cli.StringFlag{
-			Name:  "username",
-			Usage: "Username",
-		},
-		cli.StringFlag{
-			Name:  "password",
-			Usage: "User password",
-		},
-		cli.StringFlag{
-			Name:  "email",
-			Usage: "User email address",
-		},
-		cli.BoolFlag{
-			Name:  "admin",
-			Usage: "User is an admin",
-		},
-		cli.BoolFlag{
-			Name:  "random-password",
-			Usage: "Generate a random password for the user",
-		},
-		cli.BoolFlag{
-			Name:  "must-change-password",
-			Usage: "Set this option to false to prevent forcing the user to change their password after initial login, (Default: true)",
-		},
-		cli.IntFlag{
-			Name:  "random-password-length",
-			Usage: "Length of the random password to be generated",
-			Value: 12,
-		},
-		cli.BoolFlag{
-			Name:  "access-token",
-			Usage: "Generate access token for the user",
-		},
-		cli.BoolFlag{
-			Name:  "restricted",
-			Usage: "Make a restricted user account",
-		},
-	},
-}
-
-func runCreateUser(c *cli.Context) error {
-	if err := argsSet(c, "email"); err != nil {
-		return err
-	}
-
-	if c.IsSet("name") && c.IsSet("username") {
-		return errors.New("Cannot set both --name and --username flags")
-	}
-	if !c.IsSet("name") && !c.IsSet("username") {
-		return errors.New("One of --name or --username flags must be set")
-	}
-
-	if c.IsSet("password") && c.IsSet("random-password") {
-		return errors.New("cannot set both -random-password and -password flags")
-	}
-
-	var username string
-	if c.IsSet("username") {
-		username = c.String("username")
-	} else {
-		username = c.String("name")
-		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	var password string
-	if c.IsSet("password") {
-		password = c.String("password")
-	} else if c.IsSet("random-password") {
-		var err error
-		password, err = pwd.Generate(c.Int("random-password-length"))
-		if err != nil {
-			return err
-		}
-		fmt.Printf("generated random password is '%s'\n", password)
-	} else {
-		return errors.New("must set either password or random-password flag")
-	}
-
-	// always default to true
-	changePassword := true
-
-	// If this is the first user being created.
-	// Take it as the admin and don't force a password update.
-	if n := user_model.CountUsers(nil); n == 0 {
-		changePassword = false
-	}
-
-	if c.IsSet("must-change-password") {
-		changePassword = c.Bool("must-change-password")
-	}
-
-	restricted := util.OptionalBoolNone
-
-	if c.IsSet("restricted") {
-		restricted = util.OptionalBoolOf(c.Bool("restricted"))
-	}
-
-	// default user visibility in app.ini
-	visibility := setting.Service.DefaultUserVisibilityMode
-
-	u := &user_model.User{
-		Name:               username,
-		Email:              c.String("email"),
-		Passwd:             password,
-		IsAdmin:            c.Bool("admin"),
-		MustChangePassword: changePassword,
-		Visibility:         visibility,
-	}
-
-	overwriteDefault := &user_model.CreateUserOverwriteOptions{
-		IsActive:     util.OptionalBoolTrue,
-		IsRestricted: restricted,
-	}
-
-	if err := user_model.CreateUser(u, overwriteDefault); err != nil {
-		return fmt.Errorf("CreateUser: %w", err)
-	}
-
-	if c.Bool("access-token") {
-		t := &auth_model.AccessToken{
-			Name: "gitea-admin",
-			UID:  u.ID,
-		}
-
-		if err := auth_model.NewAccessToken(t); err != nil {
-			return err
-		}
-
-		fmt.Printf("Access token was successfully created... %s\n", t.Token)
-	}
-
-	fmt.Printf("New user '%s' has been successfully created!\n", username)
-	return nil
-}
@@ -1,78 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-	"strings"
-
-	user_model "code.gitea.io/gitea/models/user"
-	"code.gitea.io/gitea/modules/storage"
-	user_service "code.gitea.io/gitea/services/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserDelete = cli.Command{
-	Name:  "delete",
-	Usage: "Delete specific user by id, name or email",
-	Flags: []cli.Flag{
-		cli.Int64Flag{
-			Name:  "id",
-			Usage: "ID of user of the user to delete",
-		},
-		cli.StringFlag{
-			Name:  "username,u",
-			Usage: "Username of the user to delete",
-		},
-		cli.StringFlag{
-			Name:  "email,e",
-			Usage: "Email of the user to delete",
-		},
-		cli.BoolFlag{
-			Name:  "purge",
-			Usage: "Purge user, all their repositories, organizations and comments",
-		},
-	},
-	Action: runDeleteUser,
-}
-
-func runDeleteUser(c *cli.Context) error {
-	if !c.IsSet("id") && !c.IsSet("username") && !c.IsSet("email") {
-		return fmt.Errorf("You must provide the id, username or email of a user to delete")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	if err := storage.Init(); err != nil {
-		return err
-	}
-
-	var err error
-	var user *user_model.User
-	if c.IsSet("email") {
-		user, err = user_model.GetUserByEmail(ctx, c.String("email"))
-	} else if c.IsSet("username") {
-		user, err = user_model.GetUserByName(ctx, c.String("username"))
-	} else {
-		user, err = user_model.GetUserByID(ctx, c.Int64("id"))
-	}
-	if err != nil {
-		return err
-	}
-	if c.IsSet("username") && user.LowerName != strings.ToLower(strings.TrimSpace(c.String("username"))) {
-		return fmt.Errorf("The user %s who has email %s does not match the provided username %s", user.Name, c.String("email"), c.String("username"))
-	}
-
-	if c.IsSet("id") && user.ID != c.Int64("id") {
-		return fmt.Errorf("The user %s does not match the provided id %d", user.Name, c.Int64("id"))
-	}
-
-	return user_service.DeleteUser(ctx, user, c.Bool("purge"))
-}
@@ -1,80 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-
-	auth_model "code.gitea.io/gitea/models/auth"
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserGenerateAccessToken = cli.Command{
-	Name:  "generate-access-token",
-	Usage: "Generate an access token for a specific user",
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "username,u",
-			Usage: "Username",
-		},
-		cli.StringFlag{
-			Name:  "token-name,t",
-			Usage: "Token name",
-			Value: "gitea-admin",
-		},
-		cli.BoolFlag{
-			Name:  "raw",
-			Usage: "Display only the token value",
-		},
-		cli.StringFlag{
-			Name:  "scopes",
-			Value: "",
-			Usage: "Comma separated list of scopes to apply to access token",
-		},
-	},
-	Action: runGenerateAccessToken,
-}
-
-func runGenerateAccessToken(c *cli.Context) error {
-	if !c.IsSet("username") {
-		return fmt.Errorf("You must provide a username to generate a token for")
-	}
-
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	user, err := user_model.GetUserByName(ctx, c.String("username"))
-	if err != nil {
-		return err
-	}
-
-	accessTokenScope, err := auth_model.AccessTokenScope(c.String("scopes")).Normalize()
-	if err != nil {
-		return err
-	}
-
-	t := &auth_model.AccessToken{
-		Name:  c.String("token-name"),
-		UID:   user.ID,
-		Scope: accessTokenScope,
-	}
-
-	if err := auth_model.NewAccessToken(t); err != nil {
-		return err
-	}
-
-	if c.Bool("raw") {
-		fmt.Printf("%s\n", t.Token)
-	} else {
-		fmt.Printf("Access token was successfully created: %s\n", t.Token)
-	}
-
-	return nil
-}
@@ -1,60 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"fmt"
-	"os"
-	"text/tabwriter"
-
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserList = cli.Command{
-	Name:   "list",
-	Usage:  "List users",
-	Action: runListUsers,
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "admin",
-			Usage: "List only admin users",
-		},
-	},
-}
-
-func runListUsers(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	users, err := user_model.GetAllUsers()
-	if err != nil {
-		return err
-	}
-
-	w := tabwriter.NewWriter(os.Stdout, 5, 0, 1, ' ', 0)
-
-	if c.IsSet("admin") {
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\n")
-		for _, u := range users {
-			if u.IsAdmin {
-				fmt.Fprintf(w, "%d\t%s\t%s\t%t\n", u.ID, u.Name, u.Email, u.IsActive)
-			}
-		}
-	} else {
-		twofa := user_model.UserList(users).GetTwoFaStatus()
-		fmt.Fprintf(w, "ID\tUsername\tEmail\tIsActive\tIsAdmin\t2FA\n")
-		for _, u := range users {
-			fmt.Fprintf(w, "%d\t%s\t%s\t%t\t%t\t%t\n", u.ID, u.Name, u.Email, u.IsActive, u.IsAdmin, twofa[u.ID])
-		}
-	}
-
-	w.Flush()
-	return nil
-}
@@ -1,58 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package cmd
-
-import (
-	"errors"
-	"fmt"
-
-	user_model "code.gitea.io/gitea/models/user"
-
-	"github.com/urfave/cli"
-)
-
-var microcmdUserMustChangePassword = cli.Command{
-	Name:   "must-change-password",
-	Usage:  "Set the must change password flag for the provided users or all users",
-	Action: runMustChangePassword,
-	Flags: []cli.Flag{
-		cli.BoolFlag{
-			Name:  "all,A",
-			Usage: "All users must change password, except those explicitly excluded with --exclude",
-		},
-		cli.StringSliceFlag{
-			Name:  "exclude,e",
-			Usage: "Do not change the must-change-password flag for these users",
-		},
-		cli.BoolFlag{
-			Name:  "unset",
-			Usage: "Instead of setting the must-change-password flag, unset it",
-		},
-	},
-}
-
-func runMustChangePassword(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	if c.NArg() == 0 && !c.IsSet("all") {
-		return errors.New("either usernames or --all must be provided")
-	}
-
-	mustChangePassword := !c.Bool("unset")
-	all := c.Bool("all")
-	exclude := c.StringSlice("exclude")
-
-	if err := initDB(ctx); err != nil {
-		return err
-	}
-
-	n, err := user_model.SetMustChangePassword(ctx, all, mustChangePassword, c.Args(), exclude)
-	if err != nil {
-		return err
-	}
-
-	fmt.Printf("Updated %d users setting MustChangePassword to %t\n", n, mustChangePassword)
-	return nil
-}
@@ -1,7 +1,8 @@
 // Copyright 2009 The Go Authors. All rights reserved.
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 // Package cmd provides subcommands to the gitea binary - such as "web" or
 // "admin".
@@ -57,10 +58,9 @@ func confirm() (bool, error) {
 }

 func initDB(ctx context.Context) error {
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
-	setting.LoadDBSetting()
-	setting.InitSQLLog(false)
+	setting.LoadFromExisting()
+	setting.InitDBConfig()
+	setting.NewXORMLogService(false)

 	if setting.Database.Type == "" {
 		log.Fatal(`Database settings are missing from the configuration file: %q.
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -17,7 +18,7 @@ import (
 var CmdConvert = cli.Command{
 	Name:        "convert",
 	Usage:       "Convert the database",
-	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4 or MSSQL database from varchar to nvarchar",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
 	Action:      runConvert,
 }

@@ -32,25 +33,20 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

-	switch {
-	case setting.Database.Type.IsMySQL():
-		if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
-			log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
-			return err
-		}
-		fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
-	case setting.Database.Type.IsMSSQL():
-		if err := db.ConvertVarcharToNVarchar(); err != nil {
-			log.Fatal("Failed to convert database from varchar to nvarchar: %v", err)
-			return err
-		}
-		fmt.Println("Converted successfully, please confirm your database's all columns character is NVARCHAR now")
-	default:
-		fmt.Println("This command can only be used with a MySQL or MSSQL database")
+	if !setting.Database.UseMySQL {
+		fmt.Println("This command can only be used with a MySQL database")
+		return nil
 	}

+	if err := db.ConvertUtf8ToUtf8mb4(); err != nil {
+		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+		return err
+	}
+
+	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+
 	return nil
 }
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -13,7 +14,6 @@ import (

 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/migrations"
-	migrate_base "code.gitea.io/gitea/models/migrations/base"
 	"code.gitea.io/gitea/modules/doctor"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
@@ -87,16 +87,14 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
-	setting.LoadDBSetting()
+	setting.LoadFromExisting()
+	setting.InitDBConfig()

-	setting.Log.EnableXORMLog = ctx.Bool("debug")
+	setting.EnableXORMLog = ctx.Bool("debug")
 	setting.Database.LogSQL = ctx.Bool("debug")
-	// FIXME: don't use CfgProvider directly
-	setting.CfgProvider.Section("log").Key("XORM").SetValue(",")
+	setting.Cfg.Section("log").Key("XORM").SetValue(",")

-	setting.InitSQLLog(!ctx.Bool("debug"))
+	setting.NewXORMLogService(!ctx.Bool("debug"))
 	stdCtx, cancel := installSignals()
 	defer cancel()

@@ -116,7 +114,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	if err != nil {
 		return err
 	}
-	recreateTables := migrate_base.RecreateTables(beans...)
+	recreateTables := migrations.RecreateTables(beans...)

 	return db.InitEngineWithMigration(stdCtx, func(x *xorm.Engine) error {
 		if err := migrations.EnsureUpToDate(x); err != nil {
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -181,22 +182,20 @@ func runDump(ctx *cli.Context) error {
 		}
 		fileName += "." + outType
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()

 	// make sure we are logging to the console no matter what the configuration tells us do to
-	// FIXME: don't use CfgProvider directly
-	if _, err := setting.CfgProvider.Section("log").NewKey("MODE", "console"); err != nil {
+	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)
 	}
-	if _, err := setting.CfgProvider.Section("log.console").NewKey("STDERR", "true"); err != nil {
+	if _, err := setting.Cfg.Section("log.console").NewKey("STDERR", "true"); err != nil {
 		fatal("Setting console logger to stderr failed: %v", err)
 	}
 	if !setting.InstallLock {
 		log.Error("Is '%s' really the right config path?\n", setting.CustomConf)
 		return fmt.Errorf("gitea is not initialized")
 	}
-	setting.LoadSettings() // cannot access session settings otherwise
+	setting.NewServices() // cannot access session settings otherwise

 	stdCtx, cancel := installSignals()
 	defer cancel()
@@ -250,8 +249,6 @@ func runDump(ctx *cli.Context) error {

 		if ctx.IsSet("skip-lfs-data") && ctx.Bool("skip-lfs-data") {
 			log.Info("Skip dumping LFS data")
-		} else if !setting.LFS.StartServer {
-			log.Info("LFS isn't enabled. Skip dumping LFS data")
 		} else if err := storage.LFS.IterateObjects(func(objPath string, object storage.Object) error {
 			info, err := object.Stat()
 			if err != nil {
@@ -274,14 +271,13 @@ func runDump(ctx *cli.Context) error {
 		fatal("Failed to create tmp file: %v", err)
 	}
 	defer func() {
-		_ = dbDump.Close()
 		if err := util.Remove(dbDump.Name()); err != nil {
 			log.Warn("Unable to remove temporary file: %s: Error: %v", dbDump.Name(), err)
 		}
 	}()

 	targetDBType := ctx.String("database")
-	if len(targetDBType) > 0 && targetDBType != setting.Database.Type.String() {
+	if len(targetDBType) > 0 && targetDBType != setting.Database.Type {
 		log.Info("Dumping database %s => %s...", setting.Database.Type, targetDBType)
 	} else {
 		log.Info("Dumping database...")
@@ -327,7 +323,7 @@ func runDump(ctx *cli.Context) error {
 		log.Info("Packing data directory...%s", setting.AppDataPath)

 		var excludes []string
-		if setting.SessionConfig.OriginalProvider == "file" {
+		if setting.Cfg.Section("session").Key("PROVIDER").Value() == "file" {
 			var opts session.Options
 			if err = json.Unmarshal([]byte(setting.SessionConfig.ProviderConfig), &opts); err != nil {
 				return err
@@ -344,7 +340,7 @@ func runDump(ctx *cli.Context) error {
 		excludes = append(excludes, setting.LFS.Path)
 		excludes = append(excludes, setting.Attachment.Path)
 		excludes = append(excludes, setting.Packages.Path)
-		excludes = append(excludes, setting.Log.RootPath)
+		excludes = append(excludes, setting.LogRootPath)
 		excludes = append(excludes, absFileName)
 		if err := addRecursiveExclude(w, "data", setting.AppDataPath, excludes, verbose); err != nil {
 			fatal("Failed to include data directory: %v", err)
@@ -366,8 +362,6 @@ func runDump(ctx *cli.Context) error {

 	if ctx.IsSet("skip-package-data") && ctx.Bool("skip-package-data") {
 		log.Info("Skip dumping package data")
-	} else if !setting.Packages.Enabled {
-		log.Info("Packages isn't enabled. Skip dumping package data")
 	} else if err := storage.Packages.IterateObjects(func(objPath string, object storage.Object) error {
 		info, err := object.Stat()
 		if err != nil {
@@ -385,12 +379,12 @@ func runDump(ctx *cli.Context) error {
 	if ctx.IsSet("skip-log") && ctx.Bool("skip-log") {
 		log.Info("Skip dumping log files")
 	} else {
-		isExist, err := util.IsExist(setting.Log.RootPath)
+		isExist, err := util.IsExist(setting.LogRootPath)
 		if err != nil {
-			log.Error("Unable to check if %s exists. Error: %v", setting.Log.RootPath, err)
+			log.Error("Unable to check if %s exists. Error: %v", setting.LogRootPath, err)
 		}
 		if isExist {
-			if err := addRecursiveExclude(w, "log", setting.Log.RootPath, []string{absFileName}, verbose); err != nil {
+			if err := addRecursiveExclude(w, "log", setting.LogRootPath, []string{absFileName}, verbose); err != nil {
 				fatal("Failed to include log: %v", err)
 			}
 		}
@@ -416,6 +410,15 @@ func runDump(ctx *cli.Context) error {
 	return nil
 }

+func contains(slice []string, s string) bool {
+	for _, v := range slice {
+		if v == s {
+			return true
+		}
+	}
+	return false
+}
+
 // addRecursiveExclude zips absPath to specified insidePath inside writer excluding excludeAbsPath
 func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeAbsPath []string, verbose bool) error {
 	absPath, err := filepath.Abs(absPath)
@@ -436,7 +439,7 @@ func addRecursiveExclude(w archiver.Writer, insidePath, absPath string, excludeA
 		currentAbsPath := path.Join(absPath, file.Name())
 		currentInsidePath := path.Join(insidePath, file.Name())
 		if file.IsDir() {
-			if !util.SliceContainsString(excludeAbsPath, currentAbsPath) {
+			if !contains(excludeAbsPath, currentAbsPath) {
 				if err := addFile(w, currentInsidePath, currentAbsPath, false); err != nil {
 					return err
 				}
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -10,13 +11,13 @@ import (
 	"os"
 	"strings"

+	"code.gitea.io/gitea/modules/convert"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	base "code.gitea.io/gitea/modules/migration"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/structs"
 	"code.gitea.io/gitea/modules/util"
-	"code.gitea.io/gitea/services/convert"
 	"code.gitea.io/gitea/services/migrations"

 	"github.com/urfave/cli"
@@ -94,7 +95,7 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	var (
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build bindata

@@ -112,8 +113,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	log.DelNamedLogger(log.DEFAULT)

 	// Read configuration file
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.LoadAllowEmpty()

 	pats, err := getPatterns(c.Args())
 	if err != nil {
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 //go:build !bindata

@@ -1,6 +1,7 @@
 // Copyright 2016 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -185,7 +186,6 @@ Gitea or set your environment appropriately.`, "")
 	userID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPusherID), 10, 64)
 	prID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvPRID), 10, 64)
 	deployKeyID, _ := strconv.ParseInt(os.Getenv(repo_module.EnvDeployKeyID), 10, 64)
-	actionPerm, _ := strconv.ParseInt(os.Getenv(repo_module.EnvActionPerm), 10, 64)

 	hookOptions := private.HookOptions{
 		UserID:                          userID,
@@ -195,7 +195,6 @@ Gitea or set your environment appropriately.`, "")
 		GitPushOptions:                  pushOptions(),
 		PullRequestID:                   prID,
 		DeployKeyID:                     deployKeyID,
-		ActionPerm:                      int(actionPerm),
 	}

 	scanner := bufio.NewScanner(os.Stdin)
@@ -219,9 +218,9 @@ Gitea or set your environment appropriately.`, "")
 		}
 	}

-	supportProcReceive := false
+	supportProcRecive := false
 	if git.CheckGitVersionAtLeast("2.29") == nil {
-		supportProcReceive = true
+		supportProcRecive = true
 	}

 	for scanner.Scan() {
@@ -242,9 +241,9 @@ Gitea or set your environment appropriately.`, "")
 		lastline++

 		// If the ref is a branch or tag, check if it's protected
-		// if supportProcReceive all ref should be checked because
+		// if supportProcRecive all ref should be checked because
 		// permission check was delayed
-		if supportProcReceive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
+		if supportProcRecive || strings.HasPrefix(refFullName, git.BranchPrefix) || strings.HasPrefix(refFullName, git.TagPrefix) {
 			oldCommitIDs[count] = oldCommitID
 			newCommitIDs[count] = newCommitID
 			refFullNames[count] = refFullName
@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -17,8 +18,7 @@ func runSendMail(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()

 	if err := argsSet(c, "title"); err != nil {
 		return err
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -12,7 +13,7 @@ import (

 func init() {
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAndLoadCommonSettingsForTest()
+	setting.LoadForTest()
 }

 func TestMain(m *testing.M) {
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2018 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -33,7 +34,7 @@ func runMigrate(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -72,54 +73,45 @@ var CmdMigrateStorage = cli.Command{
 		cli.StringFlag{
 			Name:  "minio-base-path",
 			Value: "",
-			Usage: "Minio storage base path on the bucket",
+			Usage: "Minio storage basepath on the bucket",
 		},
 		cli.BoolFlag{
 			Name:  "minio-use-ssl",
 			Usage: "Enable SSL for minio",
 		},
-		cli.BoolFlag{
-			Name:  "minio-insecure-skip-verify",
-			Usage: "Skip SSL verification",
-		},
-		cli.StringFlag{
-			Name:  "minio-checksum-algorithm",
-			Value: "",
-			Usage: "Minio checksum algorithm (default/md5)",
-		},
 	},
 }

 func migrateAttachments(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, attach *repo_model.Attachment) error {
+	return db.IterateObjects(ctx, func(attach *repo_model.Attachment) error {
 		_, err := storage.Copy(dstStorage, attach.RelativePath(), storage.Attachments, attach.RelativePath())
 		return err
 	})
 }

 func migrateLFS(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, mo *git_model.LFSMetaObject) error {
+	return db.IterateObjects(ctx, func(mo *git_model.LFSMetaObject) error {
 		_, err := storage.Copy(dstStorage, mo.RelativePath(), storage.LFS, mo.RelativePath())
 		return err
 	})
 }

 func migrateAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, user *user_model.User) error {
+	return db.IterateObjects(ctx, func(user *user_model.User) error {
 		_, err := storage.Copy(dstStorage, user.CustomAvatarRelativePath(), storage.Avatars, user.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoAvatars(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, repo *repo_model.Repository) error {
+	return db.IterateObjects(ctx, func(repo *repo_model.Repository) error {
 		_, err := storage.Copy(dstStorage, repo.CustomAvatarRelativePath(), storage.RepoAvatars, repo.CustomAvatarRelativePath())
 		return err
 	})
 }

 func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, archiver *repo_model.RepoArchiver) error {
+	return db.IterateObjects(ctx, func(archiver *repo_model.RepoArchiver) error {
 		p := archiver.RelativePath()
 		_, err := storage.Copy(dstStorage, p, storage.RepoArchives, p)
 		return err
@@ -127,7 +119,7 @@ func migrateRepoArchivers(ctx context.Context, dstStorage storage.ObjectStorage)
 }

 func migratePackages(ctx context.Context, dstStorage storage.ObjectStorage) error {
-	return db.Iterate(ctx, nil, func(ctx context.Context, pb *packages_model.PackageBlob) error {
+	return db.IterateObjects(ctx, func(pb *packages_model.PackageBlob) error {
 		p := packages_module.KeyToRelativePath(packages_module.BlobHash256Key(pb.HashSHA256))
 		_, err := storage.Copy(dstStorage, p, storage.Packages, p)
 		return err
@@ -145,7 +137,7 @@ func runMigrateStorage(ctx *cli.Context) error {
 	log.Info("AppPath: %s", setting.AppPath)
 	log.Info("AppWorkPath: %s", setting.AppWorkPath)
 	log.Info("Custom path: %s", setting.CustomPath)
-	log.Info("Log path: %s", setting.Log.RootPath)
+	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)

 	if err := db.InitEngineWithMigration(context.Background(), migrations.Migrate); err != nil {
@@ -177,15 +169,13 @@ func runMigrateStorage(ctx *cli.Context) error {
 		dstStorage, err = storage.NewMinioStorage(
 			stdCtx,
 			storage.MinioStorageConfig{
-				Endpoint:           ctx.String("minio-endpoint"),
-				AccessKeyID:        ctx.String("minio-access-key-id"),
-				SecretAccessKey:    ctx.String("minio-secret-access-key"),
-				Bucket:             ctx.String("minio-bucket"),
-				Location:           ctx.String("minio-location"),
-				BasePath:           ctx.String("minio-base-path"),
-				UseSSL:             ctx.Bool("minio-use-ssl"),
-				InsecureSkipVerify: ctx.Bool("minio-insecure-skip-verify"),
-				ChecksumAlgorithm:  ctx.String("minio-checksum-algorithm"),
+				Endpoint:        ctx.String("minio-endpoint"),
+				AccessKeyID:     ctx.String("minio-access-key-id"),
+				SecretAccessKey: ctx.String("minio-secret-access-key"),
+				Bucket:          ctx.String("minio-bucket"),
+				Location:        ctx.String("minio-location"),
+				BasePath:        ctx.String("minio-base-path"),
+				UseSSL:          ctx.Bool("minio-use-ssl"),
 			})
 	default:
 		return fmt.Errorf("unsupported storage type: %s", ctx.String("storage"))
@@ -1,5 +1,6 @@
 // Copyright 2022 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -43,9 +44,8 @@ func TestMigratePackages(t *testing.T) {
 		PackageFileInfo: packages_service.PackageFileInfo{
 			Filename: "a.go",
 		},
-		Creator: creator,
-		Data:    buf,
-		IsLead:  true,
+		Data:   buf,
+		IsLead: true,
 	})
 	assert.NoError(t, err)
 	assert.NotNil(t, v)
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -54,8 +55,7 @@ func runRestoreRepository(c *cli.Context) error {
 	ctx, cancel := installSignals()
 	defer cancel()

-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	var units []string
 	if s := c.String("units"); s != "" {
 		units = strings.Split(s, ",")
@@ -1,6 +1,7 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -11,7 +12,6 @@ import (
 	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
@@ -62,8 +62,7 @@ func setup(logPath string, debug bool) {
 	} else {
 		_ = log.NewLogger(1000, "console", "console", `{"level":"fatal","stacktracelevel":"NONE","stderr":true}`)
 	}
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	if debug {
 		setting.RunMode = "dev"
 	}
@@ -291,21 +290,17 @@ func runServ(c *cli.Context) error {
 		return nil
 	}

-	var gitcmd *exec.Cmd
-	gitBinPath := filepath.Dir(git.GitExecutable) // e.g. /usr/bin
-	gitBinVerb := filepath.Join(gitBinPath, verb) // e.g. /usr/bin/git-upload-pack
-	if _, err := os.Stat(gitBinVerb); err != nil {
-		// if the command "git-upload-pack" doesn't exist, try to split "git-upload-pack" to use the sub-command with git
-		// ps: Windows only has "git.exe" in the bin path, so Windows always uses this way
-		verbFields := strings.SplitN(verb, "-", 2)
-		if len(verbFields) == 2 {
-			// use git binary with the sub-command part: "C:\...\bin\git.exe", "upload-pack", ...
-			gitcmd = exec.CommandContext(ctx, git.GitExecutable, verbFields[1], repoPath)
-		}
+	// Special handle for Windows.
+	if setting.IsWindows {
+		verb = strings.Replace(verb, "-", " ", 1)
 	}
-	if gitcmd == nil {
-		// by default, use the verb (it has been checked above by allowedCommands)
-		gitcmd = exec.CommandContext(ctx, gitBinVerb, repoPath)
+
+	var gitcmd *exec.Cmd
+	verbs := strings.Split(verb, " ")
+	if len(verbs) == 2 {
+		gitcmd = exec.CommandContext(ctx, verbs[0], verbs[1], repoPath)
+	} else {
+		gitcmd = exec.CommandContext(ctx, verb, repoPath)
 	}

 	process.SetSysProcAttribute(gitcmd)
@@ -1,5 +1,6 @@
 // Copyright 2014 The Gogs Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -158,8 +159,7 @@ func runWeb(ctx *cli.Context) error {

 	log.Info("Global init")
 	// Perform global initialization
-	setting.InitProviderFromExistingFile()
-	setting.LoadCommonSettings()
+	setting.LoadFromExisting()
 	routers.GlobalInitInstalled(graceful.GetManager().HammerContext())

 	// We check that AppDataPath exists here (it should have been created during installation)
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2016 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,5 +1,6 @@
 // Copyright 2021 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package cmd

@@ -1,17 +0,0 @@
-Bash and Zsh completion
-=======================
-
-From within the gitea root run:
-
-```bash
-source contrib/autocompletion/bash_autocomplete
-```
-
-or for zsh run:
-
-```bash
-source contrib/autocompletion/zsh_autocomplete
-```
-
-These scripts will check if gitea is on the path and if so add autocompletion for `gitea`. Or if not autocompletion will work for `./gitea`.
-If gitea has been installed as a different program pass in the `PROG` environment variable to set the correct program name.
@@ -1,30 +0,0 @@
-#! /bin/bash
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_bash_autocomplete() {
-  if [[ "${COMP_WORDS[0]}" != "source" ]]; then
-    local cur opts base
-    COMPREPLY=()
-    cur="${COMP_WORDS[COMP_CWORD]}"
-    if [[ "$cur" == "-"* ]]; then
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} ${cur} --generate-bash-completion )
-    else
-      opts=$( ${COMP_WORDS[@]:0:$COMP_CWORD} --generate-bash-completion )
-    fi
-    COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )
-    return 0
-  fi
-}
-
-if [ -z "$PROG" ] && [ ! "$(command -v gitea &> /dev/null)" ] ; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete gitea
-elif [ -z "$PROG" ]; then
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete ./gitea
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PWD/gitea"
-else
-  complete -o bashdefault -o default -o nospace -F _cli_bash_autocomplete "$PROG"
-  unset PROG
-fi
-
-
-
@@ -1,30 +0,0 @@
-#compdef ${PROG:=gitea}
-
-
-# Heavily inspired by https://github.com/urfave/cli
-
-_cli_zsh_autocomplete() {
-
-  local -a opts
-  local cur
-  cur=${words[-1]}
-  if [[ "$cur" == "-"* ]]; then
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} ${cur} --generate-bash-completion)}")
-  else
-    opts=("${(@f)$(_CLI_ZSH_AUTOCOMPLETE_HACK=1 ${words[@]:0:#words[@]-1} --generate-bash-completion)}")
-  fi
-
-  if [[ "${opts[1]}" != "" ]]; then
-    _describe 'values' opts
-  else
-    _files
-  fi
-
-  return
-}
-
-if [ -z $PROG ] ; then
-  compdef _cli_zsh_autocomplete gitea
-else
-  compdef _cli_zsh_autocomplete $(basename $PROG)
-fi
@@ -1,41 +0,0 @@
-`backport`
-==========
-
-`backport` is a command to help create backports of PRs. It backports a
-provided PR from main on to a released version.
-
-It will create a backport branch, cherry-pick the PR's merge commit, adjust
-the commit message and then push this back up to your fork's remote.
-
-The default version will read from `docs/config.yml`. You can override this
-using the option `--version`.
-
-The upstream branches will be fetched, using the remote `origin`. This can
-be overrided using `--upstream`, and fetching can be avoided using
-`--no-fetch`.
-
-By default the branch created will be called `backport-$PR-$VERSION`. You
-can override this using the option `--backport-branch`. This branch will
-be created from `--release-branch` which is `release/$(VERSION)`
-by default and will be pulled from `$(UPSTREAM)`.
-
-The merge-commit as determined by the github API will be used as the SHA to
-cherry-pick. You can override this using `--cherry-pick`.
-
-The commit message will be amended to add the `Backport` header.
-`--no-amend-message` can be set to stop this from happening.
-
-If cherry-pick is successful the backported branch will be pushed up to your
-fork using your remote. These will be determined using `git remote -v`. You
-can set your fork name using `--fork-user` and your remote name using
-`--remote`. You can avoid pushing using `--no-push`.
-
-If the push is successful, `xdg-open` will be called to open a backport url.
-You can stop this using `--no-xdg-open`.
-
-Installation
-============
-
-```bash
-go install contrib/backport/backport.go
-```
@@ -1,473 +0,0 @@
-// Copyright 2023 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
-
-package main
-
-import (
-	"context"
-	"fmt"
-	"log"
-	"net/http"
-	"os"
-	"os/exec"
-	"os/signal"
-	"path"
-	"strconv"
-	"strings"
-	"syscall"
-
-	"github.com/google/go-github/v45/github"
-	"github.com/urfave/cli"
-	"gopkg.in/yaml.v3"
-)
-
-const defaultVersion = "v1.18" // to backport to
-
-func main() {
-	app := cli.NewApp()
-	app.Name = "backport"
-	app.Usage = "Backport provided PR-number on to the current or previous released version"
-	app.Description = `Backport will look-up the PR in Gitea's git log and attempt to cherry-pick it on the current version`
-	app.ArgsUsage = "<PR-to-backport>"
-
-	app.Flags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "version",
-			Usage: "Version branch to backport on to",
-		},
-		cli.StringFlag{
-			Name:  "upstream",
-			Value: "origin",
-			Usage: "Upstream remote for the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "release-branch",
-			Value: "",
-			Usage: "Release branch to backport on. Will default to release/<version>",
-		},
-		cli.StringFlag{
-			Name:  "cherry-pick",
-			Usage: "SHA to cherry-pick as backport",
-		},
-		cli.StringFlag{
-			Name:  "backport-branch",
-			Usage: "Backport branch to backport on to (default: backport-<pr>-<version>",
-		},
-		cli.StringFlag{
-			Name:  "remote",
-			Value: "",
-			Usage: "Remote for your fork of the Gitea upstream",
-		},
-		cli.StringFlag{
-			Name:  "fork-user",
-			Value: "",
-			Usage: "Forked user name on Github",
-		},
-		cli.BoolFlag{
-			Name:  "no-fetch",
-			Usage: "Set this flag to prevent fetch of remote branches",
-		},
-		cli.BoolFlag{
-			Name:  "no-amend-message",
-			Usage: "Set this flag to prevent automatic amendment of the commit message",
-		},
-		cli.BoolFlag{
-			Name:  "no-push",
-			Usage: "Set this flag to prevent pushing the backport up to your fork",
-		},
-		cli.BoolFlag{
-			Name:  "no-xdg-open",
-			Usage: "Set this flag to not use xdg-open to open the PR URL",
-		},
-		cli.BoolFlag{
-			Name:  "continue",
-			Usage: "Set this flag to continue from a git cherry-pick that has broken",
-		},
-	}
-	cli.AppHelpTemplate = `NAME:
-	{{.Name}} - {{.Usage}}
-USAGE:
-	{{.HelpName}} {{if .VisibleFlags}}[options]{{end}} {{if .ArgsUsage}}{{.ArgsUsage}}{{else}}[arguments...]{{end}}
-	{{if len .Authors}}
-AUTHOR:
-	{{range .Authors}}{{ . }}{{end}}
-	{{end}}{{if .Commands}}
-OPTIONS:
-	{{range .VisibleFlags}}{{.}}
-	{{end}}{{end}}
-`
-
-	app.Action = runBackport
-
-	if err := app.Run(os.Args); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to backport: %v\n", err)
-	}
-}
-
-func runBackport(c *cli.Context) error {
-	ctx, cancel := installSignals()
-	defer cancel()
-
-	continuing := c.Bool("continue")
-
-	var pr string
-
-	version := c.String("version")
-	if version == "" && continuing {
-		// determine version from current branch name
-		var err error
-		pr, version, err = readCurrentBranch(ctx)
-		if err != nil {
-			return err
-		}
-	}
-	if version == "" {
-		version = readVersion()
-	}
-	if version == "" {
-		version = defaultVersion
-	}
-
-	upstream := c.String("upstream")
-	if upstream == "" {
-		upstream = "origin"
-	}
-
-	forkUser := c.String("fork-user")
-	remote := c.String("remote")
-	if remote == "" && !c.Bool("--no-push") {
-		var err error
-		remote, forkUser, err = determineRemote(ctx, forkUser)
-		if err != nil {
-			return err
-		}
-	}
-
-	upstreamReleaseBranch := c.String("release-branch")
-	if upstreamReleaseBranch == "" {
-		upstreamReleaseBranch = path.Join("release", version)
-	}
-
-	localReleaseBranch := path.Join(upstream, upstreamReleaseBranch)
-
-	args := c.Args()
-	if len(args) == 0 && pr == "" {
-		return fmt.Errorf("no PR number provided\nProvide a PR number to backport")
-	} else if len(args) != 1 && pr == "" {
-		return fmt.Errorf("multiple PRs provided %v\nOnly a single PR can be backported at a time", args)
-	}
-	if pr == "" {
-		pr = args[0]
-	}
-
-	backportBranch := c.String("backport-branch")
-	if backportBranch == "" {
-		backportBranch = "backport-" + pr + "-" + version
-	}
-
-	fmt.Printf("* Backporting %s to %s as %s\n", pr, localReleaseBranch, backportBranch)
-
-	sha := c.String("cherry-pick")
-	if sha == "" {
-		var err error
-		sha, err = determineSHAforPR(ctx, pr)
-		if err != nil {
-			return err
-		}
-	}
-	if sha == "" {
-		return fmt.Errorf("unable to determine sha for cherry-pick of %s", pr)
-	}
-
-	if !c.Bool("no-fetch") {
-		if err := fetchRemoteAndMain(ctx, upstream, upstreamReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if !continuing {
-		if err := checkoutBackportBranch(ctx, backportBranch, localReleaseBranch); err != nil {
-			return err
-		}
-	}
-
-	if err := cherrypick(ctx, sha); err != nil {
-		return err
-	}
-
-	if !c.Bool("no-amend-message") {
-		if err := amendCommit(ctx, pr); err != nil {
-			return err
-		}
-	}
-
-	if !c.Bool("no-push") {
-		url := "https://github.com/go-gitea/gitea/compare/" + upstreamReleaseBranch + "..." + forkUser + ":" + backportBranch
-
-		if err := gitPushUp(ctx, remote, backportBranch); err != nil {
-			return err
-		}
-
-		if !c.Bool("no-xdg-open") {
-			if err := xdgOpen(ctx, url); err != nil {
-				return err
-			}
-		} else {
-			fmt.Printf("* Navigate to %s to open PR\n", url)
-		}
-	}
-	return nil
-}
-
-func xdgOpen(ctx context.Context, url string) error {
-	fmt.Printf("* `xdg-open %s`\n", url)
-	out, err := exec.CommandContext(ctx, "xdg-open", url).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to xdg-open to %s: %w", url, err)
-	}
-	return nil
-}
-
-func gitPushUp(ctx context.Context, remote, backportBranch string) error {
-	fmt.Printf("* `git push -u %s %s`\n", remote, backportBranch)
-	out, err := exec.CommandContext(ctx, "git", "push", "-u", remote, backportBranch).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to push up to %s: %w", remote, err)
-	}
-	return nil
-}
-
-func amendCommit(ctx context.Context, pr string) error {
-	fmt.Printf("* Amending commit to prepend `Backport #%s` to body\n", pr)
-	out, err := exec.CommandContext(ctx, "git", "log", "-1", "--pretty=format:%B").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to get last log message: %w", err)
-	}
-
-	parts := strings.SplitN(string(out), "\n", 2)
-
-	if len(parts) != 2 {
-		return fmt.Errorf("unable to interpret log message:\n%s", string(out))
-	}
-	subject, body := parts[0], parts[1]
-	if !strings.HasSuffix(subject, " (#"+pr+")") {
-		subject = subject + " (#" + pr + ")"
-	}
-
-	out, err = exec.CommandContext(ctx, "git", "commit", "--amend", "-m", subject+"\n\nBackport #"+pr+"\n"+body).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "%s", string(out))
-		return fmt.Errorf("unable to amend last log message: %w", err)
-	}
-	return nil
-}
-
-func cherrypick(ctx context.Context, sha string) error {
-	// Check if a CHERRY_PICK_HEAD exists
-	if _, err := os.Stat(".git/CHERRY_PICK_HEAD"); err == nil {
-		// Assume that we are in the middle of cherry-pick - continue it
-		fmt.Println("* Attempting git cherry-pick --continue")
-		out, err := exec.CommandContext(ctx, "git", "cherry-pick", "--continue").Output()
-		if err != nil {
-			fmt.Fprintf(os.Stderr, "git cherry-pick --continue failed:\n%s\n", string(out))
-			return fmt.Errorf("unable to continue cherry-pick: %w", err)
-		}
-		return nil
-	}
-
-	fmt.Printf("* Attempting git cherry-pick %s\n", sha)
-	out, err := exec.CommandContext(ctx, "git", "cherry-pick", sha).Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "git cherry-pick %s failed:\n%s\n", sha, string(out))
-		return fmt.Errorf("git cherry-pick %s failed: %w", sha, err)
-	}
-	return nil
-}
-
-func checkoutBackportBranch(ctx context.Context, backportBranch, releaseBranch string) error {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		return fmt.Errorf("unable to check current branch %w", err)
-	}
-
-	currentBranch := strings.TrimSpace(string(out))
-	fmt.Printf("* Current branch is %s\n", currentBranch)
-	if currentBranch == backportBranch {
-		fmt.Printf("* Current branch is %s - not checking out\n", currentBranch)
-		return nil
-	}
-
-	if _, err := exec.CommandContext(ctx, "git", "rev-list", "-1", backportBranch).Output(); err == nil {
-		fmt.Printf("* Branch %s already exists. Checking it out...\n", backportBranch)
-		return exec.CommandContext(ctx, "git", "checkout", "-f", backportBranch).Run()
-	}
-
-	fmt.Printf("* `git checkout -b %s %s`\n", backportBranch, releaseBranch)
-	return exec.CommandContext(ctx, "git", "checkout", "-b", backportBranch, releaseBranch).Run()
-}
-
-func fetchRemoteAndMain(ctx context.Context, remote, releaseBranch string) error {
-	fmt.Printf("* `git fetch %s main`\n", remote)
-	out, err := exec.CommandContext(ctx, "git", "fetch", remote, "main").Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", "main", remote, err)
-	}
-	fmt.Println(string(out))
-
-	fmt.Printf("* `git fetch %s %s`\n", remote, releaseBranch)
-	out, err = exec.CommandContext(ctx, "git", "fetch", remote, releaseBranch).Output()
-	if err != nil {
-		fmt.Println(string(out))
-		return fmt.Errorf("unable to fetch %s from %s: %w", releaseBranch, remote, err)
-	}
-	fmt.Println(string(out))
-
-	return nil
-}
-
-func determineRemote(ctx context.Context, forkUser string) (string, string, error) {
-	out, err := exec.CommandContext(ctx, "git", "remote", "-v").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to list git remotes:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to determine forked remote: %w", err)
-	}
-	lines := strings.Split(string(out), "\n")
-	for _, line := range lines {
-		fields := strings.Split(line, "\t")
-		name, remote := fields[0], fields[1]
-		// only look at pushers
-		if !strings.HasSuffix(remote, " (push)") {
-			continue
-		}
-		// only look at github.com pushes
-		if !strings.Contains(remote, "github.com") {
-			continue
-		}
-		// ignore go-gitea/gitea
-		if strings.Contains(remote, "go-gitea/gitea") {
-			continue
-		}
-		if !strings.Contains(remote, forkUser) {
-			continue
-		}
-		if strings.HasPrefix(remote, "git@github.com:") {
-			forkUser = strings.TrimPrefix(remote, "git@github.com:")
-		} else if strings.HasPrefix(remote, "https://github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://github.com/")
-		} else if strings.HasPrefix(remote, "https://www.github.com/") {
-			forkUser = strings.TrimPrefix(remote, "https://www.github.com/")
-		} else if forkUser == "" {
-			return "", "", fmt.Errorf("unable to extract forkUser from remote %s: %s", name, remote)
-		}
-		idx := strings.Index(forkUser, "/")
-		if idx >= 0 {
-			forkUser = forkUser[:idx]
-		}
-		return name, forkUser, nil
-	}
-	return "", "", fmt.Errorf("unable to find appropriate remote in:\n%s", string(out))
-}
-
-func readCurrentBranch(ctx context.Context) (pr, version string, err error) {
-	out, err := exec.CommandContext(ctx, "git", "branch", "--show-current").Output()
-	if err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read current git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to read current git branch: %w", err)
-	}
-	parts := strings.Split(strings.TrimSpace(string(out)), "-")
-
-	if len(parts) != 3 || parts[0] != "backport" {
-		fmt.Fprintf(os.Stderr, "Unable to continue from git branch:\n%s\n", string(out))
-		return "", "", fmt.Errorf("unable to continue from git branch:\n%s", string(out))
-	}
-
-	return parts[1], parts[2], nil
-}
-
-func readVersion() string {
-	bs, err := os.ReadFile("docs/config.yaml")
-	if err != nil {
-		if err == os.ErrNotExist {
-			log.Println("`docs/config.yaml` not present")
-			return ""
-		}
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	type params struct {
-		Version string
-	}
-	type docConfig struct {
-		Params params
-	}
-	dc := &docConfig{}
-	if err := yaml.Unmarshal(bs, dc); err != nil {
-		fmt.Fprintf(os.Stderr, "Unable to read `docs/config.yaml`: %v\n", err)
-		return ""
-	}
-
-	if dc.Params.Version == "" {
-		fmt.Fprintf(os.Stderr, "No version in `docs/config.yaml`")
-		return ""
-	}
-
-	version := dc.Params.Version
-	if version[0] != 'v' {
-		version = "v" + version
-	}
-
-	split := strings.SplitN(version, ".", 3)
-
-	return strings.Join(split[:2], ".")
-}
-
-func determineSHAforPR(ctx context.Context, prStr string) (string, error) {
-	prNum, err := strconv.Atoi(prStr)
-	if err != nil {
-		return "", err
-	}
-
-	client := github.NewClient(http.DefaultClient)
-
-	pr, _, err := client.PullRequests.Get(ctx, "go-gitea", "gitea", prNum)
-	if err != nil {
-		return "", err
-	}
-
-	if pr.Merged == nil || !*pr.Merged {
-		return "", fmt.Errorf("PR #%d is not yet merged - cannot determine sha to backport", prNum)
-	}
-
-	if pr.MergeCommitSHA != nil {
-		return *pr.MergeCommitSHA, nil
-	}
-
-	return "", nil
-}
-
-func installSignals() (context.Context, context.CancelFunc) {
-	ctx, cancel := context.WithCancel(context.Background())
-	go func() {
-		// install notify
-		signalChannel := make(chan os.Signal, 1)
-
-		signal.Notify(
-			signalChannel,
-			syscall.SIGINT,
-			syscall.SIGTERM,
-		)
-		select {
-		case <-signalChannel:
-		case <-ctx.Done():
-		}
-		cancel()
-		signal.Reset()
-	}()
-
-	return ctx, cancel
-}
@@ -1,5 +1,6 @@
 // Copyright 2019 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

@@ -29,7 +29,7 @@ local addIssueLabelsOverrides(labels) =

  grafanaDashboards+:: {

-    local giteaSelector = 'job=~"$job", instance=~"$instance"',
+    local giteaSelector = 'job="$job", instance="$instance"',
    local giteaStatsPanel =
      grafana.statPanel.new(
        'Gitea stats',
@@ -399,31 +399,25 @@ local addIssueLabelsOverrides(labels) =
      .addTemplate(
        {
          hide: 0,
-          label: 'job',
+          label: null,
          name: 'job',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations, job)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
        {
          hide: 0,
-          label: 'instance',
+          label: null,
          name: 'instance',
          options: [],
-          datasource: '$datasource',
          query: 'label_values(gitea_organizations{job="$job"}, instance)',
          refresh: 1,
          regex: '',
          type: 'query',
-          multi: true,
-          allValue: '.+'
        },
      )
      .addTemplate(
@@ -1,5 +1,6 @@
 // Copyright 2020 The Gitea Authors. All rights reserved.
-// SPDX-License-Identifier: MIT
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.

 package main

@@ -49,8 +50,7 @@ func runPR() {
 		log.Fatal(err)
 	}
 	setting.SetCustomPathAndConf("", "", "")
-	setting.InitProviderAllowEmpty()
-	setting.LoadCommonSettings()
+	setting.LoadAllowEmpty()

 	setting.RepoRootPath, err = os.MkdirTemp(os.TempDir(), "repos")
 	if err != nil {
@@ -83,7 +83,7 @@ func runPR() {
 		setting.Database.Path = ":memory:"
 		setting.Database.Timeout = 500
 	*/
-	dbCfg := setting.CfgProvider.Section("database")
+	dbCfg := setting.Cfg.Section("database")
 	dbCfg.NewKey("DB_TYPE", "sqlite3")
 	dbCfg.NewKey("PATH", ":memory:")

@@ -7,38 +7,6 @@
 ;; see https://docs.gitea.io/en-us/config-cheat-sheet/ for additional documentation.


-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Default Configuration (non-`app.ini` configuration)
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; These values are environment-dependent but form the basis of a lot of values. They will be
-;; reported as part of the default configuration when running `gitea --help` or on start-up. The order they are emitted there is slightly different but we will list them here in the order they are set-up.
-;;
-;; - _`AppPath`_: This is the absolute path of the running gitea binary.
-;; - _`AppWorkPath`_: This refers to "working path" of the `gitea` binary. It is determined by using the first set thing in the following hierarchy:
-;;   - The `--work-path` flag passed to the binary
-;;   - The environment variable `$GITEA_WORK_DIR`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to the directory of the _`AppPath`_
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`AppPath`_
-;; - _`CustomPath`_: This is the base directory for custom templates and other options.
-;; It is determined by using the first set thing in the following hierarchy:
-;;   - The `--custom-path` flag passed to the binary
-;;   - The environment variable `$GITEA_CUSTOM`
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`AppWorkPath`_`/custom`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`AppWorkPath`_
-;; - _`CustomConf`_: This is the path to the `app.ini` file.
-;;   - The `--config` flag passed to the binary
-;;   - A built-in value set at build time (see building from source)
-;;   - Otherwise it defaults to _`CustomPath`_`/conf/app.ini`
-;;   - If any of the above are relative paths then they are made absolute against the
-;; the directory of the _`CustomPath`_
-;;
-;; In addition there is _`StaticRootPath`_ which can be set as a built-in at build time, but will otherwise default to _`AppWorkPath`_
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; General Settings
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -58,7 +26,7 @@ RUN_MODE = ; prod
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;
-;; The protocol the server listens on. One of 'http', 'https', 'http+unix', 'fcgi' or 'fcgi+unix'. Defaults to 'http'
+;; The protocol the server listens on. One of 'http', 'https', 'unix' or 'fcgi'. Defaults to 'http'
 ;PROTOCOL = http
 ;;
 ;; Expect PROXY protocol headers on connections
@@ -83,8 +51,6 @@ RUN_MODE = ; prod
 ;STATIC_URL_PREFIX =
 ;;
 ;; The address to listen on. Either a IPv4/IPv6 address or the path to a unix socket.
-;; If PROTOCOL is set to `http+unix` or `fcgi+unix`, this should be the name of the Unix socket file to use.
-;; Relative paths will be made absolute against the _`AppWorkPath`_.
 ;HTTP_ADDR = 0.0.0.0
 ;;
 ;; The port to listen on. Leave empty when using a unix socket.
@@ -98,7 +64,7 @@ RUN_MODE = ; prod
 ;PORT_TO_REDIRECT = 80
 ;;
 ;; expect PROXY protocol header on connections to https redirector.
-;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
+;REDIRECTOR_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;; Minimum and maximum supported TLS versions
 ;SSL_MIN_VERSION=TLSv1.2
 ;SSL_MAX_VERSION=
@@ -125,7 +91,7 @@ RUN_MODE = ; prod
 ;LOCAL_ROOT_URL = %(PROTOCOL)s://%(HTTP_ADDR)s:%(HTTP_PORT)s/
 ;;
 ;; When making local connections pass the PROXY protocol header.
-;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)s
+;LOCAL_USE_PROXY_PROTOCOL = %(USE_PROXY_PROTOCOL)
 ;;
 ;; Disable SSH feature when not available
 ;DISABLE_SSH = false
@@ -179,7 +145,7 @@ RUN_MODE = ; prod
 ;;
 ;; For the built-in SSH server, choose the keypair to offer as the host key
 ;; The private key should be at SSH_SERVER_HOST_KEY and the public SSH_SERVER_HOST_KEY.pub
-;; relative paths are made absolute relative to the %(APP_DATA_PATH)s
+;; relative paths are made absolute relative to the APP_DATA_PATH
 ;SSH_SERVER_HOST_KEYS=ssh/gitea.rsa, ssh/gogs.rsa
 ;;
 ;; Directory to create temporary files in when testing public keys using ssh-keygen,
@@ -275,10 +241,10 @@ RUN_MODE = ; prod
 ;;
 ;; Root directory containing templates and static files.
 ;; default is the path where Gitea is executed
-;STATIC_ROOT_PATH = ; Will default to the built-in value _`StaticRootPath`_
+;STATIC_ROOT_PATH =
 ;;
 ;; Default path for App data
-;APP_DATA_PATH = data ; relative paths will be made absolute with _`AppWorkPath`_
+;APP_DATA_PATH = data
 ;;
 ;; Enable gzip compression for runtime-generated content, static resources excluded
 ;ENABLE_GZIP = false
@@ -289,7 +255,7 @@ RUN_MODE = ; prod
 ;ENABLE_PPROF = false
 ;;
 ;; PPROF_DATA_PATH, use an absolute path when you start gitea as service
-;PPROF_DATA_PATH = data/tmp/pprof ; Path is relative to _`AppWorkPath`_
+;PPROF_DATA_PATH = data/tmp/pprof
 ;;
 ;; Landing page, can be "home", "explore", "organizations", "login", or any URL such as "/org/repo" or even "https://anotherwebsite.com"
 ;; The "login" choice is not a security measure but just a UI flow change, use REQUIRE_SIGNIN_VIEW to force users to log in.
@@ -403,9 +369,6 @@ LOG_SQL = false ; if unset defaults to true
 ;;
 ;; Database maximum number of open connections, default is 0 meaning no maximum
 ;MAX_OPEN_CONNS = 0
-;;
-;; Whether execute database models migrations automatically
-;AUTO_MIGRATION = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -670,7 +633,7 @@ ROUTER = console
 ;PATH =
 ;;
 ;; The HOME directory for Git
-;HOME_PATH = %(APP_DATA_PATH)s/home
+;HOME_PATH = %(APP_DATA_PATH)/home
 ;;
 ;; Disables highlight of added and removed changes
 ;DISABLE_DIFF_HIGHLIGHT = false
@@ -762,10 +725,7 @@ ROUTER = console
 ;; Enable captcha validation for registration
 ;ENABLE_CAPTCHA = false
 ;;
-;; Enable this to require captcha validation for login
-;REQUIRE_CAPTCHA_FOR_LOGIN = false
-;;
-;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha, cfturnstile.
+;; Type of captcha you want to use. Options: image, recaptcha, hcaptcha, mcaptcha.
 ;CAPTCHA_TYPE = image
 ;;
 ;; Change this to use recaptcha.net or other recaptcha service
@@ -787,10 +747,6 @@ ROUTER = console
 ;MCAPTCHA_SECRET =
 ;MCAPTCHA_SITEKEY =
 ;;
-;; Go to https://dash.cloudflare.com/?to=/:account/turnstile to sign up for a key
-;CF_TURNSTILE_SITEKEY =
-;CF_TURNSTILE_SECRET =
-;;
 ;; Default value for KeepEmailPrivate
 ;; Each new user will get the value of this setting copied into their profile
 ;DEFAULT_KEEP_EMAIL_PRIVATE = false
@@ -882,8 +838,8 @@ ROUTER = console
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)s/gitea-repositories.
-;; A relative path is interpreted as _`AppWorkPath`_/%(ROOT)s
+;; Root path for storing all repository data. By default, it is set to %(APP_DATA_PATH)/gitea-repositories.
+;; A relative path is interpreted as %(GITEA_WORK_DIR)/%(ROOT)
 ;ROOT =
 ;;
 ;; The script type this server supports. Usually this is `bash`, but some users report that only `sh` is available.
@@ -931,18 +887,14 @@ ROUTER = console
 ;USE_COMPAT_SSH_URI = false
 ;;
 ;; Close issues as long as a commit on any branch marks it as fixed
-;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of globally disabled repo units. Allowed values: repo.issues, repo.ext_issues, repo.pulls, repo.wiki, repo.ext_wiki, repo.projects
 ;DISABLED_REPO_UNITS =
 ;;
-;; Comma separated list of default new repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects, repo.packages, repo.actions.
+;; Comma separated list of default repo units. Allowed values: repo.code, repo.releases, repo.issues, repo.pulls, repo.wiki, repo.projects.
 ;; Note: Code and Releases can currently not be deactivated. If you specify default repo units you should still list them for future compatibility.
 ;; External wiki and issue tracker can't be enabled by default as it requires additional settings.
 ;; Disabled repo units will not be added to new repositories regardless if it is in the default list.
-;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects,repo.packages
-;;
-;; Comma separated list of default forked repo units.
-;; The set of allowed values and rules are the same as DEFAULT_REPO_UNITS.
-;DEFAULT_FORK_REPO_UNITS = repo.code,repo.pulls
+;DEFAULT_REPO_UNITS = repo.code,repo.releases,repo.issues,repo.pulls,repo.wiki,repo.projects
 ;;
 ;; Prefix archive files by placing them in a directory named after the repository
 ;PREFIX_ARCHIVE_FILES = true
@@ -965,9 +917,6 @@ ROUTER = console
 ;; Don't allow download source archive files from UI
 ;DISABLE_DOWNLOAD_SOURCE_ARCHIVES = false

-;; Allow fork repositories without maximum number limit
-;ALLOW_FORK_WITHOUT_MAXIMUM_LIMIT = true
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[repository.editor]
@@ -1049,7 +998,7 @@ ROUTER = console
 ;ADD_CO_COMMITTER_TRAILERS = true
 ;;
 ;; In addition to testing patches using the three-way merge method, re-test conflicting patches with git apply
-;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = false
+;TEST_CONFLICTING_PATCHES_WITH_GIT_APPLY = true

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -1158,9 +1107,6 @@ ROUTER = console
 ;; allow request with credentials
 ;ALLOW_CREDENTIALS = false
 ;;
-;; headers to permit
-;HEADERS = Content-Type,User-Agent
-;;
 ;; set X-FRAME-OPTIONS header
 ;X_FRAME_OPTIONS = SAMEORIGIN

@@ -1191,9 +1137,10 @@ ROUTER = console
 ;; Number of line of codes shown for a code comment
 ;CODE_COMMENT_LINES = 4
 ;;
-;; Value of `theme-color` meta tag, used by some mobile browers for chrome and
-;; out-of-viewport areas. Default is unset which uses body color.
-;THEME_COLOR_META_TAG =
+;; Value of `theme-color` meta tag, used by Android >= 5.0
+;; An invalid color like "none" or "disable" will have the default style
+;; More info: https://developers.google.com/web/updates/2014/11/Support-for-theme-color-in-Chrome-39-for-Android
+;THEME_COLOR_META_TAG = `#6cc644`
 ;;
 ;; Max size of files to be displayed (default is 8MiB)
 ;MAX_DISPLAY_FILE_SIZE = 8388608
@@ -1352,7 +1299,7 @@ ROUTER = console
 ;ISSUE_INDEXER_TYPE = bleve
 ;;
 ;; Issue indexer storage path, available when ISSUE_INDEXER_TYPE is bleve
-;ISSUE_INDEXER_PATH = indexers/issues.bleve ; Relative paths will be made absolute against _`AppWorkPath`_.
+;ISSUE_INDEXER_PATH = indexers/issues.bleve
 ;;
 ;; Issue indexer connection string, available when ISSUE_INDEXER_TYPE is elasticsearch
 ;ISSUE_INDEXER_CONN_STR = http://elastic:changeme@localhost:9200
@@ -1370,7 +1317,7 @@ ROUTER = console
 ;; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the path where the queue will be saved.
 ;; This can be overridden by `ISSUE_INDEXER_QUEUE_CONN_STR`.
 ;; default is queues/common
-;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`. Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;ISSUE_INDEXER_QUEUE_DIR = queues/common; **DEPRECATED** use settings in `[queue.issue_indexer]`.
 ;;
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
 ;; When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this is a directory or additional options of
@@ -1426,7 +1373,7 @@ ROUTER = console
 ;TYPE = persistable-channel
 ;;
 ;; data-dir for storing persistable queues and level queues, individual queues will default to `queues/common` meaning the queue is shared.
-;DATADIR = queues/ ; Relative paths will be made absolute against `%(APP_DATA_PATH)s`.
+;DATADIR = queues/
 ;;
 ;; Default queue length before a channel queue will block
 ;LENGTH = 20
@@ -1671,47 +1618,6 @@ ROUTER = console
 ;; convert \r\n to \n for Sendmail
 ;SENDMAIL_CONVERT_CRLF = true

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[email.incoming]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;
-;; Enable handling of incoming emails.
-;ENABLED = false
-;;
-;; The email address including the %{token} placeholder that will be replaced per user/action.
-;; Example: incoming+%{token}@example.com
-;; The placeholder must appear in the user part of the address (before the @).
-;REPLY_TO_ADDRESS =
-;;
-;; IMAP server host
-;HOST =
-;;
-;; IMAP server port
-;PORT =
-;;
-;; Username of the receiving account
-;USERNAME =
-;;
-;; Password of the receiving account
-;PASSWORD =
-;;
-;; Whether the IMAP server uses TLS.
-;USE_TLS = false
-;;
-;; If set to true, completely ignores server certificate validation errors. This option is unsafe.
-;SKIP_TLS_VERIFY = true
-;;
-;; The mailbox name where incoming mail will end up.
-;MAILBOX = INBOX
-;;
-;; Whether handled messages should be deleted from the mailbox.
-;DELETE_HANDLED_MESSAGE = true
-;;
-;; Maximum size of a message to handle. Bigger messages are ignored. Set to 0 to allow every size.
-;MAXIMUM_MESSAGE_SIZE = 10485760
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[cache]
@@ -1728,7 +1634,7 @@ ROUTER = console
 ;INTERVAL = 60
 ;;
 ;; For "redis" and "memcache", connection host address
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; memcache: `127.0.0.1:11211`
 ;; twoqueue: `{"size":50000,"recent_ratio":0.25,"ghost_ratio":0.5}` or `50000`
 ;HOST =
@@ -1767,9 +1673,9 @@ ROUTER = console
 ;; Provider config options
 ;; memory: doesn't have any config yet
 ;; file: session file path, e.g. `data/sessions`
-;; redis: `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`
+;; redis: network=tcp,addr=:6379,password=macaron,db=0,pool_size=100,idle_timeout=180
 ;; mysql: go-sql-driver/mysql dsn config string, e.g. `root:password@/session_table`
-;PROVIDER_CONFIG = data/sessions ; Relative paths will be made absolute against _`AppWorkPath`_.
+;PROVIDER_CONFIG = data/sessions
 ;;
 ;; Session cookie name
 ;COOKIE_NAME = i_like_gitea
@@ -1835,7 +1741,7 @@ ROUTER = console
 ;ENABLED = true
 ;;
 ;; Comma-separated list of allowed file extensions (`.zip`), mime types (`text/plain`) or wildcard type (`image/*`, `audio/*`, `video/*`). Empty value or `*/*` allows all types.
-;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.patch,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
+;ALLOWED_TYPES = .csv,.docx,.fodg,.fodp,.fods,.fodt,.gif,.gz,.jpeg,.jpg,.log,.md,.mov,.mp4,.odf,.odg,.odp,.ods,.odt,.pdf,.png,.pptx,.svg,.tgz,.txt,.webm,.xls,.xlsx,.zip
 ;;
 ;; Max size of each file. Defaults to 4MB
 ;MAX_SIZE = 4
@@ -1874,12 +1780,6 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
-;;
-;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
-;MINIO_INSECURE_SKIP_VERIFY = false
-;;
-;; Minio checksum algorithm: default (for MinIO or AWS S3) or md5 (for Cloudflare or Backblaze)
-;MINIO_CHECKSUM_ALGORITHM = default

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2207,7 +2107,7 @@ ROUTER = console
 ;[cron.update_checker]
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = true
+;ENABLED = false
 ;RUN_AT_START = false
 ;ENABLE_SUCCESS_NOTICE = false
 ;SCHEDULE = @every 168h
@@ -2226,28 +2126,6 @@ ROUTER = console
 ;SCHEDULE = @every 168h
 ;OLDER_THAN = 8760h

-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Garbage collect LFS pointers in repositories
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[cron.gc_lfs]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = false
-;; Garbage collect LFS pointers in repositories (default false)
-;RUN_AT_START = false
-;; Interval as a duration between each gc run (default every 24h)
-;SCHEDULE = @every 24h
-;; Only attempt to garbage collect LFSMetaObjects older than this (default 7 days)
-;OLDER_THAN = 168h
-;; Only attempt to garbage collect LFSMetaObjects that have not been attempted to be garbage collected for this long (default 3 days)
-;LAST_UPDATED_MORE_THAN_AGO = 72h
-; Minimum number of stale LFSMetaObjects to check per repo. Set to `0` to always check all.
-;NUMBER_TO_CHECK_PER_REPO = 100
-;Check at least this proportion of LFSMetaObjects per repo. (This may cause all stale LFSMetaObjects to be checked.)
-;PROPORTION_TO_CHECK_PER_REPO = 0.6
-
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;; Git Operation timeout in seconds
@@ -2262,17 +2140,6 @@ ROUTER = console
 ;PULL = 300
 ;GC = 60

-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; Git Reflog timeout in days
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[git.reflog]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;ENABLED = true
-;EXPIRATION = 90
-
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;[mirror]
@@ -2332,10 +2199,7 @@ ROUTER = console
 ;SHOW_FOOTER_VERSION = true
 ;; Show template execution time in the footer
 ;SHOW_FOOTER_TEMPLATE_LOAD_TIME = true
-;; Generate sitemap. Defaults to `true`.
-;ENABLE_SITEMAP = true
-;; Enable/Disable RSS/Atom feed
-;ENABLE_FEED = true
+

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2404,8 +2268,8 @@ ROUTER = console
 ;QUEUE_LENGTH = 1000
 ;;
 ;; Task queue connection string, available only when `QUEUE_TYPE` is `redis`.
-;; If there is a password of redis, use `redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s`.
-;QUEUE_CONN_STR = "redis://127.0.0.1:6379/0?pool_size=100&idle_timeout=180s"
+;; If there is a password of redis, use `addrs=127.0.0.1:6379 password=123 db=0`.
+;QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2473,41 +2337,6 @@ ROUTER = console
 ;;
 ;; Path for chunked uploads. Defaults to APP_DATA_PATH + `tmp/package-upload`
 ;CHUNKED_UPLOAD_PATH = tmp/package-upload
-;;
-;; Maximum count of package versions a single owner can have (`-1` means no limits)
-;LIMIT_TOTAL_OWNER_COUNT = -1
-;; Maximum size of packages a single owner can use (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_TOTAL_OWNER_SIZE = -1
-;; Maximum size of a Cargo upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CARGO = -1
-;; Maximum size of a Chef upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CHEF = -1
-;; Maximum size of a Composer upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_COMPOSER = -1
-;; Maximum size of a Conan upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONAN = -1
-;; Maximum size of a Conda upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONDA = -1
-;; Maximum size of a Container upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_CONTAINER = -1
-;; Maximum size of a Generic upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_GENERIC = -1
-;; Maximum size of a Helm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_HELM = -1
-;; Maximum size of a Maven upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_MAVEN = -1
-;; Maximum size of a npm upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NPM = -1
-;; Maximum size of a NuGet upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_NUGET = -1
-;; Maximum size of a Pub upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PUB = -1
-;; Maximum size of a PyPI upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_PYPI = -1
-;; Maximum size of a RubyGems upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_RUBYGEMS = -1
-;; Maximum size of a Vagrant upload (`-1` means no limits, format `1000`, `1 MB`, `1 GiB`)
-;LIMIT_SIZE_VAGRANT = -1

 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
 ;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
@@ -2572,9 +2401,6 @@ ROUTER = console
 ;;
 ;; Minio enabled ssl only available when STORAGE_TYPE is `minio`
 ;MINIO_USE_SSL = false
-;;
-;; Minio skip SSL verification available when STORAGE_TYPE is `minio`
-;MINIO_INSECURE_SKIP_VERIFY = false

 ;[proxy]
 ;; Enable the proxy, all requests to external via HTTP will be affected
@@ -2583,19 +2409,3 @@ ROUTER = console
 ;PROXY_URL =
 ;; Comma separated list of host names requiring proxy. Glob patterns (*) are accepted; use ** to match all hosts.
 ;PROXY_HOSTS =
-
-; [actions]
-;; Enable/Disable actions capabilities
-;ENABLED = false
-;; Default address to get action plugins, e.g. the default value means downloading from "https://gitea.com/actions/checkout" for "uses: actions/checkout@v3"
-;DEFAULT_ACTIONS_URL = https://gitea.com
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; settings for action logs, will override storage setting
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;[storage.actions_log]
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;; storage type
-;STORAGE_TYPE = local
@@ -1,20 +1,19 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-rootless
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-rootless
 {{#if build.tags}}
-{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}-rootless
 {{/each}}
-{{/unless}}
+  - "latest-rootless"
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64-rootless
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64-rootless
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64-rootless
    platform:
      architecture: arm64
      os: linux
@@ -1,20 +1,19 @@
-image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}
+image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}
 {{#if build.tags}}
-{{#unless (contains "-rc" build.tag)}}
 tags:
 {{#each build.tags}}
  - {{this}}
 {{/each}}
-{{/unless}}
+  - "latest"
 {{/if}}
 manifests:
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-amd64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-amd64
    platform:
      architecture: amd64
      os: linux
  -
-    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}nightly{{/if}}-linux-arm64
+    image: gitea/gitea:{{#if build.tag}}{{trimPrefix "v" build.tag}}{{else}}{{#if (hasPrefix "refs/heads/release/v" build.ref)}}{{trimPrefix "refs/heads/release/v" build.ref}}-{{/if}}dev{{/if}}-linux-arm64
    platform:
      architecture: arm64
      os: linux
@@ -2,15 +2,7 @@

 if [ ! -d /data/git/.ssh ]; then
    mkdir -p /data/git/.ssh
-fi
-
-# Set the correct permissions on the .ssh directory and authorized_keys file,
-# or sshd will refuse to use them and lead to clone/push/pull failures.
-# It could happen when users have copied their data to a new volume and changed the file permission by accident,
-# and it would be very hard to troubleshoot unless users know how to check the logs of sshd which is started by s6.
-chmod 700 /data/git/.ssh
-if [ -f /data/git/.ssh/authorized_keys ]; then
-    chmod 600 /data/git/.ssh/authorized_keys
+    chmod 700 /data/git/.ssh
 fi

 if [ ! -f /data/git/.ssh/environment ]; then
@@ -14,6 +14,11 @@ if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
    ssh-keygen -t rsa -b 2048 -f /data/ssh/ssh_host_rsa_key -N "" > /dev/null
 fi

+if [ ! -f /data/ssh/ssh_host_dsa_key ]; then
+    echo "Generating /data/ssh/ssh_host_dsa_key..."
+    ssh-keygen -t dsa -f /data/ssh/ssh_host_dsa_key -N "" > /dev/null
+fi
+
 if [ ! -f /data/ssh/ssh_host_ecdsa_key ]; then
    echo "Generating /data/ssh/ssh_host_ecdsa_key..."
    ssh-keygen -t ecdsa -b 256 -f /data/ssh/ssh_host_ecdsa_key -N "" > /dev/null
@@ -31,12 +36,17 @@ if [ -e /data/ssh/ssh_host_ecdsa_cert ]; then
  SSH_ECDSA_CERT=${SSH_ECDSA_CERT:-"/data/ssh/ssh_host_ecdsa_cert"}
 fi

+if [ -e /data/ssh/ssh_host_dsa_cert ]; then
+  SSH_DSA_CERT=${SSH_DSA_CERT:-"/data/ssh/ssh_host_dsa_cert"}
+fi
+
 if [ -d /etc/ssh ]; then
    SSH_PORT=${SSH_PORT:-"22"} \
    SSH_LISTEN_PORT=${SSH_LISTEN_PORT:-"${SSH_PORT}"} \
    SSH_ED25519_CERT="${SSH_ED25519_CERT:+"HostCertificate "}${SSH_ED25519_CERT}" \
    SSH_RSA_CERT="${SSH_RSA_CERT:+"HostCertificate "}${SSH_RSA_CERT}" \
    SSH_ECDSA_CERT="${SSH_ECDSA_CERT:+"HostCertificate "}${SSH_ECDSA_CERT}" \
+    SSH_DSA_CERT="${SSH_DSA_CERT:+"HostCertificate "}${SSH_DSA_CERT}" \
    SSH_MAX_STARTUPS="${SSH_MAX_STARTUPS:+"MaxStartups "}${SSH_MAX_STARTUPS}" \
    SSH_MAX_SESSIONS="${SSH_MAX_SESSIONS:+"MaxSessions "}${SSH_MAX_SESSIONS}" \
    SSH_INCLUDE_FILE="${SSH_INCLUDE_FILE:+"Include "}${SSH_INCLUDE_FILE}" \
@@ -16,6 +16,8 @@ HostKey /data/ssh/ssh_host_rsa_key
 ${SSH_RSA_CERT}
 HostKey /data/ssh/ssh_host_ecdsa_key
 ${SSH_ECDSA_CERT}
+HostKey /data/ssh/ssh_host_dsa_key
+${SSH_DSA_CERT}

 AuthorizedKeysFile .ssh/authorized_keys
 AuthorizedPrincipalsFile .ssh/authorized_principals
@@ -37,7 +37,7 @@ PROVIDER_CONFIG = $GITEA_WORK_DIR/data/sessions

 [picture]
 AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/avatars
-REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/repo-avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = $GITEA_WORK_DIR/data/gitea/repo-avatars

 [attachment]
 PATH = $GITEA_WORK_DIR/data/attachments
@@ -0,0 +1,34 @@
+THEME := themes/gitea
+PUBLIC := public
+ARCHIVE := https://dl.gitea.io/theme/master.tar.gz
+
+.PHONY: all
+all: build
+
+.PHONY: clean
+clean:
+	rm -rf $(PUBLIC) $(THEME)
+
+.PHONY: trans-copy
+trans-copy:
+	@bash scripts/trans-copy
+
+.PHONY: server
+server: $(THEME)
+	hugo server
+
+.PHONY: build
+build: $(THEME)
+	hugo --cleanDestinationDir
+
+.PHONY: build-offline
+build-offline: $(THEME)
+	hugo --baseURL="/" --cleanDestinationDir
+
+.PHONY: update
+update: $(THEME)
+
+$(THEME): $(THEME)/theme.toml
+$(THEME)/theme.toml:
+	mkdir -p $$(dirname $@)
+	curl -L -s $(ARCHIVE) | tar xz -C $$(dirname $@)
@@ -3,7 +3,36 @@
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
 [![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")

-https://gitea.com/gitea/gitea-docusaurus
+## Hosting
+
+These pages are hosted using [netlifycms](https://www.netlifycms.org/) and get
+automatically updated on every push to the `master` branch.
+
+## Install
+
+These pages use the [Hugo](https://gohugo.io/) static site generator.
+If you are planning to contribute you'll want to download and install Hugo on
+your local machine.
+
+The installation of Hugo is out of the scope of this document, so please take
+the [official install instructions](https://gohugo.io/overview/installing/) to
+get Hugo up and running.
+
+## Development
+
+To generate the website and serve it on [localhost:1313](http://localhost:1313)
+just execute this command and stop it with `Ctrl+C`:
+
+```
+make server
+```
+
+When you are done with your changes just create a pull request, after merging
+the pull request the website will be updated automatically.
+
+## Contributing
+
+Fork -> Patch -> Push -> Pull Request

 ## Authors

@@ -4,7 +4,27 @@
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/Gitea)
 [![](https://images.microbadger.com/badges/image/gitea/docs.svg)](http://microbadger.com/images/gitea/docs "Get your own image badge on microbadger.com")

-https://gitea.com/gitea/gitea-docusaurus
+## 关于托管方式
+
+本页面托管在我们 Docker 容器内的基础设施上， 它会在每次推送到 `master` 分支的时候自动更新，如果你想自己管理这个页面，你可以从我们的 Docker 镜像 [gitea/docs](https://hub.docker.com/r/gitea/docs/) 中获取它。
+
+## 安装 Hugo
+
+本页面使用了 [Hugo](https://github.com/spf13/hugo) 静态页面生成工具，如果您有维护它的意愿，则需要在本地计算机上下载并安装 Hugo。Hugo 的安装教程不在本文档的讲述范围之内，详情请参见 [官方文档](https://gohugo.io/overview/installing/)。
+
+## 如何部署
+
+在 [localhost:1313](http://localhost:1313) 处构建和运行网站的命令如下，如果需要停止可以使用组合键 `Ctrl+C`:
+
+```
+make server
+```
+
+完成更改后，只需创建一个 Pull Request (PR)，该 PR 一经合并网站将自动更新。
+
+## 如何贡献您的代码
+
+Fork -> Patch -> Push -> Pull Request

 ## 关于我们

@@ -0,0 +1,174 @@
+/* global Fuse, Mark */
+
+function ready(fn) {
+  if (document.readyState !== 'loading') {
+    fn();
+  } else {
+    document.addEventListener('DOMContentLoaded', fn);
+  }
+}
+
+ready(doSearch);
+
+const summaryInclude = 60;
+const fuseOptions = {
+  shouldSort: true,
+  includeMatches: true,
+  matchAllTokens: true,
+  threshold: 0, // for parsing diacritics
+  tokenize: true,
+  location: 0,
+  distance: 100,
+  maxPatternLength: 32,
+  minMatchCharLength: 1,
+  keys: [{
+    name: 'title',
+    weight: 0.8
+  },
+  {
+    name: 'contents',
+    weight: 0.5
+  },
+  {
+    name: 'tags',
+    weight: 0.3
+  },
+  {
+    name: 'categories',
+    weight: 0.3
+  }
+  ]
+};
+
+function param(name) {
+  return decodeURIComponent((window.location.search.split(`${name}=`)[1] || '').split('&')[0]).replace(/\+/g, ' ');
+}
+
+const searchQuery = param('s');
+
+function doSearch() {
+  if (searchQuery) {
+    document.getElementById('search-query').value = searchQuery;
+    executeSearch(searchQuery);
+  } else {
+    const para = document.createElement('P');
+    para.textContent = 'Please enter a word or phrase above';
+    document.getElementById('search-results').appendChild(para);
+  }
+}
+
+function getJSON(url, fn) {
+  const request = new XMLHttpRequest();
+  request.open('GET', url, true);
+  request.addEventListener('load', () => {
+    if (request.status >= 200 && request.status < 400) {
+      const data = JSON.parse(request.responseText);
+      fn(data);
+    } else {
+      console.error(`Target reached on ${url} with error ${request.status}`);
+    }
+  });
+  request.addEventListener('error', () => {
+    console.error(`Connection error ${request.status}`);
+  });
+  request.send();
+}
+
+function executeSearch(searchQuery) {
+  getJSON(`/${document.LANG}/index.json`, (data) => {
+    const pages = data;
+    const fuse = new Fuse(pages, fuseOptions);
+    const result = fuse.search(searchQuery);
+    document.getElementById('search-results').innerHTML = '';
+    if (result.length > 0) {
+      populateResults(result);
+    } else {
+      const para = document.createElement('P');
+      para.textContent = 'No matches found';
+      document.getElementById('search-results').appendChild(para);
+    }
+  });
+}
+
+function populateResults(result) {
+  for (const [key, value] of result.entries()) {
+    const content = value.item.contents;
+    let snippet = '';
+    const snippetHighlights = [];
+    if (fuseOptions.tokenize) {
+      snippetHighlights.push(searchQuery);
+      for (const mvalue of value.matches) {
+        if (mvalue.key === 'tags' || mvalue.key === 'categories') {
+          snippetHighlights.push(mvalue.value);
+        } else if (mvalue.key === 'contents') {
+          const ind = content.toLowerCase().indexOf(searchQuery.toLowerCase());
+          const start = ind - summaryInclude > 0 ? ind - summaryInclude : 0;
+          const end = ind + searchQuery.length + summaryInclude < content.length ? ind + searchQuery.length + summaryInclude : content.length;
+          snippet += content.substring(start, end);
+          if (ind > -1) {
+            snippetHighlights.push(content.substring(ind, ind + searchQuery.length));
+          } else {
+            snippetHighlights.push(mvalue.value.substring(mvalue.indices[0][0], mvalue.indices[0][1] - mvalue.indices[0][0] + 1));
+          }
+        }
+      }
+    }
+
+    if (snippet.length < 1) {
+      snippet += content.substring(0, summaryInclude * 2);
+    }
+    // pull template from hugo template definition
+    const templateDefinition = document.getElementById('search-result-template').innerHTML;
+    // replace values
+    const output = render(templateDefinition, {
+      key,
+      title: value.item.title,
+      link: value.item.permalink,
+      tags: value.item.tags,
+      categories: value.item.categories,
+      snippet
+    });
+    document.getElementById('search-results').appendChild(htmlToElement(output));
+
+    for (const snipvalue of snippetHighlights) {
+      new Mark(document.getElementById(`summary-${key}`)).mark(snipvalue);
+    }
+  }
+}
+
+function render(templateString, data) {
+  let conditionalMatches, copy;
+  const conditionalPattern = /\$\{\s*isset ([a-zA-Z]*) \s*\}(.*)\$\{\s*end\s*}/g;
+  // since loop below depends on re.lastInxdex, we use a copy to capture any manipulations whilst inside the loop
+  copy = templateString;
+  while ((conditionalMatches = conditionalPattern.exec(templateString)) !== null) {
+    if (data[conditionalMatches[1]]) {
+      // valid key, remove conditionals, leave content.
+      copy = copy.replace(conditionalMatches[0], conditionalMatches[2]);
+    } else {
+      // not valid, remove entire section
+      copy = copy.replace(conditionalMatches[0], '');
+    }
+  }
+  templateString = copy;
+  // now any conditionals removed we can do simple substitution
+  let key, find, re;
+  for (key of Object.keys(data)) {
+    find = `\\$\\{\\s*${key}\\s*\\}`;
+    re = new RegExp(find, 'g');
+    templateString = templateString.replace(re, data[key]);
+  }
+  return templateString;
+}
+
+/**
+ * By Mark Amery: https://stackoverflow.com/a/35385518
+ * @param {String} HTML representing a single element
+ * @return {Element}
+ */
+function htmlToElement(html) {
+  const template = document.createElement('template');
+  html = html.trim(); // Never return a text node of whitespace as the result
+  template.innerHTML = html;
+  return template.content.firstChild;
+}
@@ -0,0 +1,362 @@
+baseurl: https://docs.gitea.io/
+languageCode: en-us
+title: Docs
+theme: gitea
+
+defaultContentLanguage: en-us
+defaultContentLanguageInSubdir: true
+enableMissingTranslationPlaceholders: true
+enableEmoji: true
+
+permalinks:
+  post: /:year/:month/:title/
+  doc: /:slug/
+  page: /:slug/
+  default: /:slug/
+
+params:
+  description: Git with a cup of tea
+  author: The Gitea Authors
+  website: https://docs.gitea.io
+  version: 1.17.3
+  minGoVersion: 1.18
+  goVersion: 1.19
+  minNodeVersion: 14
+  search: nav
+
+outputs:
+  home:
+    - HTML
+    - RSS
+    - JSON
+
+menu:
+  page:
+    - name: Website
+      url: https://gitea.io/en-us/
+      weight: 10
+      pre: home
+    - name: Docs
+      url: /en-us/
+      weight: 20
+      pre: question
+      post: active
+    - name: API
+      url: https://try.gitea.io/api/swagger
+      weight: 45
+      pre: plug
+    - name: Blog
+      url: https://blog.gitea.io/
+      weight: 30
+      pre: rss
+    - name: Shop
+      url: https://shop.gitea.io/
+      weight: 40
+      pre: shopping-cart
+    - name: Translation
+      url: https://crowdin.com/project/gitea
+      weight: 41
+      pre: language
+    - name: Downloads
+      url: https://dl.gitea.io/
+      weight: 50
+      pre: download
+    - name: GitHub
+      url: https://github.com/go-gitea/
+      weight: 60
+      pre: github
+    - name: Discord Chat
+      url: https://discord.gg/Gitea
+      weight: 70
+      pre: comment
+    - name: Forum
+      url: https://discourse.gitea.io/
+      weight: 80
+      pre: group
+
+languages:
+  en-us:
+    weight: 0
+    languageName: English
+
+  zh-cn:
+    weight: 1
+    languageName: 中文(简体)
+    menu:
+      page:
+        - name: 网站
+          url: https://gitea.io/zh-cn/
+          weight: 10
+          pre: home
+        - name: 文档
+          url: /zh-cn/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: 博客
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: 导入
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: 翻译
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: 下载
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  zh-tw:
+    weight: 2
+    languageName: 中文(繁體)
+    menu:
+      page:
+        - name: 網站
+          url: https://gitea.io/zh-tw/
+          weight: 10
+          pre: home
+        - name: 文件
+          url: /zh-tw/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: 部落格
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: 商店
+          url: https://shop.gitea.io/
+          weight: 40
+          pre: shopping-cart
+        - name: 翻譯
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: 下載
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord 聊天室
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: 討論區
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  pt-br:
+    weight: 3
+    languageName: Português Brasileiro
+    menu:
+      page:
+        - name: Página inicial
+          url: https://gitea.io/pt-br/
+          weight: 10
+          pre: home
+        - name: Documentação
+          url: /pt-br/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Código-fonte
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Translation
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: Downloads
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Chat no Discord
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  nl-nl:
+    weight: 4
+    languageName: Nederlands
+    menu:
+      page:
+        - name: Website
+          url: https://gitea.io/nl-nl/
+          weight: 10
+          pre: home
+        - name: Docs
+          url: /nl-nl/
+          weight: 20
+          pre: question
+          post: active
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Code
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Translation
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: Downloads
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  fr-fr:
+    weight: 5
+    languageName: Français
+    menu:
+      page:
+        - name: Site
+          url: https://gitea.io/en-us/
+          weight: 10
+          pre: home
+          post: active
+        - name: Documentation
+          url: /fr-fr/
+          weight: 20
+          pre: question
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Code
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Translation
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: Téléchargement
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
+
+  de-de:
+    weight: 6
+    languageName: Deutsch
+    menu:
+      page:
+        - name: Webseite
+          url: https://gitea.io/en-us/
+          weight: 10
+          pre: home
+          post: active
+        - name: Dokumentation
+          url: /de-de/
+          weight: 20
+          pre: question
+        - name: API
+          url: https://try.gitea.io/api/swagger
+          weight: 45
+          pre: plug
+        - name: Blog
+          url: https://blog.gitea.io/
+          weight: 30
+          pre: rss
+        - name: Code
+          url: https://code.gitea.io/
+          weight: 40
+          pre: code
+        - name: Übersetzung
+          url: https://crowdin.com/project/gitea
+          weight: 41
+          pre: language
+        - name: Downloads
+          url: https://dl.gitea.io/
+          weight: 50
+          pre: download
+        - name: GitHub
+          url: https://github.com/go-gitea/
+          weight: 60
+          pre: github
+        - name: Discord Chat
+          url: https://discord.gg/Gitea
+          weight: 70
+          pre: comment
+        - name: Forum
+          url: https://discourse.gitea.io/
+          weight: 80
+          pre: group
@@ -1,14 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "Administration"
-slug: "administration"
-sidebar_position: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Administration"
-    sidebar_position: 20
-    collapse: true
-    identifier: "administration"
---
@@ -1,13 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "运维"
-slug: "administration"
-sidebar_position: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "运维"
-    sidebar_position: 20
-    identifier: "administration"
---
@@ -1,13 +0,0 @@
---
-date: "2016-12-01T16:00:00+02:00"
-title: "運維"
-slug: "administration"
-sidebar_position: 30
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "運維"
-    sidebar_position: 20
-    identifier: "administration"
---
@@ -1,40 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "添加法律页面"
-slug: adding-legal-pages
-sidebar_position: 110
-toc: false
-draft: false
-aliases:
-  - /zh-cn/adding-legal-pages
-menu:
-  sidebar:
-    parent: "administration"
-    name: "添加法律页面"
-    identifier: "adding-legal-pages"
-    sidebar_position: 110
---
-
-一些法域（例如欧盟）要求在网站上添加特定的法律页面（例如隐私政策）。按照以下步骤将它们添加到你的 Gitea 实例中。
-
-## 获取页面
-
-Gitea 源代码附带了示例页面，位于 `contrib/legal` 目录中。将它们复制到 `custom/public/` 目录下。例如，如果要添加隐私政策：
-
-```
-wget -O /path/to/custom/public/privacy.html https://raw.githubusercontent.com/go-gitea/gitea/main/contrib/legal/privacy.html.sample
-```
-
-现在，你需要编辑该页面以满足你的需求。特别是，你必须更改电子邮件地址、网址以及与 "Your Gitea Instance" 相关的引用，以匹配你的情况。
-
-请务必不要放置会暗示 Gitea 项目对你的服务器负责的一般服务条款或隐私声明。
-
-## 使其可见
-
-创建或追加到 `/path/to/custom/templates/custom/extra_links_footer.tmpl` 文件中：
-
-```go
-<a class="item" href="{{AppSubUrl}}/assets/privacy.html">隐私政策</a>
-```
-
-重启 Gitea 以查看更改。
@@ -1,101 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "嵌入资源提取工具"
-slug: "cmd-embedded"
-sidebar_position: 20
-toc: false
-draft: false
-aliases:
-  - /zh-cn/cmd-embedded
-menu:
-  sidebar:
-    parent: "administration"
-    name: "嵌入资源提取工具"
-    sidebar_position: 20
-    identifier: "cmd-embedded"
---
-
-# 嵌入资源提取工具
-
-Gitea 的可执行文件包含了运行所需的所有资源：模板、图片、样式表和翻译文件。你可以通过在 `custom` 目录下的相应路径中放置替换文件来覆盖其中的任何资源（详见 [自定义 Gitea 配置](administration/customizing-gitea.md)）。
-
-要获取嵌入资源的副本以进行编辑，可以使用 CLI 中的 `embedded` 命令，通过操作系统的 shell 执行。
-
-**注意：** 嵌入资源提取工具包含在 Gitea 1.12 及以上版本中。
-
-## 资源列表
-
-要列出嵌入在 Gitea 可执行文件中的资源，请使用以下语法：
-
-```sh
-gitea embedded list [--include-vendored] [patterns...]
-```
-
-`--include-vendored` 标志使命令包括被供应的文件，这些文件通常被排除在外；即来自外部库的文件，这些文件是 Gitea 所需的（例如 [octicons](https://octicons.github.com/) 等）。
-
-可以提供一系列文件搜索模式。Gitea 使用 [gobwas/glob](https://github.com/gobwas/glob) 作为其 glob 语法。以下是一些示例：
-
- 列出所有模板文件，无论在哪个虚拟目录下：`**.tmpl`
- 列出所有邮件模板文件：`templates/mail/**.tmpl`
- 列出 `public/img` 目录下的所有文件：`public/img/**`
-
-不要忘记为模式使用引号，因为空格、`*` 和其他字符可能对命令行解释器有特殊含义。
-
-如果未提供模式，则列出所有文件。
-
-### 示例
-
-列出所有路径中包含 `openid` 的嵌入文件：
-
-```sh
-$ gitea embedded list '**openid**'
-public/img/auth/openid_connect.svg
-public/img/openid-16x16.png
-templates/user/auth/finalize_openid.tmpl
-templates/user/auth/signin_openid.tmpl
-templates/user/auth/signup_openid_connect.tmpl
-templates/user/auth/signup_openid_navbar.tmpl
-templates/user/auth/signup_openid_register.tmpl
-templates/user/settings/security_openid.tmpl
-```
-
-## 提取资源
-
-要提取嵌入在 Gitea 可执行文件中的资源，请使用以下语法：
-
-```sh
-gitea [--config {file}] embedded extract [--destination {dir}|--custom] [--overwrite|--rename] [--include-vendored] {patterns...}
-```
-
-`--config` 选项用于告知 Gitea `app.ini` 配置文件的位置（如果不在默认位置）。此选项仅在使用 `--custom` 标志时使用。
-
-`--destination` 选项用于指定提取文件的目标目录。默认为当前目录。
-
-`--custom` 标志告知 Gitea 直接将文件提取到 `custom` 目录中。为使其正常工作，该命令需要知道 `app.ini` 配置文件的位置（通过 `--config` 指定），并且根据配置的不同，需要从 Gitea 通常启动的目录运行。有关详细信息，请参阅 [自定义 Gitea 配置](administration/customizing-gitea.md)。
-
-`--overwrite` 标志允许覆盖目标目录中的任何现有文件。
-
-`--rename` 标志告知 Gitea 将目标目录中的任何现有文件重命名为 `filename.bak`。之前的 `.bak` 文件将被覆盖。
-
-至少需要提供一个文件搜索模式；有关模式的语法和示例，请参阅上述 `list` 子命令。
-
-### 重要提示
-
-请确保**只提取需要自定义的文件**。位于 `custom` 目录中的文件不会受到 Gitea 的升级过程的影响。当 Gitea 升级到新版本（通过替换可执行文件）时，许多嵌入文件将发生变化。Gitea 将尊重并使用在 `custom` 目录中找到的任何文件，即使这些文件是旧的和不兼容的。
-
-### 示例
-
-将邮件模板提取到临时目录：
-
-```sh
-$ mkdir tempdir
-$ gitea embedded extract --destination tempdir 'templates/mail/**.tmpl'
-Extracting to tempdir:
-tempdir/templates/mail/auth/activate.tmpl
-tempdir/templates/mail/auth/activate_email.tmpl
-tempdir/templates/mail/auth/register_notify.tmpl
-tempdir/templates/mail/auth/reset_passwd.tmpl
-tempdir/templates/mail/issue/assigned.tmpl
-tempdir/templates/mail/issue/default.tmpl
-tempdir/templates/mail/notify/collaborator.tmpl
-```
@@ -1,552 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "Gitea 命令行"
-slug: "command-line"
-sidebar_position: 1
-toc: false
-draft: false
-aliases:
-  - /zh-cn/command-line
-menu:
-  sidebar:
-    parent: "administration"
-    name: "Gitea 命令行"
-    sidebar_position: 1
-    identifier: "command-line"
---
-
-# 命令行
-
-## 用法
-
-`gitea [全局选项] 命令 [命令或全局选项] [参数...]`
-
-## 全局选项
-
-所有全局选项均可被放置在命令级别。
-
- `--help`，`-h`：显示帮助文本并退出。可选。
- `--version`，`-v`：显示版本信息并退出。可选。 (示例：`Gitea version 1.1.0+218-g7b907ed built with: bindata, sqlite`)。
- `--custom-path path`，`-C path`：Gitea 自定义文件夹的路径。可选。 (默认值：`AppWorkPath`/custom 或 `$GITEA_CUSTOM`)。
- `--config path`，`-c path`：Gitea 配置文件的路径。可选。 (默认值：`custom`/conf/app.ini)。
- `--work-path path`，`-w path`：Gitea 的 `AppWorkPath`。可选。 (默认值：LOCATION_OF_GITEA_BINARY 或 `$GITEA_WORK_DIR`)
-
-注意：默认的 custom-path、config 和 work-path 也可以在构建时更改（如果需要）。
-
-## 命令
-
-### web
-
-启动服务器：
-
- 选项：
-  - `--port number`，`-p number`：端口号。可选。 (默认值：3000)。覆盖配置文件中的设置。
-  - `--install-port number`：运行安装页面的端口号。可选。 (默认值：3000)。覆盖配置文件中的设置。
-  - `--pid path`，`-P path`：Pid 文件的路径。可选。
-  - `--quiet`，`-q`：只在控制台上输出 Fatal 日志，用于在设置日志之前发出的日志。
-  - `--verbose`：在控制台上输出跟踪日志，用于在设置日志之前发出的日志。
- 示例：
-  - `gitea web`
-  - `gitea web --port 80`
-  - `gitea web --config /etc/gitea.ini --pid /some/custom/gitea.pid`
- 注意：
-  - Gitea 不应以 root 用户身份运行。要绑定到低于 1024 的端口，您可以在 Linux 上使用 setcap 命令：`sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`。每次更新 Gitea 都需要重新执行此操作。
-
-### admin
-
-管理员操作：
-
- 命令：
-  - `user`：
-    - `list`：
-      - 选项：
-        - `--admin`：仅列出管理员用户。可选。
-      - 描述：列出所有现有用户。
-      - 示例：
-        - `gitea admin user list`
-    - `delete`：
-      - 选项：
-        - `--email`：要删除的用户的电子邮件。
-        - `--username`：要删除的用户的用户名。
-        - `--id`：要删除的用户的ID。
-        - 必须提供 `--id`、`--username` 或 `--email` 中的一个。如果提供多个，则所有条件必须匹配。
-      - 示例：
-        - `gitea admin user delete --id 1`
-    - `create`：
-      - 选项：
-        - `--name value`：用户名。必填。自 Gitea 1.9.0 版本起，请改用 `--username` 标志。
-        - `--username value`：用户名。必填。Gitea 1.9.0 新增。
-        - `--password value`：密码。必填。
-        - `--email value`：邮箱。必填。
-        - `--admin`：如果提供此选项，将创建一个管理员用户。可选。
-        - `--access-token`：如果提供，将为用户创建访问令牌。可选。（默认值：false）。
-        - `--must-change-password`：如果提供，创建的用户将在初始登录后需要选择一个新密码。可选。（默认值：true）。
-        - `--random-password`：如果提供，将使用随机生成的密码作为创建用户的密码。`--password` 的值将被忽略。可选。
-        - `--random-password-length`：如果提供，将用于配置随机生成密码的长度。可选。（默认值：12）
-      - 示例：
-        - `gitea admin user create --username myname --password asecurepassword --email me@example.com`
-    - `change-password`：
-      - 选项：
-        - `--username value`，`-u value`：用户名。必填。
-        - `--password value`，`-p value`：新密码。必填。
-      - 示例：
-        - `gitea admin user change-password --username myname --password asecurepassword`
-    - `must-change-password`：
-      - 参数：
-        - `[username...]`：需要更改密码的用户
-      - 选项：
-        - `--all`，`-A`：强制所有用户更改密码
-        - `--exclude username`，`-e username`：排除给定的用户。可以多次设置。
-        - `--unset`：撤销对给定用户的强制密码更改
-  - `regenerate`：
-    - 选项：
-      - `hooks`：重新生成所有仓库的 Git Hooks。
-      - `keys`：重新生成 authorized_keys 文件。
-    - 示例：
-      - `gitea admin regenerate hooks`
-      - `gitea admin regenerate keys`
-  - `auth`：
-    - `list`：
-      - 描述：列出所有存在的外部认证源。
-      - 示例：
-        - `gitea admin auth list`
-    - `delete`：
-      - 选项：
-        - `--id`：要删除的源的 ID。必填。
-      - 示例：
-        - `gitea admin auth delete --id 1`
-    - `add-oauth`：
-      - 选项：
-        - `--name`：应用程序名称。
-        - `--provider`：OAuth2 提供者。
-        - `--key`：客户端 ID（Key）。
-        - `--secret`：客户端密钥。
-        - `--auto-discover-url`：OpenID Connect 自动发现 URL（仅在使用 OpenID Connect 作为提供程序时需要）。
-        - `--use-custom-urls`：在 GitLab/GitHub OAuth 端点上使用自定义 URL。
-        - `--custom-tenant-id`：在 OAuth 端点上使用自定义租户 ID。
-        - `--custom-auth-url`：使用自定义授权 URL（GitLab/GitHub 的选项）。
-        - `--custom-token-url`：使用自定义令牌 URL（GitLab/GitHub 的选项）。
-        - `--custom-profile-url`：使用自定义配置文件 URL（GitLab/GitHub 的选项）。
-        - `--custom-email-url`：使用自定义电子邮件 URL（GitHub 的选项）。
-        - `--icon-url`：OAuth2 登录源的自定义图标 URL。
-        - `--skip-local-2fa`：允许源覆盖本地 2FA。（可选）
-        - `--scopes`：请求此 OAuth2 源的附加范围。（可选）
-        - `--required-claim-name`：必须设置的声明名称，以允许用户使用此源登录。（可选）
-        - `--required-claim-value`：必须设置的声明值，以允许用户使用此源登录。（可选）
-        - `--group-claim-name`：提供此源的组名的声明名称。（可选）
-        - `--admin-group`：管理员用户的组声明值。（可选）
-        - `--restricted-group`：受限用户的组声明值。（可选）
-        - `--group-team-map`：组与组织团队之间的 JSON 映射。（可选）
-        - `--group-team-map-removal`：根据组自动激活团队成员资格的删除。（可选）
-      - 示例：
-        - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
-    - `update-oauth`：
-      - 选项：
-        - `--id`：要更新的源的 ID。必填。
-        - `--name`：应用程序名称。
-        - `--provider`：OAuth2 提供者。
-        - `--key`：客户端 ID（Key）。
-        - `--secret`：客户端密钥。
-        - `--auto-discover-url`：OpenID Connect 自动发现 URL（仅在使用 OpenID Connect 作为提供程序时需要）。
-        - `--use-custom-urls`：在 GitLab/GitHub OAuth 端点上使用自定义 URL。
-        - `--custom-tenant-id`：在 OAuth 端点上使用自定义租户 ID。
-        - `--custom-auth-url`：使用自定义授权 URL（GitLab/GitHub 的选项）。
-        - `--custom-token-url`：使用自定义令牌 URL（GitLab/GitHub 的选项）。
-        - `--custom-profile-url`：使用自定义配置文件 URL（GitLab/GitHub 的选项）。
-        - `--custom-email-url`：使用自定义电子邮件 URL（GitHub 的选项）。
-        - `--icon-url`：OAuth2 登录源的自定义图标 URL。
-        - `--skip-local-2fa`：允许源覆盖本地 2FA。（可选）
-        - `--scopes`：请求此 OAuth2 源的附加范围。
-        - `--required-claim-name`：必须设置的声明名称，以允许用户使用此源登录。（可选）
-        - `--required-claim-value`：必须设置的声明值，以允许用户使用此源登录。（可选）
-        - `--group-claim-name`：提供此源的组名的声明名称。（可选）
-        - `--admin-group`：管理员用户的组声明值。（可选）
-        - `--restricted-group`：受限用户的组声明值。（可选）
-      - 示例：
-        - `gitea admin auth update-oauth --id 1 --name external-github-updated`
-    - `add-smtp`：
-      - 选项：
-        - `--name`：应用程序名称。必填。
-        - `--auth-type`：SMTP 认证类型（PLAIN/LOGIN/CRAM-MD5）。默认为 PLAIN。
-        - `--host`：SMTP 主机。必填。
-        - `--port`：SMTP 端口。必填。
-        - `--force-smtps`：SMTPS 始终在端口 465 上使用。设置此选项以强制在其他端口上使用 SMTPS。
-        - `--skip-verify`：跳过 TLS 验证。
-        - `--helo-hostname`：发送 HELO 时使用的主机名。留空以发送当前主机名。
-        - `--disable-helo`：禁用 SMTP helo。
-        - `--allowed-domains`：留空以允许所有域。使用逗号（','）分隔多个域。
-        - `--skip-local-2fa`：跳过 2FA 登录。
-        - `--active`：启用此认证源。
-        备注：
-        `--force-smtps`、`--skip-verify`、`--disable-helo`、`--skip-local-2fs` 和 `--active` 选项可以采用以下形式使用：
-        - `--option`、`--option=true` 以启用选项
-        - `--option=false` 以禁用选项
-        如果未指定这些选项，则在 `update-smtp` 中不会更改值，或者在 `add-smtp` 中将使用默认的 `false` 值。
-      - 示例：
-        - `gitea admin auth add-smtp --name ldap --host smtp.mydomain.org --port 587 --skip-verify --active`
-    - `update-smtp`：
-      - 选项：
-        - `--id`：要更新的源的 ID。必填。
-        - 其他选项与 `add-smtp` 共享
-      - 示例：
-        - `gitea admin auth update-smtp --id 1 --host smtp.mydomain.org --port 587 --skip-verify=false`
-        - `gitea admin auth update-smtp --id 1 --active=false`
-    - `add-ldap`：添加新的 LDAP（通过 Bind DN）认证源
-      - 选项：
-        - `--name value`：认证名称。必填。
-        - `--not-active`：停用认证源。
-        - `--security-protocol value`：安全协议名称。必填。
-        - `--skip-tls-verify`：禁用 TLS 验证。
-        - `--host value`：LDAP 服务器的地址。必填。
-        - `--port value`：连接到 LDAP 服务器时使用的端口。必填。
-        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。必填。
-        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。必填。
-        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
-        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
-        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
-        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
-        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
-        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。必填。
-        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
-        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
-        - `--bind-dn value`：在搜索用户时绑定到 LDAP 服务器的 DN。
-        - `--bind-password value`：绑定 DN 的密码（如果有）。
-        - `--attributes-in-bind`：在绑定 DN 上下文中获取属性。
-        - `--synchronize-users`：启用用户同步。
-        - `--page-size value`：搜索页面大小。
-      - 示例：
-        - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(|(uid=%[1]s)(mail=%[1]s)))" --email-attribute mail`
-    - `update-ldap`：更新现有的 LDAP（通过 Bind DN）认证源
-      - 选项：
-        - `--id value`：认证源的 ID。必填。
-        - `--name value`：认证名称。
-        - `--not-active`：停用认证源。
-        - `--security-protocol value`：安全协议名称。
-        - `--skip-tls-verify`：禁用 TLS 验证。
-        - `--host value`：LDAP 服务器的地址。
-        - `--port value`：连接到 LDAP 服务器时使用的端口。
-        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
-        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。
-        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
-        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
-        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
-        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
-        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
-        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。
-        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
-        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
-        - `--bind-dn value`：在搜索用户时绑定到 LDAP 服务器的 DN。
-        - `--bind-password value`：绑定 DN 的密码（如果有）。
-        - `--attributes-in-bind`：在绑定 DN 上下文中获取属性。
-        - `--synchronize-users`：启用用户同步。
-        - `--page-size value`：搜索页面大小。
-      - 示例：
-        - `gitea admin auth update-ldap --id 1 --name "my ldap auth source"`
-        - `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
-    - `add-ldap-simple`：添加新的 LDAP（简单身份验证）认证源
-      - 选项：
-        - `--name value`：认证名称。必填。
-        - `--not-active`：停用认证源。
-        - `--security-protocol value`：安全协议名称。必填。
-        - `--skip-tls-verify`：禁用 TLS 验证。
-        - `--host value`：LDAP 服务器的地址。必填。
-        - `--port value`：连接到 LDAP 服务器时使用的端口。必填。
-        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
-        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。必填。
-        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
-        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
-        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
-        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
-        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
-        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。必填。
-        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
-        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
-        - `--user-dn value`：用户的 DN。必填。
-      - 示例：
-        - `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail`
-    - `update-ldap-simple`：更新现有的 LDAP（简单身份验证）认证源
-      - 选项：
-        - `--id value`：认证源的 ID。必填。
-        - `--name value`：认证名称。
-        - `--not-active`：停用认证源。
-        - `--security-protocol value`：安全协议名称。
-        - `--skip-tls-verify`：禁用 TLS 验证。
-        - `--host value`：LDAP 服务器的地址。
-        - `--port value`：连接到 LDAP 服务器时使用的端口。
-        - `--user-search-base value`：用户帐户将在其中搜索的 LDAP 基础路径。
-        - `--user-filter value`：声明如何查找试图进行身份验证的用户记录的 LDAP 过滤器。
-        - `--admin-filter value`：指定是否应授予用户管理员特权的 LDAP 过滤器。
-        - `--restricted-filter value`：指定是否应将用户设置为受限状态的 LDAP 过滤器。
-        - `--username-attribute value`：用户 LDAP 记录中包含用户名的属性。
-        - `--firstname-attribute value`：用户 LDAP 记录中包含用户名字的属性。
-        - `--surname-attribute value`：用户 LDAP 记录中包含用户姓氏的属性。
-        - `--email-attribute value`：用户 LDAP 记录中包含用户电子邮件地址的属性。
-        - `--public-ssh-key-attribute value`：用户 LDAP 记录中包含用户公共 SSH 密钥的属性。
-        - `--avatar-attribute value`：用户 LDAP 记录中包含用户头像的属性。
-        - `--user-dn value`：用户的 DN。
-      - 示例：
-        - `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"`
-        - `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
-
-### cert
-
-生成自签名的SSL证书。将输出到当前目录下的`cert.pem`和`key.pem`文件中，并且会覆盖任何现有文件。
-
- 选项：
-  - `--host value`：逗号分隔的主机名和IP地址列表，此证书适用于这些主机。支持使用通配符。必填。
-  - `--ecdsa-curve value`：用于生成密钥的ECDSA曲线。可选。有效选项为P224、P256、P384、P521。
-  - `--rsa-bits value`：要生成的RSA密钥的大小。可选。如果设置了--ecdsa-curve，则忽略此选项。（默认值：2048）。
-  - `--start-date value`：证书的创建日期。可选。（格式：`Jan 1 15:04:05 2011`）。
-  - `--duration value`：证书有效期。可选。（默认值：8760h0m0s）
-  - `--ca`：如果提供此选项，则证书将生成自己的证书颁发机构。可选。
- 示例：
-  - `gitea cert --host git.example.com,example.com,www.example.com --ca`
-
-### dump
-
-将所有文件和数据库导出到一个zip文件中。输出文件将保存在当前目录下，类似于`gitea-dump-1482906742.zip`。
-
- 选项：
-  - `--file name`，`-f name`：指定要创建的导出文件的名称。可选。（默认值：gitea-dump-[timestamp].zip）。
-  - `--tempdir path`，`-t path`：指定临时目录的路径。可选。（默认值：/tmp）。
-  - `--skip-repository`，`-R`：跳过仓库的导出。可选。
-  - `--skip-custom-dir`：跳过自定义目录的导出。可选。
-  - `--skip-lfs-data`：跳过LFS数据的导出。可选。
-  - `--skip-attachment-data`：跳过附件数据的导出。可选。
-  - `--skip-package-data`：跳过包数据的导出。可选。
-  - `--skip-log`：跳过日志数据的导出。可选。
-  - `--database`，`-d`：指定数据库的SQL语法。可选。
-  - `--verbose`，`-V`：如果提供此选项，显示附加详细信息。可选。
-  - `--type`：设置导出的格式。可选。（默认值：zip）
- 示例：
-  - `gitea dump`
-  - `gitea dump --verbose`
-
-### generate
-
-用于在配置文件中生成随机值和令牌。对于自动部署时生成值非常有用。
-
- 命令:
-  - `secret`:
-    - 选项:
-      - `INTERNAL_TOKEN`: 用于内部 API 调用身份验证的令牌。
-      - `JWT_SECRET`: 用于 LFS 和 OAUTH2 JWT 身份验证的密钥（LFS_JWT_SECRET 是此选项的别名，用于向后兼容）。
-      - `SECRET_KEY`: 全局密钥。
-    - 示例:
-      - `gitea generate secret INTERNAL_TOKEN`
-      - `gitea generate secret JWT_SECRET`
-      - `gitea generate secret SECRET_KEY`
-
-### keys
-
-提供一个 SSHD AuthorizedKeysCommand。需要在 sshd 配置文件中进行配置:
-
-```ini
-...
-# -e 的值和 AuthorizedKeysCommandUser 应与运行 Gitea 的用户名匹配
-AuthorizedKeysCommandUser git
-AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k
-```
-
-该命令将返回适用于提供的密钥的合适 authorized_keys 行。您还应在 `app.ini` 的 `[server]` 部分设置值 `SSH_CREATE_AUTHORIZED_KEYS_FILE=false`。
-
-注意: opensshd 要求 Gitea 程序由 root 拥有，并且不可由组或其他人写入。程序必须使用绝对路径指定。
-注意: Gitea 必须在运行此命令时处于运行状态才能成功。
-
-### migrate
-
-迁移数据库。该命令可用于在首次启动服务器之前运行其他命令。此命令是幂等的。
-
-### convert
-
-将现有的 MySQL 数据库从 utf8 转换为 utf8mb4。
-
-### doctor
-
-根据给定的配置诊断当前 Gitea 实例的问题。目前有以下检查清单:
-
- 检查 OpenSSH 的 authorized_keys 文件是否正确
-  当您的 Gitea 实例支持 OpenSSH 时，当您的 Gitea 实例添加或更改任何公钥时，Gitea 实例的二进制路径将被写入 `authorized_keys` 文件。
-  有时，如果您在升级时移动或重命名了 Gitea 二进制文件，并且您没有在管理面板上运行“使用 Gitea 的 SSH 密钥更新「.ssh/authorized_keys」文件”操作。那么通过 SSH 的所有拉取/推送操作将无法正常工作。
-  此检查将帮助您检查它是否正常工作。
-
-对于贡献者，如果您想添加更多的检查项，您可以编写一个新的函数，如 `func(ctx *cli.Context) ([]string, error)`，并将其追加到 `doctor.go` 文件中。
-
-```go
-var checklist = []check{
-	{
-		title: "Check if OpenSSH authorized_keys file id correct",
-		f:     runDoctorLocationMoved,
-    },
-    // more checks please append here
-}
-```
-
-此函数将接收一个命令行上下文，并返回有关问题或错误的详细信息列表。
-
-#### doctor recreate-table
-
-有时，在迁移时，旧的列和默认值可能会在数据库模式中保持不变。这可能会导致警告，如下所示:
-
-```
-2020/08/02 11:32:29 ...rm/session_schema.go:360:Sync2() [W] Table user Column keep_activity_private db default is , struct default is 0
-```
-
-您可以通过以下方式让 Gitea 重新创建这些表，并将旧数据复制到新表中，并适当设置默认值：
-
-```
-gitea doctor recreate-table user
-```
-
-您可以使用以下方式让 Gitea 重新创建多个表：
-
-```
-gitea doctor recreate-table table1 table2 ...
-```
-
-如果您希望 Gitea 重新创建所有表，请直接调用：
-
-```
-gitea doctor recreate-table
-```
-
-强烈建议在运行这些命令之前备份您的数据库。
-
-### manager
-
-管理运行中的服务器操作：
-
- 命令:
-  - `shutdown`: 优雅地关闭运行中的进程
-  - `restart`: 优雅地重新启动运行中的进程（对于Windows服务器尚未实现）
-  - `flush-queues`: 刷新运行中的进程中的队列
-    - 选项:
-      - `--timeout value`: 刷新过程的超时时间（默认值: 1m0s）
-      - `--non-blocking`: 设置为true，以在返回之前不等待刷新完成
-  - `logging`: 调整日志命令
-    - 命令:
-      - `pause`: 暂停日志记录
-        - 注意:
-          - 如果日志级别低于此级别，日志级别将被临时提升为INFO。
-          - Gitea将在一定程度上缓冲日志，并在超过该点后丢弃日志。
-      - `resume`: 恢复日志记录
-      - `release-and-reopen`: 使Gitea释放和重新打开用于日志记录的文件和连接（相当于向Gitea发送SIGUSR1信号）。
-      - `remove name`: 删除指定的日志记录器
-        - 选项:
-          - `--group group`, `-g group`: 从中删除子记录器的组（默认为`default`）
-      - `add`: 添加日志记录器
-        - 命令:
-          - `console`: 添加控制台日志记录器
-            - 选项:
-              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
-              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
-              - `--level value`, `-l value`: 新日志记录器的日志级别
-              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
-              - `--flags value`, `-F value`: 日志记录器的标志
-              - `--expression value`, `-e value`: 日志记录器的匹配表达式
-              - `--prefix value`, `-p value`: 日志记录器的前缀
-              - `--color`: 在日志中使用颜色
-              - `--stderr`: 将控制台日志输出到stderr - 仅适用于控制台
-          - `file`: 添加文件日志记录器
-            - 选项:
-              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
-              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
-              - `--level value`, `-l value`: 新日志记录器的日志级别
-              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
-              - `--flags value`, `-F value`: 日志记录器的标志
-              - `--expression value`, `-e value`: 日志记录器的匹配表达式
-              - `--prefix value`, `-p value`: 日志记录器的前缀
-              - `--color`: 在日志中使用颜色
-              - `--filename value`, `-f value`: 日志记录器的文件名
-              - `--rotate`, `-r`: 轮转日志
-              - `--max-size value`, `-s value`: 在轮转之前的最大大小（以字节为单位）
-              - `--daily`, `-d`: 每天轮转日志
-              - `--max-days value`, `-D value`: 保留的每日日志的最大数量
-              - `--compress`, `-z`: 压缩轮转的日志
-              - `--compression-level value`, `-Z value`: 使用的压缩级别
-          - `conn`: 添加网络连接日志记录器
-            - 选项:
-              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
-              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
-              - `--level value`, `-l value`: 新日志记录器的日志级别
-              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
-              - `--flags value`, `-F value`: 日志记录器的标志
-              - `--expression value`, `-e value`: 日志记录器的匹配表达式
-              - `--prefix value`, `-p value`: 日志记录器的前缀
-              - `--color`: 在日志中使用颜色
-              - `--reconnect-on-message`, `-R`: 对于每个消息重新连接主机
-              - `--reconnect`, `-r`: 连接中断时重新连接主机
-              - `--protocol value`, `-P value`: 设置要使用的协议：tcp、unix或udp（默认为tcp）
-              - `--address value`, `-a value`: 要连接到的主机地址和端口（默认为:7020）
-          - `smtp`: 添加SMTP日志记录器
-            - 选项:
-              - `--group value`, `-g value`: 要添加日志记录器的组 - 默认为"default"
-              - `--name value`, `-n value`: 新日志记录器的名称 - 默认为模式
-              - `--level value`, `-l value`: 新日志记录器的日志级别
-              - `--stacktrace-level value`, `-L value`: 堆栈跟踪日志级别
-              - `--flags value`, `-F value`: 日志记录器的标志
-              - `--expression value`, `-e value`: 日志记录器的匹配表达式
-              - `--prefix value`, `-p value`: 日志记录器的前缀
-              - `--color`: 在日志中使用颜色
-              - `--username value`, `-u value`: 邮件服务器用户名
-              - `--password value`, `-P value`: 邮件服务器密码
-              - `--host value`, `-H value`: 邮件服务器主机（默认为: 127.0.0.1:25）
-              - `--send-to value`, `-s value`: 要发送到的电子邮件地址
-              - `--subject value`, `-S value`: 发送电子邮件的主题标题
-  - `processes`: 显示 Gitea 进程和 Goroutine 信息
-    - 选项:
-      - `--flat`: 以平面表格形式显示进程，而不是树形结构
-      - `--no-system`: 不显示系统进程
-      - `--stacktraces`: 显示与进程关联的 Goroutine 的堆栈跟踪
-      - `--json`: 输出为 JSON 格式
-      - `--cancel PID`: 向具有 PID 的进程发送取消命令（仅适用于非系统进程）
-
-### dump-repo
-
-`dump-repo` 从 Git/GitHub/Gitea/GitLab 中转储存储库数据：
-
- 选项：
-  - `--git_service service`：Git 服务，可以是 `git`、`github`、`gitea`、`gitlab`。如果 `clone_addr` 可以被识别，则可以忽略此选项。
-  - `--repo_dir dir`，`-r dir`：存储数据的存储库目录路径。
-  - `--clone_addr addr`：将被克隆的 URL，目前可以是 git/github/gitea/gitlab 的 http/https URL。例如：https://github.com/lunny/tango.git
-  - `--auth_username lunny`：访问 `clone_addr` 的用户名。
-  - `--auth_password <password>`：访问 `clone_addr` 的密码。
-  - `--auth_token <token>`：访问 `clone_addr` 的个人令牌。
-  - `--owner_name lunny`：如果非空，数据将存储在具有所有者名称的目录中。
-  - `--repo_name tango`：如果非空，数据将存储在具有存储库名称的目录中。
-  - `--units <units>`：要迁移的项目，一个或多个项目应以逗号分隔。允许的项目有 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments。如果为空，则表示所有项目。
-
-### restore-repo
-
-`restore-repo` 从磁盘目录中还原存储库数据：
-
- 选项：
-  - `--repo_dir dir`，`-r dir`：还原数据的存储库目录路径。
-  - `--owner_name lunny`：还原目标所有者名称。
-  - `--repo_name tango`：还原目标存储库名称。
-  - `--units <units>`：要还原的项目，一个或多个项目应以逗号分隔。允许的项目有 wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments。如果为空，则表示所有项目。
-
-### actions generate-runner-token
-
-生成一个供 Runner 使用的新令牌，用于向服务器注册。
-
- 选项：
-  - `--scope {owner}[/{repo}]`，`-s {owner}[/{repo}]`：限制 Runner 的范围，没有范围表示该 Runner 可用于所有仓库，但你也可以将其限制为特定的仓库或所有者。
-
-要注册全局 Runner：
-
-```
-gitea actions generate-runner-token
-```
-
-要注册特定组织的 Runner，例如 `org`：
-
-```
-gitea actions generate-runner-token -s org
-```
-
-要注册特定仓库的 Runner，例如 `username/test-repo`：
-
-```
-gitea actions generate-runner-token -s username/test-repo
-```
@@ -1,87 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "Email 设置"
-slug: "email-setup"
-sidebar_position: 12
-toc: false
-draft: false
-aliases:
-  - /zh-cn/email-setup
-menu:
-  sidebar:
-    parent: "administration"
-    name: "Email 设置"
-    sidebar_position: 12
-    identifier: "email-setup"
---
-
-# Email 设置
-
-Gitea 具有邮件功能，用于发送事务性邮件（例如注册确认邮件）。它可以配置为使用 Sendmail（或兼容的 MTA，例如 Postfix 和 msmtp）或直接使用 SMTP 服务器。
-
-## 使用 Sendmail
-
-使用 `sendmail` 命令作为邮件传输代理（mailer）。
-
-注意：对于在官方Gitea Docker镜像中使用，请使用SMTP版本进行配置（请参考下一节）。
-
-注意：对于面向互联网的网站，请查阅您的 MTA 文档以了解通过TLS发送邮件的说明。同时设置 SPF、DMARC 和 DKIM DNS 记录，以使发送的邮件被各个电子邮件提供商接受为合法邮件。
-
-```ini
-[mailer]
-ENABLED       = true
-FROM          = gitea@mydomain.com
-MAILER_TYPE   = sendmail
-SENDMAIL_PATH = /usr/sbin/sendmail
-SENDMAIL_ARGS = "--" ; 大多数 "sendmail" 程序都接受选项，使用 "--" 将防止电子邮件地址被解释为选项。
-```
-
-## 使用 SMTP
-
-直接使用 SMTP 服务器作为中继。如果您不想在实例上设置 MTA，但在电子邮件提供商那里有一个帐户，这个选项非常有用。
-
-```ini
-[mailer]
-ENABLED        = true
-FROM           = gitea@mydomain.com
-MAILER_TYPE    = smtp
-SMTP_ADDR      = mail.mydomain.com
-SMTP_PORT      = 587
-IS_TLS_ENABLED = true
-USER           = gitea@mydomain.com
-PASSWD         = `password`
-```
-
-重启 Gitea 以使配置更改生效。
-
-要发送测试邮件以验证设置，请转到 Gitea > 站点管理 > 配置 > SMTP 邮件配置。
-
-有关所有选项的完整列表，请查看[配置速查表](administration/config-cheat-sheet.md)。
-
-请注意：只有在使用 TLS 或 `HOST=localhost` 加密 SMTP 服务器通信时才支持身份验证。TLS 加密可以通过以下方式进行：
-
- 通过端口 587 的 STARTTLS（也称为 Opportunistic TLS）。初始连接是明文的，但如果服务器支持，则可以升级为 TLS。
- 通过默认端口 465 的 SMTPS 连接。连接到服务器从一开始就使用 TLS。
- 使用 `IS_TLS_ENABLED=true` 进行强制的 SMTPS 连接。（这两种方式都被称为 Implicit TLS）
-这是由于 Go 内部库对 STRIPTLS 攻击的保护机制。
-
-请注意，自2018年起，[RFC8314](https://tools.ietf.org/html/rfc8314#section-3) 推荐使用 Implicit TLS。
-
-### Gmail
-
-以下配置应该适用于 Gmail 的 SMTP 服务器：
-
-```ini
-[mailer]
-ENABLED        = true
-HOST           = smtp.gmail.com:465 ; 对于 Gitea >= 1.18.0，删除此行
-SMTP_ADDR      = smtp.gmail.com
-SMTP_PORT      = 465
-FROM           = example.user@gmail.com
-USER           = example.user
-PASSWD         = `***`
-MAILER_TYPE    = smtp
-IS_TLS_ENABLED = true
-```
-
-请注意，您需要创建并使用一个 [应用密码](https://support.google.com/accounts/answer/185833?hl=en) 并在您的 Google 帐户上启用 2FA。您将无法直接使用您的 Google 帐户密码。
@@ -1,203 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "外部渲染器"
-slug: "external-renderers"
-sidebar_position: 60
-toc: false
-draft: false
-aliases:
-  - /zh-cn/external-renderers
-menu:
-  sidebar:
-    parent: "administration"
-    name: "外部渲染器"
-    sidebar_position: 60
-    identifier: "external-renderers"
---
-
-# 自定义文件渲染配置
-
-Gitea 通过外部二进制文件支持自定义文件渲染（例如 Jupyter notebooks、asciidoc 等），只需要进行以下步骤：
-
- 安装外部二进制文件
- 在您的 `app.ini` 文件中添加一些配置
- 重新启动 Gitea 实例
-
-此功能支持整个文件的渲染。如果您想要在 Markdown 中渲染代码块，您需要使用 JavaScript 进行一些操作。请参阅 [自定义 Gitea 配置](administration/customizing-gitea.md) 页面上的一些示例。
-
-## 安装外部二进制文件
-
-为了通过外部二进制文件进行文件渲染，必须安装它们的关联软件包。
-如果您正在使用 Docker 镜像，则您的 `Dockerfile` 应该包含以下内容：
-
-```docker
-FROM gitea/gitea:@version@
-[...]
-
-COPY custom/app.ini /data/gitea/conf/app.ini
-[...]
-
-RUN apk --no-cache add asciidoctor freetype freetype-dev gcc g++ libpng libffi-dev py-pip python3-dev py3-pip py3-pyzmq
-# 安装其他您需要的外部渲染器的软件包
-
-RUN pip3 install --upgrade pip
-RUN pip3 install -U setuptools
-RUN pip3 install jupyter docutils
-# 在上面添加您需要安装的任何其他 Python 软件包
-```
-
-## `app.ini` 文件配置
-
-在您的自定义 `app.ini` 文件中为每个外部渲染器添加一个 `[markup.XXXXX]` 部分：
-
-```ini
-[markup.asciidoc]
-ENABLED = true
-FILE_EXTENSIONS = .adoc,.asciidoc
-RENDER_COMMAND = "asciidoctor -s -a showtitle --out-file=- -"
-; 输入不是标准输入而是文件
-IS_INPUT_FILE = false
-
-[markup.jupyter]
-ENABLED = true
-FILE_EXTENSIONS = .ipynb
-RENDER_COMMAND = "jupyter nbconvert --stdin --stdout --to html --template basic"
-IS_INPUT_FILE = false
-
-[markup.restructuredtext]
-ENABLED = true
-FILE_EXTENSIONS = .rst
-RENDER_COMMAND = "timeout 30s pandoc +RTS -M512M -RTS -f rst"
-IS_INPUT_FILE = false
-```
-
-如果您的外部标记语言依赖于在生成的 HTML 元素上的额外类和属性，您可能需要启用自定义的清理策略。Gitea 使用 [`bluemonday`](https://godoc.org/github.com/microcosm-cc/bluemonday) 包作为我们的 HTML 清理器。下面的示例可以用于支持从 [`pandoc`](https://pandoc.org/) 输出的服务器端 [KaTeX](https://katex.org/) 渲染结果。
-
-```ini
-[markup.sanitizer.TeX]
-; Pandoc 渲染 TeX 段落为带有 "math" 类的 <span> 元素，根据上下文可能还带有 "inline" 或 "display" 类。
-; - 请注意，这与我们的 Markdown 解析器中内置的数学支持不同，后者使用 <code> 元素。
-ELEMENT = span
-ALLOW_ATTR = class
-REGEXP = ^\s*((math(\s+|$)|inline(\s+|$)|display(\s+|$)))+
-
-[markup.markdown]
-ENABLED         = true
-FILE_EXTENSIONS = .md,.markdown
-RENDER_COMMAND  = pandoc -f markdown -t html --katex
-```
-
-您必须在每个部分中定义 `ELEMENT` 和 `ALLOW_ATTR`。
-
-要定义多个条目，请添加唯一的字母数字后缀（例如，`[markup.sanitizer.1]` 和 `[markup.sanitizer.something]`）。
-
-要仅为特定的外部渲染器应用清理规则，它们必须使用渲染器名称，例如 `[markup.sanitizer.asciidoc.rule-1]`、`[markup.sanitizer.<renderer>.rule-1]`。
-
-**注意**：如果规则在渲染器 ini 部分之前定义，或者名称与渲染器不匹配，它将应用于所有渲染器。
-
-完成配置更改后，请重新启动 Gitea 以使更改生效。
-
-**注意**：在 Gitea 1.12 之前，存在一个名为 `markup.sanitiser` 的单个部分，其中的键被重新定义为多个规则，但是，这种配置方法存在重大问题，需要通过多个部分进行配置。
-
-### 示例：HTML
-
-直接渲染 HTML 文件：
-
-```ini
-[markup.html]
-ENABLED         = true
-FILE_EXTENSIONS = .html,.htm
-RENDER_COMMAND  = cat
-; 输入不是标准输入，而是文件
-IS_INPUT_FILE   = true
-
-[markup.sanitizer.html.1]
-ELEMENT = div
-ALLOW_ATTR = class
-
-[markup.sanitizer.html.2]
-ELEMENT = a
-ALLOW_ATTR = class
-```
-
-请注意：此示例中的配置将允许渲染 HTML 文件，并使用 `cat` 命令将文件内容输出为 HTML。此外，配置中的两个清理规则将允许 `<div>` 和 `<a>` 元素使用 `class` 属性。
-
-在进行配置更改后，请重新启动 Gitea 以使更改生效。
-
-### 示例：Office DOCX
-
-使用 [`pandoc`](https://pandoc.org/) 显示 Office DOCX 文件：
-
-```ini
-[markup.docx]
-ENABLED = true
-FILE_EXTENSIONS = .docx
-RENDER_COMMAND = "pandoc --from docx --to html --self-contained --template /path/to/basic.html"
-
-[markup.sanitizer.docx.img]
-ALLOW_DATA_URI_IMAGES = true
-```
-
-在此示例中，配置将允许显示 Office DOCX 文件，并使用 `pandoc` 命令将文件转换为 HTML 格式。同时，清理规则中的 `ALLOW_DATA_URI_IMAGES` 设置为 `true`，允许使用 Data URI 格式的图片。
-
-模板文件的内容如下：
-
-```
-$body$
-```
-
-### 示例：Jupyter Notebook
-
-使用 [`nbconvert`](https://github.com/jupyter/nbconvert) 显示 Jupyter Notebook 文件：
-
-```ini
-[markup.jupyter]
-ENABLED = true
-FILE_EXTENSIONS = .ipynb
-RENDER_COMMAND = "jupyter-nbconvert --stdin --stdout --to html --template basic"
-
-[markup.sanitizer.jupyter.img]
-ALLOW_DATA_URI_IMAGES = true
-```
-
-在此示例中，配置将允许显示 Jupyter Notebook 文件，并使用 `nbconvert` 命令将文件转换为 HTML 格式。同样，清理规则中的 `ALLOW_DATA_URI_IMAGES` 设置为 `true`，允许使用 Data URI 格式的图片。
-
-在进行配置更改后，请重新启动 Gitea 以使更改生效。
-
-## 自定义 CSS
-
-在 `.ini` 文件中，可以使用 `[markup.XXXXX]` 的格式指定外部渲染器，并且由外部渲染器生成的 HTML 将被包装在一个带有 `markup` 和 `XXXXX` 类的 `<div>` 中。`markup` 类提供了预定义的样式（如果 `XXXXX` 是 `markdown`，则使用 `markdown` 类）。否则，您可以使用这些类来针对渲染的 HTML 内容进行定制样式。
-
-因此，您可以编写一些 CSS 样式：
-
-```css
-.markup.XXXXX html {
-  font-size: 100%;
-  overflow-y: scroll;
-  -webkit-text-size-adjust: 100%;
-  -ms-text-size-adjust: 100%;
-}
-
-.markup.XXXXX body {
-  color: #444;
-  font-family: Georgia, Palatino, 'Palatino Linotype', Times, 'Times New Roman', serif;
-  font-size: 12px;
-  line-height: 1.7;
-  padding: 1em;
-  margin: auto;
-  max-width: 42em;
-  background: #fefefe;
-}
-
-.markup.XXXXX p {
-  color: orangered;
-}
-```
-
-将您的样式表添加到自定义目录中，例如 `custom/public/css/my-style-XXXXX.css`，并使用自定义的头文件 `custom/templates/custom/header.tmpl` 进行导入：
-
-```html
-<link rel="stylesheet" href="{{AppSubUrl}}/assets/css/my-style-XXXXX.css" />
-```
-
-通过以上步骤，您可以将自定义的 CSS 样式应用到特定的外部渲染器，使其具有所需的样式效果。
@@ -1,32 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "Git LFS 设置"
-slug: "git-lfs-setup"
-sidebar_position: 12
-toc: false
-draft: false
-aliases:
-  - /zh-cn/git-lfs-setup
-menu:
-  sidebar:
-    parent: "administration"
-    name: "Git LFS 设置"
-    sidebar_position: 12
-    identifier: "git-lfs-setup"
---
-
-# 配置 Git 大文件存储（Large File Storage，LFS）
-
-要使用 Gitea 内置的 LFS 支持，您需要更新 `app.ini` 文件：
-
-```ini
-[server]
-; 启用 git-lfs 支持。true 或 false，默认为 false。
-LFS_START_SERVER = true
-
-[lfs]
-; 存放 LFS 文件的路径，默认为 data/lfs。
-PATH = /home/gitea/data/lfs
-```
-
-**注意**：LFS 服务器支持需要服务器上安装 Git v2.1.2 以上版本。
@@ -1,268 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "日志配置"
-slug: "logging-config"
-sidebar_position: 40
-toc: false
-draft: false
-aliases:
-  - /zh-cn/logging-configuration
-menu:
-  sidebar:
-    parent: "administration"
-    name: "日志配置"
-    sidebar_position: 40
-    identifier: "logging-config"
---
-
-# 日志配置
-
-Gitea 的日志配置主要由以下三种类型的组件组成：
-
- `[log]` 部分用于一般配置
- `[log.<mode-name>]` 部分用于配置不同的日志输出方式，也称为 "writer mode"，模式名称同时也作为 "writer name"
- `[log]` 部分还可以包含遵循 `logger.<logger-name>.<CONFIG-KEY>` 模式的子日志记录器的配置
-
-默认情况下，已经有一个完全功能的日志输出，因此不需要重新定义。
-
-## `[log]` 部分
-
-在 Gitea 中，日志设施的配置在 `[log]` 部分及其子部分。
-
-在顶层的 `[log]` 部分，可以放置以下配置项：
-
- `ROOT_PATH`：（默认值：**%(GITEA_WORK_DIR)/log**）：日志文件的基本路径。
- `MODE`：（默认值：**console**）：要用于默认日志记录器的日志输出列表。
- `LEVEL`：（默认值：**Info**）：要持久化的最严重的日志事件，不区分大小写。可能的值为：`Trace`、`Debug`、`Info`、`Warn`、`Error`、`Fatal`。
- `STACKTRACE_LEVEL`：（默认值：**None**）：对于此类及更严重的事件，将在记录时打印堆栈跟踪。
-
-它还可以包含以下子日志记录器：
-
- `logger.router.MODE`：（默认值：**,**）：用于路由器日志记录器的日志输出列表。
- `logger.access.MODE`：（默认值：**_empty_**）：用于访问日志记录器的日志输出列表。默认情况下，访问日志记录器被禁用。
- `logger.xorm.MODE`：（默认值：**,**）：用于 XORM 日志记录器的日志输出列表。
-
-将子日志记录器的模式设置为逗号（`,`）表示使用默认的全局 `MODE`。
-
-## 快速示例
-
-### 默认（空）配置
-
-空配置等同于默认配置：
-
-```ini
-[log]
-ROOT_PATH = %(GITEA_WORK_DIR)/log
-MODE = console
-LEVEL = Info
-STACKTRACE_LEVEL = None
-logger.router.MODE = ,
-logger.xorm.MODE = ,
-logger.access.MODE =
-
-; 这是“控制台”模式的配置选项（由上面的 MODE=console 使用）
-[log.console]
-MODE = console
-FLAGS = stdflags
-PREFIX =
-COLORIZE = true
-```
-
-这等同于将所有日志发送到控制台，并将默认的 Golang 日志也发送到控制台日志中。
-
-这只是一个示例，默认情况下不需要将其写入配置文件中。
-
-### 禁用路由日志并将一些访问日志记录到文件中
-
-禁用路由日志，将访问日志（>=Warn）记录到 `access.log` 中：
-
-```ini
-[log]
-logger.router.MODE =
-logger.access.MODE = access-file
-
-[log.access-file]
-MODE = file
-LEVEL = Warn
-FILE_NAME = access.log
-```
-
-### 为不同的模式设置不同的日志级别
-
-将默认日志（>=Warn）记录到 `gitea.log` 中，将错误日志记录到 `file-error.log` 中：
-
-```ini
-[log]
-LEVEL = Warn
-MODE = file, file-error
-
-; 默认情况下，"file" 模式会将日志记录到 %(log.ROOT_PATH)/gitea.log，因此我们不需要设置它
-; [log.file]
-
-[log.file-error]
-LEVEL = Error
-FILE_NAME = file-error.log
-```
-
-## 日志输出（模式和写入器）
-
-Gitea 提供以下日志写入器：
-
- `console` - 输出日志到 `stdout`（或 `stderr`，如果已在配置中设置）
- `file` - 输出日志到文件
- `conn` - 输出日志到套接字（网络或 Unix 套接字）
-
-### 公共配置
-
-某些配置适用于所有日志输出模式：
-
- `MODE` 是日志输出写入器的模式。它将默认为 ini 部分的模式名称。因此，`[log.console]` 将默认为 `MODE = console`。
- `LEVEL` 是此输出将记录的最低日志级别。
- `STACKTRACE_LEVEL` 是此输出将打印堆栈跟踪的最低日志级别。
- `COLORIZE` 对于 `console`，默认为 `true`，否则默认为 `false`。
-
-#### `EXPRESSION`
-
-`EXPRESSION` 表示日志事件必须匹配才能被输出写入器记录的正则表达式。
-日志消息（去除颜色）或 `longfilename:linenumber:functionname` 必须匹配其中之一。
-注意：整个消息或字符串不需要完全匹配。
-
-请注意，此表达式将在写入器的 goroutine 中运行，而不是在日志事件的 goroutine 中运行。
-
-#### `FLAGS`
-
-`FLAGS` 表示在每条消息之前打印的前置日志上下文信息。
-它是一个逗号分隔的字符串集。值的顺序无关紧要。
-
-默认值为 `stdflags`（= `date,time,medfile,shortfuncname,levelinitial`）。
-
-可能的值为：
-
- `none` 或 `,` - 无标志。
- `date` - 当地时区的日期：`2009/01/23`。
- `time` - 当地时区的时间：`01:23:23`。
- `microseconds` - 微秒精度：`01:23:23.123123`。假定有时间。
- `longfile` - 完整的文件名和行号：`/a/b/c/d.go:23`。
- `shortfile` - 文件名的最后一个部分和行号：`d.go:23`。
- `funcname` - 调用者的函数名：`runtime.Caller()`。
- `shortfuncname` - 函数名的最后一部分。覆盖 `funcname`。
- `utc` - 如果设置了日期或时间，则使用 UTC 而不是本地时区。
- `levelinitial` - 提供的级别的初始字符，放在方括号内，例如 `[I]` 表示 info。
- `level` - 在方括号内的级别，例如 `[INFO]`。
- `gopid` - 上下文的 Goroutine-PID。
- `medfile` - 文件名的最后 20 个字符 - 相当于 `shortfile,longfile`。
- `stdflags` - 相当于 `date,time,medfile,shortfuncname,levelinitial`。
-
-### Console 模式
-
-在此模式下，日志记录器将将日志消息转发到 Gitea 进程附加的 stdout 和 stderr 流。
-
-对于 console 模式的日志记录器，如果不在 Windows 上，或者 Windows 终端可以设置为 ANSI 模式，或者是 cygwin 或 Msys 管道，则 `COLORIZE` 默认为 `true`。
-
-设置：
-
- `STDERR`：**false**：日志记录器是否应将日志打印到 `stderr` 而不是 `stdout`。
-
-### File 模式
-
-在此模式下，日志记录器将将日志消息保存到文件中。
-
-设置：
-
- `FILE_NAME`：要将日志事件写入的文件，相对于 `ROOT_PATH`，默认为 `%(ROOT_PATH)/gitea.log`。异常情况：访问日志默认为 `%(ROOT_PATH)/access.log`。
- `MAX_SIZE_SHIFT`：**28**：单个文件的最大大小位移。28 表示 256Mb。详细信息见下文。
- `LOG_ROTATE` **true**：是否轮转日志文件。
- `DAILY_ROTATE`：**true**：是否每天旋转日志。
- `MAX_DAYS`：**7**：在此天数之后删除旋转的日志文件。
- `COMPRESS`：**true**：默认情况下是否使用 gzip 压缩旧的日志文件。
- `COMPRESSION_LEVEL`：**-1**：压缩级别。详细信息见下文。
-
-`MAX_SIZE_SHIFT` 通过将给定次数左移 1 (`1 << x`) 来定义文件的最大大小。
-在 v1.17.3 版本时的确切行为可以在[这里](https://github.com/go-gitea/gitea/blob/v1.17.3/modules/setting/log.go#L185)中查看。
-
-`COMPRESSION_LEVEL` 的有用值范围从 1 到（包括）9，其中较高的数字表示更好的压缩。
-请注意，更好的压缩可能会带来更高的资源使用。
-必须在前面加上 `-` 符号。
-
-### Conn 模式
-
-在此模式下，日志记录器将通过网络套接字发送日志消息。
-
-设置：
-
- `ADDR`：**:7020**：设置要连接的地址。
- `PROTOCOL`：**tcp**：设置协议，可以是 "tcp"、"unix" 或 "udp"。
- `RECONNECT`：**false**：在连接丢失时尝试重新连接。
- `RECONNECT_ON_MSG`：**false**：为每条消息重新连接主机。
-
-### "Router" 日志记录器
-
-当 Gitea 的路由处理程序工作时，Router 日志记录器记录以下消息类型：
-
- `started` 消息将以 TRACE 级别记录
- `polling`/`completed` 路由将以 INFO 级别记录。异常情况："/assets" 静态资源请求也会以 TRACE 级别记录。
- `slow` 路由将以 WARN 级别记录
- `failed` 路由将以 WARN 级别记录
-
-### "XORM" 日志记录器
-
-为了使 XORM 输出 SQL 日志，还应将 `[database]` 部分中的 `LOG_SQL` 设置为 `true`。
-
-### "Access" 日志记录器
-
-"Access" 日志记录器是自 Gitea 1.9 版本以来的新日志记录器。它提供了符合 NCSA Common Log 标准的日志格式。虽然它具有高度可配置性，但在更改其模板时应谨慎。此日志记录器的主要好处是，Gitea 现在可以使用标准日志格式记录访问日志，因此可以使用标准工具进行分析。
-
-您可以通过使用 `logger.access.MODE = ...` 来启用此日志记录器。
-
-如果需要，可以通过更改 `ACCESS_LOG_TEMPLATE` 的值来更改 "Access" 日志记录器的格式。
-
-请注意，访问日志记录器将以 `INFO` 级别记录，将此日志记录器的 `LEVEL` 设置为 `WARN` 或更高级别将导致不记录访问日志。
-
-#### ACCESS_LOG_TEMPLATE
-
-此值表示一个 Go 模板。其默认值为
-
-```tmpl
-{{.Ctx.RemoteHost}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.URL.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}" "{{.Ctx.Req.UserAgent}}"`
-```
-
-模板接收以下选项：
-
- `Ctx` 是 `context.Context`
- `Identity` 是 `SignedUserName`，如果用户未登录，则为 "-"
- `Start` 是请求的开始时间
- `ResponseWriter` 是 `http.ResponseWriter`
-
-更改此模板时必须小心，因为它在标准的 panic 恢复陷阱之外运行。此模板应该尽可能简单，因为它会为每个请求运行一次。
-
-## 释放和重新打开、暂停和恢复日志记录
-
-如果您在 Unix 上运行，您可能希望释放和重新打开日志以使用 `logrotate` 或其他工具。
-可以通过向运行中的进程发送 `SIGUSR1` 信号或运行 `gitea manager logging release-and-reopen` 命令来强制 Gitea 释放并重新打开其日志文件和连接。
-
-或者，您可能希望暂停和恢复日志记录 - 可以通过使用 `gitea manager logging pause` 和 `gitea manager logging resume` 命令来实现。请注意，当日志记录暂停时，低于 INFO 级别的日志事件将不会存储，并且只会存储有限数量的事件。在暂停时，日志记录可能会阻塞，尽管是暂时性的，但会大大减慢 Gitea 的运行速度，因此建议仅暂停很短的时间。
-
-### 在 Gitea 运行时添加和删除日志记录
-
-可以使用 `gitea manager logging add` 和 `remove` 子命令在 Gitea 运行时添加和删除日志记录。
-此功能只能调整正在运行的日志系统，不能用于启动未初始化的访问或路由日志记录器。如果您希望启动这些系统，建议调整 app.ini 并（优雅地）重新启动 Gitea 服务。
-
-这些命令的主要目的是在运行中的系统上轻松添加临时日志记录器，以便调查问题，因为重新启动可能会导致问题消失。
-
-## 使用 `logrotate` 而不是内置的日志轮转
-
-Gitea 包含内置的日志轮转功能，对于大多数部署来说应该已经足够了。但是，如果您想使用 `logrotate` 工具：
-
- 在 `app.ini` 中将 `LOG_ROTATE` 设置为 `false`，禁用内置的日志轮转。
- 安装 `logrotate`。
- 根据部署要求配置 `logrotate`，有关配置语法细节，请参阅 `man 8 logrotate`。
-  在 `postrotate/endscript` 块中通过 `kill -USR1` 或 `kill -10` 向 `gitea` 进程本身发送 `USR1` 信号，
-  或者运行 `gitea manager logging release-and-reopen`（使用适当的环境设置）。
-  确保配置适用于由 Gitea 日志记录器生成的所有文件，如上述部分所述。
- 始终使用 `logrotate /etc/logrotate.conf --debug` 来测试您的配置。
- 如果您正在使用 Docker 并从容器外部运行，您可以使用
-  `docker exec -u $OS_USER $CONTAINER_NAME sh -c 'gitea manager logging release-and-reopen'`
-  或 `docker exec $CONTAINER_NAME sh -c '/bin/s6-svc -1 /etc/s6/gitea/'`，或直接向 Gitea 进程本身发送 `USR1` 信号。
-
-下一个 `logrotate` 作业将包括您的配置，因此不需要重新启动。
-您还可以立即使用 `logrotate /etc/logrotate.conf --force` 重新加载 `logrotate`。
@@ -1,261 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "邮件模板"
-slug: "mail-templates"
-sidebar_position: 45
-toc: false
-draft: false
-aliases:
-  - /zh-cn/mail-templates
-menu:
-  sidebar:
-    parent: "administration"
-    name: "邮件模板"
-    sidebar_position: 45
-    identifier: "mail-templates"
---
-
-# 邮件模板
-
-为了定制特定操作的电子邮件主题和内容，可以使用模板来自定义 Gitea。这些功能的模板位于 [`custom` 目录](https://docs.gitea.io/en-us/customizing-gitea/) 下。
-如果没有自定义的替代方案，Gitea 将使用内部模板作为默认模板。
-
-自定义模板在 Gitea 启动时加载。对它们的更改在 Gitea 重新启动之前不会被识别。
-
-## 支持模板的邮件通知
-
-目前，以下通知事件使用模板：
-
-| 操作名称   | 用途                                                                                    |
-| ----------- | ------------------------------------------------------------------------------------------------------------ |
-| `new`       | 创建了新的工单或合并请求。                                                                    |
-| `comment`   | 在现有工单或合并请求中创建了新的评论。                                                          |
-| `close`     | 关闭了工单或合并请求。                                                                         |
-| `reopen`    | 重新打开了工单或合并请求。                                                                       |
-| `review`    | 在合并请求中进行审查的首要评论。                                                               |
-| `approve`   | 对合并请求进行批准的首要评论。                                                                 |
-| `reject`    | 对合并请求提出更改请求的审查的首要评论。                                                       |
-| `code`      | 关于合并请求的代码的单个评论。                                                                 |
-| `assigned`  | 用户被分配到工单或合并请求。                                                                    |
-| `default`   | 未包括在上述类别中的任何操作，或者当对应类别的模板不存在时使用的模板。                              |
-
-特定消息类型的模板路径为：
-
-```sh
-custom/templates/mail/{操作类型}/{操作名称}.tmpl
-```
-
-其中 `{操作类型}` 是 `issue` 或 `pull`（针对合并请求），`{操作名称}` 是上述列出的操作名称之一。
-
-例如，有关合并请求中的评论的电子邮件的特定模板是：
-
-```sh
-custom/templates/mail/pull/comment.tmpl
-```
-
-然而，并不需要为每个操作类型/名称组合创建模板。
-使用回退系统来选择适当的模板。在此列表中，将使用 _第一个存在的_ 模板：
-
- 所需**操作类型**和**操作名称**的特定模板。
- 操作类型为 `issue` 和所需**操作名称**的模板。
- 所需**操作类型**和操作名称为 `default` 的模板。
- 操作类型为` issue` 和操作名称为 `default` 的模板。
-
-唯一必需的模板是操作类型为 `issue` 操作名称为 `default` 的模板，除非用户在 `custom` 目录中覆盖了它。
-
-## 模板语法
-
-邮件模板是 UTF-8 编码的文本文件，需要遵循以下格式之一：
-
-```
-用于主题行的文本和宏
------------
-用于邮件正文的文本和宏
-```
-
-或者
-
-```
-用于邮件正文的文本和宏
-```
-
-指定 _主题_ 部分是可选的（因此也是虚线分隔符）。在使用时，_主题_ 和 _邮件正文_ 模板之间的分隔符需要至少三个虚线；分隔符行中不允许使用其他字符。
-
-_主题_ 和 _邮件正文_ 由 [Golang的模板引擎](https://golang.org/pkg/text/template/) 解析，并提供了为每个通知组装的 _元数据上下文_。上下文包含以下元素：
-
-| 名称                 | 类型               | 可用性            | 用途                                                                                                                                                                                                                                             |
-| -------------------- | ------------------ | ----------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| `.FallbackSubject`   | string             | 始终可用        | 默认主题行。参见下文。                                                                                                                                                                                                                            |
-| `.Subject`           | string             | 仅在正文中可用  | 解析后的 _主题_。                                                                                                                                                                                                                                 |
-| `.Body`              | string             | 始终可用        | 工单、合并请求或评论的消息，从 Markdown 解析为 HTML 并进行了清理。请勿与 _邮件正文_ 混淆。                                                                                                                                                                 |
-| `.Link`              | string             | 始终可用        | 源工单、合并请求或评论的地址。                                                                                                                                                                                                                    |
-| `.Issue`             | models.Issue       | 始终可用        | 产生通知的工单（或合并请求）。要获取特定于合并请求的数据（例如 `HasMerged`），可以使用 `.Issue.PullRequest`，但需要注意，如果工单 _不是_ 合并请求，则该字段将为 `nil`。                                                                       |
-| `.Comment`           | models.Comment     | 如果适用        | 如果通知是针对添加到工单或合并请求的评论，则其中包含有关评论的信息。                                                                                                                                                                             |
-| `.IsPull`            | bool               | 始终可用        | 如果邮件通知与合并请求关联（即 `.Issue.PullRequest` 不为 `nil` ），则为 `true`。                                                                                                                                                                       |
-| `.Repo`              | string         | 始终可用        | 仓库的名称，包括所有者名称（例如 `mike/stuff`）                                                                                                                                                                                                    |
-| `.User`              | models.User        | 始终可用        | 事件来源仓库的所有者。要获取用户名（例如 `mike`），可以使用 `.User.Name`。                                                                                                                                                                           |
-| `.Doer`              | models.User        | 始终可用        | 执行触发通知事件的操作的用户。要获取用户名（例如 `rhonda`），可以使用 `.Doer.Name`。                                                                                                                                                                |
-| `.IsMention`         | bool               | 始终可用        | 如果此通知仅是因为在评论中提到了用户而生成的，并且收件人未订阅源，则为 `true`。如果收件人已订阅工单或仓库，则为 `false`。                                                                                                                            |
-| `.SubjectPrefix`     | string             | 始终可用        | 如果通知是关于除工单或合并请求创建之外的其他内容，则为 `Re：`；否则为空字符串。                                                                                                                                                                      |
-| `.ActionType`        | string             | 始终可用        | `"issue"` 或 `"pull"`。它将与实际的 _操作类型_ 对应，与选择的模板无关。                                                                                                                                                                                 |
-| `.ActionName`        | string             | 始终可用        | 它将是上述操作类型之一（`new` ，`comment` 等），并与选择的模板对应。                                                                                                                                                                                 |
-| `.ReviewComments`    | []models.Comment   | 始终可用        | 审查中的代码评论列表。评论文本将在 `.RenderedContent` 中，引用的代码将在 `.Patch` 中。                                                                                                                                                                |
-
-所有名称区分大小写。
-
-### 模板中的主题部分
-
-用于邮件主题的模板引擎是 Golang 的 [`text/template`](https://golang.org/pkg/text/template/)。
-有关语法的详细信息，请参阅链接的文档。
-
-主题构建的步骤如下：
-
- 根据通知类型和可用的模板选择一个模板。
- 解析并解析模板（例如，将 `{{.Issue.Index}}` 转换为工单或合并请求的编号）。
- 将所有空格字符（例如 `TAB`，`LF` 等）转换为普通空格。
- 删除所有前导、尾随和多余的空格。
- 将字符串截断为前 256 个字母（字符）。
-
-如果最终结果为空字符串，**或者**没有可用的主题模板（即所选模板不包含主题部分），将使用Gitea的**内部默认值**。
-
-内部默认（回退）主题相当于：
-
-```
-{{.SubjectPrefix}}[{{.Repo}}] {{.Issue.Title}} (#{{.Issue.Index}})
-```
-
-例如：`Re: [mike/stuff] New color palette (#38)`
-
-即使存在有效的主题模板，Gitea的默认主题也可以在模板的元数据中作为 `.FallbackSubject` 找到。
-
-### 模板中的邮件正文部分
-
-用于邮件正文的模板引擎是 Golang 的 [`html/template`](https://golang.org/pkg/html/template/)。
-有关语法的详细信息，请参阅链接的文档。
-
-邮件正文在邮件主题之后进行解析，因此还有一个额外的 _元数据_ 字段，即在考虑所有情况之后实际呈现的主题。
-
-期望的结果是 HTML（包括结构元素，如`<html>`，`<body>`等）。可以通过 `<style>` 块、`class` 和 `style` 属性进行样式设置。但是，`html/template` 会进行一些 [自动转义](https://golang.org/pkg/html/template/#hdr-Contexts)，需要考虑这一点。
-
-不支持附件（例如图像或外部样式表）。但是，也可以引用其他模板，例如以集中方式提供 `<style>` 元素的内容。外部模板必须放置在 `custom/mail` 下，并相对于该目录引用。例如，可以使用 `{{template styles/base}}` 包含 `custom/mail/styles/base.tmpl`。
-
-邮件以 `Content-Type: multipart/alternative` 发送，因此正文以 HTML 和文本格式发送。通过剥离 HTML 标记来获取文本版本。
-
-## 故障排除
-
-邮件的呈现方式直接取决于邮件应用程序的功能。许多邮件客户端甚至不支持 HTML，因此显示生成邮件中包含的文本版本。
-
-如果模板无法呈现，则只有在发送邮件时才会注意到。
-如果主题模板失败，将使用默认主题，如果从 _邮件正文_ 中成功呈现了任何内容，则将使用该内容，忽略其他内容。
-
-如果遇到问题，请检查 [Gitea的日志](https://docs.gitea.io/en-us/logging-configuration/) 以获取错误消息。
-
-## 示例
-
-`custom/templates/mail/issue/default.tmpl`:
-
-```html
-[{{.Repo}}] @{{.Doer.Name}}
-{{if eq .ActionName "new"}}
-    创建了
-{{else if eq .ActionName "comment"}}
-    评论了
-{{else if eq .ActionName "close"}}
-    关闭了
-{{else if eq .ActionName "reopen"}}
-    重新打开了
-{{else}}
-    更新了
-{{end}}
-{{if eq .ActionType "issue"}}
-    工单
-{{else}}
-    合并请求
-{{end}}
-#{{.Issue.Index}}: {{.Issue.Title}}
------------
-<!DOCTYPE html>
-<html>
-<head>
-    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
-    <title>{{.Subject}}</title>
-</head>
-
-<body>
-    {{if .IsMention}}
-    <p>
-        您收到此邮件是因为 @{{.Doer.Name}} 提到了您。
-    </p>
-    {{end}}
-    <p>
-        <p>
-        <a href="{{AppUrl}}/{{.Doer.LowerName}}">@{{.Doer.Name}}</a>
-        {{if not (eq .Doer.FullName "")}}
-            ({{.Doer.FullName}})
-        {{end}}
-        {{if eq .ActionName "new"}}
-            创建了
-        {{else if eq .ActionName "close"}}
-            关闭了
-        {{else if eq .ActionName "reopen"}}
-            重新打开了
-        {{else}}
-            更新了
-        {{end}}
-        <a href="{{.Link}}">{{.Repo}}#{{.Issue.Index}}</a>。
-        </p>
-        {{if not (eq .Body "")}}
-            <h3>消息内容：</h3>
-            <hr>
-            {{.Body | Str2html}}
-        {{end}}
-    </p>
-    <hr>
-    <p>
-        <a href="{{.Link}}">在 Gitea 上查看</a>。
-    </p>
-</body>
-</html>
-```
-
-该模板将生成以下内容：
-
-### 主题
-
-> [mike/stuff] @rhonda 在合并请求 #38 上进行了评论：New color palette
-
-### 邮件正文
-
-> [@rhonda](#)（Rhonda Myers）更新了 [mike/stuff#38](#)。
->
-> #### 消息内容：
->
-> \_********************************\_********************************
->
-> Mike, I think we should tone down the blues a little.
->
-> \_********************************\_********************************
->
-> [在 Gitea 上查看](#)。
-
-## 高级用法
-
-模板系统包含一些函数，可用于进一步处理和格式化消息。以下是其中一些函数的列表：
-
-| 函数名            | 参数        | 可用于       | 用法                                                                              |
-| ----------------- | ----------- | ------------ | --------------------------------------------------------------------------------- |
-| `AppUrl`          | -           | 任何地方     | Gitea 的 URL                                                                     |
-| `AppName`         | -           | 任何地方     | 从 `app.ini` 中设置，通常为 "Gitea"                                               |
-| `AppDomain`       | -           | 任何地方     | Gitea 的主机名                                                                   |
-| `EllipsisString`  | string, int | 任何地方     | 将字符串截断为指定长度；根据需要添加省略号                                        |
-| `Str2html`        | string      | 仅正文部分   | 通过删除其中的 HTML 标签对文本进行清理                                              |
-| `Safe`            | string      | 仅正文部分   | 将输入作为 HTML 处理；可用于 `.ReviewComments.RenderedContent` 等字段               |
-
-这些都是 _函数_，而不是元数据，因此必须按以下方式使用：
-
-```html
-像这样使用：         {{Str2html "Escape<my>text"}}
-或者这样使用：       {{"Escape<my>text" | Str2html}}
-或者这样使用：       {{AppUrl}}
-但不要像这样使用：   {{.AppUrl}}
-```
@@ -1,59 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "仓库索引器"
-slug: "repo-indexer"
-sidebar_position: 45
-toc: false
-draft: false
-aliases:
-  - /zh-cn/repo-indexer
-menu:
-  sidebar:
-    parent: "administration"
-    name: "仓库索引器"
-    sidebar_position: 45
-    identifier: "repo-indexer"
---
-
-# 仓库索引器
-
-## 设置仓库索引器
-
-通过在您的 [`app.ini`](https://docs.gitea.io/en-us/config-cheat-sheet/) 中启用此功能，Gitea 可以通过仓库的文件进行搜索：
-
-```ini
-[indexer]
-; ...
-REPO_INDEXER_ENABLED = true
-REPO_INDEXER_PATH = indexers/repos.bleve
-MAX_FILE_SIZE = 1048576
-REPO_INDEXER_INCLUDE =
-REPO_INDEXER_EXCLUDE = resources/bin/**
-```
-
-请记住，索引内容可能会消耗大量系统资源，特别是在首次创建索引或全局更新索引时（例如升级 Gitea 之后）。
-
-### 按大小选择要索引的文件
-
-`MAX_FILE_SIZE` 选项将使索引器跳过所有大于指定值的文件。
-
-### 按路径选择要索引的文件
-
-Gitea使用 [`gobwas/glob` 库](https://github.com/gobwas/glob) 中的 glob 模式匹配来选择要包含在索引中的文件。
-
-限制文件列表可以防止索引被派生或无关的文件（例如 lss、sym、map 等）污染，从而使搜索结果更相关。这还有助于减小索引的大小。
-
-`REPO_INDEXER_EXCLUDE_VENDORED`（默认值为 true）将排除供应商文件不包含在索引中。
-
-`REPO_INDEXER_INCLUDE`（默认值为空）是一个逗号分隔的 glob 模式列表，用于在索引中**包含**的文件。空列表表示“_包含所有文件_”。
-`REPO_INDEXER_EXCLUDE`（默认值为空）是一个逗号分隔的 glob 模式列表，用于从索引中**排除**的文件。与该列表匹配的文件将不会被索引。`REPO_INDEXER_EXCLUDE` 优先于 `REPO_INDEXER_INCLUDE`。
-
-模式匹配工作方式如下：
-
- 要匹配所有带有 `.txt` 扩展名的文件，无论在哪个目录中，请使用 `**.txt`。
- 要匹配仅在仓库的根级别中具有 `.txt` 扩展名的所有文件，请使用 `*.txt`。
- 要匹配 `resources/bin` 目录及其子目录中的所有文件，请使用 `resources/bin/**`。
- 要匹配位于 `resources/bin` 目录下的所有文件，请使用 `resources/bin/*`。
- 要匹配所有名为 `Makefile` 的文件，请使用 `**Makefile`。
- 匹配目录没有效果；模式 `resources/bin` 不会包含/排除该目录中的文件；`resources/bin/**` 会。
- 所有文件和模式都规范化为小写，因此 `**Makefile`、`**makefile` 和 `**MAKEFILE` 是等效的。
@@ -1,39 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "搜索引擎索引"
-slug: "search-engines-indexation"
-sidebar_position: 60
-toc: false
-draft: false
-aliases:
-  - /zh-cn/search-engines-indexation
-menu:
-  sidebar:
-    parent: "administration"
-    name: "搜索引擎索引"
-    sidebar_position: 60
-    identifier: "search-engines-indexation"
---
-
-# Gitea 安装的搜索引擎索引
-
-默认情况下，您的 Gitea 安装将被搜索引擎索引。
-如果您不希望您的仓库对搜索引擎可见，请进一步阅读。
-
-## 使用 robots.txt 阻止搜索引擎索引
-
-为了使 Gitea 为顶级安装提供自定义的`robots.txt`（默认为空的 404），请在[`custom`文件夹或`CustomPath`]（administration/customizing-gitea.md）中创建一个名为 `robots.txt` 的文件。
-
-有关如何配置 `robots.txt` 的示例，请参考 [https://moz.com/learn/seo/robotstxt](https://moz.com/learn/seo/robotstxt)。
-
-```txt
-User-agent: *
-Disallow: /
-```
-
-如果您将Gitea安装在子目录中，则需要在顶级目录中创建或编辑 `robots.txt`。
-
-```txt
-User-agent: *
-Disallow: /gitea/
-```
@@ -1,142 +0,0 @@
---
-date: "2023-05-23T09:00:00+08:00"
-title: "GPG 提交签名"
-slug: "signing"
-sidebar_position: 50
-toc: false
-draft: false
-aliases:
-  - /zh-cn/signing
-menu:
-  sidebar:
-    parent: "administration"
-    name: "GPG 提交签名"
-    sidebar_position: 50
-    identifier: "signing"
---
-
-# GPG 提交签名
-
-Gitea 将通过检查提交是否由 Gitea 数据库中的密钥签名，或者提交是否与 Git 的默认密钥匹配，来验证提供的树中的 GPG 提交签名。
-
-密钥不会被检查以确定它们是否已过期或撤销。密钥也不会与密钥服务器进行检查。
-
-如果找不到用于验证提交的密钥，提交将被标记为灰色的未锁定图标。如果提交被标记为红色的未锁定图标，则表示它使用带有 ID 的密钥签名。
-
-请注意：提交的签署者不必是提交的作者或提交者。
-
-此功能要求 Git >= 1.7.9，但要实现全部功能，需要 Git >= 2.0.0。
-
-## 自动签名
-
-有许多地方 Gitea 会生成提交：
-
- 仓库初始化
- Wiki 更改
- 使用编辑器或 API 进行的 CRUD 操作
- 从合并请求进行合并
-
-根据配置和服务器信任，您可能希望 Gitea 对这些提交进行签名。
-
-## 安装和生成 Gitea 的 GPG 密钥
-
-如何安装签名密钥由服务器管理员决定。Gitea 目前使用服务器的 `git` 命令生成所有提交，因此将使用服务器的 `gpg` 进行签名（如果配置了）。管理员应该审查 GPG 的最佳实践 - 特别是可能建议仅安装签名的子密钥，而不是主签名和认证的密钥。
-
-## 通用配置
-
-Gitea 的签名配置可以在 `app.ini` 的 `[repository.signing]` 部分找到：
-
-```ini
-...
-[repository.signing]
-SIGNING_KEY = default
-SIGNING_NAME =
-SIGNING_EMAIL =
-INITIAL_COMMIT = always
-CRUD_ACTIONS = pubkey, twofa, parentsigned
-WIKI = never
-MERGES = pubkey, twofa, basesigned, commitssigned
-
-...
-```
-
-### `SIGNING_KEY`
-
-首先讨论的选项是 `SIGNING_KEY`。有三个主要选项：
-
- `none` - 这将阻止 Gitea 对任何提交进行签名
- `default` - Gitea 将使用 `git config` 中配置的默认密钥
- `KEYID` - Gitea 将使用具有 ID `KEYID` 的 GPG 密钥对提交进行签名。在这种情况下，您应该提供 `SIGNING_NAME` 和 `SIGNING_EMAIL`，以便显示此密钥的信息。
-
-`default` 选项将读取 `git config` 中的 `commit.gpgsign` 选项 - 如果设置了该选项，它将使用 `user.signingkey`、`user.name` 和 `user.email` 的结果。
-
-请注意：通过在 Gitea 的仓库中调整 Git 的 `config` 文件，可以使用 `SIGNING_KEY=default` 为每个仓库提供不同的签名密钥。然而，这显然不是一个理想的用户界面，因此可能会发生更改。
-
-**自 1.17 起**，Gitea 在自己的主目录 `[git].HOME_PATH`（默认为 `%(APP_DATA_PATH)/home`）中运行 git，并使用自己的配置文件 `{[git].HOME_PATH}/.gitconfig`。
-如果您有自己定制的 Gitea git 配置，您应该将这些配置设置在系统 git 配置文件中（例如 `/etc/gitconfig`）或者 Gitea 的内部 git 配置文件 `{[git].HOME_PATH}/.gitconfig` 中。
-与 git 命令相关的主目录文件（如 `.gnupg`）也应该放在 Gitea 的 git 主目录 `[git].HOME_PATH` 中。
-如果您希望将 `.gnupg` 目录放在 `{[git].HOME_PATH}/` 之外的位置，请考虑设置 `$GNUPGHOME` 环境变量为您首选的位置。
-
-### `INITIAL_COMMIT`
-
-此选项确定在创建仓库时，Gitea 是否应该对初始提交进行签名。可能的取值有：
-
- `never`：从不签名
- `pubkey`：仅在用户拥有公钥时进行签名
- `twofa`：仅在用户使用 2FA 登录时进行签名
- `always`：始终签名
-
-除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则提交将被签名。
-
-### `WIKI`
-
-此选项确定 Gitea 是否应该对 Wiki 的提交进行签名。可能的取值有：
-
- `never`：从不签名
- `pubkey`：仅在用户拥有公钥时进行签名
- `twofa`：仅在用户使用 2FA 登录时进行签名
- `parentsigned`：仅在父提交已签名时进行签名。
- `always`：始终签名
-
-除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则提交将被签名。
-
-### `CRUD_ACTIONS`
-
-此选项确定 Gitea 是否应该对 Web 编辑器或 API CRUD 操作的提交进行签名。可能的取值有：
-
- `never`：从不签名
- `pubkey`：仅在用户拥有公钥时进行签名
- `twofa`：仅在用户使用 2FA 登录时进行签名
- `parentsigned`：仅在父提交已签名时进行签名。
- `always`：始终签名
-
-除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则更改将被签名。
-
-### `MERGES`
-
-此选项确定 Gitea 是否应该对 PR 的合并提交进行签名。可能的选项有：
-
- `never`：从不签名
- `pubkey`：仅在用户拥有公钥时进行签名
- `twofa`：仅在用户使用 2FA 登录时进行签名
- `basesigned`：仅在基础仓库中的父提交已签名时进行签名。
- `headsigned`：仅在头分支中的头提交已签名时进行签名。
- `commitssigned`：仅在头分支中的所有提交到合并点的提交都已签名时进行签名。
- `approved`：仅对已批准的合并到受保护分支的提交进行签名。
- `always`：始终签名
-
-除了 `never` 和 `always` 之外的选项可以组合为逗号分隔的列表。如果所有选择的选项都为 true，则合并将被签名。
-
-## 获取签名密钥的公钥
-
-用于签署 Gitea 提交的公钥可以通过 API 获取：
-
-```sh
-/api/v1/signing-key.gpg
-```
-
-在存在特定于仓库的密钥的情况下，可以通过以下方式获取：
-
-```sh
-/api/v1/repos/:username/:reponame/signing-key.gpg
-```
@@ -1,13 +0,0 @@
---
-date: "2021-01-22T00:00:00+02:00"
-title: "Contributing"
-slug: "contributing"
-sidebar_position: 35
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "Contributing"
-    sidebar_position: 50
-    identifier: "contributing"
---
@@ -1,13 +0,0 @@
---
-date: "2021-01-22T00:00:00+02:00"
-title: "貢獻"
-slug: "contributing"
-sidebar_position: 35
-toc: false
-draft: false
-menu:
-  sidebar:
-    name: "貢獻"
-    sidebar_position: 50
-    identifier: "contributing"
---
--- a/Show More
+++ b/Show More